TR/Kazy infection-OTL.txt/ addl logs in addl posts

by robbhenningsr on Thu 20 Oct 2011, 7:17 am

First topic message reminder :

Following are results of initial scans. (Note regarding aswMBR: program did not complete, error message included below.) I will await further instructions. Thanks for your help.

Patricia

OTL LOG:

OTL logfile created on: 10/19/2011 2:44:59 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.41 Mb Total Physical Memory | 513.49 Mb Available Physical Memory | 50.22% Memory free
2.40 Gb Paging File | 2.10 Gb Available in Paging File | 87.20% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 363.53 Gb Total Space | 114.05 Gb Free Space | 31.37% Space Free | Partition Type: NTFS
Drive D: | 9.05 Gb Total Space | 4.40 Gb Free Space | 48.56% Space Free | Partition Type: FAT32

Computer Name: BOBSPC | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\WINDOWS\3129287989:3403315781.exe
PRC - [2011/10/19 14:42:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.com
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LightScribeService)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [Auto | Stopped] -- -- (Apple Mobile Device)
SRV - [2010/11/16 02:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/09/24 14:19:16 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/09/24 14:19:16 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/09/24 14:19:08 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/09/24 14:19:08 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,109,568 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/06/27 17:24:34 | 000,471,040 | ---- | M] (Atheros) [Auto | Stopped] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/02/27 12:54:52 | 000,364,544 | ---- | M] (Atheros Communications, Inc.) [Auto | Stopped] -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)

========== Driver Services (SafeList) ==========

DRV - [2009/11/25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/10/01 17:45:52 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/09/30 04:24:36 | 000,453,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WN111v2.sys -- (WN111v2)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/12/14 05:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/05/23 05:15:00 | 000,547,744 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2007/04/18 09:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 09:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 09:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 09:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 09:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 09:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 09:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 09:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 09:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 09:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 09:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 07:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 06:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 05:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 05:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 05:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 05:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 05:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 05:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 05:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/04/10 05:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/08/18 18:35:04 | 003,856,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/04/15 07:12:12 | 000,175,616 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2004/08/10 01:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 01:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 16:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/08/04 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/03 12:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/11/06 01:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2003/07/24 13:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2001/08/17 13:19:20 | 000,096,256 | ---- | M] (Copyright (C) Creative Technology Ltd. 1994-2001) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlsb16.sys -- (ctlsb16) Creative SB16/AWE32/AWE64 Driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://finance.yahoo.com/news/Burger-King-revamps-coffee-apf-1119327906.html?x=0&.v=6|http://www.facebook.com/home.php?|http://excite.com/|https://mail.google.com/mail/?shva=1#inbox"
FF - prefs.js..extensions.enabledItems: {a2adbb75-0c40-1c3b-68b2-6de799200d52}:4.6.6.3
FF - prefs.js..extensions.enabledItems: {776A7CC0-E1A0-4E46-982C-88A8754E5100}:1.9.1
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=WBV5&o=14540&locale=en_US&apn_uid=E2FCB7F1-34BC-45E8-896C-624F6D10A903&apn_ptnrs=WK&apn_sauid=A2A408A3-55EA-4D04-97E9-994A09157858&apn_dtid=YYYYYYYYUS&&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/01 09:18:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 11:52:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/01/11 19:41:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/12/11 12:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/12/11 12:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/05/07 11:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions
[2009/11/30 20:02:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/09/11 19:42:16 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/05/07 11:53:11 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions\engine@conduit.com
[2011/10/14 01:03:45 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions\toolbar@ask.com
[2011/10/19 13:40:35 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\searchplugins\askcom.xml
[2010/01/23 23:28:20 | 000,002,180 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\searchplugins\bing-ff.xml
[2008/06/23 15:55:06 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\searchplugins\wikipedia.xml
[2011/07/18 00:43:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/07 19:30:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/02/01 15:54:22 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{a2adbb75-0c40-1c3b-68b2-6de799200d52}
[2010/02/01 15:54:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{a2adbb75-0c40-1c3b-68b2-6de799200d52}.del
[2010/12/05 12:20:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2007/02/28 13:36:51 | 000,000,000 | ---D | M] (Google Settings) -- C:\Program Files\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
[2010/02/14 02:36:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/03/08 23:33:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/01 09:18:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/03/31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2009/03/05 18:08:04 | 000,049,664 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/07 11:52:15 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

