Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser redirection, and ... (pt.2)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browser redirection, and ... (pt.2)

Unread postby rarewolf » June 5th, 2010, 8:07 am

1st, this is a continuation of my earlier post (same OP & subject), to which I had asked for a "3-day" extension (mentioning the weekend), to which Melboy replied "OK, post when ready". However, today I find the topic closed, never having been notified (my e-mail topic activity enabled) ... and it's my hope you'll forgive this late response and take a look at my log files. :oops:

I do have log files for all that was requested, and I am also posting a more recent HJT log because this computer has been scanned in the meantime. However, GMER did not run exactly as described. IE, it did not post any message about rootkit activity, and when run after unchecking the boxes, it refused to save anything after, in fact hung my computer, and after rebooting after a hard reset, "explorer.exe" had symptoms ... delayed start and not showing file extensions. It did run ok after unchecking "devices".

Thank you again ... :)

~~~~~~~~~~
HijackThis log
~~~~~~~~~~
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:46:38 AM, on 05/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Trend Micro\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Media Center 15] "C:\Program Files\J River\Media Center 15\Media Center 15.exe" /Boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6087.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4832163531
O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} (Pure Networks Security Scan) - http://scan.networkmagic.com/nmscan/dow ... -WD.V1.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{B04022F0-28F2-4F9A-866E-5E73300C37FF}: NameServer = 192.168.1.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Media Center 14 Service - J. River, Inc. - C:\Program Files\J River\Media Center 14\JRService.exe
O23 - Service: Media Center 15 Service - J. River, Inc. - C:\Program Files\J River\Media Center 15\JRService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - http://www.weatheroffice.gc.ca/data/sat ... vi_100.jpg

--
End of file - 8261 bytes

~~~~~~~~~~
OTL.txt
~~~~~~~~~~
OTL logfile created on: 05/06/2010 8:50:36 AM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = H:\Malware-removal
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 135.39 Gb Free Space | 45.42% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 19.91 Gb Free Space | 6.68% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 298.09 Gb Total Space | 13.50 Gb Free Space | 4.53% Space Free | Partition Type: NTFS
Drive G: | 298.05 Gb Total Space | 44.06 Gb Free Space | 14.78% Space Free | Partition Type: NTFS
Drive H: | 979.53 Mb Total Space | 176.86 Mb Free Space | 18.06% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: HTPC
Current User Name: Cass&Michael
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/05 08:34:20 | 000,571,904 | ---- | M] (OldTimer Tools) -- H:\Malware-removal\OTL.exe
PRC - [2010/06/01 12:18:28 | 003,513,280 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2010/02/09 08:34:05 | 000,126,976 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/08/05 16:09:49 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/06/09 19:32:33 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 04:57:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2005/05/03 15:17:08 | 005,208,576 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe


========== Modules (SafeList) ==========

MOD - [2010/06/05 08:34:20 | 000,571,904 | ---- | M] (OldTimer Tools) -- H:\Malware-removal\OTL.exe
MOD - [2010/03/05 14:03:36 | 000,106,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\J River\Media Center 15\Plugins\msscript.ocx
MOD - [2010/02/04 15:47:27 | 000,129,984 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WMP54Gv4SVC)
SRV - [2010/05/25 18:42:28 | 000,380,416 | ---- | M] (J. River, Inc.) [On_Demand | Stopped] -- C:\Program Files\J River\Media Center 15\JRService.exe -- (Media Center 15 Service)
SRV - [2010/03/03 18:39:01 | 000,382,464 | ---- | M] (J. River, Inc.) [On_Demand | Stopped] -- C:\Program Files\J River\Media Center 14\JRService.exe -- (Media Center 14 Service)
SRV - [2010/01/15 10:19:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/05 16:09:49 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/09 19:32:33 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/08/09 04:57:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)


========== Driver Services (SafeList) ==========

DRV - [2010/04/23 14:01:01 | 000,106,432 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/01/01 14:50:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/12/07 22:41:42 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/06/09 19:32:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/05/12 14:00:02 | 003,007,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/14 00:06:40 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/24 00:27:32 | 000,105,984 | R--- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/04/23 07:42:28 | 004,402,176 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/10/18 16:42:16 | 000,012,664 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2005/10/20 15:00:04 | 000,243,328 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)
DRV - [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/08/13 08:26:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 EA 7A 54 01 00 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 5555
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 16:21:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/27 20:19:38 | 000,000,000 | ---D | M]

[2010/03/12 19:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cass&Michael\Application Data\Mozilla\Extensions
[2010/06/04 18:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cass&Michael\Application Data\Mozilla\Firefox\Profiles\szybnhgy.default\extensions
[2010/04/27 17:17:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Cass&Michael\Application Data\Mozilla\Firefox\Profiles\szybnhgy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/12 19:00:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/11/30 21:25:03 | 000,249,881 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8710 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Media Center 15] C:\Program Files\J River\Media Center 15\Media Center 15.exe (J. River, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resour ... se6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 4832163531 (WUWebControl Class)
O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} http://scan.networkmagic.com/nmscan/dow ... -WD.V1.cab (Pure Networks Security Scan)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O24 - Desktop Components:0 () - http://www.weatheroffice.gc.ca/data/sat ... vi_100.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Cass&Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cass&Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/29 23:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/06/29 01:50:58 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 90 Days ==========

