Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GMER detects root kit - file or directory corrupt or unreadable messages were the tipoff


  • This topic is locked This topic is locked
17 replies to this topic

#1 SoCalBob55

SoCalBob55

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 24 April 2011 - 10:01 AM

Less than a month ago, I had these problems resolved:
http://www.bleepingcomputer.com/forums/topic387528.html

Then about a week ago, I began to see message balloons popping up from the window bar about "Windows - Corrupt File. The file or directory \Program Files\MOZILL~1 is corrupt and unreadable, please run Chkdsk utility." Various file names appear, included Taskmgr and several others. Whenever I try to open a new browser window, Windows tries to begin an installation process using the standard windows installer message, which I abort. At least one time it tried to install Adobe Acrobat 7.1.0 Standard. After trying to install on its own, I received this message: "Adobe Acrobat 7.1.0 Standard: Error 1304. Error writing to program file C:\Program Files\Adobe\Acrobat 7.0\Distillr\ace.dll. Verify that you have access to that directory." I haven't closed out of that dialogue yet because it seems to be preventing other installation routines from starting.

This whole portion of the episode may have been the result of trying to output a PDF file from within Pagemaker 7 - which I haven't used in a year - and it failed to output.). Also began to receive the Windows - Corrupt File messages as independent pop-up windows - mostly involving files in the Mozilla directory.

Here is the GMER log file:



Next, I received several InstallShield messages, including this one that I did not initiate:
Sonic Update Manager
Error writing to file:
C:\Program Files\Common Files\InstallShield\Update Service\ISDM.exe. Verify you have access to that directory.

And whenever I try to open a file manager window, something tries to install again, which I immediately abort.

Finally, I've found in trying to manually back up files that some directories won't copy (I get an error message).

Of course, I avoided running checkdisk or restarting the computer, but instead ran MalwareBytes and SuperAntiSpyware. Here's what SuperAntiSpyware found, but I have NOT restarted to remove the final traces of what was found. Here's what it located:
Rogue.Agent/Gen-Nullo[DLL]
c:\windows\twyuvimg.dll
Rogue.Agent/Gen-Nullo[OCX]
c:\windows\system32\kyrgbpro.ocx