O1 HOSTS File: ([2010/12/04 19:28:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CaSup.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe (TLC Productivity Properties LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} [You must be registered and logged in to see this link.] (SysData Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} [You must be registered and logged in to see this link.] (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{201B7D01-482D-4862-846E-44904AD96B73}: DhcpNameServer = 10.10.5.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C72A36E4-3E1C-4AFE-896F-6225AD450C02}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/13 05:37:21 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/10/18 20:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/10/18 16:29:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\352585ba
[2007/04/09 13:32:58 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2007/04/09 13:19:16 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/10/19 13:56:36 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/19 13:55:49 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/19 13:50:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\3129287989
[2011/10/19 13:50:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/18 23:04:52 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/10/18 23:04:51 | 000,030,648 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/10/18 23:04:51 | 000,030,648 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/10/18 23:04:51 | 000,029,772 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/10/18 23:04:51 | 000,029,772 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/10/18 23:04:33 | 000,000,203 | ---- | M] () -- C:\WINDOWS\System32\mhncache.dat
[2011/10/18 23:03:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/10/18 22:55:44 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000007-00001102-00000008-10221102}.CDF
[2011/10/18 22:55:44 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000007-00001102-00000008-10221102}.BAK
[2011/10/18 22:51:55 | 000,000,336 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2011/10/18 22:41:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/18 22:39:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2011/10/18 20:40:58 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2011/10/18 20:39:02 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/18 20:38:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/18 20:19:43 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/18 16:32:21 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/17 10:48:26 | 000,022,393 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\FASCISM.jpg
[2011/10/16 10:53:55 | 000,049,567 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\little sheet heads.jpg
[2011/10/16 09:47:47 | 000,008,807 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\original computer.jpg
[2011/10/15 11:26:19 | 000,037,335 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\love love love.jpg
[2011/10/14 12:35:57 | 000,017,087 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\strong stupidity.jpg
[2011/10/13 16:57:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/13 16:16:15 | 000,019,096 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\sick bastard.jpg
[2011/10/12 21:44:00 | 000,016,341 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\compassion point of view.jpg
[2011/10/12 18:19:18 | 000,014,569 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Charlie Brown.jpg
[2011/10/12 17:56:07 | 000,025,131 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\idiot dig shit !.jpg
[2011/10/10 18:12:01 | 000,025,648 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\f*** kids !!.jpg
[2011/10/08 19:13:05 | 000,157,573 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Steve Jobs life.php
[2011/10/08 18:15:38 | 000,000,502 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Atheism.lnk
[2011/10/08 17:30:56 | 000,055,553 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\You're next.jpg
[2011/10/08 15:06:33 | 000,018,558 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\St. Peter & Steve Jobs.jpg
[2011/10/08 10:45:33 | 000,007,556 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\hope and change - socialism.jpg
[2011/10/07 15:10:44 | 000,074,276 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\never give up.jpg
[2011/10/02 13:34:52 | 000,027,801 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Atheism.jpg
[2011/09/25 14:32:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/22 13:45:32 | 000,015,541 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\FEMINE PROTECTION.jpg
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

by robbhenningsr on Mon 14 Nov 2011, 11:37 am

No, thanks, format is a bit extreme, yet. I've seen this once before, I just don't remember exactly how to go about tracking down and re-setting the appropriate devices.

One thing I did notice, while just looking around on the pc, is there are a number of items in "Services" that are showing as stopped...among those stopped are IP configuration.

If you know more about "Services" settings, or can refer me to someone who might, your help would be appreciated. Meanwhile, I'll keep researching on this end, as time and talent permit.

Thanks,

Patricia

by **Belahzur** on Mon 14 Nov 2011, 1:19 pm

Hello.
I'm back with an idea.

Please download FSS from here

Press the scan button, and it will make a log file when it's finished.
Copy and paste the log back here.

by robbhenningsr on Mon 14 Nov 2011, 2:08 pm

I'm sorry, but "from where?" No link in previous message, not sure where to look-- I'll check back. Thanks,

Patricia

by **Belahzur** on Tue 15 Nov 2011, 3:06 am

Where it says "here" is a hyperlink.

by robbhenningsr on Tue 15 Nov 2011, 3:58 am

Thanks, for no apparent reason, the link didn't activate when I moused over it, yesterday...got it now!

Thanks,

Patricia

by robbhenningsr on Tue 15 Nov 2011, 4:02 am

Here is the FSS log:

Farbar Service Scanner
Ran by HP_Administrator (administrator) on 14-11-2011 at 12:00:10
Microsoft Windows XP Service Pack 3 (X86)
********************************************************

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

NetBt Service is not running. Checking service configuration:
The start type of NetBt service is OK.
The ImagePath of NetBt service is OK.

File Check:
===========
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys is missing.
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is accessible.
There is no connection to network.
Attempt to Google returned error: Google site is unreachable
Attemp to yahoo returend error: Yahoo site is unreachable

**** End of log ****

I'll wait for further advice...
Thanks,
Patricia

by **Belahzur** on Tue 15 Nov 2011, 4:11 am

I believe we found the problem. While I do some research, do you have your XP disc? a critical system file was deleted by the infection and needs replacing.

by robbhenningsr on Tue 15 Nov 2011, 4:12 am

No, this pc did not come with an XP disc...sorry.