[2010/06/04 02:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\hrlkkbksn
[2010/06/04 02:39:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/30 09:29:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/29 20:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/05/29 17:50:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cass&Michael\Local Settings\Application Data\gkmrahnua
[2010/05/29 16:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2010/05/27 17:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2010/05/27 17:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/05/27 17:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/05/27 07:49:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/05/26 20:57:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Cass&Michael\Recent
[2010/05/26 06:57:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/26 06:57:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/22 11:23:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/05/22 09:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/22 09:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/22 08:54:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cass&Michael\Local Settings\Application Data\pqywtrnip
[2010/04/24 21:52:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/04/24 21:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/04/23 14:01:01 | 000,106,432 | ---- | C] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys
[2010/04/03 14:47:34 | 000,370,176 | ---- | C] (J. River, Inc.) -- C:\WINDOWS\System32\MC15.exe
[2010/03/28 12:07:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/03/19 11:01:57 | 000,089,256 | ---- | C] (Elaborate Bytes AG) -- C:\WINDOWS\System32\ElbyCDIO.dll
[2010/03/12 19:00:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cass&Michael\Local Settings\Application Data\Mozilla
[2010/03/12 19:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2004/11/24 15:55:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/05 08:45:20 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/05 08:42:38 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/05 08:42:37 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/05 08:42:25 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/06/05 08:42:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/05 08:42:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/05 08:41:58 | 2146,553,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/05 08:41:00 | 011,272,192 | -H-- | M] () -- C:\Documents and Settings\Cass&Michael\NTUSER.DAT
[2010/06/05 08:41:00 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Cass&Michael\ntuser.ini
[2010/06/05 08:39:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/05 08:13:09 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{60271383-2A97-4DF2-9F36-36FFAC1FDFF4}.job
[2010/06/04 19:25:54 | 000,100,352 | ---- | M] () -- C:\Documents and Settings\Cass&Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/02 06:55:48 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk
[2010/05/30 11:28:41 | 000,000,051 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/05/30 09:29:12 | 000,002,044 | ---- | M] () -- C:\Documents and Settings\Cass&Michael\Desktop\HiJackThis.lnk
[2010/05/29 16:44:32 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010/05/29 16:44:32 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/05/29 16:41:16 | 000,000,528 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/29 16:41:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/29 16:41:16 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/05/26 18:19:45 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Cass&Michael\Desktop\CCleaner.lnk
[2010/05/26 18:19:16 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Cass&Michael\Desktop\Spybot - Search & Destroy.lnk
[2010/05/25 18:42:22 | 000,370,176 | ---- | M] (J. River, Inc.) -- C:\WINDOWS\System32\MC15.exe
[2010/05/21 16:54:26 | 000,000,183 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/12 18:43:06 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/08 15:41:45 | 000,173,376 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/05/01 19:02:24 | 000,050,662 | ---- | M] () -- C:\WINDOWS\System32\WebEx Document Loader Port
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/25 11:12:35 | 000,017,440 | ---- | M] () -- C:\Documents and Settings\Cass&Michael\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/25 11:07:09 | 000,114,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/24 21:48:40 | 000,017,196 | ---- | M] () -- C:\Documents and Settings\Cass&Michael\My Documents\The Oradour.docx
[2010/04/23 14:01:01 | 000,106,432 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys
[2010/04/03 14:49:18 | 000,001,722 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Center 15.lnk
[2010/03/19 11:01:57 | 000,089,256 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\ElbyCDIO.dll
[2010/03/16 16:59:43 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/16 16:59:43 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/16 16:59:43 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/12 19:00:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/03/12 19:00:36 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/30 15:33:38 | 2146,553,856 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/30 11:24:41 | 000,000,051 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/05/30 09:29:12 | 000,002,044 | ---- | C] () -- C:\Documents and Settings\Cass&Michael\Desktop\HiJackThis.lnk
[2010/05/29 16:44:32 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/05/27 17:30:17 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010/05/12 18:43:06 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/24 21:48:46 | 000,017,196 | ---- | C] () -- C:\Documents and Settings\Cass&Michael\My Documents\The Oradour.docx
[2010/04/03 14:49:18 | 000,001,722 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Center 15.lnk
[2010/03/12 19:00:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/12 19:00:36 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/08/02 12:36:11 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/08/02 12:36:06 | 000,000,171 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009/08/02 12:35:27 | 000,000,739 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/02/21 11:19:01 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\realbap1.dll
[2009/02/21 11:19:01 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\realbsf1.dll
[2008/07/23 18:09:03 | 000,173,376 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/23 17:53:53 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/07/21 17:32:33 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008/06/30 21:40:45 | 000,000,183 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/30 16:27:53 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2008/06/30 16:15:25 | 000,000,076 | ---- | C] () -- C:\WINDOWS\System32\net32gdilib.dll
[2008/06/30 13:37:04 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2008/06/30 13:37:04 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008/06/30 09:31:28 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/06/30 09:31:25 | 000,001,155 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/06/30 08:42:07 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008/06/30 08:42:07 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008/06/30 08:13:47 | 000,019,479 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/06/30 08:12:52 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/06/30 08:12:48 | 000,019,036 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/06/30 08:12:40 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/11/06 20:19:36 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2004/10/12 03:10:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004/10/12 03:09:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004/10/12 03:09:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004/10/09 03:10:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004/10/05 04:46:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004/10/03 14:20:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/08/04 09:30:00 | 000,029,314 | ---- | C] () -- C:\WINDOWS\System32\aahrrk.dll
[2004/08/04 09:30:00 | 000,024,010 | ---- | C] () -- C:\WINDOWS\System32\nqumatzm.dll
[2004/08/04 09:30:00 | 000,022,972 | ---- | C] () -- C:\WINDOWS\System32\dtibpe.dll
[2004/08/04 09:30:00 | 000,017,002 | ---- | C] () -- C:\WINDOWS\System32\llbsoz.dll
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2008/06/30 16:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/12/01 19:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/10 14:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cass&Michael\Application Data\COWON
[2009/12/28 15:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cass&Michael\Application Data\DC++
[2008/06/30 16:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cass&Michael\Application Data\InterVideo
[2010/04/03 14:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cass&Michael\Application Data\J River
[2010/05/30 09:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cass&Michael\Application Data\KeePass
[2008/11/09 11:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cass&Michael\Application Data\Netscape
[2008/11/09 11:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cass&Michael\Application Data\Photodex
[2009/06/13 12:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cass&Michael\Application Data\SlySoft
[2010/06/05 08:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cass&Michael\Application Data\uTorrent
[2010/06/05 08:45:20 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/06/05 08:13:09 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{60271383-2A97-4DF2-9F36-36FFAC1FDFF4}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/06/29 23:59:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/29 16:41:16 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008/06/29 23:59:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/06/05 08:41:58 | 2146,553,856 | -HS- | M] () -- C:\hiberfil.sys
[2008/06/29 23:59:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/06/29 23:59:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 09:30:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/06/30 09:11:38 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/05 08:41:57 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2008/11/09 11:36:07 | 000,001,817 | ---- | M] () -- C:\photodex-presenter-install.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[16 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/06/29 01:55:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/06/29 01:55:34 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/06/29 01:55:34 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /180 >
[2010/04/23 14:01:01 | 000,106,432 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\system32\drivers\AnyDVD.sys
[2009/12/07 22:41:42 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntflt.sys
[2010/01/01 14:50:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 10:41:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2009/12/31 14:20:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2010/02/11 09:32:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

~~~~~~~~~~
Extras.Txt
~~~~~~~~~~
OTL Extras logfile created on: 05/06/2010 8:50:36 AM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = H:\Malware-removal
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 135.39 Gb Free Space | 45.42% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 19.91 Gb Free Space | 6.68% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 298.09 Gb Total Space | 13.50 Gb Free Space | 4.53% Space Free | Partition Type: NTFS
Drive G: | 298.05 Gb Total Space | 44.06 Gb Free Space | 14.78% Space Free | Partition Type: NTFS
Drive H: | 979.53 Mb Total Space | 176.86 Mb Free Space | 18.06% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: HTPC
Current User Name: Cass&Michael
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- ()
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime -- (Nero AG)
"C:\Program Files\J River\Media Center 12\Media Center 12.exe" = C:\Program Files\J River\Media Center 12\Media Center 12.exe:*:Enabled:Media Center -- File not found
"C:\Program Files\Accessories\AboutTime\AboutTime.exe" = C:\Program Files\Accessories\AboutTime\AboutTime.exe:*:Enabled:AboutTime cient/server -- ()
"C:\Program Files\J River\Media Center 13\Media Center 13.exe" = C:\Program Files\J River\Media Center 13\Media Center 13.exe:*:Enabled:Media Center -- File not found
"C:\Documents and Settings\Cass&Michael\Local Settings\Temp\hp_webrelease\setup\HPZnet01.exe" = C:\Documents and Settings\Cass&Michael\Local Settings\Temp\hp_webrelease\setup\HPZnet01.exe:*:Enabled:HP Installer Network Plug in -- (Hewlett-Packard)
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"C:\Documents and Settings\Cass&Michael\Local Settings\Temp\Nero Web\SetupXu.exe" = C:\Documents and Settings\Cass&Michael\Local Settings\Temp\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Program Files\PFPortChecker\PFPortChecker.exe" = C:\Program Files\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded. -- (portforward.com)
"C:\Program Files\J River\Media Center 14\Media Center 14.exe" = C:\Program Files\J River\Media Center 14\Media Center 14.exe:*:Enabled:Media Center -- (J. River, Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\J River\Media Center 15\Media Center 15.exe" = C:\Program Files\J River\Media Center 15\Media Center 15.exe:*:Enabled:Media Center -- (J. River, Inc.)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B399A41-C1D0-40A2-9E4F-095868EFAF01}" = InterVideo WinDVD 5
"{1E5EEBB6-945D-41c3-AF41-A44C4FE15EE0}" = productcontext
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3B65360C-347C-4D6E-961D-E36F1A103AF9}" = B9100_Help
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47768394-9B60-4E58-B152-B524A1AF6BE2}" = HP ProPrint
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6878D8B8-5795-4472-BAF5-257F950F149F}" = hph_software
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{8838A511-FC90-4E77-AB04-73EEFBB9AEFB}" = hph_readme
"{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B11048A-7CA8-4CB9-97C8-DFE83C32F566}" = AddCustomPaper
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C312984C-E386-4C2D-B33E-7B54355FB16E}" = AI Direct Link
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{DEF22534-3AF3-43ed-86CB-D915165C3957}" = 9100
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F34482ED-C751-48ce-81EB-74FD95BE66CC}" = HP Photosmart B9100 series
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}" = Nero 7 Ultra Edition
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"7-Zip" = 7-Zip 4.42
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyDVD" = AnyDVD
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"DC++" = DC++ 0.698
"DivX Codec" = DivX Codec
"EncSpot Professional_is1" = EncSpot Professional 2.2
"Google Updater" = Google Updater
"HaaliMkx" = Haali Media Splitter
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InterActual Player" = InterActual Player
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.09
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Media Center 14" = Media Center 14
"Media Center 15" = Media Center 15
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Ogg Codecs" = Ogg Codecs 0.81.15562
"PFPortChecker" = PFPortChecker 1.0.31
"Photodex Presenter" = Photodex Presenter
"PINs 4" = PINs 4
"Pocket Player" = Pocket Player
"PrimoPDF3.1" = PrimoPDF
"QuicktimeAlt_is1" = QuickTime Alternative 2.7.0
"SMPlayer" = SMPlayer 0.6.7
"Spb Mobile Shell" = Spb Mobile Shell
"Spb Time" = Spb Time
"Voice Notes Recorder" = Voice Notes Recorder for Pocket PC 2003
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMerge_is1" = WinMerge 2.12.4
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/06/2010 12:47:59 AM | Computer Name = HTPC | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
with error: This network connection does not exist.