Here is the DDS log file:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Robert Weil at 22:40:37.08 on Sat 04/23/2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_22
.
============== Running Processes ===============
.
C:\Program Files\WTouch\WTouchService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nlssrv32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\StorageCraft\ImageManager\ImageManager.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WePrint\WePrint Server.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\vsnapvss.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Spyware Doctor\upgrade.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\StorageCraft\ShadowProtect\ShadowProtect.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Documents and Settings\Robert Weil\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: PCTools Site Guard: {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - c:\progra~1\spywar~1\tools\iesdsg.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D593DE91-7B41-45C2-830E-E9A99AB142AA} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {E69657FF-19AC-4849-BF35-91243EEF1687} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Snte] "c:\windows\system32\sks~1\msconfig.exe" -vt ndrv
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
uRun: [SUPERAntiSpyware] "e:\program files\superantispyware\SUPERAntiSpyware.exe"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_Plugin.exe -update plugin
mRun: [hpWirelessAssistant] "c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe"
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QlbCtrl] "c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [NeroFilterCheck] "c:\program files\common files\ahead\lib\NeroCheck.exe"
mRun: [TotalRecorderScheduler] "c:\program files\highcriteria\totalrecorder\TotRecSched.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [DXDllRegExe] c:\windows\system32\dxdllreg.exe
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [dvd43] "c:\program files\dvd43\dvd43_tray.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [MSConfig] "c:\windows\pchealth\helpctr\binaries\MSConfig.exe" /auto
mRun: [Nikon Message Center 2] "c:\program files\nikon\nikon message center 2\NkMC2.exe" -s
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] "nwiz.exe" /installquiet /nodetect
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Namo SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263530833636
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: cryptnet32 - cryptnet32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R? AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9
R? Lavasoft Kernexplorer;Lavasoft helper driver
R? Mdno50;Mdno50
R? SASENUM;SASENUM
R? scsiscan;SCSI Scanner Driver
R? SWVNIC;SonicWALL Virtual Miniport
S? aawservice;Ad-Aware 2007 Service
S? Akamai;Akamai NetSession Interface
S? IKFileSec;File Security Driver
S? IKSysFlt;System Filter Driver
S? IKSysSec;System Security Driver
S? Lbd;Lbd
S? MBAMSwissArmy;MBAMSwissArmy
S? nlsX86cc;Nalpeiron Licensing Service
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? sbmount;StorageCraft Image Mount Driver
S? sdAuxService;PC Tools Auxiliary Service
S? sdCoreService;PC Tools Security Service
S? ShadowProtectSvc;ShadowProtect Service
S? stcvsm;stcvsm
S? StorageCraft Image Manager;StorageCraft Image Manager
S? SWGVCSvc;SonicWALL Global VPN Client Service
S? SWIPsec;SonicWALL IPsec Driver
S? TabletServicePen;TabletServicePen
S? TabletServiceWacom;TabletServiceWacom
S? VSNAPVSS;StorageCraft Shadow Copy Provider
S? WebrootSpySweeperService;Webroot Spy Sweeper Engine
S? WTouchService;WTouch Service
.
=============== Created Last 30 ================
.
2011-04-23 15:42:41 -------- d-----w- c:\program files\Magical Jelly Bean
2011-04-14 05:39:36 -------- d-----w- c:\program files\Sony
2011-04-14 05:38:53 -------- d-----w- c:\program files\Sony Setup
2011-04-09 02:45:55 -------- d-----w- c:\program files\Search Toolbar
2011-04-09 02:45:54 -------- d-----w- c:\program files\YTD Setup
2011-04-09 02:43:09 -------- d-----w- c:\program files\eRightSoft
2011-04-06 04:23:27 -------- dc----w- c:\docume~1\alluse~1\applic~1\{FE41BDC7-CD33-4350-8A15-26EFBE20A0FE}
2011-04-03 23:03:57 -------- d-----w- c:\program files\SystemRequirementsLab
2011-04-03 22:13:39 180224 ----a-w- c:\windows\system32\nvudisp.exe
2011-03-29 11:53:12 -------- d-----w- c:\program files\iPod
2011-03-29 11:53:06 -------- d-----w- c:\program files\iTunes
2011-03-29 11:46:56 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-03-29 11:46:56 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-03-29 11:46:56 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-03-29 11:46:56 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-03-29 11:46:56 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-03-29 11:46:56 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-03-29 11:46:56 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-03-29 05:36:08 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-27 16:01:27 3658528 ------w- c:\windows\system32\drivers\nv4_mini.sys
2011-03-27 15:39:58 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2011-03-27 14:40:49 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-03-27 14:40:44 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-03-27 14:40:39 17408 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-03-27 14:40:33 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-03-27 14:40:28 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-03-27 14:39:59 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-03-27 14:39:54 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-03-27 14:39:52 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-03-27 14:39:47 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-03-27 14:39:45 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2011-03-27 14:39:20 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-03-27 14:39:15 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-03-27 14:39:03 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2011-03-27 14:37:52 64605 ----a-w- c:\windows\system32\dllcache\vvoice.sys
2011-03-27 14:37:46 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys
2011-03-27 14:37:40 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys
2011-03-27 14:37:34 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys
2011-03-27 14:37:29 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2011-03-27 14:37:24 11325 ----a-w- c:\windows\system32\dllcache\vchnt5.dll
2011-03-27 14:37:18 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2011-03-27 14:37:12 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2011-03-27 14:37:06 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
2011-03-27 14:37:00 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2011-03-27 14:35:59 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2011-03-27 14:35:54 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys
2011-03-27 14:35:48 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll
2011-03-27 14:35:43 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll
2011-03-27 14:35:38 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll
2011-03-27 14:35:33 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2011-03-27 14:35:26 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
2011-03-27 14:35:17 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-03-27 14:35:12 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
2011-03-27 14:35:07 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys
2011-03-27 14:35:02 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll
2011-03-27 14:34:57 222336 ----a-w- c:\windows\system32\dllcache\trid3dm.sys
2011-03-27 14:34:52 315520 ----a-w- c:\windows\system32\dllcache\trid3d.dll
2011-03-27 14:34:45 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
2011-03-27 14:34:41 42496 ----a-w- c:\windows\system32\dllcache\tp4res.dll
2011-03-27 14:34:40 82432 ----a-w- c:\windows\system32\dllcache\tp4mon.exe
2011-03-27 14:34:35 31744 ----a-w- c:\windows\system32\dllcache\tp4.dll
2011-03-27 14:34:30 230912 ----a-w- c:\windows\system32\dllcache\tosdvd03.sys
2011-03-27 14:34:24 241664 ----a-w- c:\windows\system32\dllcache\tosdvd02.sys
2011-03-27 14:34:19 28232 ----a-w- c:\windows\system32\dllcache\tos4mo.sys
2011-03-27 14:34:12 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys
2011-03-27 14:34:06 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2011-03-27 14:34:01 81408 ----a-w- c:\windows\system32\dllcache\tgiul50.dll
2011-03-27 14:33:59 149376 ----a-w- c:\windows\system32\dllcache\tffsport.sys
2011-03-27 14:33:53 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2011-03-27 14:33:49 37961 ----a-w- c:\windows\system32\dllcache\tdk100b.sys
2011-03-27 14:33:42 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys
2011-03-27 14:33:35 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2011-03-27 14:33:27 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2011-03-27 14:33:22 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll
2011-03-27 14:33:14 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll
2011-03-27 14:33:09 103936 ----a-w- c:\windows\system32\dllcache\sx.sys
2011-03-27 14:33:05 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys
2011-03-27 14:33:00 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2011-03-27 14:32:56 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2011-03-27 14:32:51 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
2011-03-27 14:32:47 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2011-03-27 14:32:40 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2011-03-27 14:32:35 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2011-03-27 14:32:31 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys
2011-03-27 14:32:24 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2011-03-27 14:32:09 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys
2011-03-27 14:32:04 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2011-03-27 14:31:56 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2011-03-27 14:31:48 61824 ----a-w- c:\windows\system32\dllcache\speed.sys
2011-03-27 14:31:44 106584 ----a-w- c:\windows\system32\dllcache\spdports.dll
2011-03-27 14:31:37 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys
2011-03-27 14:31:32 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys
2011-03-27 14:31:28 114688 ----a-w- c:\windows\system32\dllcache\sonypi.dll
2011-03-27 14:31:23 20752 ----a-w- c:\windows\system32\dllcache\sonync.sys
2011-03-27 14:31:18 9600 ----a-w- c:\windows\system32\dllcache\sonymc.sys
2011-03-27 14:31:17 7552 ----a-w- c:\windows\system32\dllcache\sonyait.sys
2011-03-27 14:31:11 7040 ----a-w- c:\windows\system32\dllcache\snyaitmc.sys
2011-03-27 14:29:59 286792 ----a-w- c:\windows\system32\dllcache\slextspk.dll
2011-03-27 14:28:54 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-03-27 14:28:49 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2011-03-27 14:28:44 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2011-03-27 14:28:40 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
2011-03-27 14:28:35 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2011-03-27 14:28:29 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2011-03-27 14:28:24 17664 ----a-w- c:\windows\system32\dllcache\sermouse.sys
2011-03-27 14:28:16 6912 ----a-w- c:\windows\system32\dllcache\seaddsmc.sys
2011-03-27 14:28:11 11648 ----a-w- c:\windows\system32\dllcache\scsiprnt.sys
2011-03-27 14:28:05 17280 ----a-w- c:\windows\system32\dllcache\scr111.sys
2011-03-27 14:28:01 16640 ----a-w- c:\windows\system32\dllcache\scmstcs.sys
2011-03-27 14:26:56 166720 ----a-w- c:\windows\system32\dllcache\s3m.sys
2011-03-27 14:26:51 65664 ----a-w- c:\windows\system32\dllcache\s3legacy.sys
2011-03-27 14:26:51 166912 ----a-w- c:\windows\system32\dllcache\s3gnbm.sys
2011-03-27 14:26:50 397056 ----a-w- c:\windows\system32\dllcache\s3gnb.dll
2011-03-27 14:26:45 82432 ----a-w- c:\windows\system32\dllcache\rwia450.dll
2011-03-27 14:26:40 79872 ----a-w- c:\windows\system32\dllcache\rwia430.dll
2011-03-27 14:26:33 26624 ----a-w- c:\windows\system32\dllcache\rw450ext.dll
2011-03-27 14:26:29 24576 ----a-w- c:\windows\system32\dllcache\rw430ext.dll
2011-03-27 14:26:18 19017 ----a-w- c:\windows\system32\dllcache\rtl8029.sys
2011-03-27 14:26:14 30720 ----a-w- c:\windows\system32\dllcache\rthwcls.sys
2011-03-27 14:26:08 9216 ----a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2011-03-27 14:26:03 3840 ----a-w- c:\windows\system32\dllcache\rpfun.sys
2011-03-27 14:25:59 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys
2011-03-27 14:25:54 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
2011-03-27 14:25:52 59648 ----a-w- c:\windows\system32\dllcache\rfcomm.sys
2011-03-27 14:25:47 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll
2011-03-27 14:25:42 13776 ----a-w- c:\windows\system32\dllcache\recagent.sys
2011-03-27 14:25:31 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
2011-03-27 14:25:25 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-03-27 14:25:20 899146 ----a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2011-03-27 14:25:16 41472 ----a-w- c:\windows\system32\dllcache\qvusd.dll
2011-03-27 14:25:12 3328 ----a-w- c:\windows\system32\dllcache\qv2kux.sys
2011-03-27 14:25:07 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys
2011-03-27 14:25:01 130942 ----a-w- c:\windows\system32\dllcache\ptserlv.sys
2011-03-27 14:23:57 173696 ----a-w- c:\windows\system32\dllcache\philcam2.sys
2011-03-27 14:22:58 44544 ----a-w- c:\windows\system32\dllcache\ovui2.dll
2011-03-27 14:21:46 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2011-03-27 14:21:42 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2011-03-27 14:21:39 180360 ----a-w- c:\windows\system32\dllcache\ntmtlfax.sys
2011-03-27 14:21:29 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-03-27 14:21:22 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2011-03-27 14:21:18 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-03-27 14:21:16 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2011-03-27 14:21:09 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-03-27 14:21:05 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-03-27 14:19:59 52255 ----a-w- c:\windows\system32\dllcache\n1000nt5.sys
2011-03-27 14:18:49 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2011-03-27 14:18:45 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2011-03-27 14:18:28 15360 ----a-w- c:\windows\system32\dllcache\mpe.sys
2011-03-27 14:18:21 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-03-27 14:18:12 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
2011-03-27 14:18:05 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys
2011-03-27 14:18:01 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll
2011-03-27 14:16:57 727786 ----a-w- c:\windows\system32\dllcache\ltck000c.sys
2011-03-27 14:16:51 4992 ----a-w- c:\windows\system32\dllcache\loop.sys
2011-03-27 14:16:45 70730 ----a-w- c:\windows\system32\dllcache\lne100tx.sys
2011-03-27 14:16:41 20573 ----a-w- c:\windows\system32\dllcache\lne100.sys
2011-03-27 14:16:37 25065 ----a-w- c:\windows\system32\dllcache\lmndis3.sys
2011-03-27 14:16:33 15744 ----a-w- c:\windows\system32\dllcache\lit220p.sys
2011-03-27 14:16:31 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2011-03-27 14:16:27 26442 ----a-w- c:\windows\system32\dllcache\lanepic5.sys
2011-03-27 14:16:22 19016 ----a-w- c:\windows\system32\dllcache\ktc111.sys
2011-03-27 14:16:17 37376 ----a-w- c:\windows\system32\dllcache\kousd.dll
2011-03-27 14:16:11 242176 ----a-w- c:\windows\system32\dllcache\kdsusd.dll
2011-03-27 14:16:08 45568 ----a-w- c:\windows\system32\dllcache\kdsui.dll
2011-03-27 14:15:39 26624 ----a-w- c:\windows\system32\dllcache\irstusb.sys
2011-03-27 14:15:36 18688 ----a-w- c:\windows\system32\dllcache\irsir.sys
2011-03-27 14:15:31 23552 ----a-w- c:\windows\system32\dllcache\irmk7.sys
2011-03-27 14:15:30 87424 ----a-w- c:\windows\system32\dllcache\irda.sys
2011-03-27 14:15:30 152576 ----a-w- c:\windows\system32\dllcache\irftp.exe
2011-03-27 14:15:28 40832 ----a-w- c:\windows\system32\dllcache\irbus.sys
2011-03-27 14:15:20 45632 ----a-w- c:\windows\system32\dllcache\ip5515.sys
2011-03-27 14:15:17 90200 ----a-w- c:\windows\system32\dllcache\io8ports.dll
2011-03-27 14:15:13 38784 ----a-w- c:\windows\system32\dllcache\io8.sys
2011-03-27 14:15:07 13056 ----a-w- c:\windows\system32\dllcache\inport.sys
2011-03-27 14:14:36 372824 ----a-w- c:\windows\system32\dllcache\iconf32.dll
2011-03-27 14:14:33 100992 ----a-w- c:\windows\system32\dllcache\icam5usb.sys
2011-03-27 14:14:29 20480 ----a-w- c:\windows\system32\dllcache\icam5ext.dll
2011-03-27 14:14:26 45056 ----a-w- c:\windows\system32\dllcache\icam5com.dll
2011-03-27 14:14:22 154496 ----a-w- c:\windows\system32\dllcache\icam4usb.sys
2011-03-27 14:14:19 61952 ----a-w- c:\windows\system32\dllcache\icam4ext.dll
2011-03-27 14:14:15 91136 ----a-w- c:\windows\system32\dllcache\icam4com.dll
2011-03-27 14:14:12 26624 ----a-w- c:\windows\system32\dllcache\icam3ext.dll
2011-03-27 14:14:08 141056 ----a-w- c:\windows\system32\dllcache\icam3.sys
2011-03-27 14:14:05 38528 ----a-w- c:\windows\system32\dllcache\ibmvcap.sys
2011-03-27 14:14:02 109085 ----a-w- c:\windows\system32\dllcache\ibmtrp.sys
2011-03-27 14:12:59 391199 ----a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2011-03-27 14:11:58 89088 ----a-w- c:\windows\system32\dllcache\hpgt33.dll
2011-03-27 14:10:54 92160 ----a-w- c:\windows\system32\dllcache\fuusd.dll
2011-03-27 14:09:54 45568 ----a-w- c:\windows\system32\dllcache\esunib.dll
2011-03-27 14:08:59 19996 ----a-w- c:\windows\system32\dllcache\em556n4.sys
2011-03-27 14:07:59 952007 ----a-w- c:\windows\system32\dllcache\diwan.sys
2011-03-27 14:06:53 117760 ----a-w- c:\windows\system32\dllcache\d100ib5.sys
2011-03-27 14:05:59 91264 ----a-w- c:\windows\system32\dllcache\cirrus.dll
2011-03-27 14:04:43 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-03-27 14:03:59 36096 ----a-w- c:\windows\system32\dllcache\avcaudio.sys
2011-03-27 14:02:59 6272 ----a-w- c:\windows\system32\dllcache\apmbatt.sys
2011-03-27 14:01:48 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-03-27 00:45:17 -------- d-----w- C:\TDSSKiller_Quarantine
2011-03-26 05:23:48 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-26 04:48:09 -------- d-----w- c:\docume~1\robert~1\applic~1\Malwarebytes
2011-03-26 02:59:31 -------- d-----w- c:\program files\AVAST Software
2011-03-26 02:59:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
2011-03-26 02:36:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-26 02:36:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-26 02:36:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-26 02:36:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-04-19 14:13:54 1901 ----a-w- c:\windows\panose.bin
2011-03-22 04:30:32 31728 ----a-w- c:\windows\dbrmdwb.exe
2011-03-22 04:30:32 26 ----a-w- c:\windows\dbrmdwb.bat
2011-03-22 04:30:31 245840 ----a-w- c:\windows\system32\DNLEng.dll
2011-03-22 04:30:30 2327704 ----a-w- c:\windows\dbplugin.ocx
2011-03-22 04:30:29 894616 ----a-w- c:\windows\dbplugin.exe
2011-03-22 04:30:26 2179072 ----a-w- c:\windows\npdbplug.dll
2011-03-15 15:52:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-15 15:52:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-15 03:20:06 297285 ----a-w- c:\windows\system32\shimg.dll
2011-02-18 23:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2006-05-03 19:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 20:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 22:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
.
============= FINISH: 22:46:54.50 ===============

The ARK file wouldn't post because it was too large (8MB), so I zipped it up - but it was still too big to upload at 472 KB. What should I do?

GMER seemed to complete successfully, but it threw this error message:
Windows Script Host
Script: C:\Documents and Settings\Robert Weil\Local Settings\Temp\MSGB.PIF
Line: 3
Char: 1
Error: The specified module cannot be found
Code: 8007007E
Source: (null)

Attached File  Attach.txt   7.25KB   1 downloads

Thanks for any help you can provide!

Bob

Sorry, also have this log run a few days ago indicating a browser hijacker:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/20/2011 at 08:14 AM

Application Version : 4.50.1002

Core Rules Database Version : 6688
Trace Rules Database Version: 4500

Scan type : Complete Scan
Total Scan Time : 01:32:22

Memory items scanned : 729
Memory threats detected : 0
Registry items scanned : 9511
Registry threats detected : 10
File items scanned : 32764
File threats detected : 3

Adware.Tracking Cookie
C:\Documents and Settings\Robert Weil\Cookies\robert weil@atdmt[2].txt
C:\Documents and Settings\Robert Weil\Cookies\robert weil@at.atwola[1].txt
content.oddcast.com [ C:\Documents and Settings\Robert Weil\Application Data\Macromedia\Flash Player\#SharedObjects\BWWK76UP ]

Browser Hijacker.Tubby
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#URLInfoAbout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#EstimatedSize

Here is a screen cap of the report from GMER (in the program window) showing a portion of the only "red" stretch of entries (all Mozilla).