Thanks for your help,

Patricia

by **Belahzur** on Tue 15 Nov 2011, 4:16 am

Darn, lets hope the machine has a backup copy somewhere.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

/md5start
netbt.sys
/md5stop
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the pink Quick Scan button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

by robbhenningsr on Tue 15 Nov 2011, 5:13 am

Done! Here are the results of the current OTL scan:

OTL logfile created on: 11/14/2011 12:48:35 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.41 Mb Total Physical Memory | 541.24 Mb Available Physical Memory | 52.94% Memory free
2.40 Gb Paging File | 2.02 Gb Available in Paging File | 84.24% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 363.53 Gb Total Space | 113.62 Gb Free Space | 31.25% Space Free | Partition Type: NTFS
Drive D: | 9.05 Gb Total Space | 4.40 Gb Free Space | 48.56% Space Free | Partition Type: FAT32
Drive K: | 279.45 Gb Total Space | 227.87 Gb Free Space | 81.54% Space Free | Partition Type: NTFS
Drive L: | 245.72 Mb Total Space | 97.06 Mb Free Space | 39.50% Space Free | Partition Type: FAT

Computer Name: BOBSPC | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/14 12:45:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.com
PRC - [2010/11/17 13:22:57 | 000,329,096 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/10/29 15:12:22 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2010/09/28 13:09:05 | 000,557,056 | ---- | M] (BitLeader) -- C:\Program Files\lg_fwupdate\fwupdate.exe
PRC - [2010/09/24 13:19:08 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2010/09/24 13:19:08 | 000,057,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2009/06/03 19:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 22:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/12/02 11:21:20 | 001,503,306 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
PRC - [2008/06/27 16:24:34 | 000,467,028 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 11:54:52 | 000,360,547 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe
PRC - [2007/04/09 12:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2006/07/25 01:01:00 | 000,114,688 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic Shared\CineTray.exe
PRC - [2003/11/06 18:32:30 | 000,270,336 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\GA311.exe

========== Modules (No Company Name) ==========

MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/03/29 15:02:48 | 000,520,234 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/08/20 11:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/08/20 11:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/08/20 11:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/06/03 19:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 19:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/08/28 01:59:00 | 001,478,656 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2007/08/28 01:59:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2005/03/16 01:17:28 | 000,204,800 | ---- | M] () -- c:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll
MOD - [2003/11/06 18:32:30 | 000,270,336 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
MOD - [2003/11/06 14:40:32 | 000,049,152 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\Rtl8169LibC.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LightScribeService)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [Auto | Stopped] -- -- (Apple Mobile Device)
SRV - File not found [Auto | Stopped] -- -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- -- (AntiVirSchedulerService)
SRV - [2011/10/23 08:41:12 | 000,060,416 | ---- | M] () [Auto | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2010/11/16 01:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/09/24 13:19:16 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/09/24 13:19:16 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/09/24 13:19:08 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/09/24 13:19:08 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2008/06/27 16:24:34 | 000,467,028 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/02/27 11:54:52 | 000,360,547 | ---- | M] (Atheros Communications, Inc.) [Auto | Running] -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)

========== Driver Services (SafeList) ==========

DRV - [2009/11/25 11:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/10/01 16:45:52 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/09/30 03:24:36 | 000,453,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WN111v2.sys -- (WN111v2)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/12/14 04:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/05/23 04:15:00 | 000,547,744 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2007/04/18 08:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 08:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 06:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 05:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 04:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 04:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 04:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 04:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 04:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 04:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 04:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/04/10 04:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/08/18 17:35:04 | 003,856,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/04/15 06:12:12 | 000,175,616 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2004/08/10 00:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 00:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 15:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/08/04 14:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/03 11:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/11/06 00:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2001/08/17 12:19:20 | 000,096,256 | ---- | M] (Copyright (C) Creative Technology Ltd. 1994-2001) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlsb16.sys -- (ctlsb16) Creative SB16/AWE32/AWE64 Driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://finance.yahoo.com/news/Burger-King-revamps-coffee-apf-1119327906.html?x=0&.v=6|http://www.facebook.com/home.php?|http://excite.com/|https://mail.google.com/mail/?shva=1#inbox"
FF - prefs.js..extensions.enabledItems: {a2adbb75-0c40-1c3b-68b2-6de799200d52}:4.6.6.3
FF - prefs.js..extensions.enabledItems: {776A7CC0-E1A0-4E46-982C-88A8754E5100}:1.9.1
FF - prefs.js..keyword.URL: "http://bing.zugo.com/s/?src=FF-Address&site=Bing&cfg=2-80-0-b3EH\n&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/01 08:18:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/19 22:42:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/01/11 18:41:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/12/11 11:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/12/11 11:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/10/19 22:33:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions
[2009/11/30 19:02:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/09/11 18:42:16 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/05/07 10:53:11 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\extensions\engine@conduit.com
[2010/01/23 22:28:20 | 000,002,180 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\searchplugins\bing-ff.xml
[2008/06/23 14:55:06 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ge13mt45.default\searchplugins\wikipedia.xml
[2011/10/19 23:51:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/07 18:30:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/02/01 14:54:22 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{a2adbb75-0c40-1c3b-68b2-6de799200d52}
[2010/02/01 14:54:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{a2adbb75-0c40-1c3b-68b2-6de799200d52}.del
[2010/12/05 11:20:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/10/19 23:51:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2007/02/28 12:36:51 | 000,000,000 | ---D | M] (Google Settings) -- C:\Program Files\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
[2010/02/14 01:36:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/03/08 22:33:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/01 08:18:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/03/31 21:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2009/03/05 17:08:04 | 000,049,664 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/07 10:52:15 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