Error - 02/06/2010 12:48:08 AM | Computer Name = HTPC | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
with error: This network connection does not exist.

Error - 02/06/2010 12:48:08 AM | Computer Name = HTPC | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
with error: This network connection does not exist.

Error - 02/06/2010 12:48:31 AM | Computer Name = HTPC | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
with error: This network connection does not exist.

Error - 02/06/2010 12:48:31 AM | Computer Name = HTPC | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
with error: This network connection does not exist.

Error - 02/06/2010 12:50:25 AM | Computer Name = HTPC | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
with error: This network connection does not exist.

Error - 02/06/2010 12:50:25 AM | Computer Name = HTPC | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
with error: This network connection does not exist.

Error - 02/06/2010 5:24:45 PM | Computer Name = HTPC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 02/06/2010 9:24:52 PM | Computer Name = HTPC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 03/06/2010 1:25:02 AM | Computer Name = HTPC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

[ System Events ]
Error - 01/06/2010 1:33:35 AM | Computer Name = HTPC | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 03/06/2010 1:33:28 AM | Computer Name = HTPC | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 05/06/2010 1:33:29 AM | Computer Name = HTPC | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 05/06/2010 7:12:18 AM | Computer Name = HTPC | Source = Service Control Manager | ID = 7000
Description = The aslm75 service failed to start due to the following error: %%2