Attached File  GMER_screen-cap2.png   16.67KB   5 downloads

Merged 3 posts. ~ OB

Update -

Thanks for consolidating my earlier posts!

System froze, forcing a reboot. Windows spent at least 2 hours cleaning up corrupted/fragmented files. Was afraid it was erasing the entire disk. Presumably, SuperAntiSpyware removed what it had found once the computer restarted.

And, a couple of programs "went away" -
* Outlook - The icon is still associated with the program, and the window briefly flashes open, but I get this error message: "Cannot start Microsoft Office Outlook. Unable to open the Outlook window. The set of folders could not be opened. The server is not available. Contact your administrator if this condition persists." Unless you have a suggestion, will probably try to reinstall from my ShadowProtect disk image.
* Firefox - directory entirely gone (reinstalled, and miraculously, all my bookmarks and add-ons were present and working properly, even my stored passwords)

...both of which were open when my system froze.

Still have Acrobat trying to install itself anytime I open a new window to explore the harddrive.

Re-ran GMER, and it did NOT find a rootkit this time - attached is the (much shorter) log file.

Ran MalwareBytes and SpyBot as well as SuperAntiSpyware and nothing came up on full scans of the boot drive.

Thanks in advance for any help you can provide.

Bob

D'oh, what am I thinking? Of course I need to rerun DDS for you.

Below and the attached show the results:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Robert Weil at 8:06:35.22 on Wed 04/27/2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_24
.
============== Running Processes ===============
.
C:\Program Files\WTouch\WTouchService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nlssrv32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\StorageCraft\ImageManager\ImageManager.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\vsnapvss.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\upgrade.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\calc.exe
C:\Documents and Settings\Robert Weil\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k Akamai
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: PCTools Site Guard: {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - c:\progra~1\spywar~1\tools\iesdsg.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D593DE91-7B41-45C2-830E-E9A99AB142AA} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {E69657FF-19AC-4849-BF35-91243EEF1687} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Snte] "c:\windows\system32\sks~1\msconfig.exe" -vt ndrv
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
uRun: [SUPERAntiSpyware] "e:\program files\superantispyware\SUPERAntiSpyware.exe"
mRun: [hpWirelessAssistant] "c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe"
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QlbCtrl] "c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [NeroFilterCheck] "c:\program files\common files\ahead\lib\NeroCheck.exe"
mRun: [TotalRecorderScheduler] "c:\program files\highcriteria\totalrecorder\TotRecSched.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [DXDllRegExe] c:\windows\system32\dxdllreg.exe
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [dvd43] "c:\program files\dvd43\dvd43_tray.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [MSConfig] "c:\windows\pchealth\helpctr\binaries\MSConfig.exe" /auto
mRun: [Nikon Message Center 2] "c:\program files\nikon\nikon message center 2\NkMC2.exe" -s
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] "nwiz.exe" /installquiet /nodetect
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Namo SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263530833636
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: cryptnet32 - cryptnet32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\robert~1\applic~1\mozilla\firefox\profiles\1ie5u3vs.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - component: c:\documents and settings\robert weil\application data\mozilla\firefox\profiles\1ie5u3vs.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
.
============= SERVICES / DRIVERS ===============
.
R? AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9
R? Lavasoft Kernexplorer;Lavasoft helper driver
R? Mdno50;Mdno50
R? SASENUM;SASENUM
R? scsiscan;SCSI Scanner Driver
R? SWVNIC;SonicWALL Virtual Miniport
S? aawservice;Ad-Aware 2007 Service
S? Akamai;Akamai NetSession Interface
S? IKFileSec;File Security Driver
S? IKSysFlt;System Filter Driver
S? IKSysSec;System Security Driver
S? Lbd;Lbd
S? nlsX86cc;Nalpeiron Licensing Service
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? sbmount;StorageCraft Image Mount Driver
S? sdAuxService;PC Tools Auxiliary Service
S? sdCoreService;PC Tools Security Service
S? ShadowProtectSvc;ShadowProtect Service
S? stcvsm;stcvsm
S? StorageCraft Image Manager;StorageCraft Image Manager
S? SWGVCSvc;SonicWALL Global VPN Client Service
S? SWIPsec;SonicWALL IPsec Driver
S? TabletServicePen;TabletServicePen
S? TabletServiceWacom;TabletServiceWacom
S? VSNAPVSS;StorageCraft Shadow Copy Provider
S? WebrootSpySweeperService;Webroot Spy Sweeper Engine
S? WTouchService;WTouch Service
.
=============== Created Last 30 ================
.
2011-04-27 13:37:56 121856 ----a-w- c:\windows\system\xmllite.dll
2011-04-26 01:16:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-25 14:33:00 44544 ----a-r- c:\windows\system32\MSXML4a.dll
2011-04-25 14:33:00 1230336 ----a-r- c:\windows\system32\MSXML4.dll
2011-04-25 14:29:04 -------- d-sh--w- C:\found.000
2011-04-14 05:39:36 -------- d-----w- c:\program files\Sony
2011-04-14 05:38:53 -------- d-----w- c:\program files\Sony Setup
2011-04-09 02:45:55 -------- d-----w- c:\program files\Search Toolbar
2011-04-09 02:45:54 -------- d-----w- c:\program files\YTD Setup
2011-04-09 02:43:09 -------- d-----w- c:\program files\eRightSoft
2011-04-06 04:23:27 -------- dc----w- c:\docume~1\alluse~1\applic~1\{FE41BDC7-CD33-4350-8A15-26EFBE20A0FE}
2011-04-03 23:03:57 -------- d-----w- c:\program files\SystemRequirementsLab
2011-04-03 22:13:39 180224 ----a-w- c:\windows\system32\nvudisp.exe
2011-03-29 11:53:12 -------- d-----w- c:\program files\iPod
2011-03-29 11:53:06 -------- d-----w- c:\program files\iTunes
2011-03-29 11:46:56 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-03-29 11:46:56 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-03-29 11:46:56 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-03-29 11:46:56 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-03-29 11:46:56 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-03-29 11:46:56 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-03-29 11:46:56 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-03-29 05:36:08 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
.
==================== Find3M ====================
.
2011-04-26 01:15:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-19 14:13:54 1901 ----a-w- c:\windows\panose.bin
2011-03-27 15:39:59 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2011-03-22 04:30:32 31728 ----a-w- c:\windows\dbrmdwb.exe
2011-03-22 04:30:32 26 ----a-w- c:\windows\dbrmdwb.bat
2011-03-22 04:30:31 245840 ----a-w- c:\windows\system32\DNLEng.dll
2011-03-22 04:30:30 2327704 ----a-w- c:\windows\dbplugin.ocx
2011-03-22 04:30:29 894616 ----a-w- c:\windows\dbplugin.exe
2011-03-22 04:30:26 2179072 ----a-w- c:\windows\npdbplug.dll
2011-03-15 03:20:06 297285 ----a-w- c:\windows\system32\shimg.dll
2011-02-18 23:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2006-05-03 19:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 20:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 22:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
.
============= FINISH: 8:08:47.94 ===============

Merged 2 more posts to the previously merged 3. ~ OB

Attached Files


Edited by Orange Blossom, 27 April 2011 - 04:14 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:59 AM

Posted 02 May 2011 - 11:28 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 SoCalBob55

SoCalBob55
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 03 May 2011 - 08:18 PM

Thanks for the reply, Orange Blossum - I was starting to give up hope!

I think I may have licked the problem myself, I'm not having any of the previous symptoms.

Here is the log file for DDS. I can't upload the ark.txt or the attach.txt, even though they are only about 8K each.

Can you increase my file size limit?

Thanks.

BW

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Robert Weil at 5:44:08.07 on Tue 05/03/2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_24
.
============== Running Processes ===============
.
C:\Program Files\WTouch\WTouchService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nlssrv32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
C:\Program Files\StorageCraft\ImageManager\ImageManager.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\vsnapvss.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spyware Doctor\upgrade.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\calc.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Robert Weil\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: PCTools Site Guard: {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - c:\progra~1\spywar~1\tools\iesdsg.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D593DE91-7B41-45C2-830E-E9A99AB142AA} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: {E69657FF-19AC-4849-BF35-91243EEF1687} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Snte] "c:\windows\system32\sks~1\msconfig.exe" -vt ndrv
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
uRun: [SUPERAntiSpyware] "e:\program files\superantispyware\SUPERAntiSpyware.exe"
mRun: [hpWirelessAssistant] "c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe"
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QlbCtrl] "c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [NeroFilterCheck] "c:\program files\common files\ahead\lib\NeroCheck.exe"
mRun: [TotalRecorderScheduler] "c:\program files\highcriteria\totalrecorder\TotRecSched.exe"
mRun: [DXDllRegExe] c:\windows\system32\dxdllreg.exe
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [dvd43] "c:\program files\dvd43\dvd43_tray.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [MSConfig] "c:\windows\pchealth\helpctr\binaries\MSConfig.exe" /auto
mRun: [Nikon Message Center 2] "c:\program files\nikon\nikon message center 2\NkMC2.exe" -s
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] "nwiz.exe" /installquiet /nodetect
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Namo SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263530833636
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: cryptnet32 - cryptnet32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\robert~1\applic~1\mozilla\firefox\profiles\1ie5u3vs.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - component: c:\documents and settings\robert weil\application data\mozilla\firefox\profiles\1ie5u3vs.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
.
============= SERVICES / DRIVERS ===============
.
R? AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9
R? Lavasoft Kernexplorer;Lavasoft helper driver
R? Mdno50;Mdno50
R? SASENUM;SASENUM
R? scsiscan;SCSI Scanner Driver
R? SWVNIC;SonicWALL Virtual Miniport
S? aawservice;Ad-Aware 2007 Service
S? IKFileSec;File Security Driver
S? IKSysFlt;System Filter Driver
S? IKSysSec;System Security Driver
S? Lbd;Lbd
S? nlsX86cc;Nalpeiron Licensing Service
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? sbmount;StorageCraft Image Mount Driver
S? sdAuxService;PC Tools Auxiliary Service
S? sdCoreService;PC Tools Security Service
S? ShadowProtectSvc;ShadowProtect Service
S? stcvsm;stcvsm
S? StorageCraft Image Manager;StorageCraft Image Manager
S? SWGVCSvc;SonicWALL Global VPN Client Service
S? SWIPsec;SonicWALL IPsec Driver
S? TabletServicePen;TabletServicePen
S? TabletServiceWacom;TabletServiceWacom
S? VSNAPVSS;StorageCraft Shadow Copy Provider
S? WebrootSpySweeperService;Webroot Spy Sweeper Engine
S? WTouchService;WTouch Service
.
=============== Created Last 30 ================
.
2011-04-28 03:58:17 -------- d-----w- c:\program files\SpywareBlaster
2011-04-27 13:37:56 121856 ----a-w- c:\windows\system\xmllite.dll
2011-04-26 01:16:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-25 14:33:00 44544 ----a-r- c:\windows\system32\MSXML4a.dll
2011-04-25 14:33:00 1230336 ----a-r- c:\windows\system32\MSXML4.dll
2011-04-25 14:29:04 -------- d-sh--w- C:\found.000
2011-04-14 05:39:36 -------- d-----w- c:\program files\Sony
2011-04-14 05:38:53 -------- d-----w- c:\program files\Sony Setup
2011-04-09 02:45:54 -------- d-----w- c:\program files\YTD Setup
2011-04-09 02:43:09 -------- d-----w- c:\program files\eRightSoft
2011-04-06 04:23:27 -------- dc----w- c:\docume~1\alluse~1\applic~1\{FE41BDC7-CD33-4350-8A15-26EFBE20A0FE}
2011-04-03 23:03:57 -------- d-----w- c:\program files\SystemRequirementsLab
2011-04-03 22:13:39 180224 ----a-w- c:\windows\system32\nvudisp.exe
.
==================== Find3M ====================
.
2011-04-26 01:15:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-19 14:13:54 1901 ----a-w- c:\windows\panose.bin
2011-03-27 15:39:59 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2011-03-22 04:30:32 31728 ----a-w- c:\windows\dbrmdwb.exe
2011-03-22 04:30:32 26 ----a-w- c:\windows\dbrmdwb.bat
2011-03-22 04:30:31 245840 ----a-w- c:\windows\system32\DNLEng.dll
2011-03-22 04:30:30 2327704 ----a-w- c:\windows\dbplugin.ocx
2011-03-22 04:30:29 894616 ----a-w- c:\windows\dbplugin.exe
2011-03-22 04:30:26 2179072 ----a-w- c:\windows\npdbplug.dll
2011-03-15 03:20:06 297285 ----a-w- c:\windows\system32\shimg.dll
2011-02-18 23:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2006-05-03 19:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 20:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 22:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
.
============= FINISH: 5:45:23.07 ===============