O1 HOSTS File: ([2011/10/28 19:17:14 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CaSup.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe (TLC Productivity Properties LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} [You must be registered and logged in to see this link.] (SysData Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} [You must be registered and logged in to see this link.] (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{201B7D01-482D-4862-846E-44904AD96B73}: DhcpNameServer = 10.10.5.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C72A36E4-3E1C-4AFE-896F-6225AD450C02}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/13 04:37:21 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/14 12:45:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.com
[2011/11/13 22:29:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/10/28 19:15:35 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\HP_Administrator\Desktop\WinsockxpFix.exe
[2011/10/27 15:30:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/27 14:58:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/27 14:58:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/27 14:58:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/27 14:58:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/27 14:55:26 | 004,274,802 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2011/10/25 14:45:12 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe
[2011/10/25 14:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/10/25 14:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/10/24 02:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Kaspersky
[2011/10/24 02:17:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\New Folder
[2011/10/22 14:02:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\pics
[2011/10/21 13:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/21 13:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\eset
[2011/10/21 13:16:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\SysProt
[2011/10/20 21:57:32 | 000,467,028 | ---- | C] (Atheros) -- C:\WINDOWS\System32\acs.exe
[2011/10/20 20:45:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/20 15:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/10/20 00:12:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Java
[2011/10/19 20:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/10/18 19:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2007/04/09 12:32:58 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2007/04/09 12:19:16 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/14 12:45:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.com
[2011/11/14 12:37:23 | 000,000,203 | ---- | M] () -- C:\WINDOWS\System32\mhncache.dat
[2011/11/14 11:56:36 | 000,324,319 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\FSS.exe
[2011/11/14 10:39:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2011/11/14 00:46:19 | 000,000,336 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2011/11/13 22:55:35 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/11/13 22:53:49 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2011/11/13 22:35:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/13 22:35:00 | 1072,152,576 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/13 22:34:11 | 000,030,648 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/11/13 22:34:11 | 000,030,648 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/11/13 22:34:11 | 000,029,772 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/11/13 22:34:11 | 000,029,772 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/11/13 22:34:11 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000007-00001102-00000008-10221102}.rfx
[2011/11/13 22:33:40 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000007-00001102-00000008-10221102}.CDF
[2011/11/13 22:33:40 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000007-00001102-00000008-10221102}.BAK
[2011/11/10 16:57:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/09 13:36:12 | 000,465,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/09 13:36:12 | 000,080,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/02 22:10:28 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\look.bat
[2011/11/02 13:13:10 | 000,380,805 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\MiniToolBox.exe
[2011/10/28 19:17:14 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/28 19:15:32 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\HP_Administrator\Desktop\WinsockxpFix.exe
[2011/10/27 15:22:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2011/10/27 14:55:18 | 004,274,802 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2011/10/25 14:37:24 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe
[2011/10/25 14:37:00 | 000,147,832 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\profiles.exe
[2011/10/24 02:41:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/20 15:16:19 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/20 00:37:44 | 000,286,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/20 00:06:56 | 048,324,552 | ---- | M] () -- C:\WINDOWS\System32\MRT.exe
[2011/10/19 22:40:42 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/10/19 14:32:56 | 001,916,416 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.exe
[2011/10/19 12:56:36 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/19 12:55:49 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/18 15:32:21 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/14 11:56:46 | 000,324,319 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\FSS.exe
[2011/11/09 13:29:09 | 1072,152,576 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/02 22:10:25 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\look.bat
[2011/11/02 13:13:19 | 000,380,805 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\MiniToolBox.exe
[2011/10/27 14:58:52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/27 14:58:52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/27 14:58:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/27 14:58:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/27 14:58:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/25 14:44:39 | 000,147,832 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\profiles.exe
[2011/10/19 22:40:42 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/19 22:40:42 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/10/19 14:32:43 | 001,916,416 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.exe
[2011/10/18 15:32:21 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2010/12/01 18:45:43 | 000,000,203 | ---- | C] () -- C:\WINDOWS\System32\mhncache.dat
[2010/11/03 20:19:53 | 000,000,421 | ---- | C] () -- C:\WINDOWS\DeDup.ini
[2010/09/28 13:08:21 | 000,000,336 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2010/03/09 14:29:05 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/08 19:43:50 | 048,324,552 | ---- | C] () -- C:\WINDOWS\System32\MRT.exe
[2010/03/08 15:44:02 | 000,110,602 | ---- | C] () -- C:\WINDOWS\System32\xcdsfx32.bin