Error - 05/06/2010 7:12:27 AM | Computer Name = HTPC | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 05/06/2010 7:12:27 AM | Computer Name = HTPC | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 05/06/2010 7:12:31 AM | Computer Name = HTPC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 05/06/2010 7:12:31 AM | Computer Name = HTPC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 05/06/2010 7:20:43 AM | Computer Name = HTPC | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 05/06/2010 7:20:43 AM | Computer Name = HTPC | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >

~~~~~~~~~
ckfiles.txt
~~~~~~~~~
CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\cass&michael\my documents\my downloads\installs\coreavc professional edition 1.9.5\keygen.exe
c:\documents and settings\cass&michael\my documents\my downloads\installs\photodex\crack\readme.txt
c:\documents and settings\cass&michael\my documents\my downloads\installs\photodex\photodex proshow gold 4.0.2542\keygen.rar
c:\documents and settings\cass&michael\my documents\my downloads\xperia\tomtom7usa_and_canada_720.1803\tomtom7usa_and_canada_720.1803\tt7-stuff\tt7_keygen.exe
c:\tt7-stuff\tt7_keygen.exe
scanner sequence 3.BC.11
----- EOF -----

~~~~~~~~~
GMER.log
~~~~~~~~~
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-05 09:12:54
Windows 5.1.2600 Service Pack 3
Running: q81wrlri.exe; Driver: C:\DOCUME~1\CASS&M~1\LOCALS~1\Temp\pxtdipob.sys


---- System - GMER 1.0.15 ----

SSDT 9F8FF4B6 ZwCreateKey
SSDT 9F8FF4AC ZwCreateThread
SSDT 9F8FF4BB ZwDeleteKey
SSDT 9F8FF4C5 ZwDeleteValueKey
SSDT 9F8FF4CA ZwLoadKey
SSDT 9F8FF498 ZwOpenProcess
SSDT 9F8FF49D ZwOpenThread
SSDT 9F8FF4D4 ZwReplaceKey
SSDT 9F8FF4CF ZwRestoreKey
SSDT 9F8FF4C0 ZwSetValueKey
SSDT 9F8FF4A7 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\compbatt.sys entry point in ".rsrc" section [0xBA4BE214]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB90ED000, 0x18FFBC, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C
.text C:\WINDOWS\System32\svchost.exe[944] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00F1000A
.text C:\WINDOWS\system32\wuauclt.exe[1968] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A
.text C:\WINDOWS\system32\wuauclt.exe[1968] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A
.text C:\WINDOWS\system32\wuauclt.exe[1968] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[2372] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\compbatt.sys suspicious modification

---- EOF - GMER 1.0.15 ----
rarewolf
Active Member
 
Posts: 12
Joined: May 30th, 2010, 7:14 am
Advertisement
Register to Remove

Re: Browser redirection, and ... (pt.2)

Unread postby MWR 3 day Mod » June 9th, 2010, 2:42 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Browser redirection, and ... (pt.2)

Unread postby xixo_12 » June 9th, 2010, 8:47 am

Hello and Welcome to Anti-Malware Forums.Image
Introduction and rules :
  • I'm xixo_12 and really glad to help you.
  • You're advised to refrain running any self fixes until I give the "All Clean Speech"
  • Instruction in this topic is special create for current problem and don't apply those on another system.
  • You're advised to ask for any uncertainty.
  • If you are receiving help or have received help on this problem elsewhere, please let us know.

Please make sure you have done your reading on this topic : How to get help at this forum
Please! If you need more time to do all the instructions, let me know before 72hours is done. Otherwise, your thread will be closed

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Now, we will start the collaboration.
Do keep in mind, removing malware is one of hazardous undertaking. I'm ready to share what I have learn through years in removing malware but I'm also fallible.
You're advised to back up all the important data before we start.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

First,
Discussion
  • Crack/Keygen detected!
    c:\documents and settings\cass&michael\my documents\my downloads\installs\coreavc professional edition 1.9.5\keygen.exe
    c:\documents and settings\cass&michael\my documents\my downloads\installs\photodex\crack\readme.txt
    c:\documents and settings\cass&michael\my documents\my downloads\installs\photodex\photodex proshow gold 4.0.2542\keygen.rar
    c:\documents and settings\cass&michael\my documents\my downloads\xperia\tomtom7usa_and_canada_720.1803\tomtom7usa_and_canada_720.1803\tt7-stuff\tt7_keygen.exe
    c:\tt7-stuff\tt7_keygen.exe
  • Another thing is about uTorrent!
  • Please remove both of them or stop here and please tell me to close this topic.

Next,
Msconfig.
  • Click on Start > run.
  • Type msconfig > Hit on enter.
  • Windows will popup.
  • Click on General tab > Normal Startup > OK > Restart.

Next.
RSIT by random/random.
Please download from HERE and save to the desktop.
  • Double-click on RSIT.exe to run the tool.
  • Click Continue at the disclaimer screen.
  • Once it finishes, two logs will open.
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Please post the contents of both logs in your next post.
***You can find manually the log at C:\rsit

What you need to post
Checklist.
  • Respond to our discussion.
  • Content of log.txt and info.txt (Find both in c:\rsit)
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Browser redirection, and ... (pt.2)

Unread postby rarewolf » June 10th, 2010, 4:48 pm

hello xixo_12 :)

Keygens and utorrent are removed ...

msconfig configured for normal operation and computer rebooted

RSIT output as follows:

~~~~~~~~~
info.txt
~~~~~~~~~
info.txt logfile of random's system information tool 1.06 2010-06-10 18:03:29