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:59 AM

Posted 07 May 2011 - 02:04 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Sorry about the wait. I can see how things have progressed positively to the stage you are at but the latest DDS isn't quite providing the information I need. Please run a similar but more powerful scanner OTL

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#5 SoCalBob55

SoCalBob55
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 07 May 2011 - 04:39 PM

Thanks!

But it's been nearly a week since the last person responded. Can you also plan to respond within 3 days?

OTL did not generate an Extras.txt notepad file, just the OTL, which is below:

OTL logfile created on: 5/7/2011 1:56:38 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Robert Weil\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 83.12 Gb Total Space | 4.78 Gb Free Space | 5.76% Space Free | Partition Type: NTFS
Drive E: | 4.63 Gb Total Space | 2.30 Gb Free Space | 49.65% Space Free | Partition Type: NTFS
Drive F: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 465.65 Gb Total Space | 38.45 Gb Free Space | 8.26% Space Free | Partition Type: FAT32
Drive J: | 14.90 Gb Total Space | 10.01 Gb Free Space | 67.20% Space Free | Partition Type: FAT32
Drive O: | 930.86 Gb Total Space | 68.11 Gb Free Space | 7.32% Space Free | Partition Type: NTFS
Drive P: | 698.63 Gb Total Space | 314.65 Gb Free Space | 45.04% Space Free | Partition Type: NTFS

Computer Name: BOBSLAPTOP | User Name: Robert Weil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Robert Weil\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\system32\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\WINDOWS\system32\vsnapvss.exe (StorageCraft Technology Corporation)
PRC - C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe (StorageCraft Technology Corporation)
PRC - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\StorageCraft\ImageManager\ImageManager.exe (StorageCraft Technology Corporation)
PRC - C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\WTouch\WTouchUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe (SonicWALL, Inc.)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\Upgrade.exe (PC Tools)
PRC - C:\Program Files\dvd43\DVD43_Tray.exe ()
PRC - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe (High Criteria inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
PRC - C:\Program Files\HPQ\Shared\HpqToaster.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\sndvol32.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Robert Weil\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Spyware Doctor\klg.dat (PC Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AdobeActiveFileMonitor9.0) -- File not found
SRV - (nlsX86cc) -- C:\WINDOWS\system32\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (VSNAPVSS) -- C:\WINDOWS\system32\vsnapvss.exe (StorageCraft Technology Corporation)
SRV - (ShadowProtectSvc) -- C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe (StorageCraft Technology Corporation)
SRV - (StorageCraft Image Manager) -- C:\Program Files\StorageCraft\ImageManager\ImageManager.exe (StorageCraft Technology Corporation)
SRV - (TabletServiceWacom) -- C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
SRV - (TabletServicePen) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (SWGVCSvc) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe (SonicWALL, Inc.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc.)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
SRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
SRV - (ATMsrvc) -- C:\WINDOWS\system32\ATMsrvc.exe (Adobe Systems Incorporated)


========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (stcvsm) -- C:\WINDOWS\System32\drivers\stcvsm.sys (StorageCraft Technology Corporation)
DRV - (sbmount) -- C:\WINDOWS\System32\drivers\sbmount.sys (StorageCraft Technology Corporation)
DRV - (SASKUTIL) -- E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- E:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- E:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (SWIPsec) -- C:\WINDOWS\system32\drivers\SWIPsec.sys (SonicWALL, Inc.)
DRV - (SWVNIC) -- C:\WINDOWS\system32\drivers\SWVNIC.sys (SonicWALL, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (IKSysSec) -- C:\WINDOWS\system32\drivers\iksyssec.sys (PCTools Research Pty Ltd.)
DRV - (IKSysFlt) -- C:\WINDOWS\system32\drivers\iksysflt.sys (PCTools Research Pty Ltd.)
DRV - (IKFileSec) -- C:\WINDOWS\system32\drivers\ikfilesec.sys (PCTools Research Pty Ltd.)
DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
DRV - (SSIDRV) -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS (Webroot Software Inc (www.webroot.com))
DRV - (SSHRMD) -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS (Webroot Software Inc (www.webroot.com))
DRV - (SSFS0BB9) -- C:\WINDOWS\SYSTEM32\Drivers\SSFS0BB9.SYS (Webroot Software Inc (www.webroot.com))
DRV - (HPFXBULK) -- C:\WINDOWS\system32\drivers\hpfxbulk.sys (Hewlett Packard)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)
DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (RMCAST) -- C:\WINDOWS\system32\drivers\RMCast.sys (Microsoft Corporation)
DRV - (MQAC) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (scsiscan) -- C:\WINDOWS\system32\drivers\scsiscan.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=ZUGO&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=ZUGO&form=ZGAADF&q="