[2010/02/05 17:07:27 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2010/01/23 22:30:34 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Vfidag.dat
[2010/01/23 22:30:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Sfoneciduwaton.bin
[2009/07/08 10:58:18 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/07/08 09:07:00 | 001,580,550 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/05/21 18:11:16 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/04/24 10:27:08 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/27 16:18:04 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/17 13:19:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2008/03/28 20:27:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/03/24 13:26:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/02 12:17:44 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2007/08/30 14:20:35 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/08/17 17:52:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Unsetup.INI
[2007/05/14 10:59:34 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/12 08:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 12:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 12:55:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/04/09 12:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/04/09 12:32:32 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2007/04/09 12:24:30 | 000,325,821 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2007/04/09 12:24:30 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2007/04/09 12:21:44 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2007/04/09 12:21:28 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2007/04/09 12:19:44 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2007/04/09 12:19:20 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2007/04/09 12:19:20 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2007/04/09 12:19:18 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2006/10/02 09:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006/09/01 17:38:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\FWWipeALL.dll
[2006/08/11 23:57:12 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/08/11 23:56:58 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/08/11 23:56:51 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2006/05/13 21:20:28 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/05/13 19:38:17 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/04/27 21:02:50 | 000,005,717 | ---- | C] () -- C:\WINDOWS\hpdj6122.ini
[2006/04/27 21:02:28 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2006/03/14 18:14:55 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/02/27 22:58:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/12 16:14:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/02/12 16:14:13 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/02/12 16:14:06 | 000,003,892 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/01/27 11:16:59 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/01/27 11:12:31 | 000,134,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/13 04:56:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/13 04:39:32 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/01/13 04:39:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/01/13 04:24:05 | 000,112,873 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2006/01/13 04:24:05 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2006/01/13 04:18:40 | 000,080,418 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2006/01/13 04:18:40 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2006/01/13 04:16:33 | 000,072,881 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/01/13 04:16:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2006/01/13 04:15:39 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/01/13 04:12:44 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/01/13 03:59:45 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/01/12 17:39:27 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/01/12 17:39:27 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/01/12 17:39:23 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/01/12 17:39:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/01/12 17:39:10 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/01/12 17:38:41 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/01/12 17:38:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/01/12 17:38:02 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/01/12 17:38:02 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\dwwin.exe
[2006/01/12 17:37:30 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 17:30:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/08/02 17:30:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2005/08/02 17:30:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/08/02 17:30:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/08/02 17:30:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2005/07/02 15:36:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/07/02 15:34:10 | 000,286,904 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/07/02 15:28:10 | 000,465,552 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/07/02 15:28:10 | 000,080,066 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/06/16 10:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2005/02/26 14:31:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/01/28 19:41:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/28 19:36:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/27 07:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/04/18 16:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 16:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2001/07/07 01:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/05/16 20:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2006/05/14 21:50:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/02/06 12:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/12/06 11:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2007/08/30 10:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/02/05 20:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETGEAR
[2010/02/06 12:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/05/16 20:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSecurityShield
[2008/01/29 17:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008/01/29 17:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2010/02/14 20:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2007/09/07 10:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2008/03/30 19:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Systweak
[2010/09/28 13:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/06 12:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/11 20:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/05/31 08:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B7A015B7-4802-4678-8CEC-700380BA9AFD}
[2011/11/13 22:53:49 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\Tasks\ConfigExec.job
[2011/11/14 10:39:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\Tasks\DataUpload.job