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
AI Direct Link-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C312984C-E386-4C2D-B33E-7B54355FB16E}\Setup.exe" -l0x9
AI Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\Setup.exe" -l0x9
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
APC PowerChute Personal Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A}\Setup.exe" -l0x9
ASUSUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Combined Community Codec Pack 2009-09-09-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CoreAVC Professional Edition (remove only)-->"C:\Program Files\CoreCodec\CoreAVC Professional Edition\CoreAVC Professional Edition-uninstall.exe"
Creative DVD Audio Plugin for Audigy Series-->"C:\Program Files\Creative\CTDPlugin\CTUIDVD.exe " -u
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DC++ 0.698-->"C:\Program Files\DC++\uninstall.exe"
DivX Codec-->C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Codec\uninstal.log
EncSpot Professional 2.2-->"C:\Program Files\GuerillaSoft\EncSpot\unins000.exe"
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Haali Media Splitter-->"C:\Program Files\CoreCodec\Haali\MatroskaSplitter\uninstall.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
HP Imaging Device Functions 6.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart B9100 series-->C:\Program Files\HP\Digital Imaging\{F34482ED-C751-48ce-81EB-74FD95BE66CC}\setup\hpzscr01.exe -datfile hphscr09.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP ProPrint-->MsiExec.exe /I{47768394-9B60-4E58-B152-B524A1AF6BE2}
HP Solution Center and Imaging Support Tools 6.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{818ABC3C-635C-4651-8183-D0E9640B7DD1}
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD 5-->"C:\Program Files\InstallShield Installation Information\{1B399A41-C1D0-40A2-9E4F-095868EFAF01}\setup.exe" REMOVEALL
KeePass Password Safe 2.09-->"C:\Program Files\KeePass Password Safe 2\unins000.exe"
Linksys Wireless-G PCI Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}\setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Security Scan Plus-->"C:\Program Files\McAfee Security Scan\uninstall.exe"
Media Center 14-->C:\Program Files\J River\Media Center 14\JRMediaUninstall.exe
Media Center 15-->C:\Program Files\J River\Media Center 15\JRMediaUninstall.exe
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 7 Ultra Edition-->MsiExec.exe /X{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Network Magic-->"C:\Documents and Settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe" /uninstall
Ogg Codecs 0.81.15562-->C:\Program Files\Xiph.Org\Ogg Codecs\uninst.exe
PC Probe II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
PFPortChecker 1.0.31-->C:\Program Files\PFPortChecker\uninst.exe
Photodex Presenter-->C:\Program Files\Photodex Presenter\uninst.exe
PINs 4-->"C:\Program Files\PINs\uninstall.exe"
Pocket Player-->C:\Program Files\Microsoft ActiveSync\Pocket Player\Uninstall.exe Pocket Player
PrimoPDF Redistribution Package-->MsiExec.exe /I{885744A4-1A01-44B0-858A-0AE6738CBCF7}
PrimoPDF-->"C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
QuickTime Alternative 2.7.0-->"C:\Program Files\QuickTime Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
SMPlayer 0.6.7-->C:\Program Files\SMPlayer\uninst.exe
Spb Mobile Shell-->C:\Program Files\Microsoft ActiveSync\Spb Mobile Shell\Uninstall.exe Spb Mobile Shell
Spb Time-->C:\Program Files\Microsoft ActiveSync\Spb Time\Uninstall.exe Spb Time
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Voice Notes Recorder for Pocket PC 2003-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Alexander Zavorine\Voice Notes Recorder for Pocket PC 2003\Uninst.isu"
WebEx Support Manager for Internet Explorer-->MsiExec.exe /I{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Mobile® Device Handbook-->C:\Program Files\Windows Mobile Device Handbook\Windows Mobile Device Handbook\Bin\DHUninstall.exe
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinMerge 2.12.4-->"C:\Program Files\WinMerge\unins000.exe"
XP Codec Pack-->C:\Program Files\XP Codec Pack\Uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: HTPC
Event Code: 51
Message: An error was detected on device \Device\Harddisk4\D during a paging operation.

Record Number: 69986
Source Name: Disk
Time Written: 20100519200619.000000-150
Event Type: warning
User:

Computer Name: HTPC
Event Code: 51
Message: An error was detected on device \Device\Harddisk4\D during a paging operation.

Record Number: 69985
Source Name: Disk
Time Written: 20100519200600.000000-150
Event Type: warning
User:

Computer Name: HTPC
Event Code: 51
Message: An error was detected on device \Device\Harddisk4\D during a paging operation.

Record Number: 69984
Source Name: Disk
Time Written: 20100519200416.000000-150
Event Type: warning
User:

Computer Name: HTPC
Event Code: 51
Message: An error was detected on device \Device\Harddisk4\D during a paging operation.

Record Number: 69983
Source Name: Disk
Time Written: 20100519200218.000000-150
Event Type: warning
User:

Computer Name: HTPC
Event Code: 51
Message: An error was detected on device \Device\Harddisk4\D during a paging operation.

Record Number: 69982
Source Name: Disk
Time Written: 20100519200139.000000-150
Event Type: warning
User:

=====Application event log=====

Computer Name: HTPC
Event Code: 1000
Message: Faulting application media center 14.exe, version 14.0.130.0, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Record Number: 7841
Source Name: Application Error
Time Written: 20100124144530.000000-210
Event Type: error
User:

Computer Name: HTPC
Event Code: 1001
Message: Fault bucket 1675672468.

Record Number: 7840
Source Name: Application Error
Time Written: 20100124112735.000000-210
Event Type: error
User:

Computer Name: HTPC
Event Code: 1000
Message: Faulting application media center 14.exe, version 14.0.130.0, faulting module media center 14.exe, version 14.0.130.0, fault address 0x00184973.

Record Number: 7839
Source Name: Application Error
Time Written: 20100124112720.000000-210
Event Type: error
User:

Computer Name: HTPC
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 7734
Source Name: crypt32
Time Written: 20100116141813.000000-210
Event Type: error
User:

Computer Name: HTPC
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved


Record Number: 7733
Source Name: crypt32
Time Written: 20100116141812.000000-210
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0b
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------

~~~~~~~
log.txt
~~~~~~~
Logfile of random's system information tool 1.07 (written by random/random)
Run by Cass&Michael at 2010-06-10 18:02:50
Microsoft Windows XP Professional Service Pack 3
System drive C: has 266 GB (87%) free of 305 GB
Total RAM: 2047 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:02:58 PM, on 10/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\ASUS\AI Direct Link\AsShare.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\J River\Media Center 15\Media Center 15.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\J River\Media Center 15\JRService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Cass&Michael\Desktop\RSIT\RSIT.exe
C:\Program Files\trend micro\Cass&Michael.exe
C:\WINDOWS\system32\HPZinw12.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Launch Direct Link] "C:\Program Files\ASUS\AI Direct Link\AsShare.exe"
O4 - HKLM\..\Run: [Launch As Cmd Runner] "C:\Program Files\ASUS\AI Direct Link\AsCmd.exe" -reg
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Media Center 15] "C:\Program Files\J River\Media Center 15\Media Center 15.exe" /Boot
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6087.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4832163531
O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} (Pure Networks Security Scan) - http://scan.networkmagic.com/nmscan/dow ... -WD.V1.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{B04022F0-28F2-4F9A-866E-5E73300C37FF}: NameServer = 192.168.1.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Media Center 14 Service - J. River, Inc. - C:\Program Files\J River\Media Center 14\JRService.exe
O23 - Service: Media Center 15 Service - J. River, Inc. - C:\Program Files\J River\Media Center 15\JRService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - http://www.weatheroffice.gc.ca/data/sat ... vi_100.jpg

--
End of file - 11295 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{60271383-2A97-4DF2-9F36-36FFAC1FDFF4}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-06 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-09 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-06 279664]
Locked