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/12/12 13:15:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011/04/25 18:16:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/25 17:52:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2009/01/17 13:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert Weil\Application Data\Mozilla\Extensions
[2009/01/17 13:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert Weil\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/04/27 21:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert Weil\Application Data\Mozilla\Firefox\Profiles\1ie5u3vs.default\extensions
[2011/04/25 18:05:17 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Robert Weil\Application Data\Mozilla\Firefox\Profiles\1ie5u3vs.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011/04/03 16:17:25 | 000,000,000 | ---D | M] (HP Detect) -- C:\Documents and Settings\Robert Weil\Application Data\Mozilla\Firefox\Profiles\1ie5u3vs.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011/04/25 17:53:07 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Robert Weil\Application Data\Mozilla\Firefox\Profiles\1ie5u3vs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/23 08:02:23 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Robert Weil\Application Data\Mozilla\Firefox\Profiles\1ie5u3vs.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/01/17 13:14:53 | 000,000,000 | ---D | M] (Aardvark) -- C:\Documents and Settings\Robert Weil\Application Data\Mozilla\Firefox\Profiles\1ie5u3vs.default\extensions\aardvark@rob.brown
[2011/04/08 19:46:01 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Application Data\Mozilla\Firefox\Profiles\1ie5u3vs.default\searchplugins\bing-zugo.xml
[2011/04/25 18:16:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/25 17:52:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/04/25 18:16:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ROBERT WEIL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1IE5U3VS.DEFAULT\EXTENSIONS\UNDOCLOSEDTABSBUTTON@SUPERNOVA00.BIZ.XPI
[2011/04/25 18:16:01 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/18 10:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 01:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 01:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/01 01:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/01 01:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/01 01:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2007/12/17 06:43:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program Files\Spyware Doctor\tools\iesdsg.dll (PC Tools)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe ()
O4 - HKLM..\Run: [DXDllRegExe] File not found
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [ISUSPM Startup] File not found
O4 - HKLM..\Run: [ISUSScheduler] File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxioEngineUtility] C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe (Roxio)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe (High Criteria inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] File not found
O4 - HKCU..\Run: [ISUSScheduler] File not found
O4 - HKCU..\Run: [Snte] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnceEx: [Register Homesite+.exe] C:\Program Files\Macromedia\HomeSite+\Homesite+.exe (Macromedia, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O4 - Startup: C:\Documents and Settings\Robert Weil\Start Menu\Programs\StartUp\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Robert Weil\Start Menu\Programs\StartUp\OpenOffice.org 3.3.lnk = File not found
O4 - Startup: C:\Documents and Settings\Robert Weil\Start Menu\Programs\StartUp\WePrint Server.lnk = C:\WePrint\WePrint Server.exe (EuroSmartz Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Namo SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263530833636 (WUWebControl Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\Hp\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet32: DllName - cryptnet32.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Robert Weil\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robert Weil\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/02 21:10:48 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 14:12:18 | 000,000,088 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008/01/22 15:55:48 | 000,000,000 | ---D | M] - I:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2007/05/18 10:37:12 | 000,000,069 | RH-- | M] () - I:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/09/08 23:39:55 | 000,000,000 | -H-D | M] - P:\autorun -- [ NTFS ]
O32 - AutoRun File - [2010/09/08 01:44:18 | 000,000,036 | -H-- | M] () - P:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{95e58044-a66d-11dc-9ab0-001302be8cfd}\Shell - "" = AutoRun
O33 - MountPoints2\{95e58044-a66d-11dc-9ab0-001302be8cfd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{95e58044-a66d-11dc-9ab0-001302be8cfd}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\wd_windows_tools\Setup.exe -- [2007/06/26 12:02:12 | 000,212,992 | ---- | M] (Western Digital Technologies, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/07 00:46:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Photomatix Pro 4.0
[2011/05/07 00:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\PhotomatixPro4
[2011/05/04 05:49:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert Weil\Local Settings\Application Data\Temp
[2011/04/27 20:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/04/27 20:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/04/27 08:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert Weil\Desktop\Bleeping
[2011/04/27 06:37:56 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\xmllite.dll
[2011/04/27 06:34:54 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Robert Weil\Desktop\xmllite.dll
[2011/04/26 20:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert Weil\Start Menu\Programs\Handbrake
[2011/04/25 18:16:18 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/25 18:16:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/25 18:16:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/25 18:16:18 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/25 17:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/04/25 17:48:24 | 012,580,112 | ---- | C] (Mozilla) -- C:\Documents and Settings\Robert Weil\Desktop\Firefox Setup 4.0.exe
[2011/04/25 07:33:00 | 000,044,544 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSXML4a.dll
[2011/04/25 07:29:04 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/04/24 19:45:42 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Robert Weil\Desktop\setup-spybotsd162.exe
[2011/04/23 08:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert Weil\Desktop\LicenseCrawler
[2011/04/14 20:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert Weil\My Documents\shaked
[2011/04/13 22:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2011/04/13 22:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Setup
[2011/04/08 19:47:15 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2011/04/08 19:47:15 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2011/04/08 19:47:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPER © - by eRightSoft
[2011/04/08 19:47:14 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2011/04/08 19:47:14 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2011/04/08 19:47:14 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2011/04/08 19:47:14 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2011/04/08 19:47:14 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2011/04/08 19:47:14 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2011/04/08 19:47:14 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2011/04/08 19:47:14 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2011/04/08 19:47:14 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2011/04/08 19:47:14 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2011/04/08 19:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\YTD Setup
[2011/04/08 19:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2008/09/03 20:02:52 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/07 02:00:01 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-BOBSLAPTOP-Robert Weil.job
[2011/05/07 00:46:16 | 000,001,661 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Desktop\Photomatix Pro 4.0.2 (32-bit).lnk
[2011/05/06 22:26:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/06 21:28:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/06 19:16:35 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/05 20:17:41 | 000,002,048 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Application Data\A&I Book Creator Prefs
[2011/05/05 18:44:08 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2011/05/04 05:46:37 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/04/29 06:37:52 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/04/29 06:36:16 | 008,708,856 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/29 06:32:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/29 06:31:52 | 2145,505,280 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/29 06:22:26 | 000,000,378 | ---- | M] () -- C:\WINDOWS\System32\Wacom_Tablet.dat
[2011/04/28 20:55:38 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\prismShakeIcon.job
[2011/04/27 20:58:19 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Desktop\SpywareBlaster.lnk
[2011/04/27 07:24:42 | 001,202,165 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Desktop\MTWebDesign_Layout 1.pdf
[2011/04/27 06:34:55 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System\xmllite.dll
[2011/04/27 06:34:55 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Robert Weil\Desktop\xmllite.dll
[2011/04/26 20:18:53 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Desktop\Handbrake.lnk
[2011/04/25 18:15:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/04/25 18:15:59 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/25 18:15:59 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/25 18:15:59 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/25 18:15:59 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/25 18:02:33 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Desktop\Mozilla Firefox (2).lnk
[2011/04/25 17:52:14 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/25 17:48:24 | 012,580,112 | ---- | M] (Mozilla) -- C:\Documents and Settings\Robert Weil\Desktop\Firefox Setup 4.0.exe
[2011/04/24 19:48:20 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/24 19:48:19 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Desktop\Spybot - Search & Destroy.lnk
[2011/04/24 19:46:29 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Robert Weil\Desktop\setup-spybotsd162.exe
[2011/04/24 19:42:37 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/23 22:39:42 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Desktop\dds.scr
[2011/04/23 22:26:30 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Desktop\Defogger.exe
[2011/04/23 08:52:52 | 000,145,457 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Desktop\licensecrawler.zip
[2011/04/23 08:35:30 | 001,862,837 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Desktop\bookmarks.html
[2011/04/22 17:51:37 | 001,873,239 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Desktop\dixmlsetup.exe
[2011/04/21 23:11:29 | 000,000,230 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/19 07:15:00 | 000,282,868 | R--- | M] () -- C:\Documents and Settings\Robert Weil\Desktop\WEILBOB-2011Estimates.pdf
[2011/04/19 07:13:54 | 000,001,901 | ---- | M] () -- C:\WINDOWS\panose.bin
[2011/04/19 07:11:56 | 000,000,198 | ---- | M] () -- C:\WINDOWS\QTW.INI
[2011/04/12 18:34:15 | 000,002,275 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CameraBag.lnk
[2011/04/08 19:47:15 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/07 00:46:16 | 000,001,661 | ---- | C] () -- C:\Documents and Settings\Robert Weil\Desktop\Photomatix Pro 4.0.2 (32-bit).lnk
[2011/05/04 05:46:36 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/04 05:46:36 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/04/29 06:31:52 | 2145,505,280 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/28 21:28:58 | 000,282,868 | R--- | C] () -- C:\Documents and Settings\Robert Weil\Desktop\WEILBOB-2011Estimates.pdf
[2011/04/28 20:55:38 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\prismShakeIcon.job
[2011/04/27 20:58:19 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Robert Weil\Desktop\SpywareBlaster.lnk
[2011/04/27 07:24:40 | 001,202,165 | ---- | C] () -- C:\Documents and Settings\Robert Weil\Desktop\MTWebDesign_Layout 1.pdf
[2011/04/25 18:02:33 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Robert Weil\Desktop\Mozilla Firefox (2).lnk
[2011/04/25 17:52:14 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/04/23 22:39:40 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Robert Weil\Desktop\dds.scr
[2011/04/23 22:26:29 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Robert Weil\Desktop\Defogger.exe
[2011/04/23 08:52:42 | 000,145,457 | ---- | C] () -- C:\Documents and Settings\Robert Weil\Desktop\licensecrawler.zip
[2011/04/23 08:35:24 | 001,862,837 | ---- | C] () -- C:\Documents and Settings\Robert Weil\Desktop\bookmarks.html
[2011/04/22 17:51:21 | 001,873,239 | ---- | C] () -- C:\Documents and Settings\Robert Weil\Desktop\dixmlsetup.exe
[2011/04/08 19:47:15 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[2011/04/08 19:47:14 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2011/04/08 19:47:14 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2011/04/08 19:47:14 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2011/04/08 19:47:14 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2011/04/08 19:47:14 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2011/04/08 19:47:14 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2011/04/08 19:47:14 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2011/04/08 19:47:14 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2011/03/26 19:11:18 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/21 21:30:31 | 000,245,840 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll
[2011/03/21 21:30:29 | 000,894,616 | ---- | C] () -- C:\WINDOWS\dbplugin.exe
[2010/12/23 07:24:46 | 000,316,928 | ---- | C] () -- C:\WINDOWS\System32\HDREfexProFC32.dll
[2010/11/22 21:53:25 | 000,297,285 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2010/11/04 20:21:39 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/06/21 21:25:12 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Jingles
[2010/06/21 21:25:12 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Robert Weil\Application Data\Internet Services
[2010/06/21 21:25:12 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
[2010/06/21 21:25:12 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sound Effects
[2010/06/21 21:25:11 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Kernel Extension
[2010/06/21 21:25:11 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Robert Weil\Application Data\Iterate Items
[2010/06/21 21:25:11 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Soundtrack
[2010/06/21 21:14:04 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2010/06/09 19:54:53 | 000,020,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\V36QQ
[2010/06/03 20:23:05 | 000,020,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Q12PL
[2010/02/20 22:29:09 | 000,000,378 | ---- | C] () -- C:\WINDOWS\System32\Wacom_Tablet.dat
[2009/11/08 18:22:23 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw54.bin
[2009/11/08 17:48:31 | 000,000,623 | R--- | C] () -- C:\WINDOWS\System32\hppapr10.dat
[2009/11/08 17:43:53 | 000,169,352 | ---- | C] () -- C:\WINDOWS\hppins10.dat
[2009/11/08 17:43:52 | 000,005,186 | ---- | C] () -- C:\WINDOWS\hppmdl10.dat
[2009/08/17 07:16:44 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\Robert Weil\Application Data\A&I Book Creator Prefs
[2009/08/01 09:02:44 | 000,123,131 | ---- | C] () -- C:\WINDOWS\HPHins12.dat
[2009/08/01 09:02:44 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat
[2009/08/01 09:02:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/01/03 21:27:30 | 000,000,023 | ---- | C] () -- C:\WINDOWS\SWFDecompiler.INI
[2008/09/03 20:02:57 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\utility3.dll
[2008/09/03 20:02:57 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2008/09/03 20:02:53 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[2008/09/03 20:02:53 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[2008/09/03 20:02:52 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2008/06/26 21:18:38 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/06/26 21:18:38 | 000,002,551 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008/05/15 21:33:14 | 000,104,553 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2008/05/15 21:33:14 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2008/03/03 22:03:02 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2007/10/27 15:58:18 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2007/10/27 15:58:18 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2007/10/27 12:44:17 | 000,026,480 | ---- | C] () -- C:\WINDOWS\System32\wrlzma.dll
[2007/10/27 12:42:28 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\islzma.dll
[2007/10/16 20:55:36 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\jesterrun.dll
[2007/10/16 20:54:27 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2007/08/13 20:24:22 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/05/10 20:36:28 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2007/05/10 20:36:28 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2007/05/10 20:36:28 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2007/05/10 20:36:28 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2007/05/10 20:36:28 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/05/10 20:36:27 | 000,471,552 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/03/10 21:00:28 | 000,001,901 | ---- | C] () -- C:\WINDOWS\panose.bin
[2007/03/10 20:58:20 | 000,000,198 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/01/17 22:49:53 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/06 08:54:18 | 000,001,414 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/12/06 08:51:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/04 18:20:12 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Robert Weil\Application Data\$_hpcst$.hpc
[2006/10/10 14:17:27 | 000,000,452 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2006/09/30 13:27:22 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2006/09/30 13:27:22 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2006/09/30 13:27:22 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2006/09/30 13:27:22 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2006/09/09 22:13:19 | 000,000,039 | ---- | C] () -- C:\WINDOWS\buZZP3lic.dll
[2006/09/08 21:00:45 | 000,000,277 | ---- | C] () -- C:\WINDOWS\ImageInc.ini
[2006/08/25 15:56:43 | 000,219,908 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2006/08/20 23:59:04 | 000,271,264 | ---- | C] () -- C:\WINDOWS\VBRUN100.DLL
[2006/08/20 17:54:26 | 000,000,086 | ---- | C] () -- C:\WINDOWS\fontmix.ini
[2006/08/20 16:02:50 | 000,000,930 | ---- | C] () -- C:\WINDOWS\fontog35.ini
[2006/08/20 07:37:13 | 008,708,856 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/19 21:08:49 | 000,000,230 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/08/19 18:17:58 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\Robert Weil\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/19 18:15:19 | 000,458,822 | ---- | C] () -- C:\WINDOWS\System32\AutoEye.dll
[2006/08/19 17:48:47 | 000,086,304 | ---- | C] () -- C:\WINDOWS\RHVIDEO.DLL
[2006/08/19 15:45:57 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\qttask.exe
[2006/08/19 15:13:18 | 000,000,278 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2006/08/19 14:56:44 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2006/08/19 14:08:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\unlite3.exe
[2006/08/19 14:07:56 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\lang_cfml.dll
[2006/08/19 14:07:56 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\xml_datagrove.dll
[2006/08/19 12:40:18 | 000,042,483 | ---- | C] () -- C:\WINDOWS\ICCCODES.DAT
[2006/08/19 12:40:18 | 000,039,095 | ---- | C] () -- C:\WINDOWS\Iccsigs.dat
[2006/08/19 12:40:18 | 000,000,156 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/08/19 12:40:10 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/08/18 17:41:27 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Robert Weil\Local Settings\Application Data\fusioncache.dat
[2006/05/17 01:12:20 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/05/17 01:10:01 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/05/17 01:10:01 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/05/17 00:53:20 | 000,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/17 00:51:37 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/05/16 22:33:16 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/05/16 22:33:16 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/05/16 22:33:16 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/05/16 22:33:16 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/05/16 22:33:16 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/05/16 22:33:16 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/05/16 22:33:15 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/05/16 22:33:15 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/05/16 22:33:15 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/27 09:54:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/03/27 09:54:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/27 09:23:14 | 000,087,268 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/03/27 09:18:52 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/27 09:15:14 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/27 09:05:02 | 000,421,586 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/03/27 09:05:02 | 000,074,240 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/03/27 08:57:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/03/27 08:54:34 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/27 16:51:36 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/12/02 11:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/24 14:32:44 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/04/27 21:22:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/04/27 21:22:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/08/04 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 14:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 14:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 14:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/13 12:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 14:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 14:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2000/12/13 21:09:58 | 000,000,385 | ---- | C] () -- C:\Program Files\file_id.diz
[2000/09/14 02:03:00 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT

========== LOP Check ==========

[2011/04/03 16:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/04/01 21:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2010/06/21 21:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/02/06 22:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Epson
[2011/03/15 21:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2006/09/17 16:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/05/15 19:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevercenter
[2011/01/06 19:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nik Software
[2010/12/24 10:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2008/03/02 21:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008/03/02 21:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2011/03/14 20:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/03/14 20:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2008/08/31 09:00:57 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\System Restore
[2011/05/07 10:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/21 21:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2007/10/29 19:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/09/04 18:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zabersoft
[2010/06/24 14:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/27 14:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/04/05 21:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{FE41BDC7-CD33-4350-8A15-26EFBE20A0FE}
[2009/08/17 07:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\A&I Book Creator
[2006/08/19 19:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Aim
[2008/01/20 16:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Amazon
[2010/04/01 21:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Avery
[2011/03/14 21:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/05/24 20:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Common Files
[2009/11/08 18:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\EPSON
[2011/05/06 23:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\fdrtools.com
[2006/11/30 22:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Filter Forge
[2010/03/14 01:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\FireShot
[2011/04/22 22:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\GetRightToGo
[2011/04/26 20:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\HandBrake
[2010/07/03 21:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\HDRsoft
[2006/10/17 19:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Keynote Systems
[2008/06/26 21:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\KIDASA
[2010/06/19 11:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Lasersoft Imaging
[2006/08/20 14:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Leadertech
[2006/10/27 14:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\muvee Technologies
[2009/07/02 06:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\NeatImage PS
[2009/02/16 08:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\NeatImage SL
[2006/08/20 16:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\NeoDownloader
[2011/04/05 21:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Netscape
[2010/10/27 18:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Nikon
[2011/03/15 09:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\OpenOffice.org
[2009/08/01 07:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Opera
[2009/08/15 12:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Picaboo
[2010/07/03 21:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Picturenaut
[2008/04/13 08:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\proDAD
[2011/04/03 16:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\SystemRequirementsLab
[2008/03/02 20:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Tiffen
[2007/01/11 09:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Viewpoint
[2009/09/26 21:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\WTouch
[2011/05/06 22:26:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/04/28 20:55:38 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\prismShakeIcon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEC0D766
@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:408F95E5
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:618D0840

< End of report >

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:59 AM

Posted 07 May 2011 - 05:31 PM

Can you also plan to respond within 3 days?


I respond daily so don't worry.


Let's start by rerunning OTL

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=ZUGO&form=ZGAADF&q="
O4 - HKLM..\Run: [DXDllRegExe] File not found
O4 - HKCU..\Run: [ISUSPM] File not found
O4 - HKCU..\Run: [ISUSScheduler] File not found
O4 - HKCU..\Run: [Snte] File not found
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEC0D766
@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:408F95E5
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:618D0840
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


I would also like you to run a second OTL scan and post the log.
Posted Image
m0le is a proud member of UNITE

#7 SoCalBob55

SoCalBob55
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 07 May 2011 - 07:46 PM

Thanks for being so responsive!

Here's the log - no restart required (although it closed Firefox for me):

========== OTL ==========
Prefs.js: searchtoolbar@zugo.com:1.2 removed from extensions.enabledItems
Prefs.js: "http://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DXDllRegExe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSScheduler deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Snte deleted successfully.
C:\WINDOWS\60BBBA8C42284700993DCCE483775F42.TMP\WiseCustomCall.dll deleted successfully.
C:\WINDOWS\60BBBA8C42284700993DCCE483775F42.TMP\WiseCustomCalla.dll deleted successfully.
C:\WINDOWS\60BBBA8C42284700993DCCE483775F42.TMP\WiseData.ini deleted successfully.
C:\WINDOWS\60BBBA8C42284700993DCCE483775F42.TMP folder deleted successfully.
C:\WINDOWS\DUMP8378.tmp deleted successfully.
C:\WINDOWS\system.tmp deleted successfully.
C:\WINDOWS\win.tmp deleted successfully.
C:\WINDOWS\System32\auusqddw.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET20C.tmp deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BEC0D766 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:408F95E5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:618D0840 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.22.3 log created on 05072011_173816

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:59 AM

Posted 07 May 2011 - 08:15 PM

Don't forget the second normal scan using OTL :)
Posted Image
m0le is a proud member of UNITE

#9 SoCalBob55

SoCalBob55
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 07 May 2011 - 09:23 PM

So sorry! Here it is:

OTL logfile created on: 5/7/2011 7:04:18 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Robert Weil\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 83.12 Gb Total Space | 5.10 Gb Free Space | 6.13% Space Free | Partition Type: NTFS
Drive E: | 4.63 Gb Total Space | 2.30 Gb Free Space | 49.65% Space Free | Partition Type: NTFS
Drive F: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 465.65 Gb Total Space | 38.45 Gb Free Space | 8.26% Space Free | Partition Type: FAT32
Drive J: | 14.90 Gb Total Space | 10.01 Gb Free Space | 67.20% Space Free | Partition Type: FAT32
Drive O: | 930.86 Gb Total Space | 68.11 Gb Free Space | 7.32% Space Free | Partition Type: NTFS
Drive P: | 698.63 Gb Total Space | 314.64 Gb Free Space | 45.04% Space Free | Partition Type: NTFS

Computer Name: BOBSLAPTOP | User Name: Robert Weil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Robert Weil\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\WINDOWS\system32\vsnapvss.exe (StorageCraft Technology Corporation)
PRC - C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe (StorageCraft Technology Corporation)
PRC - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\StorageCraft\ImageManager\ImageManager.exe (StorageCraft Technology Corporation)
PRC - C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\WTouch\WTouchUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe (SonicWALL, Inc.)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\Upgrade.exe (PC Tools)
PRC - C:\Program Files\dvd43\DVD43_Tray.exe ()
PRC - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe (High Criteria inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
PRC - C:\Program Files\HPQ\Shared\HpqToaster.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\sndvol32.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Robert Weil\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Spyware Doctor\klg.dat (PC Tools)
MOD - C:\WINDOWS\system32\BTNCopy.dll (Broadcom Corporation.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AdobeActiveFileMonitor9.0) -- File not found
SRV - (nlsX86cc) -- C:\WINDOWS\system32\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (VSNAPVSS) -- C:\WINDOWS\system32\vsnapvss.exe (StorageCraft Technology Corporation)
SRV - (ShadowProtectSvc) -- C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe (StorageCraft Technology Corporation)
SRV - (StorageCraft Image Manager) -- C:\Program Files\StorageCraft\ImageManager\ImageManager.exe (StorageCraft Technology Corporation)
SRV - (TabletServiceWacom) -- C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
SRV - (TabletServicePen) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (SWGVCSvc) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe (SonicWALL, Inc.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc.)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
SRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
SRV - (ATMsrvc) -- C:\WINDOWS\system32\ATMsrvc.exe (Adobe Systems Incorporated)


========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (stcvsm) -- C:\WINDOWS\System32\drivers\stcvsm.sys (StorageCraft Technology Corporation)
DRV - (sbmount) -- C:\WINDOWS\System32\drivers\sbmount.sys (StorageCraft Technology Corporation)
DRV - (SASKUTIL) -- E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- E:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- E:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (SWIPsec) -- C:\WINDOWS\system32\drivers\SWIPsec.sys (SonicWALL, Inc.)
DRV - (SWVNIC) -- C:\WINDOWS\system32\drivers\SWVNIC.sys (SonicWALL, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (IKSysSec) -- C:\WINDOWS\system32\drivers\iksyssec.sys (PCTools Research Pty Ltd.)
DRV - (IKSysFlt) -- C:\WINDOWS\system32\drivers\iksysflt.sys (PCTools Research Pty Ltd.)
DRV - (IKFileSec) -- C:\WINDOWS\system32\drivers\ikfilesec.sys (PCTools Research Pty Ltd.)
DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
DRV - (SSIDRV) -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS (Webroot Software Inc (www.webroot.com))
DRV - (SSHRMD) -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS (Webroot Software Inc (www.webroot.com))
DRV - (SSFS0BB9) -- C:\WINDOWS\SYSTEM32\Drivers\SSFS0BB9.SYS (Webroot Software Inc (www.webroot.com))
DRV - (HPFXBULK) -- C:\WINDOWS\system32\drivers\hpfxbulk.sys (Hewlett Packard)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)
DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (RMCAST) -- C:\WINDOWS\system32\drivers\RMCast.sys (Microsoft Corporation)
DRV - (MQAC) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (scsiscan) -- C:\WINDOWS\system32\drivers\scsiscan.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=ZUGO&form=ZGAPHP"