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: NETBT.SYS >
[2004/08/10 00:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\SoftwareDistribution.old\Download\dd9ab5193501484cf5e6884fa1d22f9e\netbt.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

I'll check back for further instructions.

Thanks,

Patricia

by **Belahzur** on Tue 15 Nov 2011, 5:27 am

Hello.
Good, there is a copy there, we can replace it and get the services restarted soon, just gathering as much info as possible about it right now.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
FCopy:: C:\WINDOWS\$NtServicePackUninstall$\netbt.sys | C:\WINDOWS\system32\drivers\netbt.sys
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

by robbhenningsr on Tue 15 Nov 2011, 6:19 am

Following is log from current ComboFix, with Script:

ComboFix 11-11-14.02 - HP_Administrator 11/14/2011 13:46:47.11.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.450 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
.
.
--------------- FCopy ---------------f
.
c:\windows\$NtServicePackUninstall$\netbt.sys --> c:\windows\system32\drivers\netbt.sys
.
((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 )))))))))))))))))))))))))))))))
.
.
2011-11-14 18:46 . 2004-08-10 05:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-11-14 18:46 . 2004-08-10 05:00 162816 ----a-w- c:\windows\system32\dllcache\netbt.sys
2011-11-14 03:29 . 2011-11-14 03:33 -------- d-----w- c:\windows\system32\NtmsData
2011-10-25 19:35 . 2011-10-25 19:35 -------- d-----w- c:\program files\7-Zip
2011-10-21 18:43 . 2011-10-21 18:43 -------- d-----w- c:\program files\ESET
2011-10-21 02:57 . 2008-06-27 21:24 467028 ----a-w- c:\windows\system32\acs.exe
2011-10-19 00:37 . 2011-10-19 00:37 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-19 17:56 . 2010-11-30 06:50 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-03 09:06 . 2010-12-05 16:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 06:37 . 2010-02-14 06:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2006-01-12 22:39 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2006-01-12 22:39 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2006-01-12 22:37 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2006-01-12 22:41 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00 . 2010-11-30 06:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48 . 2006-01-13 05:41 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2006-01-12 22:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2006-01-12 22:38 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2006-01-12 22:38 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2006-01-12 22:37 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-01 13:18 . 2011-05-07 15:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-04-01 02:47 . 2008-06-09 23:45 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2009-03-05 22:08 . 2009-05-17 01:17 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-28 8466432]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"nwiz"="nwiz.exe" [2007-08-28 1626112]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2010-09-28 557056]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-25 210216]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2010-11-17 329096]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
CaSup.lnk - c:\hp\region\CustAtStartUp.wsf [N/A]
Forget Me Not.lnk - c:\program files\Broderbund\AG CreataCard\AGRemind.exe [2008-2-26 323584]
GA311 Smart Wizard Utility.lnk - c:\program files\NETGEAR GA311 Adapter\GA311.exe [2003-11-6 270336]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2008-12-2 1503306]
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2006-7-25 114688]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\avnotify.exe"=
"c:\\Program Files\\AWS\\WeatherBug\\Weather.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
"c:\\Program Files\\BillP Studios\\WinPatrol\\WinPatrol.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jaucheck.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Desktop\\aswMBR.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
.
R2 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 11:54 AM 360547]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [5/23/2007 4:15 AM 547744]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 4:45 PM 57440]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S2 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [11/16/2010 1:10 AM 267568]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [3/8/2010 4:36 PM 96256]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 12:10 PM 17149]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 1:19 PM 268528]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [9/30/2008 3:24 AM 453120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 17:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-11-14 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-11-16 06:09]
.
2011-11-14 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-11-16 06:09]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-11-14 14:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-11-14 14:09:01
ComboFix-quarantined-files.txt 2011-11-14 19:08
ComboFix2.txt 2011-10-27 20:29
ComboFix3.txt 2011-10-25 20:56
ComboFix4.txt 2011-10-21 03:49
ComboFix5.txt 2011-11-14 18:44
.
Pre-Run: 121,972,133,888 bytes free
Post-Run: 121,955,913,728 bytes free
.
- - End Of File - - 2E1FF050F821F4D247C70F2BB204A9A3

I will wait for next steps. Thanks,

Patricia

by **Belahzur** on Tue 15 Nov 2011, 7:49 am

Okay before we get the stopped services running again, I want 1 more piece of information.

Please create a folder on your Desktop called SWReg.

Download SWReg.exe from here.
Save SWReg.exe inside the SWReg folder you just created.

Do not run SWReg.exe just yet.

Now open a new Notepad file, and input this into the Notepad file:

@echo off
swreg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT" /s >> log.txt
swreg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCP" /s >> log.txt
start notepad log.txt
Save this as SWReg.bat, save it inside the SWReg folder as well.
Make sure both SWReg.exe and SWReg.bat as located next to each other for this to work.
Now, double click on SWReg.bat to run the script.
Once done, a Notepad log file will open, copy and paste that log back here.

by robbhenningsr on Tue 15 Nov 2011, 8:02 am

Again, done! Following is the log:

SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 (C)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt
Type REG_DWORD 1 (0x1)
Start REG_DWORD 1 (0x1)
ErrorControl REG_DWORD 1 (0x1)
Tag REG_DWORD 5 (0x5)
ImagePath REG_EXPAND_SZ system32\DRIVERS\netbt.sys
DisplayName REG_SZ NetBios over Tcpip
Group REG_SZ PNP_TDI
DependOnService REG_MULTI_SZ Tcpip\0\0
DependOnGroup REG_MULTI_SZ \0
Description REG_SZ NetBios over Tcpip

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Linkage
OtherDependencies REG_MULTI_SZ Tcpip\0\0
Bind REG_MULTI_SZ \Device\Tcpip_{C72A36E4-3E1C-4AFE-896F-6225AD450C02}\0\Device\Tcpip_{B3C73173-0762-4B81-9895-C2EDEC4748B4}\0\Device\Tcpip_{5B74AE0B-EA56-4AB7-8C7F-58D808595B8A}\0\Device\Tcpip_{56B6407D-44C7-475D-9CF5-2E61B6417829}\0\Device\Tcpip_{201B7D01-482D-4862-846E-44904AD96B73}\0\Device\Tcpip_{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\0\Device\Tcpip_{806D2A77-DA02-437A-8697-82CEA873675A}\0\Device\Tcpip_{5AB0B083-40AF-4683-96A9-1B28EF6F403D}\0\0
Route REG_MULTI_SZ "Tcpip" "{C72A36E4-3E1C-4AFE-896F-6225AD450C02}"\0"Tcpip" "{B3C73173-0762-4B81-9895-C2EDEC4748B4}"\0"Tcpip" "{5B74AE0B-EA56-4AB7-8C7F-58D808595B8A}"\0"Tcpip" "{56B6407D-44C7-475D-9CF5-2E61B6417829}"\0"Tcpip" "{201B7D01-482D-4862-846E-44904AD96B73}"\0"Tcpip" "{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}"\0"Tcpip" "NdisWanIp"\0\0
Export REG_MULTI_SZ \Device\NetBT_Tcpip_{C72A36E4-3E1C-4AFE-896F-6225AD450C02}\0\Device\NetBT_Tcpip_{B3C73173-0762-4B81-9895-C2EDEC4748B4}\0\Device\NetBT_Tcpip_{5B74AE0B-EA56-4AB7-8C7F-58D808595B8A}\0\Device\NetBT_Tcpip_{56B6407D-44C7-475D-9CF5-2E61B6417829}\0\Device\NetBT_Tcpip_{201B7D01-482D-4862-846E-44904AD96B73}\0\Device\NetBT_Tcpip_{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}\0\Device\NetBT_Tcpip_{806D2A77-DA02-437A-8697-82CEA873675A}\0\Device\NetBT_Tcpip_{5AB0B083-40AF-4683-96A9-1B28EF6F403D}\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters
NbProvider REG_SZ _tcp
NameServerPort REG_DWORD 137 (0x89)
CacheTimeout REG_DWORD 600000 (0x927c0)
BcastNameQueryCount REG_DWORD 3 (0x3)
BcastQueryTimeout REG_DWORD 750 (0x2ee)
NameSrvQueryCount REG_DWORD 3 (0x3)
NameSrvQueryTimeout REG_DWORD 1500 (0x5dc)
Size/Small/Medium/Large REG_DWORD 1 (0x1)
SessionKeepAlive REG_DWORD 3600000 (0x36ee80)
TransportBindName REG_SZ \Device\
DhcpNodeType REG_DWORD 8 (0x8)
EnableProxy REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces\Tcpip_{201B7D01-482D-4862-846E-44904AD96B73}
NameServerList REG_MULTI_SZ \0
NetbiosOptions REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces\Tcpip_{56B6407D-44C7-475D-9CF5-2E61B6417829}
NameServerList REG_MULTI_SZ \0
NetbiosOptions REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces\Tcpip_{5AB0B083-40AF-4683-96A9-1B28EF6F403D}
NameServerList REG_MULTI_SZ \0
NetbiosOptions REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces\Tcpip_{5B74AE0B-EA56-4AB7-8C7F-58D808595B8A}
NameServerList REG_MULTI_SZ \0
NetbiosOptions REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces\Tcpip_{806D2A77-DA02-437A-8697-82CEA873675A}
NameServerList REG_MULTI_SZ \0\0
RASFlags REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces\Tcpip_{B3C73173-0762-4B81-9895-C2EDEC4748B4}
NameServerList REG_MULTI_SZ \0
NetbiosOptions REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces\Tcpip_{C72A36E4-3E1C-4AFE-896F-6225AD450C02}
NameServerList REG_MULTI_SZ \0
NetbiosOptions REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces\Tcpip_{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37}
NameServerList REG_MULTI_SZ \0
NetbiosOptions REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Security
Security REG_BINARY 01001480e8000000f4000000140000003000000002001c000100000002801400ff010f000101000000000001000000000200b80008000000000014008d01020001010000000000050b000000000018009d0102000102000000000005200000002302000000001800ff010f000102000000000005200000002002000000001800ff010f000102000000000005200000002502000000001400fd01020001010000000000051200000000001400400000000101000000000005130000000000140040000000010100000000000514000000000018009d0102000102000000000005200000002c020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Enum
0 REG_SZ Root\LEGACY_NETBT\0000
Count REG_DWORD 1 (0x1)
NextInstance REG_DWORD 1 (0x1)
INITSTARTFAILED REG_DWORD 1 (0x1)

SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 (C)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp
Type REG_DWORD 32 (0x20)
Start REG_DWORD 2 (0x2)
ErrorControl REG_DWORD 1 (0x1)
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
DisplayName REG_SZ DHCP Client
Group REG_SZ TDI
DependOnService REG_MULTI_SZ Tcpip\0Afd\0NetBT\0\0
DependOnGroup REG_MULTI_SZ \0
ObjectName REG_SZ LocalSystem
Description REG_SZ Manages network configuration by registering and updating IP addresses and DNS names.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Configurations
Options REG_BINARY 32000000000000000400000000000000ffffff7f0000000001000000000000000400000000000000ffffff7f00000000

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Linkage

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Linkage\Disabled

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\dhcpcsvc.dll
{C7CFBAB3-209B-4DBA-9E92-ED57D9B94B37} REG_BINARY 0f000000000000000f00000000000000bd37c6427367742e637071636f72702e6e65740001000000000000000400000000000000bd37c642fffffc0033000000000000000400000000000000bd37c6420000025836000000000000000400000000000000bd37c6420a01010135000000000000000100000000000000bd37c64205000000
{201B7D01-482D-4862-846E-44904AD96B73} REG_BINARY 06000000000000000400000000000000711720420a0a050a03000000000000000400000000000000711720420a0a050a0100000000000000040000000000000071172042ffffff00330000000000000004000000000000007117204200000e1036000000000000000400000000000000711720420a0a0508350000000000000001000000000000007117204205000000
{B3C73173-0762-4B81-9895-C2EDEC4748B4} REG_BINARY 0600000000000000000000000000000007cf7a4b0300000000000000000000000000000007cf7a4b3300000000000000000000000000000007cf7a4b3b00000000000000000000000000000007cf7a4b3a00000000000000000000000000000007cf7a4b0100000000000000000000000000000007cf7a4b3600000000000000000000000000000007cf7a4b3500000000000000000000000000000007cf7a4b
{C72A36E4-3E1C-4AFE-896F-6225AD450C02} REG_BINARY 060000000000000004000000000000007263a44ec0a80101030000000000000004000000000000007263a44ec0a80101010000000000000004000000000000007263a44effffff00330000000000000004000000000000007263a44e00015180360000000000000004000000000000007263a44ec0a80101350000000000000001000000000000007263a44e05000000

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Parameters\Options

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Parameters\Options\1
KeyType REG_DWORD 7 (0x7)
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpSubnetMaskOpt\0SYSTEM\CurrentControlSet\Services\?\Parameters\Tcpip\DhcpSubnetMaskOpt\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Parameters\Options\15
KeyType REG_DWORD 1 (0x1)
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain\0SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpDomain\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Parameters\Options\220
KeyType REG_DWORD 3 (0x3)
VendorType REG_DWORD 1 (0x1)
RegSendLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\SoHRequest\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Parameters\Options\3
KeyType REG_DWORD 7 (0x7)
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDefaultGateway\0SYSTEM\CurrentControlSet\Services\?\Parameters\Tcpip\DhcpDefaultGateway\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Parameters\Options\44
KeyType REG_DWORD 1 (0x1)
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_?\DhcpNameServerList\0SYSTEM\CurrentControlSet\Services\NetBT\Adapters\?\DhcpNameServer\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Parameters\Options\46
KeyType REG_DWORD 4 (0x4)
RegLocation REG_SZ SYSTEM\CurrentControlSet\Services\NetBT\Parameters\DhcpNodeType

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Parameters\Options\47
KeyType REG_DWORD 1 (0x1)
RegLocation REG_SZ SYSTEM\CurrentControlSet\Services\NetBT\Parameters\DhcpScopeID

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Parameters\Options\6
KeyType REG_DWORD 1 (0x1)
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpNameServer\0SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Parameters\Options\DhcpNetbiosOptions
KeyType REG_DWORD 4 (0x4)
OptionId REG_DWORD 1 (0x1)
VendorType REG_DWORD 1 (0x1)
RegLocation REG_MULTI_SZ SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_?\DhcpNetbiosOptions\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Security
Security REG_BINARY 01001480900000009c000000140000003000000002001c000100000002801400ff010f000101000000000001000000000200600004000000000014008d01020001010000000000050b00000000001800fd0102000102000000000005200000002c02000000001800ff010f000102000000000005200000002002000000001400fd010200010100000000000512000000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dhcp\Enum
0 REG_SZ Root\LEGACY_DHCP\0000
Count REG_DWORD 1 (0x1)
NextInstance REG_DWORD 1 (0x1)

I'll check back for next instructions.

Thanks,

Patricia

by **Belahzur** on Tue 15 Nov 2011, 8:46 am

Okay sweet.

Click Start > Run. Type in services.msc.

Look in the list for DHCP Client, when you find it, double click it, what does it say next to Service Status? Started or stopped?

by robbhenningsr on Tue 15 Nov 2011, 8:51 am

I checked DHCP in services. It was blank (not Stopped, or Started).

Next?

Thanks,

Patricia

by robbhenningsr on Tue 15 Nov 2011, 8:53 am

Son of a gun! I restarted it (I know, you didn't tell me to...) and it started and we now have an IP address and connection!

I'm sure you'll have something for me to do as clean-up, etc., but I'm glad to finally get this far!

I'll check back for next advice.

Thanks~

Patricia

by **Belahzur** on Tue 15 Nov 2011, 9:33 am

Yep, that's fine.

The FSS tool is new, only a few days old, as you learnt from this case. This infection messes with internet connection and none of our other tools can tell why - now we can. ;)

by robbhenningsr on Tue 15 Nov 2011, 9:47 am

Thanks, so much-- and thanks to whoever developed that tool!

As I mentioned, this isn't the first time my DH got virused and it messed up his services...last time, though, it was the printer, too. (I'll have to check that. Done! Printer works, too.)

Whenever I'm tempted to throw the towel in and reformat, I remember the wise advice of an old friend who used to say, "It's damn near always something simple!" Then, I go back to basics and see what I can find...it seems the hackers have developed a passion for screwing up Services, as if it wasn't bad enough when they were messing with the Registry.

Anyway, thanks again for all your help. We're retirees (forced out early, of course) but I will strongly suggest to DH that he make a donation.

I will still check back in...and I'm hoping to learn how to help others with this kind of thing, eventually.

Thanks, again~

Patricia

by **Belahzur** on Tue 15 Nov 2011, 10:11 am

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

SpywareBlaster
SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
Spybot - Search & Destroy.
Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

Firefox may be downloaded from here: [You must be registered and logged in to see this link.]
Opera is available here: [You must be registered and logged in to see this link.]
Google Chrome is available here: Google Chrome
SRWare Iron is available here: SRWare Iron

Thank you for choosing GeekPolice. [You must be registered and logged in to see this link.]

by Sponsored content Today at 12:45 am

TR/Kazy infection-OTL.txt/ addl logs in addl posts

TR/Kazy infection-OTL.txt/ addl logs in addl posts

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts

Re: TR/Kazy infection-OTL.txt/ addl logs in addl posts