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Google Quick Search Box"=C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2010-02-09 126976]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2009-07-07 647216]
"nmapp"=C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2009-07-08 472112]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-05-28 570664]
"Launch Direct Link"=C:\Program Files\ASUS\AI Direct Link\AsShare.exe [2007-08-20 1209856]
"Launch As Cmd Runner"=C:\Program Files\ASUS\AI Direct Link\AsCmd.exe [2007-04-11 376832]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
"CPU Power Monitor"=C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe [2007-10-16 626176]
"Cpu Level Up help"=C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe [2007-09-11 880640]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Ai Nap"=C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe [2007-09-06 1426432]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [2010-06-01 3513280]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"Media Center 15"=C:\Program Files\J River\Media Center 15\Media Center 15.exe [2010-05-25 11192320]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-08-06 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2008-01-22 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfidndsa]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lixodvdf]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-05-12 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime"
"C:\Program Files\J River\Media Center 12\Media Center 12.exe"="C:\Program Files\J River\Media Center 12\Media Center 12.exe:*:Enabled:Media Center"
"C:\Program Files\Accessories\AboutTime\AboutTime.exe"="C:\Program Files\Accessories\AboutTime\AboutTime.exe:*:Enabled:AboutTime cient/server"
"C:\Program Files\J River\Media Center 13\Media Center 13.exe"="C:\Program Files\J River\Media Center 13\Media Center 13.exe:*:Enabled:Media Center"
"C:\Documents and Settings\Cass&Michael\Local Settings\Temp\hp_webrelease\setup\HPZnet01.exe"="C:\Documents and Settings\Cass&Michael\Local Settings\Temp\hp_webrelease\setup\HPZnet01.exe:*:Enabled:HP Installer Network Plug in"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:HP Network Device Rediscovery Service"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:Spooler SubSystem App"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Documents and Settings\Cass&Michael\Local Settings\Temp\Nero Web\SetupXu.exe"="C:\Documents and Settings\Cass&Michael\Local Settings\Temp\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\PFPortChecker\PFPortChecker.exe"="C:\Program Files\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded."
"C:\Program Files\J River\Media Center 14\Media Center 14.exe"="C:\Program Files\J River\Media Center 14\Media Center 14.exe:*:Enabled:Media Center"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\J River\Media Center 15\Media Center 15.exe"="C:\Program Files\J River\Media Center 15\Media Center 15.exe:*:Enabled:Media Center"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======List of files/folders created in the last 2 months======

2010-06-10 18:02:50 ----D---- C:\rsit
2010-06-10 17:56:30 ----D---- C:\WINDOWS\system32\Lang
2010-05-30 11:24:41 ----A---- C:\WINDOWS\wininit.ini
2010-05-30 09:29:12 ----D---- C:\Program Files\Trend Micro
2010-05-27 17:30:20 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
2010-05-27 17:30:20 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2010-05-27 17:30:16 ----D---- C:\Program Files\McAfee Security Scan
2010-05-26 21:56:40 ----A---- C:\WINDOWS\ntbtlog.txt
2010-05-22 11:23:49 ----D---- C:\Program Files\Windows Live Safety Center
2010-05-12 18:44:08 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-04-24 21:52:52 ----D---- C:\Program Files\Microsoft Office
2010-04-24 21:52:30 ----D---- C:\Program Files\MSECache
2010-04-14 06:54:07 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 06:54:02 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 06:52:52 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 06:52:47 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 06:52:43 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 06:52:32 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$

======List of files/folders modified in the last 2 months======

2010-06-10 18:02:54 ----D---- C:\WINDOWS\Temp
2010-06-10 18:02:12 ----SHD---- C:\WINDOWS\Installer
2010-06-10 18:02:12 ----HD---- C:\Config.Msi
2010-06-10 17:58:46 ----SD---- C:\WINDOWS\Tasks
2010-06-10 17:56:55 ----D---- C:\WINDOWS\Prefetch
2010-06-10 17:56:30 ----D---- C:\WINDOWS\system32
2010-06-10 17:56:14 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-10 17:54:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-10 17:54:16 ----D---- C:\WINDOWS\pss
2010-06-10 17:54:15 ----SH---- C:\boot.ini
2010-06-10 17:54:15 ----A---- C:\WINDOWS\win.ini
2010-06-10 17:54:15 ----A---- C:\WINDOWS\system.ini
2010-06-10 17:51:29 ----RD---- C:\Program Files
2010-06-10 17:46:11 ----D---- C:\Documents and Settings\Cass&Michael\Application Data\KeePass
2010-06-10 05:01:13 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2010-06-06 13:54:41 ----HD---- C:\WINDOWS\inf
2010-06-06 10:45:20 ----D---- C:\Program Files\DC++
2010-05-30 15:34:09 ----AD---- C:\WINDOWS
2010-05-30 14:18:06 ----D---- C:\WINDOWS\system32\drivers
2010-05-30 14:18:06 ----D---- C:\WINDOWS\Media
2010-05-30 09:29:12 ----SD---- C:\Documents and Settings\Cass&Michael\Application Data\Microsoft
2010-05-27 20:30:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-27 20:24:24 ----D---- C:\WINDOWS\network diagnostic
2010-05-26 21:48:21 ----SHD---- C:\System Volume Information
2010-05-26 20:57:07 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-26 20:57:03 ----D---- C:\WINDOWS\Debug
2010-05-26 19:02:29 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-05-26 18:19:37 ----D---- C:\Program Files\CCleaner
2010-05-25 18:42:22 ----N---- C:\WINDOWS\system32\MC15.exe
2010-05-22 11:23:51 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-05-22 11:17:25 ----D---- C:\WINDOWS\system
2010-05-22 09:13:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-21 16:54:26 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-12 18:44:10 ----D---- C:\Program Files\Outlook Express
2010-05-12 18:42:51 ----D---- C:\Program Files\Google
2010-05-12 11:21:16 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-05-11 21:12:55 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-08 15:41:45 ----A---- C:\WINDOWS\cdplayer.ini
2010-04-30 16:21:06 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-24 21:57:51 ----D---- C:\WINDOWS\WinSxS
2010-04-24 21:57:50 ----RSD---- C:\WINDOWS\Fonts
2010-04-24 21:57:46 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-04-14 06:52:39 ----D---- C:\WINDOWS\ie8updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-18 12664]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2010-01-01 26024]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.0.1; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-06-30 19915]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2009-07-07 25392]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2009-07-07 26672]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2010-04-23 106432]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-05-12 3007488]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\WINDOWS\system32\drivers\IntcHdmi.sys [2007-07-24 105984]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 RT2500;Linksys Wireless-G PCI Adapter Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2005-10-20 243328]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS []
S3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-14 20352]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
R2 APC UPS Service;APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [2005-12-12 176193]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-05-12 540672]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2009-07-07 647216]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 Media Center 15 Service;Media Center 15 Service; C:\Program Files\J River\Media Center 15\JRService.exe [2010-05-25 380416]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-05-12 593920]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-26 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-21 183280]
S2 WMP54Gv4SVC;WMP54Gv4SVC; C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe [2004-02-06 41025]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 Media Center 14 Service;Media Center 14 Service; C:\Program Files\J River\Media Center 14\JRService.exe [2010-03-03 382464]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
rarewolf
Active Member
 