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/12/12 13:15:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011/04/25 18:16:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 17:39:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2009/01/17 13:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert Weil\Application Data\Mozilla\Extensions
[2009/01/17 13:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert Weil\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/04/27 21:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert Weil\Application Data\Mozilla\Firefox\Profiles\1ie5u3vs.default\extensions
[2011/04/25 18:05:17 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Robert Weil\Application Data\Mozilla\Firefox\Profiles\1ie5u3vs.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011/04/03 16:17:25 | 000,000,000 | ---D | M] (HP Detect) -- C:\Documents and Settings\Robert Weil\Application Data\Mozilla\Firefox\Profiles\1ie5u3vs.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011/04/25 17:53:07 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Robert Weil\Application Data\Mozilla\Firefox\Profiles\1ie5u3vs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/23 08:02:23 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Robert Weil\Application Data\Mozilla\Firefox\Profiles\1ie5u3vs.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/01/17 13:14:53 | 000,000,000 | ---D | M] (Aardvark) -- C:\Documents and Settings\Robert Weil\Application Data\Mozilla\Firefox\Profiles\1ie5u3vs.default\extensions\aardvark@rob.brown
[2011/04/08 19:46:01 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Application Data\Mozilla\Firefox\Profiles\1ie5u3vs.default\searchplugins\bing-zugo.xml
[2011/04/25 18:16:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/07 17:39:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/04/25 18:16:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ROBERT WEIL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1IE5U3VS.DEFAULT\EXTENSIONS\UNDOCLOSEDTABSBUTTON@SUPERNOVA00.BIZ.XPI
[2011/04/25 18:16:01 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/07 17:39:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 01:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 01:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/01 01:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/01 01:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/01 01:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2007/12/17 06:43:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program Files\Spyware Doctor\tools\iesdsg.dll (PC Tools)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe ()
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [ISUSPM Startup] File not found
O4 - HKLM..\Run: [ISUSScheduler] File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxioEngineUtility] C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe (Roxio)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe (High Criteria inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnceEx: [Register Homesite+.exe] C:\Program Files\Macromedia\HomeSite+\Homesite+.exe (Macromedia, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O4 - Startup: C:\Documents and Settings\Robert Weil\Start Menu\Programs\StartUp\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Robert Weil\Start Menu\Programs\StartUp\OpenOffice.org 3.3.lnk = File not found
O4 - Startup: C:\Documents and Settings\Robert Weil\Start Menu\Programs\StartUp\WePrint Server.lnk = C:\WePrint\WePrint Server.exe (EuroSmartz Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Namo SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263530833636 (WUWebControl Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\Hp\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet32: DllName - cryptnet32.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Robert Weil\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robert Weil\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/02 21:10:48 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 14:12:18 | 000,000,088 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008/01/22 15:55:48 | 000,000,000 | ---D | M] - I:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2007/05/18 10:37:12 | 000,000,069 | RH-- | M] () - I:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/09/08 23:39:55 | 000,000,000 | -H-D | M] - P:\autorun -- [ NTFS ]
O32 - AutoRun File - [2010/09/08 01:44:18 | 000,000,036 | -H-- | M] () - P:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{95e58044-a66d-11dc-9ab0-001302be8cfd}\Shell - "" = AutoRun
O33 - MountPoints2\{95e58044-a66d-11dc-9ab0-001302be8cfd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{95e58044-a66d-11dc-9ab0-001302be8cfd}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\wd_windows_tools\Setup.exe -- [2007/06/26 12:02:12 | 000,212,992 | ---- | M] (Western Digital Technologies, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/07 17:38:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/07 00:46:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Photomatix Pro 4.0
[2011/05/07 00:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\PhotomatixPro4
[2011/05/04 05:49:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert Weil\Local Settings\Application Data\Temp
[2011/04/27 20:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/04/27 20:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/04/27 08:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert Weil\Desktop\Bleeping
[2011/04/27 06:37:56 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\xmllite.dll
[2011/04/27 06:34:54 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Robert Weil\Desktop\xmllite.dll
[2011/04/26 20:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert Weil\Start Menu\Programs\Handbrake
[2011/04/25 18:16:18 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/25 18:16:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/25 18:16:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/25 18:16:18 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/25 17:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/04/25 17:48:24 | 012,580,112 | ---- | C] (Mozilla) -- C:\Documents and Settings\Robert Weil\Desktop\Firefox Setup 4.0.exe
[2011/04/25 07:33:00 | 000,044,544 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSXML4a.dll
[2011/04/25 07:29:04 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/04/24 19:45:42 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Robert Weil\Desktop\setup-spybotsd162.exe
[2011/04/23 08:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert Weil\Desktop\LicenseCrawler
[2011/04/14 20:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert Weil\My Documents\shaked
[2011/04/13 22:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2011/04/13 22:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Setup
[2011/04/08 19:47:15 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2011/04/08 19:47:15 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2011/04/08 19:47:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPER © - by eRightSoft
[2011/04/08 19:47:14 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2011/04/08 19:47:14 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2011/04/08 19:47:14 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2011/04/08 19:47:14 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2011/04/08 19:47:14 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2011/04/08 19:47:14 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2011/04/08 19:47:14 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2011/04/08 19:47:14 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2011/04/08 19:47:14 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2011/04/08 19:47:14 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2011/04/08 19:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\YTD Setup
[2011/04/08 19:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2008/09/03 20:02:52 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll

========== Files - Modified Within 30 Days ==========

[2011/05/07 17:33:24 | 000,002,048 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Application Data\A&I Book Creator Prefs
[2011/05/07 02:00:01 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-BOBSLAPTOP-Robert Weil.job
[2011/05/07 00:46:16 | 000,001,661 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Desktop\Photomatix Pro 4.0.2 (32-bit).lnk
[2011/05/06 22:26:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/06 21:28:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/06 19:16:35 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/05 18:44:08 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2011/05/04 05:46:37 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/04/29 06:37:52 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/04/29 06:36:16 | 008,708,856 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/29 06:32:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/29 06:31:52 | 2145,505,280 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/29 06:22:26 | 000,000,378 | ---- | M] () -- C:\WINDOWS\System32\Wacom_Tablet.dat
[2011/04/28 20:55:38 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\prismShakeIcon.job
[2011/04/27 20:58:19 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Desktop\SpywareBlaster.lnk
[2011/04/27 07:24:42 | 001,202,165 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Desktop\MTWebDesign_Layout 1.pdf
[2011/04/27 06:34:55 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System\xmllite.dll
[2011/04/27 06:34:55 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Robert Weil\Desktop\xmllite.dll
[2011/04/26 20:18:53 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Desktop\Handbrake.lnk
[2011/04/25 18:15:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/04/25 18:15:59 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/25 18:15:59 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/25 18:15:59 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/25 18:15:59 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/25 18:02:33 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Desktop\Mozilla Firefox (2).lnk
[2011/04/25 17:52:14 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/25 17:48:24 | 012,580,112 | ---- | M] (Mozilla) -- C:\Documents and Settings\Robert Weil\Desktop\Firefox Setup 4.0.exe
[2011/04/24 19:48:20 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/24 19:48:19 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Desktop\Spybot - Search & Destroy.lnk
[2011/04/24 19:46:29 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Robert Weil\Desktop\setup-spybotsd162.exe
[2011/04/24 19:42:37 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/23 22:39:42 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Desktop\dds.scr
[2011/04/23 22:26:30 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Desktop\Defogger.exe
[2011/04/23 08:52:52 | 000,145,457 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Desktop\licensecrawler.zip
[2011/04/23 08:35:30 | 001,862,837 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Desktop\bookmarks.html
[2011/04/22 17:51:37 | 001,873,239 | ---- | M] () -- C:\Documents and Settings\Robert Weil\Desktop\dixmlsetup.exe
[2011/04/21 23:11:29 | 000,000,230 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/19 07:15:00 | 000,282,868 | R--- | M] () -- C:\Documents and Settings\Robert Weil\Desktop\WEILBOB-2011Estimates.pdf
[2011/04/19 07:13:54 | 000,001,901 | ---- | M] () -- C:\WINDOWS\panose.bin
[2011/04/19 07:11:56 | 000,000,198 | ---- | M] () -- C:\WINDOWS\QTW.INI
[2011/04/12 18:34:15 | 000,002,275 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CameraBag.lnk
[2011/04/08 19:47:15 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk

========== Files Created - No Company Name ==========

[2011/05/07 00:46:16 | 000,001,661 | ---- | C] () -- C:\Documents and Settings\Robert Weil\Desktop\Photomatix Pro 4.0.2 (32-bit).lnk
[2011/05/04 05:46:36 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/04 05:46:36 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/04/29 06:31:52 | 2145,505,280 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/28 21:28:58 | 000,282,868 | R--- | C] () -- C:\Documents and Settings\Robert Weil\Desktop\WEILBOB-2011Estimates.pdf
[2011/04/28 20:55:38 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\prismShakeIcon.job
[2011/04/27 20:58:19 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Robert Weil\Desktop\SpywareBlaster.lnk
[2011/04/27 07:24:40 | 001,202,165 | ---- | C] () -- C:\Documents and Settings\Robert Weil\Desktop\MTWebDesign_Layout 1.pdf
[2011/04/25 18:02:33 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Robert Weil\Desktop\Mozilla Firefox (2).lnk
[2011/04/25 17:52:14 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/04/23 22:39:40 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Robert Weil\Desktop\dds.scr
[2011/04/23 22:26:29 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Robert Weil\Desktop\Defogger.exe
[2011/04/23 08:52:42 | 000,145,457 | ---- | C] () -- C:\Documents and Settings\Robert Weil\Desktop\licensecrawler.zip
[2011/04/23 08:35:24 | 001,862,837 | ---- | C] () -- C:\Documents and Settings\Robert Weil\Desktop\bookmarks.html
[2011/04/22 17:51:21 | 001,873,239 | ---- | C] () -- C:\Documents and Settings\Robert Weil\Desktop\dixmlsetup.exe
[2011/04/08 19:47:15 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[2011/04/08 19:47:14 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2011/04/08 19:47:14 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2011/04/08 19:47:14 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2011/04/08 19:47:14 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2011/04/08 19:47:14 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2011/04/08 19:47:14 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2011/04/08 19:47:14 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2011/04/08 19:47:14 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2011/03/26 19:11:18 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/21 21:30:31 | 000,245,840 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll
[2011/03/21 21:30:29 | 000,894,616 | ---- | C] () -- C:\WINDOWS\dbplugin.exe
[2010/12/23 07:24:46 | 000,316,928 | ---- | C] () -- C:\WINDOWS\System32\HDREfexProFC32.dll
[2010/11/22 21:53:25 | 000,297,285 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2010/11/04 20:21:39 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/06/21 21:25:12 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Jingles
[2010/06/21 21:25:12 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Robert Weil\Application Data\Internet Services
[2010/06/21 21:25:12 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
[2010/06/21 21:25:12 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sound Effects
[2010/06/21 21:25:11 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Kernel Extension
[2010/06/21 21:25:11 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Robert Weil\Application Data\Iterate Items
[2010/06/21 21:25:11 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Soundtrack
[2010/06/21 21:14:04 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2010/06/09 19:54:53 | 000,020,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\V36QQ
[2010/06/03 20:23:05 | 000,020,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Q12PL
[2010/02/20 22:29:09 | 000,000,378 | ---- | C] () -- C:\WINDOWS\System32\Wacom_Tablet.dat
[2009/11/08 18:22:23 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw54.bin
[2009/11/08 17:48:31 | 000,000,623 | R--- | C] () -- C:\WINDOWS\System32\hppapr10.dat
[2009/11/08 17:43:53 | 000,169,352 | ---- | C] () -- C:\WINDOWS\hppins10.dat
[2009/11/08 17:43:52 | 000,005,186 | ---- | C] () -- C:\WINDOWS\hppmdl10.dat
[2009/08/17 07:16:44 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\Robert Weil\Application Data\A&I Book Creator Prefs
[2009/08/01 09:02:44 | 000,123,131 | ---- | C] () -- C:\WINDOWS\HPHins12.dat
[2009/08/01 09:02:44 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat
[2009/08/01 09:02:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/01/03 21:27:30 | 000,000,023 | ---- | C] () -- C:\WINDOWS\SWFDecompiler.INI
[2008/09/03 20:02:57 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\utility3.dll
[2008/09/03 20:02:57 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2008/09/03 20:02:53 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[2008/09/03 20:02:53 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[2008/09/03 20:02:52 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2008/06/26 21:18:38 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/06/26 21:18:38 | 000,002,551 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008/05/15 21:33:14 | 000,104,553 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2008/05/15 21:33:14 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2008/03/03 22:03:02 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2007/10/27 15:58:18 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2007/10/27 15:58:18 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2007/10/27 12:44:17 | 000,026,480 | ---- | C] () -- C:\WINDOWS\System32\wrlzma.dll
[2007/10/27 12:42:28 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\islzma.dll
[2007/10/16 20:55:36 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\jesterrun.dll
[2007/10/16 20:54:27 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2007/08/13 20:24:22 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/05/10 20:36:28 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2007/05/10 20:36:28 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2007/05/10 20:36:28 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2007/05/10 20:36:28 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2007/05/10 20:36:28 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/05/10 20:36:27 | 000,471,552 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/03/10 21:00:28 | 000,001,901 | ---- | C] () -- C:\WINDOWS\panose.bin
[2007/03/10 20:58:20 | 000,000,198 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/01/17 22:49:53 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/06 08:54:18 | 000,001,414 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/12/06 08:51:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/04 18:20:12 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Robert Weil\Application Data\$_hpcst$.hpc
[2006/10/10 14:17:27 | 000,000,452 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2006/09/30 13:27:22 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2006/09/30 13:27:22 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2006/09/30 13:27:22 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2006/09/30 13:27:22 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2006/09/09 22:13:19 | 000,000,039 | ---- | C] () -- C:\WINDOWS\buZZP3lic.dll
[2006/09/08 21:00:45 | 000,000,277 | ---- | C] () -- C:\WINDOWS\ImageInc.ini
[2006/08/25 15:56:43 | 000,219,908 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2006/08/20 23:59:04 | 000,271,264 | ---- | C] () -- C:\WINDOWS\VBRUN100.DLL
[2006/08/20 17:54:26 | 000,000,086 | ---- | C] () -- C:\WINDOWS\fontmix.ini
[2006/08/20 16:02:50 | 000,000,930 | ---- | C] () -- C:\WINDOWS\fontog35.ini
[2006/08/20 07:37:13 | 008,708,856 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/19 21:08:49 | 000,000,230 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/08/19 18:17:58 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\Robert Weil\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/19 18:15:19 | 000,458,822 | ---- | C] () -- C:\WINDOWS\System32\AutoEye.dll
[2006/08/19 17:48:47 | 000,086,304 | ---- | C] () -- C:\WINDOWS\RHVIDEO.DLL
[2006/08/19 15:45:57 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\qttask.exe
[2006/08/19 15:13:18 | 000,000,278 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2006/08/19 14:56:44 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2006/08/19 14:08:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\unlite3.exe
[2006/08/19 14:07:56 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\lang_cfml.dll
[2006/08/19 14:07:56 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\xml_datagrove.dll
[2006/08/19 12:40:18 | 000,042,483 | ---- | C] () -- C:\WINDOWS\ICCCODES.DAT
[2006/08/19 12:40:18 | 000,039,095 | ---- | C] () -- C:\WINDOWS\Iccsigs.dat
[2006/08/19 12:40:18 | 000,000,156 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/08/19 12:40:10 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/08/18 17:41:27 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Robert Weil\Local Settings\Application Data\fusioncache.dat
[2006/05/17 01:12:20 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/05/17 01:10:01 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/05/17 01:10:01 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/05/17 00:53:20 | 000,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/17 00:51:37 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/05/16 22:33:16 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/05/16 22:33:16 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/05/16 22:33:16 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/05/16 22:33:16 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/05/16 22:33:16 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/05/16 22:33:16 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/05/16 22:33:15 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/05/16 22:33:15 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/05/16 22:33:15 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/27 09:54:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/03/27 09:54:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/27 09:23:14 | 000,087,268 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/03/27 09:18:52 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/27 09:15:14 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/27 09:05:02 | 000,421,586 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/03/27 09:05:02 | 000,074,240 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/03/27 08:57:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/03/27 08:54:34 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/27 16:51:36 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/12/02 11:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/24 14:32:44 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/04/27 21:22:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/04/27 21:22:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/08/04 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 14:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 14:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 14:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/13 12:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 14:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 14:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2000/12/13 21:09:58 | 000,000,385 | ---- | C] () -- C:\Program Files\file_id.diz
[2000/09/14 02:03:00 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT

========== LOP Check ==========

[2011/04/03 16:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/04/01 21:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2010/06/21 21:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/02/06 22:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Epson
[2011/03/15 21:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2006/09/17 16:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/05/15 19:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevercenter
[2011/01/06 19:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nik Software
[2010/12/24 10:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2008/03/02 21:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008/03/02 21:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2011/03/14 20:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/03/14 20:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2008/08/31 09:00:57 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\System Restore
[2011/05/07 15:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/21 21:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2007/10/29 19:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/09/04 18:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zabersoft
[2010/06/24 14:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/27 14:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/04/05 21:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{FE41BDC7-CD33-4350-8A15-26EFBE20A0FE}
[2009/08/17 07:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\A&I Book Creator
[2006/08/19 19:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Aim
[2008/01/20 16:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Amazon
[2010/04/01 21:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Avery
[2011/03/14 21:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/05/24 20:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Common Files
[2009/11/08 18:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\EPSON
[2011/05/06 23:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\fdrtools.com
[2006/11/30 22:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Filter Forge
[2010/03/14 01:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\FireShot
[2011/04/22 22:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\GetRightToGo
[2011/04/26 20:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\HandBrake
[2010/07/03 21:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\HDRsoft
[2006/10/17 19:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Keynote Systems
[2008/06/26 21:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\KIDASA
[2010/06/19 11:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Lasersoft Imaging
[2006/08/20 14:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Leadertech
[2006/10/27 14:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\muvee Technologies
[2009/07/02 06:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\NeatImage PS
[2009/02/16 08:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\NeatImage SL
[2006/08/20 16:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\NeoDownloader
[2011/04/05 21:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Netscape
[2010/10/27 18:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Nikon
[2011/03/15 09:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\OpenOffice.org
[2009/08/01 07:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Opera
[2009/08/15 12:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Picaboo
[2010/07/03 21:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Picturenaut
[2008/04/13 08:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\proDAD
[2011/04/03 16:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\SystemRequirementsLab
[2008/03/02 20:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Tiffen
[2007/01/11 09:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\Viewpoint
[2009/09/26 21:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert Weil\Application Data\WTouch
[2011/05/06 22:26:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/04/28 20:55:38 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\prismShakeIcon.job

========== Purity Check ==========



< End of report >

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:59 AM

Posted 08 May 2011 - 03:32 AM

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=ZUGO&form=ZGAPHP"
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found
O4 - HKLM..\Run: [ISUSPM Startup] File not found
O4 - HKLM..\Run: [ISUSScheduler] File not found
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Next please scan online with ESET

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#11 SoCalBob55

SoCalBob55
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 08 May 2011 - 08:12 PM

Wow, that took 11 hours to run.

Here's the results:

C:\Documents and Settings\Administrator\Desktop\SDFix.exe Win32/PrcView application deleted - quarantined
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GTUD89SN\JtreZlena[1].exeZxHb65d142fV03f01535002R97c82b54102Tfab65c18Q000002fe901806F0016000aJ12000601l0409325 probably a variant of Win32/Agent.JRYZYSH trojan deleted - quarantined
C:\Documents and Settings\Robert Weil\dwhelper\SUPERsetup.exe Win32/OpenCandy application deleted - quarantined
C:\Documents and Settings\Robert Weil\My Documents\Downloads\KeyFinderInstaller.exe Win32/OpenCandy application deleted - quarantined
C:\Program Files\YTD Setup\trafficplace-us-2-silent.exe Win32/Toolbar.Zugo application deleted - quarantined
I:\utilities\EZ-Total05a.exe a variant of Win32/Conficker.Y worm deleted - quarantined
I:\utilities\SDFix.exe Win32/PrcView application deleted - quarantined
I:\utilities\SpySweeperRegSetup45_EN.exe probably a variant of Win32/Agent.IUDXHLV trojan deleted - quarantined
I:\utilities\SpywareDoctor_to_9-07\sdsetup.exe probably a variant of Win32/Spy.Agent.LSLDWCL trojan deleted - quarantined
I:\utilities\ANTISPYWARE\SDFix.exe Win32/PrcView application deleted - quarantined
P:\Keyfinder\KeyFinderInstaller.exe Win32/OpenCandy application deleted - quarantined

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:59 AM

Posted 09 May 2011 - 07:12 AM

That looks a lot better. How is the machine running overall?
Posted Image
m0le is a proud member of UNITE

#13 SoCalBob55

SoCalBob55
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 09 May 2011 - 08:20 AM

The machine is running great now (but no better than we began our working together - I thought I was free of bad stuff even then).

BTW, I used that keyfinder on one or two other computers to log software SNs - is it a risk, or a false positive? I ended up using License Crawler on my home machines. What do you think of that vs. other registration key search tools?

SDFix.exe is a false positive as well, I believe.

Thanks for your help!

#14 SoCalBob55

SoCalBob55
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 09 May 2011 - 08:25 AM

Should I delete the quarantines so they're not found by other software? Several of these listings were "quarantined" in earlier runs (a few months back)?

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:59 AM

Posted 09 May 2011 - 01:54 PM

The machine is running great now (but no better than we began our working together - I thought I was free of bad stuff even then).

BTW, I used that keyfinder on one or two other computers to log software SNs - is it a risk, or a false positive? I ended up using License Crawler on my home machines. What do you think of that vs. other registration key search tools?

SDFix.exe is a false positive as well, I believe.

Thanks for your help!


As far as I know keyfinders are not a risk unless the source of the download was suspicious. In these cases they could be packed with malware. I don't use them but I know that the advisors here like Magical Jelly Bean.

SDFix.exe is a false positive and is actually a harmless file used to remove malicious software.

You can certainly speed up and simplify scans by clearing out your quarantine folder.


We can finish up now...

You're clean. Good stuff! :thumbup2:

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Jdk 6 Update 25 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u25-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


Let's do some clearing up

Uninstall ComboFix

We Need to Clean Up our Mess
Download and Run OTC

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it SoCalBob55, happy surfing!

Cheers.

m0le

Edited by m0le, 09 May 2011 - 01:57 PM.

Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users