Posts: 12
Joined: May 30th, 2010, 7:14 am

Re: Browser redirection, and ... (pt.2)

Unread postby xixo_12 » June 11th, 2010, 11:59 am

Hi,
Let's proceed.

First,
Remove programs.
Please Click on Start > Control Panel > Add/Remove Programs
Remove the listed program(s) by clicking Remove
Spybot - Search & Destroy

If some programs listed above are not in present, please do not panic and proceed to the next step.

Next,
Fix entries.
  • Run the HiJack This.
  • Click on Do a system scan only button.
  • Search the entries as below and tick at the small box.
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    O24 - Desktop Component 0: (no name) - http://www.weatheroffice.gc.ca/data/sat ... vi_100.jpg
  • Close any other program and leave HiJackThis program alone.
  • Click Fix checked.

Next,
OTM by Old Timer.
Please download from HERE and save to the desktop.
  • Double-click on OTM.exe.
  • Copy the lines in the codebox below.
    :processes
    :reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\uTorrent\uTorrent.exe"=-
    :files
    C:\Program Files\uTorrent
    :commands
    [resethosts]
    [emptytemp]
    [start explorer]
    [reboot]
  • Return to OTM, right click in the Paste Instructions for Items to be Moved window (under the yellow bar, Code box into OTMoveIt3 (1).) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTM.

Note:
  • If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
  • If you are asked to reboot the machine choose Yes.
  • In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next,
SystemLook by jpshortstuff.
Please download from one of the links below and save it to the Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    compbatt
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

What you need to post
Checklist.
  • Content of OTM log
  • Content of SystemLook.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Browser redirection, and ... (pt.2)

Unread postby rarewolf » June 11th, 2010, 4:10 pm

Spybot - S&D uninstalled ...

HJT ... items found, checked and fixed ...

OTM ran, and files moved with reboot being necessary (see log below) ...

Systemlook ran (see txt below)

~~~~~~~~~~~~~~~~~~
OTM-results_06112010_172136.log
~~~~~~~~~~~~~~~~~~
All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\uTorrent\uTorrent.exe deleted successfully.
========== FILES ==========
File/Folder C:\Program Files\uTorrent not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Cass&Michael
->Temp folder emptied: 137082365 bytes
->Temporary Internet Files folder emptied: 12989079 bytes
->FireFox cache emptied: 69590402 bytes
->Flash cache emptied: 5004 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 15308910 bytes
->Flash cache emptied: 3283 bytes

User: Michael&Cass

User: NetworkService
->Temp folder emptied: 1173192 bytes
->Temporary Internet Files folder emptied: 1998500 bytes
->Flash cache emptied: 2346 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162307 bytes
%systemroot%\System32 .tmp files removed: 9083017 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19319051 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 7821118946 bytes

Total Files Cleaned = 7,715.00 mb


OTM by OldTimer - Version 3.1.12.2 log created on 06112010_172136

Files moved on Reboot...

Registry entries deleted on Reboot...

~~~~~~~~~~~~~~
Systemlook.txt
~~~~~~~~~~~~~~
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 17:28 on 11/06/2010 by Cass&Michael (Administrator - Elevation successful)

========== filefind ==========

Searching for "compbatt"
No files found.

-=End Of File=-
rarewolf
Active Member
 
Posts: 12
Joined: May 30th, 2010, 7:14 am

Re: Browser redirection, and ... (pt.2)

Unread postby xixo_12 » June 11th, 2010, 8:02 pm

Hi,
Let's proceed.
We will try again on SystemLook

First,
SystemLook by jpshortstuff.
Please use this code
Code: Select all
:filefind
*compbatt*


What you need to post
Checklist.
  • Content of SystemLook.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Browser redirection, and ... (pt.2)

Unread postby rarewolf » June 12th, 2010, 7:03 am

here ya go ...

~~~~~~~~~~~~
systemlook.txt
~~~~~~~~~~~~
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 08:23 on 12/06/2010 by Cass&Michael (Administrator - Elevation successful)

========== filefind ==========

Searching for "*compbatt*"
C:\WINDOWS\ServicePackFiles\i386\compbatt.sys ------ 10240 bytes [11:43 30/06/2008] [02:36 14/04/2008] 6E4C9F21F0FAE8940661144F41B13203
C:\WINDOWS\system32\dllcache\compbatt.sys --a--c 10240 bytes [15:46 30/06/2008] [02:36 14/04/2008] 6E4C9F21F0FAE8940661144F41B13203
C:\WINDOWS\system32\drivers\compbatt.sys --a--- 10240 bytes [15:46 30/06/2008] [02:36 14/04/2008] 6E4C9F21F0FAE8940661144F41B13203

-=End Of File=-
rarewolf
Active Member
 
Posts: 12
Joined: May 30th, 2010, 7:14 am

Re: Browser redirection, and ... (pt.2)

Unread postby xixo_12 » June 12th, 2010, 7:41 am

Hi,
Let's combat :D

First,
Copy Files.
  • Open Notepad.exe
  • Copy and paste below code into the notepad.
    Code: Select all
    COPY /Y C:\WINDOWS\system32\dllcache\compbatt.sys c:\compbatt.sys
    DEL %0
  • Click on File > Save As
    Save in : Desktop
    File name : xixo.bat
    Save as type : All Files
  • It will look like this :
    Image
  • Double click on xixo.bat and the batch file will perform the task and auto delete itself.

Next,
Avenger2 by Swandog46
Please download from HERE, save to the desktop and unzip it.
Note: This programme must be run from an account with Administrator priviledges.
  • Open the Avenger folder and double click Avenger.exe to launch the programme.
  • Copy the text in the code box below and Paste it into the Input script here: box.
Code: Select all
Files to move:
c:\compbatt.sys | C:\WINDOWS\system32\drivers\compbatt.sys


Note: the above code was created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

  • Ensure the following:
    • Scan for Rootkits is checked.
    • Automatically disable any rootkits found is Unchecked.
  • Press the Execute key.
  • Avenger will now process the script you've pasted (this may involve more than one re-boot), when finished it will produce a log file.
  • Post the log back here please. (it can also be found at C:\avenger.txt)

What you need to post
Checklist.
  • Content of avenger.txt
  • How is your system? Still redirect?
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Browser redirection, and ... (pt.2)

Unread postby rarewolf » June 12th, 2010, 11:31 am

'bat' file ran ... and the avenger.txt log is below.

Regarding whether Firefox will still redirect, I'll give it a couple of days and let you know, but it does look good so far ...

Also ... my AV has found the 'combatt.sys' file located in the 'avenger' directory. I chose to "disallow access" ... what should I do with it? ... delete the entire directory?

~~~~~~~~~~
avenger.txt
~~~~~~~~~~
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "c:\compbatt.sys|C:\WINDOWS\system32\drivers\compbatt.sys" completed successfully.

Completed script processing.

*******************

Finished! Terminate.
rarewolf
Active Member
 
Posts: 12
Joined: May 30th, 2010, 7:14 am

Re: Browser redirection, and ... (pt.2)

Unread postby xixo_12 » June 12th, 2010, 12:11 pm

Hi,

Ignore about it for a while. No worries :). I will take care of it soon.
It's normal to have such warning in that backup.

First,
Remove programs.
Please Click on Start > Control Panel > Add/Remove Programs
Remove the listed program(s) by clicking Remove
Adobe Reader 7.1.0

If some programs listed above are not in present, please do not panic and proceed to the next step.

Next,
Update Adobe Reader.
You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.3 are vulnerable.
  • Go HERE, UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader.
  • After it completes the Installation, close the Download Manager.


Next,
CCleaner - Clear temp.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the Windows tab, under Internet Explorer, uncheck Cookies if you do not want them deleted.
    (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.
  • Click on the Options icon at the left side of the window, then click on Advanced. Untick Only delete files in Windows Temp folders older than 48 hours.
  • Click on the Cleaner icon on the left side of the window, then click Run Cleaner to run the program.
Caution: It is not recommended that you use the Issues feature unless you are very familiar with the registry as it has been known to find legitimate items.
After CCleaner has completed its process, click Exit.

Next,
ESET Online Scanner
Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

What you need to post
Checklist.
  • Content of log.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Browser redirection, and ... (pt.2)

Unread postby rarewolf » June 12th, 2010, 4:32 pm

Acrobat 7 replaced with up-to-date ...

CCleaner ran ...

If you weren't going to run the ESET scanner, I was ... :)

Edit: I should have also mentioned (relative to your query regarding re-direction) that google searches are no longer being hi-jacked, but I am still getting websites opening up their own Firefox tabs ...
~~~~~~~~~~~~
ESET scan log
~~~~~~~~~~~~
C:\Avenger\compbatt.sys Win32/Olmarik.ZC trojan
C:\Documents and Settings\Cass&Michael\My Documents\My Downloads\installs\DVD2SVCD\D2S122B3.exe Win32/PrcView application
C:\Documents and Settings\Cass&Michael\My Documents\My Downloads\installs\DVD2SVCD\D2S122B3.zip Win32/PrcView application
C:\Documents and Settings\Cass&Michael\My Documents\My Downloads\installs\FreeCommander\fc_setup_.zip a variant of Win32/Adware.ADON application
C:\Documents and Settings\Cass&Michael\My Documents\My Downloads\installs\FreeCommander\fc_setup_\fc_setup.exe a variant of Win32/Adware.ADON application
C:\Documents and Settings\Cass&Michael\My Documents\My Downloads\installs\Nero7\Nero-7.10.1.0_eng_update_wch.exe Win32/Toolbar.AskSBar application
C:\Documents and Settings\Cass&Michael\My Documents\My Downloads\installs\Nero7\Nero-7.11.6.0_all_update.exe Win32/Toolbar.AskSBar application
C:\Documents and Settings\Cass&Michael\My Documents\My Downloads\installs\Office 2007\Office 2007.iso probably a variant of Win32/Agent trojan
C:\Documents and Settings\Cass&Michael\My Documents\My Downloads\installs\UnLocker\unlocker1.8.6.exe a variant of Win32/Adware.ADON application
rarewolf
Active Member
 
Posts: 12
Joined: May 30th, 2010, 7:14 am

Re: Browser redirection, and ... (pt.2)

Unread postby xixo_12 » June 12th, 2010, 6:54 pm

Hi,

I think there is still a cracked/non-genuine program in your system.
Please remove all installer and the program related via add/remove program.

ESET detection tell roughly how your system infected via cracked/non-genuine program.

Fail to do that, I have no other option to close this topic.
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Browser redirection, and ... (pt.2)

Unread postby rarewolf » June 13th, 2010, 7:40 am

I think there is still a cracked/non-genuine program in your system.
Please remove all installer and the program related via add/remove program.

Hello xixo ...

Do you mean I should uninstall all softwares? I may as well re-install XP(?)

Please clarify ...

TIA :)
rarewolf
Active Member
 
Posts: 12
Joined: May 30th, 2010, 7:14 am

Re: Browser redirection, and ... (pt.2)

Unread postby xixo_12 » June 13th, 2010, 8:19 am

Hi,

Example :

Tool detected :
c:\documents and settings\cass&michael\my documents\my downloads\installs\photodex\photodex proshow gold 4.0.2542\keygen.rar

Obviously you're using it.
Photodex Presenter-->C:\Program Files\Photodex Presenter\uninst.exe

So, you must remove it all, keygen and also the program.

Look at CKFiles.txt and ESET log.txt. You will have an idea what to remove. This is all the infection. Malwareremoval.com policy will not offer any help to any of victims that used non-genuine software.
I just give you a chance about this.

Then tell me once done.
Remember, if I still found related software, our tools able to detect it, I have no choice to close this topic.
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 61 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware