Hello,
Picked up malware yesterday called tinyproxy.exe that NAV caught and blocked. However, now my google searches are being redirected.

I've run Ad-aware with latest definitions, problem is still there.

I'm running WinXP, IE 7, Norton AV 2008

Following is current HJT log. Thank you for your help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:54 AM, on 11/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
C:\Windows\system32\HpSrvUI.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ORiNOCO\Client Manager\CmLUC.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us4nb.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: 890166 helper - {A48FE9AC-DD02-4FF7-9211-B7BA9A2C8BF2} - C:\WINDOWS\system32\890166\890166.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPLaptopGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HPLaptop\Games\ActiveMenu.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ORiNOCO Client Manager.lnk = C:\Program Files\ORiNOCO\Client Manager\CmLUC.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/bizcenter-o
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2098F239-F08E-4840-9F81-B758A4971D83} - http://www.batesville.com/us/setup.cab
O16 - DPF: {3F807625-B32A-498F-9010-7ABB2BB5D3B3} - http://www.batesville.com/us/install.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.a...meInstaller.exe
O16 - DPF: {5A3AD060-E5D9-4DEF-8E77-B44336153FD9} - http://www.batesville.com/dlb/setup.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - https://ccgfalmouth.dyndns.org/Remote/msrdp.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab
O16 - DPF: {8B2BE470-543C-4662-8536-54D191F82675} - http://www.batesville.com/dlb/setup.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft Terminal Services Client Control (redist)) - http://68.160.177.202:10367/tsweb/msrdp.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab
O16 - DPF: {BB707357-1966-4198-B14B-1F8156D79B98} - http://www.batesville.com/us/setup.cab
O16 - DPF: {CFC1C622-8C5B-4683-A64F-5A964EE397E1} - http://www.batesville.com/dlb/setup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://webmail.gpjco.com/dwa7W.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - (no file)
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WinPPPoverEthernet - Unknown owner - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE (file missing)

--
End of file - 10271 bytes

Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum.

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Here is report.txt from SDfix. logfile from Lop S&D will follow shortly. Thanks!


SDFix: Version 1.240
Run by Owner on Sat 11/08/2008 at 10:54 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found




Folder C:\WINDOWS\system32\890166 - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-08 11:11:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.EXE"="C:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.EXE:*:Enabled:pcAnywhere Main Program"
"C:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"="C:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE:*:Enabled:pcAnywhere Host Service"
"C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"="C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe:*:Enabled:pcAnywhere Remote Service"
"C:\\Program Files\\microsoft frontpage\\bin\\fpexplor.exe"="C:\\Program Files\\microsoft frontpage\\bin\\fpexplor.exe:*:Enabled:Microsoft FrontPage Explorer"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 4 Mar 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 7 Nov 2008 8,448 ..SHR --- "C:\RECYCLER\S-1-5-21-3499916212-2805738209-4071888707-1003\Dc517\tinyproxy.exe"
Fri 7 Nov 2008 29,696 A..H. --- "C:\System Volume Information\_restore{CBC2C510-007E-49FC-B319-B551940A2A56}\RP929\A0090266.exe"
Fri 7 Nov 2008 29,696 A..H. --- "C:\System Volume Information\_restore{CBC2C510-007E-49FC-B319-B551940A2A56}\RP930\A0090267.exe"
Thu 15 May 2003 43,008 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Fri 18 Jan 2008 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg"
Fri 18 Jan 2008 403 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg"
Sat 4 Mar 2006 4,348 ...H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1key.bak"
Tue 21 Mar 2006 20 A..H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1lic.bak"
Sat 4 Mar 2006 400 A.SH. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Tue 25 Oct 2005 19,456 A..H. --- "C:\Documents and Settings\Owner\Desktop\HEY KIM! OLD FILES ARE HERE!\Kim\Job_Search\~WRL0005.tmp"
Tue 25 Oct 2005 20,480 A..H. --- "C:\Documents and Settings\Owner\Desktop\HEY KIM! OLD FILES ARE HERE!\Kim\Job_Search\~WRL0493.tmp"
Tue 25 Oct 2005 20,992 A..H. --- "C:\Documents and Settings\Owner\Desktop\HEY KIM! OLD FILES ARE HERE!\Kim\Job_Search\~WRL0551.tmp"
Tue 25 Oct 2005 19,456 A..H. --- "C:\Documents and Settings\Owner\Desktop\HEY KIM! OLD FILES ARE HERE!\Kim\Job_Search\~WRL1174.tmp"
Tue 25 Oct 2005 20,480 A..H. --- "C:\Documents and Settings\Owner\Desktop\HEY KIM! OLD FILES ARE HERE!\Kim\Job_Search\~WRL1835.tmp"
Tue 25 Oct 2005 20,480 A..H. --- "C:\Documents and Settings\Owner\Desktop\HEY KIM! OLD FILES ARE HERE!\Kim\Job_Search\~WRL2066.tmp"
Tue 25 Oct 2005 20,480 A..H. --- "C:\Documents and Settings\Owner\Desktop\HEY KIM! OLD FILES ARE HERE!\Kim\Job_Search\~WRL3695.tmp"
Tue 25 Oct 2005 20,992 A..H. --- "C:\Documents and Settings\Owner\Desktop\HEY KIM! OLD FILES ARE HERE!\Kim\Job_Search\~WRL3958.tmp"
Thu 12 Jul 2001 35,328 A..H. --- "C:\Documents and Settings\Owner\Desktop\HEY KIM! OLD FILES ARE HERE!\Kim\Work\~WRL0004.tmp"
Sun 25 Jan 2004 52,736 A..H. --- "C:\Documents and Settings\Owner\Desktop\HEY KIM! OLD FILES ARE HERE!\Kim\Work\~WRL0005.tmp"
Thu 12 Jul 2001 35,328 A..H. --- "C:\Documents and Settings\Owner\Desktop\HEY KIM! OLD FILES ARE HERE!\Kim\Work\~WRL1301.tmp"
Sun 25 Jan 2004 40,448 A..H. --- "C:\Documents and Settings\Owner\Desktop\HEY KIM! OLD FILES ARE HERE!\Kim\Work\~WRL1321.tmp"
Sun 25 Jan 2004 42,496 A..H. --- "C:\Documents and Settings\Owner\Desktop\HEY KIM! OLD FILES ARE HERE!\Kim\Work\~WRL2530.tmp"
Sun 25 Jan 2004 48,640 A..H. --- "C:\Documents and Settings\Owner\Desktop\HEY KIM! OLD FILES ARE HERE!\Kim\Work\~WRL2648.tmp"
Sun 25 Jan 2004 44,032 A..H. --- "C:\Documents and Settings\Owner\Desktop\HEY KIM! OLD FILES ARE HERE!\Kim\Work\~WRL2938.tmp"
Sun 25 Jan 2004 40,960 A..H. --- "C:\Documents and Settings\Owner\Desktop\HEY KIM! OLD FILES ARE HERE!\Kim\Work\~WRL3583.tmp"
Thu 12 Jul 2001 35,840 A..H. --- "C:\Documents and Settings\Owner\Desktop\HEY KIM! OLD FILES ARE HERE!\Kim\Work\~WRL3620.tmp"

Finished!

Here is log from Lop S&D. Thanks again!


--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 Mobile CPU 1.40GHz )
BIOS : Insyde Software MobilePRO BIOS Version 4.00.01
USER : Owner ( Administrator )
BOOT : Normal boot
Antivirus : Norton AntiVirus 15.5.0.23 (Not Activated)
Firewall : Norton AntiVirus 15.5.0.23 (Activated)
C:\ (Local Disk) - NTFS - Total:27 Go (Free:9 Go)
D:\ (USB)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( Sat 11/08/2008|11:41 )

--------------------\\ Listing folders in APPLIC~1

[02/09/2008|07:44] C:\DOCUME~2\ALLUSE~1\APPLIC~1\<DIR> Adobe
[05/14/2006|11:25] C:\DOCUME~2\ALLUSE~1\APPLIC~1\<DIR> BVRP Software
[06/06/2005|06:21] C:\DOCUME~2\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[08/06/2007|07:07] C:\DOCUME~2\ALLUSE~1\APPLIC~1\<DIR> Intuit
[11/07/2008|09:17] C:\DOCUME~2\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[03/12/2007|09:16] C:\DOCUME~2\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[04/04/2007|08:21] C:\DOCUME~2\ALLUSE~1\APPLIC~1\<DIR> Nero
[11/21/2002|10:11] C:\DOCUME~2\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[04/11/2002|09:16] C:\DOCUME~2\ALLUSE~1\APPLIC~1\<DIR> SBSI
[03/21/2006|09:34] C:\DOCUME~2\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[08/31/2008|07:16] C:\DOCUME~2\ALLUSE~1\APPLIC~1\<DIR> Symantec
[03/09/2007|09:25] C:\DOCUME~2\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[10/06/2002|05:09] C:\DOCUME~2\ALLUSE~1\APPLIC~1\<DIR> Visual Networks
[02/04/2006|09:13] C:\DOCUME~2\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[04/11/2002|08:43] C:\DOCUME~2\DEFAUL~1\APPLIC~1\<DIR> Adobe
[04/11/2002|08:28] C:\DOCUME~2\DEFAUL~1\APPLIC~1\<DIR> Identities
[04/11/2002|08:43] C:\DOCUME~2\DEFAUL~1\APPLIC~1\<DIR> InterTrust
[04/11/2002|08:13] C:\DOCUME~2\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[04/11/2002|09:19] C:\DOCUME~2\DEFAUL~1\APPLIC~1\<DIR> Symantec

[04/11/2002|08:43] C:\DOCUME~2\Guest\APPLIC~1\<DIR> Adobe
[04/11/2002|08:28] C:\DOCUME~2\Guest\APPLIC~1\<DIR> Identities
[04/11/2002|08:43] C:\DOCUME~2\Guest\APPLIC~1\<DIR> InterTrust
[03/24/2008|02:31] C:\DOCUME~2\Guest\APPLIC~1\<DIR> Microsoft
[04/11/2002|09:19] C:\DOCUME~2\Guest\APPLIC~1\<DIR> Symantec

[06/08/2002|01:00] C:\DOCUME~2\LOCALS~1\APPLIC~1\<DIR> Microsoft

[04/11/2002|08:13] C:\DOCUME~2\NETWOR~1\APPLIC~1\<DIR> Microsoft

[07/18/2008|01:09] C:\DOCUME~2\Owner\APPLIC~1\<DIR> Adobe
[12/09/2007|12:38] C:\DOCUME~2\Owner\APPLIC~1\<DIR> AdobeUM
[04/04/2007|08:42] C:\DOCUME~2\Owner\APPLIC~1\<DIR> Ahead
[04/05/2006|03:23] C:\DOCUME~2\Owner\APPLIC~1\<DIR> Allume Systems
[08/12/2002|06:06] C:\DOCUME~2\Owner\APPLIC~1\<DIR> CyberLink
[07/01/2002|11:01] C:\DOCUME~2\Owner\APPLIC~1\<DIR> Help
[04/11/2002|08:28] C:\DOCUME~2\Owner\APPLIC~1\<DIR> Identities
[08/12/2002|07:21] C:\DOCUME~2\Owner\APPLIC~1\<DIR> InterVideo
[08/06/2007|07:00] C:\DOCUME~2\Owner\APPLIC~1\<DIR> Intuit
[02/28/2006|09:28] C:\DOCUME~2\Owner\APPLIC~1\<DIR> Lavasoft
[04/04/2007|05:03] C:\DOCUME~2\Owner\APPLIC~1\<DIR> Leadertech
[01/15/2004|08:38] C:\DOCUME~2\Owner\APPLIC~1\<DIR> Macromedia
[12/09/2007|01:03] C:\DOCUME~2\Owner\APPLIC~1\<DIR> Microsoft
[06/19/2006|09:01] C:\DOCUME~2\Owner\APPLIC~1\<DIR> Sun
[02/24/2007|12:32] C:\DOCUME~2\Owner\APPLIC~1\<DIR> Symantec
[08/06/2002|11:16] C:\DOCUME~2\Owner\APPLIC~1\<DIR> VERITAS
[03/09/2007|09:25] C:\DOCUME~2\Owner\APPLIC~1\<DIR> Viewpoint

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[11/04/2008 07:10 AM][--a------] C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Owner.job
[11/08/2008 11:04 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/18/2001 07:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[11/13/2006|08:47] C:\Program Files\<DIR> 3DGroove
[07/03/2008|01:53] C:\Program Files\<DIR> Adobe
[10/02/2002|07:57] C:\Program Files\<DIR> Adobe Type Manager
[04/05/2006|03:21] C:\Program Files\<DIR> Allume Systems
[09/01/2002|04:49] C:\Program Files\<DIR> ArcSoft
[03/15/2004|03:51] C:\Program Files\<DIR> Batesville
[05/14/2006|10:07] C:\Program Files\<DIR> Burncdcc
[08/23/2002|01:39] C:\Program Files\<DIR> Canon
[10/05/2003|10:53] C:\Program Files\<DIR> CDCheck
[11/07/2008|09:14] C:\Program Files\<DIR> Common Files
[04/11/2002|08:20] C:\Program Files\<DIR> ComPlus Applications
[03/21/2006|09:36] C:\Program Files\<DIR> CyberLink
[10/25/2005|06:50] C:\Program Files\<DIR> Directors Tribute Creator
[04/11/2002|09:00] C:\Program Files\<DIR> Games
[11/07/2007|07:52] C:\Program Files\<DIR> Hewlett-Packard
[04/21/2008|07:36] C:\Program Files\<DIR> Hooked on Phonics Learning
[04/11/2002|08:33] C:\Program Files\<DIR> HP
[12/26/2002|09:06] C:\Program Files\<DIR> HP DLA
[02/06/2004|03:30] C:\Program Files\<DIR> HP RecordNow
[09/02/2007|08:51] C:\Program Files\<DIR> InstallShield Installation Information
[01/01/2004|02:54] C:\Program Files\<DIR> InterActual
[10/15/2008|02:08] C:\Program Files\<DIR> Internet Explorer
[04/11/2002|08:44] C:\Program Files\<DIR> InterVideo
[06/19/2006|08:57] C:\Program Files\<DIR> Java
[11/07/2008|09:15] C:\Program Files\<DIR> Lavasoft
[05/14/2006|10:39] C:\Program Files\<DIR> LiveUpdate
[06/07/2002|05:31] C:\Program Files\<DIR> MapInfo MapX
[08/16/2008|02:14] C:\Program Files\<DIR> Messenger
[04/12/2002|12:39] C:\Program Files\<DIR> Microsoft ActiveSync
[09/14/2002|01:20] C:\Program Files\<DIR> microsoft frontpage
[11/24/2006|01:42] C:\Program Files\<DIR> Microsoft IntelliPoint
[10/28/2008|01:22] C:\Program Files\<DIR> Microsoft Office
[05/14/2006|10:51] C:\Program Files\<DIR> mobile PhoneTools
[10/06/2002|05:07] C:\Program Files\<DIR> Motive
[04/23/2006|07:51] C:\Program Files\<DIR> Motorola
[03/12/2007|08:00] C:\Program Files\<DIR> Movie Maker
[10/28/2008|01:21] C:\Program Files\<DIR> MSECache
[12/24/2005|10:04] C:\Program Files\<DIR> MSN Apps
[04/11/2002|08:19] C:\Program Files\<DIR> MSN Gaming Zone
[12/24/2005|10:02] C:\Program Files\<DIR> MSN Messenger
[03/07/2005|07:29] C:\Program Files\<DIR> MsnMusic
[03/30/2007|02:32] C:\Program Files\<DIR> MSXML 4.0
[04/11/2002|08:59] C:\Program Files\<DIR> MusicMatch
[04/04/2007|08:21] C:\Program Files\<DIR> Nero
[03/12/2007|07:53] C:\Program Files\<DIR> NetMeeting
[05/13/2008|02:31] C:\Program Files\<DIR> Norton AntiVirus
[04/15/2006|02:58] C:\Program Files\<DIR> NoteWorthy Composer
[02/24/2004|07:49] C:\Program Files\<DIR> OfficeUpdate11
[06/10/2002|10:25] C:\Program Files\<DIR> ORiNOCO
[06/02/2008|06:27] C:\Program Files\<DIR> Outlook Express
[05/08/2006|10:08] C:\Program Files\<DIR> Outlook Express Backup Wizard
[04/19/2004|08:16] C:\Program Files\<DIR> PowerPoint Viewer
[04/11/2002|09:05] C:\Program Files\<DIR> QuickenFC
[10/26/2008|07:41] C:\Program Files\<DIR> QUICKENW
[11/05/2004|07:00] C:\Program Files\<DIR> QuickTime
[08/28/2007|09:47] C:\Program Files\<DIR> S3
[08/29/2004|07:18] C:\Program Files\<DIR> Samsung
[07/05/2002|05:44] C:\Program Files\<DIR> Seagate Software
[10/22/2004|06:50] C:\Program Files\<DIR> Snapshot Viewer
[03/21/2006|09:34] C:\Program Files\<DIR> Spybot - Search & Destroy
[08/23/2008|06:08] C:\Program Files\<DIR> Symantec
[11/08/2008|12:01] C:\Program Files\<DIR> Trend Micro
[07/17/2003|09:39] C:\Program Files\<DIR> Uninstall Information
[12/16/2005|11:32] C:\Program Files\<DIR> Verizon Wireless
[03/07/2005|12:10] C:\Program Files\<DIR> Viewpoint
[07/19/2008|02:37] C:\Program Files\<DIR> Virtools
[07/19/2008|02:35] C:\Program Files\<DIR> Virtools Web Player 3.5
[09/02/2007|08:51] C:\Program Files\<DIR> VTech
[04/23/2006|07:51] C:\Program Files\<DIR> WIBUKEY
[04/23/2006|07:51] C:\Program Files\<DIR> WIBU-SYSTEMS
[03/30/2007|02:19] C:\Program Files\<DIR> Windows Media Player
[03/12/2007|07:52] C:\Program Files\<DIR> Windows NT
[05/13/2008|07:33] C:\Program Files\<DIR> Windows Sidebar
[02/04/2006|08:57] C:\Program Files\<DIR> WindowsUpdate
[07/21/2007|01:23] C:\Program Files\<DIR> WinZip
[04/11/2002|08:24] C:\Program Files\<DIR> xerox
[04/05/2006|03:27] C:\Program Files\<DIR> X-Fonter

--------------------\\ Listing Folders in C:\Program Files\Common Files

[02/09/2008|07:44] C:\Program Files\Common Files\<DIR> Adobe
[04/04/2007|08:24] C:\Program Files\Common Files\<DIR> Ahead
[04/12/2002|12:38] C:\Program Files\Common Files\<DIR> Designer
[04/23/2006|07:50] C:\Program Files\Common Files\<DIR> InstallShield
[08/06/2007|07:03] C:\Program Files\Common Files\<DIR> Intuit
[06/19/2006|08:55] C:\Program Files\Common Files\<DIR> Java
[10/28/2008|01:22] C:\Program Files\Common Files\<DIR> Microsoft Shared
[10/06/2002|05:06] C:\Program Files\Common Files\<DIR> Motive
[04/11/2002|08:21] C:\Program Files\Common Files\<DIR> MSSoap
[04/11/2002|08:14] C:\Program Files\Common Files\<DIR> ODBC
[08/06/2007|07:03] C:\Program Files\Common Files\<DIR> Palo Alto Software
[08/21/2002|06:08] C:\Program Files\Common Files\<DIR> Pervasive Software
[04/11/2002|08:21] C:\Program Files\Common Files\<DIR> Services
[04/11/2002|08:14] C:\Program Files\Common Files\<DIR> SpeechEngines
[11/07/2008|12:19] C:\Program Files\Common Files\<DIR> Symantec Shared
[06/02/2008|06:27] C:\Program Files\Common Files\<DIR> System
[07/02/2002|07:55] C:\Program Files\Common Files\<DIR> Vbox
[11/07/2008|09:14] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 40 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~2\Owner\Cookies\owner@greatermediaboston.advertserve[1].txt
C:\DOCUME~2\Owner\Cookies\owner@jra.advertserve[1].txt
C:\DOCUME~2\Owner\Cookies\owner@advertising[2].txt
C:\DOCUME~2\Owner\Cookies\owner@lasvegassun[2].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-08 11:43:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ KoobFace !

C:\WINDOWS\fmark2.dat

--------------------\\ Cracks & Keygens ..

C:\DOCUME~2\Owner\Cookies\owner@crackberry[1].txt
C:\DOCUME~2\Owner\Cookies\owner@forums.crackberry[1].txt
C:\DOCUME~2\Owner\Local Settings\Temporary Internet Files\Content.IE5\GCJGQGRP\crackberry-logo-wall-on[1].jpg
C:\DOCUME~2\Owner\Local Settings\Temporary Internet Files\Content.IE5\YVQ9CX1N\crackberry-logo-forums-on[1].jpg


[F:17][D:268]-> C:\DOCUME~2\Owner\LOCALS~1\Temp
[F:1713][D:0]-> C:\DOCUME~2\Owner\Cookies
[F:17887][D:29]-> C:\DOCUME~2\Owner\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sat 11/08/2008|11:46 - Option : [1]

--------------------\\ Scan completed at 11:46:15

Hello

Please download the OTMoveIt3 by OldTimer or from here.

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  CODE
  :Processes
  explorer.exe
  
  :Services
  
  :Reg
  
  :Files
  C:\RECYCLER\S-1-5-21-3499916212-2805738209-4071888707-1003\Dc517\tinyproxy.exe
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]
  
  
• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.




Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

OTMoveIt3 log:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\RECYCLER\S-1-5-21-3499916212-2805738209-4071888707-1003\Dc517\tinyproxy.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~2\Owner\LOCALS~1\Temp\~DFBF36.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~2\Owner\LOCALS~1\Temp\~DFBF55.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet

Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\JETEDB9.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11082008_131725

Files moved on Reboot...
File C:\DOCUME~2\Owner\LOCALS~1\Temp\~DFBF36.tmp not found!
File C:\DOCUME~2\Owner\LOCALS~1\Temp\~DFBF55.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet

Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\JETEDB9.tmp not found!


Combofix log:

ComboFix 08-11-07.01 - Owner 2008-11-08 13:40:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.470 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\setup.inf
c:\windows\fmark2.dat

.
((((((((((((((((((((((((( Files Created from 2008-10-08 to 2008-11-08 )))))))))))))))))))))))))))))))
.

2008-11-08 13:14 . 2008-11-08 13:14 <DIR> d-------- C:\_OTMoveIt
2008-11-08 11:40 . 2008-11-08 11:46 <DIR> d-------- C:\Lop SD
2008-11-08 10:45 . 2008-11-08 10:46 <DIR> d-------- c:\windows\ERUNT
2008-11-08 10:38 . 2008-11-08 11:30 <DIR> d-------- C:\SDFix
2008-11-08 00:01 . 2008-11-08 00:01 <DIR> d-------- c:\program files\Trend Micro
2008-11-07 21:15 . 2008-11-07 21:15 <DIR> d-------- c:\program files\Lavasoft
2008-11-07 21:15 . 2008-11-07 21:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-07 21:14 . 2008-11-07 21:14 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-07 12:18 . 2008-11-07 14:00 1 ---h----- c:\windows\f49f4daa.dat
2008-10-28 13:21 . 2008-10-28 13:21 <DIR> d-------- c:\program files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-07 17:19 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-27 00:41 --------- d-----w c:\program files\QUICKENW
2008-10-15 16:57 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ------w c:\windows\system32\dllcache\win32k.sys
2008-08-28 10:04 333,056 ------w c:\windows\system32\dllcache\srv.sys
2008-08-27 08:24 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-23 23:08 60,800 ----a-w c:\windows\system32\S32EVNT1.DLL
2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-08-14 10:00 2,180,352 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 10:00 2,180,352 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2008-08-14 09:58 2,136,064 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2008-08-14 09:51 138,368 ------w c:\windows\system32\dllcache\afd.sys
2008-08-14 09:22 2,057,728 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-08-14 09:22 2,057,728 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2008-08-14 09:22 2,015,744 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2007-11-25 01:38 66,808 ----a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP TV Now"="c:\program files\Hewlett-Packard\HP TV Now\HpTvNow.exe" [2002-03-14 237568]
"HP Display Settings"="c:\program files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe" [2002-03-07 61440]
"CP4HPOT"="c:\progra~1\HEWLET~1\ONE-TO~1\OneTouch.EXE" [2002-02-22 90112]
"hp Silent Service"="c:\windows\system32\HpSrvUI.exe" [2001-11-29 32768]
"hpScannerFirstBoot"="c:\hp\drivers\scanners\scannerfb.exe" [2001-12-13 20480]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [2001-07-19 52736]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2002-03-14 102455]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-11-05 98304]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 36975]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2008-02-07 718704]
"S3TRAY2"="S3tray2.exe" [2003-09-09 c:\windows\system32\S3tray2.exe]
"EssSpkPhone"="essspk.exe" [2002-05-31 c:\windows\essspk.exe]
"VTPreset"="VTPreset.exe" [2004-02-24 c:\windows\system32\VTPreset.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ORiNOCO Client Manager.lnk - c:\program files\ORiNOCO\Client Manager\CmLUC.exe [2002-07-22 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2002-02-15 09:51 24638 c:\windows\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.EXE"=
"c:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"c:\\Program Files\\microsoft frontpage\\bin\\fpexplor.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 MLPTDR_J;MLPTDR_J;c:\windows\System32\MLPTDR_J.sys [2003-01-30 19904]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\Drivers\WBSD.SYS [2002-03-31 24320]
R3 wlluc48b;ORINOCO PC Card Driver;c:\windows\system32\DRIVERS\wlluc48b.sys [2002-07-15 156672]
S3 BW2NDIS5;BW2NDIS5 NDIS Protocol Driver;c:\windows\system32\Drivers\BW2NDIS5.sys [ ]
S3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 S3chipid;S3chipid;c:\windows\TEMP\_ISTMP0.DIR\S3chipid.sys [ ]
S3 wlags48b;Agere Wireless PCCard Driver;c:\windows\system32\DRIVERS\wlags48b.sys [2003-01-09 163328]
S3 WrKPoET2000;WrKPoET2000;c:\program files\Verizon Online\WinPoET\WrKPoET2000.sys [ ]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-04 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job
- c:\program files\Norton AntiVirus\Navw32.exe [2008-02-07 09:05]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HPLaptopGamesActiveMenu - c:\program files\WildTangent\ActiveMenu\HPLaptop\Games\ActiveMenu.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Default_Search_URL = hxxp://srch-us4nb.hpwis.com/
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
R0 -: HKLM-Main,Search Bar = hxxp://srch-us4nb.hpwis.com/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local;<local>
R1 -: HKCU-Internet Settings,ProxyServer = http=127.0.0.1:9090
O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {2098F239-F08E-4840-9F81-B758A4971D83} - hxxp://www.batesville.com/us/setup.cab
c:\windows\Downloaded Program Files\Setup.inf

O16 -: {3F807625-B32A-498F-9010-7ABB2BB5D3B3} - hxxp://www.batesville.com/us/install.cab
c:\windows\Downloaded Program Files\Setup.inf

O16 -: {5A3AD060-E5D9-4DEF-8E77-B44336153FD9} - hxxp://www.batesville.com/dlb/setup.cab
c:\windows\Downloaded Program Files\Setup.inf

O16 -: {8B2BE470-543C-4662-8536-54D191F82675} - hxxp://www.batesville.com/dlb/setup.cab
c:\windows\Downloaded Program Files\Setup.inf

O16 -: {BB707357-1966-4198-B14B-1F8156D79B98} - hxxp://www.batesville.com/us/setup.cab
c:\windows\Downloaded Program Files\Setup.inf

O16 -: {CFC1C622-8C5B-4683-A64F-5A964EE397E1} - hxxp://www.batesville.com/dlb/setup.cab
c:\windows\Downloaded Program Files\Setup.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-08 13:44:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Error Reporting Service (ERSvc) ]
"ImagePath"=""
.
Completion time: 2008-11-08 13:49:42
ComboFix-quarantined-files.txt 2008-11-08 18:48:31

Pre-Run: 12,637,306,880 bytes free
Post-Run: 12,735,676,416 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

157 --- E O F --- 2008-10-29 07:05:26

Hello



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Rorschach112,
Had to go to in-laws for dinner. Will have the Combofix log for you ASAP.
Thanks!

Second Combofix log. Sorry for the delay.


ComboFix 08-11-07.01 - Owner 2008-11-08 14:58:50.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\f49f4daa.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\f49f4daa.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ERROR_REPORTING_SERVICE_(ERSVC)_
-------\Service_Error Reporting Service (ERSvc)


((((((((((((((((((((((((( Files Created from 2008-10-08 to 2008-11-08 )))))))))))))))))))))))))))))))
.

2008-11-08 13:14 . 2008-11-08 13:14 <DIR> d-------- C:\_OTMoveIt
2008-11-08 11:40 . 2008-11-08 11:46 <DIR> d-------- C:\Lop SD
2008-11-08 10:45 . 2008-11-08 10:46 <DIR> d-------- c:\windows\ERUNT
2008-11-08 10:38 . 2008-11-08 11:30 <DIR> d-------- C:\SDFix
2008-11-08 00:01 . 2008-11-08 00:01 <DIR> d-------- c:\program files\Trend Micro
2008-11-07 21:15 . 2008-11-07 21:15 <DIR> d-------- c:\program files\Lavasoft
2008-11-07 21:15 . 2008-11-07 21:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-07 21:14 . 2008-11-07 21:14 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-10-28 13:21 . 2008-10-28 13:21 <DIR> d-------- c:\program files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-07 17:19 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-27 00:41 --------- d-----w c:\program files\QUICKENW
2007-11-25 01:38 66,808 ----a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-11-08_13.47.42.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP TV Now"="c:\program files\Hewlett-Packard\HP TV Now\HpTvNow.exe" [2002-03-14 237568]
"HP Display Settings"="c:\program files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe" [2002-03-07 61440]
"CP4HPOT"="c:\progra~1\HEWLET~1\ONE-TO~1\OneTouch.EXE" [2002-02-22 90112]
"hp Silent Service"="c:\windows\system32\HpSrvUI.exe" [2001-11-29 32768]
"hpScannerFirstBoot"="c:\hp\drivers\scanners\scannerfb.exe" [2001-12-13 20480]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [2001-07-19 52736]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2002-03-14 102455]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-11-05 98304]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 36975]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2008-02-07 718704]
"S3TRAY2"="S3tray2.exe" [2003-09-09 c:\windows\system32\S3tray2.exe]
"EssSpkPhone"="essspk.exe" [2002-05-31 c:\windows\essspk.exe]
"VTPreset"="VTPreset.exe" [2004-02-24 c:\windows\system32\VTPreset.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ORiNOCO Client Manager.lnk - c:\program files\ORiNOCO\Client Manager\CmLUC.exe [2002-07-22 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2002-02-15 09:51 24638 c:\windows\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.EXE"=
"c:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"c:\\Program Files\\microsoft frontpage\\bin\\fpexplor.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 MLPTDR_J;MLPTDR_J;c:\windows\System32\MLPTDR_J.sys [2003-01-30 19904]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\Drivers\WBSD.SYS [2002-03-31 24320]
S3 BW2NDIS5;BW2NDIS5 NDIS Protocol Driver;c:\windows\system32\Drivers\BW2NDIS5.sys [ ]
S3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 S3chipid;S3chipid;c:\windows\TEMP\_ISTMP0.DIR\S3chipid.sys [ ]
S3 wlags48b;Agere Wireless PCCard Driver;c:\windows\system32\DRIVERS\wlags48b.sys [2003-01-09 163328]
S3 wlluc48b;ORINOCO PC Card Driver;c:\windows\system32\DRIVERS\wlluc48b.sys [2002-07-15 156672]
S3 WrKPoET2000;WrKPoET2000;c:\program files\Verizon Online\WinPoET\WrKPoET2000.sys [ ]

*Newly Created Service* - ERROR_REPORTING_SERVICE_(ERSVC)_
.
Contents of the 'Scheduled Tasks' folder

2008-11-04 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job
- c:\program files\Norton AntiVirus\Navw32.exe [2008-02-07 09:05]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-08 15:11:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Error Reporting Service (ERSvc) ]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\HPConfig.exe
c:\windows\system32\RadioSvr.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2008-11-08 15:21:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-08 20:21:11
ComboFix2.txt 2008-11-08 18:49:44

Pre-Run: 12,723,879,936 bytes free
Post-Run: 12,658,851,840 bytes free

129 --- E O F --- 2008-10-29 07:05:26

Hello

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Hello Rorschach112,

The following is Malwarebytes log. Running Kaspersky scan now.

Thanks!

Malwarebytes' Anti-Malware 1.30
Database version: 1378
Windows 5.1.2600 Service Pack 2

11/9/2008 4:50:40 PM
mbam-log-2008-11-09 (16-50-40).txt

Scan type: Quick Scan
Objects scanned: 49425
Time elapsed: 6 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Post a new HJT log with the Kaspersky one

Here is Kasperky log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, November 9, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, November 09, 2008 10:09:15
Records in database: 1376472
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 70983
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 02:41:30


File name / Threat name / Threats count
C:\SDFix\backups\890166\890166.dll Infected: not-a-virus:AdWare.Win32.E404.iy 1
C:\_OTMoveIt\MovedFiles\11082008_131725\RECYCLER\S-1-5-21-3499916212-2805738209-4071888707-1003\Dc517\tinyproxy.exe Infected: Trojan-Proxy.Win32.Agent.bcw 1

The selected area was scanned.

and here is HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:44 PM, on 11/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
C:\Windows\system32\HpSrvUI.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ORiNOCO\Client Manager\CmLUC.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\temp\jkos-Owner\binaries\ScanningProcess.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ORiNOCO Client Manager.lnk = C:\Program Files\ORiNOCO\Client Manager\CmLUC.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/bizcenter-o
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2098F239-F08E-4840-9F81-B758A4971D83} - http://www.batesville.com/us/setup.cab
O16 - DPF: {3F807625-B32A-498F-9010-7ABB2BB5D3B3} - http://www.batesville.com/us/install.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.a...meInstaller.exe
O16 - DPF: {5A3AD060-E5D9-4DEF-8E77-B44336153FD9} - http://www.batesville.com/dlb/setup.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - https://ccgfalmouth.dyndns.org/Remote/msrdp.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab
O16 - DPF: {8B2BE470-543C-4662-8536-54D191F82675} - http://www.batesville.com/dlb/setup.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft Terminal Services Client Control (redist)) - http://68.160.177.202:10367/tsweb/msrdp.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab
O16 - DPF: {BB707357-1966-4198-B14B-1F8156D79B98} - http://www.batesville.com/us/setup.cab
O16 - DPF: {CFC1C622-8C5B-4683-A64F-5A964EE397E1} - http://www.batesville.com/dlb/setup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://webmail.gpjco.com/dwa7W.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - (no file)
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WinPPPoverEthernet - Unknown owner - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE (file missing)

--
End of file - 9812 bytes

Hello

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Here is log.txt

Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-11-09 20:59:35
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 12 GB (42%) free of 29 GB
Total RAM: 751 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:39 PM, on 11/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
C:\Windows\system32\HpSrvUI.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ORiNOCO\Client Manager\CmLUC.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\temp\jkos-Owner\binaries\ScanningProcess.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ORiNOCO Client Manager.lnk = C:\Program Files\ORiNOCO\Client Manager\CmLUC.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/bizcenter-o
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2098F239-F08E-4840-9F81-B758A4971D83} - http://www.batesville.com/us/setup.cab
O16 - DPF: {3F807625-B32A-498F-9010-7ABB2BB5D3B3} - http://www.batesville.com/us/install.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.a...meInstaller.exe
O16 - DPF: {5A3AD060-E5D9-4DEF-8E77-B44336153FD9} - http://www.batesville.com/dlb/setup.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - https://ccgfalmouth.dyndns.org/Remote/msrdp.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab
O16 - DPF: {8B2BE470-543C-4662-8536-54D191F82675} - http://www.batesville.com/dlb/setup.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft Terminal Services Client Control (redist)) - http://68.160.177.202:10367/tsweb/msrdp.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab
O16 - DPF: {BB707357-1966-4198-B14B-1F8156D79B98} - http://www.batesville.com/us/setup.cab
O16 - DPF: {CFC1C622-8C5B-4683-A64F-5A964EE397E1} - http://www.batesville.com/dlb/setup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://webmail.gpjco.com/dwa7W.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - (no file)
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WinPPPoverEthernet - Unknown owner - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE (file missing)

--
End of file - 9857 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Owner.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-05-13 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll [2006-05-03 434279]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
ST - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll [2004-08-13 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
MSNToolBandBHO - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll [2006-01-17 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll [2006-01-17 282624]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"=C:\WINDOWS\system32\S3tray2.exe [2003-09-09 77824]
"HP TV Now"=C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe [2002-03-14 237568]
"HP Display Settings"=C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe [2002-03-07 61440]
"CP4HPOT"=C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE [2002-02-22 90112]
"hp Silent Service"=C:\Windows\system32\HpSrvUI.exe [2001-11-29 32768]
"hpScannerFirstBoot"=c:\hp\drivers\scanners\scannerfb.exe [2001-12-13 20480]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [2001-07-19 52736]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2004-08-04 143360]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2002-03-14 102455]
"EssSpkPhone"=C:\WINDOWS\essspk.exe [2002-05-31 167936]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2004-11-05 98304]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]
"VTPreset"=C:\WINDOWS\system32\VTPreset.exe [2004-02-24 45056]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe [2006-05-03 36975]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\point32.exe [2005-03-23 217088]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
"osCheck"=C:\Program Files\Norton AntiVirus\osCheck.exe [2008-02-07 718704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
ORiNOCO Client Manager.lnk - C:\Program Files\ORiNOCO\Client Manager\CmLUC.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]
C:\WINDOWS\system32\PCANotify.dll [2002-02-15 24638]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Symantec\pcAnywhere\WINAW32.EXE"="C:\Program Files\Symantec\pcAnywhere\WINAW32.EXE:*:Enabled:pcAnywhere Main Program"
"C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE"="C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE:*:Enabled:pcAnywhere Host Service"
"C:\Program Files\Symantec\pcAnywhere\awrem32.exe"="C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Enabled:pcAnywhere Remote Service"
"C:\Program Files\microsoft frontpage\bin\fpexplor.exe"="C:\Program Files\microsoft frontpage\bin\fpexplor.exe:*:Enabled:Microsoft FrontPage Explorer"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

======List of files/folders created in the last 1 months======

2008-11-09 20:59:35 ----D---- C:\rsit
2008-11-09 16:42:39 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-11-09 16:42:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-09 16:42:31 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-08 15:21:27 ----A---- C:\ComboFix.txt
2008-11-08 13:35:39 ----A---- C:\Boot.bak
2008-11-08 13:35:19 ----RASHD---- C:\cmdcons
2008-11-08 13:32:42 ----A---- C:\WINDOWS\zip.exe
2008-11-08 13:32:42 ----A---- C:\WINDOWS\VFIND.exe
2008-11-08 13:32:42 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-08 13:32:42 ----A---- C:\WINDOWS\SWSC.exe
2008-11-08 13:32:42 ----A---- C:\WINDOWS\SWREG.exe
2008-11-08 13:32:42 ----A---- C:\WINDOWS\sed.exe
2008-11-08 13:32:42 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-08 13:32:42 ----A---- C:\WINDOWS\grep.exe
2008-11-08 13:32:42 ----A---- C:\WINDOWS\fdsv.exe
2008-11-08 13:32:35 ----D---- C:\WINDOWS\ERDNT
2008-11-08 13:32:35 ----D---- C:\Qoobox
2008-11-08 13:14:58 ----D---- C:\_OTMoveIt
2008-11-08 11:41:14 ----A---- C:\lopR.txt
2008-11-08 11:40:49 ----D---- C:\Lop SD
2008-11-08 10:45:59 ----D---- C:\WINDOWS\ERUNT
2008-11-08 10:43:35 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-08 10:38:44 ----D---- C:\SDFix
2008-11-08 00:01:46 ----D---- C:\Program Files\Trend Micro
2008-11-07 21:15:23 ----D---- C:\Program Files\Lavasoft
2008-11-07 21:15:21 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-07 21:14:08 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-28 13:21:41 ----D---- C:\Program Files\MSECache
2008-10-24 02:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-15 02:09:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 02:09:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 02:09:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 02:07:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 02:05:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

======List of files/folders modified in the last 1 months======

2008-11-09 20:59:24 ----D---- C:\WINDOWS\Prefetch
2008-11-09 16:55:28 ----D---- C:\WINDOWS\Temp
2008-11-09 16:42:35 ----D---- C:\WINDOWS\system32\drivers
2008-11-09 16:42:31 ----AD---- C:\Program Files
2008-11-09 16:37:21 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-09 16:37:13 ----A---- C:\WINDOWS\ModemLog_ESS SuperLink-M Data Fax Voice Modem.txt
2008-11-09 12:45:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-09 09:28:23 ----A---- C:\WINDOWS\hpbafd.ini
2008-11-08 15:21:35 ----AD---- C:\WINDOWS\system32
2008-11-08 15:21:30 ----AD---- C:\WINDOWS
2008-11-08 15:10:00 ----A---- C:\WINDOWS\system.ini
2008-11-08 15:05:52 ----D---- C:\WINDOWS\system32\config
2008-11-08 15:03:40 ----D---- C:\Program Files\Common Files
2008-11-08 15:03:39 ----D---- C:\WINDOWS\AppPatch
2008-11-08 13:40:34 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-08 13:35:39 ----RASH---- C:\boot.ini
2008-11-07 21:16:34 ----SHD---- C:\WINDOWS\Installer
2008-11-07 21:16:32 ----D---- C:\Config.Msi
2008-11-07 13:59:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-07 12:19:29 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-31 20:18:56 ----HD---- C:\WINDOWS\inf
2008-10-28 13:22:31 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-28 13:22:30 ----D---- C:\WINDOWS\WinSxS
2008-10-28 13:22:27 ----RSD---- C:\WINDOWS\Fonts
2008-10-28 13:22:14 ----D---- C:\Program Files\Microsoft Office
2008-10-26 19:41:08 ----D---- C:\Program Files\QUICKENW
2008-10-24 02:01:56 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-10-24 02:00:36 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-15 11:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 02:09:59 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 02:08:12 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AW_HOST;AW_HOST; C:\WINDOWS\system32\drivers\aw_host5.sys [2002-02-11 33496]
R1 awlegacy;awlegacy; C:\WINDOWS\System32\Drivers\awlegacy.sys [2000-09-11 10816]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-01-31 43696]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2002-01-28 5589]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2002-01-28 22963]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2002-02-12 40096]
R2 HPGate;HPGate; C:\WINDOWS\System32\Drivers\HPGate.sys [2001-05-03 6848]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-04 87424]
R2 MLPTDR_J;MLPTDR_J; \??\C:\WINDOWS\System32\MLPTDR_J.sys []
R2 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2002-04-11 27924]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\System32\drivers\symlcbrd.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2002-03-14 23607]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2002-03-14 34743]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2002-03-14 4119]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2002-03-14 2203]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2002-03-14 52758]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2002-03-14 13847]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2002-03-14 6327]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2002-03-14 88758]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2002-03-14 94679]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\Wibukey.sys [2001-12-27 67072]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 Edspport;EDSP Port Driver; C:\WINDOWS\System32\DRIVERS\es56hpi.sys [2003-03-24 702188]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HPCI;HP Configuration Interface; C:\WINDOWS\System32\DRIVERS\hpci.sys [2002-01-30 14472]
R3 KBFiltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\KBFiltr.sys [2001-11-05 14474]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081109.003\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081109.003\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2001-06-28 13780]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\System32\DRIVERS\point32.sys [2005-03-15 20352]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-13 167168]
R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-01-31 279088]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\System32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20081108.004\SymIDSCo.sys []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 VIAIRDA;VIA Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\viairda.sys [2002-01-04 24244]
R3 VIAudio;VIA AC'97 Enhanced Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudio.sys [2002-03-12 43776]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver; C:\WINDOWS\System32\Drivers\WBSD.SYS [2002-03-31 24320]
R3 wlluc48b;ORINOCO PC Card Driver; C:\WINDOWS\System32\DRIVERS\wlluc48b.sys [2002-07-15 156672]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 BT3CSer;3Com Bluetooth Serial Driver; C:\WINDOWS\System32\DRIVERS\BT3CSer.sys [2001-06-05 6237]
S3 bt3cusb;bt3cusb; C:\WINDOWS\system32\drivers\bt3cusb.sys [2001-11-20 41261]
S3 BW2NDIS5;BW2NDIS5 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\BW2NDIS5.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-04 207360]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 P2k;Motorola USB Device; C:\WINDOWS\System32\DRIVERS\P2k.sys [2004-08-19 38016]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\QUICKL~1\PCAMPR5.SYS []
S3 QCDonner;Logitech QuickCam Express; C:\WINDOWS\System32\DRIVERS\OVCD.sys [2001-08-17 28032]
S3 S3chipid;S3chipid; \??\C:\WINDOWS\TEMP\_ISTMP0.DIR\S3chipid.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\QUICKL~1\SMNDIS5.SYS []
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-01-31 317616]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\System32\DRIVERS\sscdbus.sys [2002-12-12 43248]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\System32\DRIVERS\sscdmdfl.sys [2002-12-12 6000]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\System32\DRIVERS\sscdmdm.sys [2002-12-12 78144]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\System32\DRIVERS\usbser.sys [2004-08-04 25600]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 wlags48b;Agere Wireless PCCard Driver; C:\WINDOWS\System32\DRIVERS\wlags48b.sys [2003-01-09 163328]
S3 wlluc48;Wireless LAN PC Card Driver; C:\WINDOWS\System32\DRIVERS\wlluc48.sys [2002-08-29 154624]
S3 WrKPoET2000;WrKPoET2000; \??\C:\Program Files\Verizon Online\WinPoET\WrKPoET2000.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 HPConfig;HP Configuration Interface Service; C:\WINDOWS\system32\HPConfig.exe [2002-03-14 151552]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-05-13 1245064]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
R3 RadioSvr;RadioSvr; C:\WINDOWS\system32\RadioSvr.exe [2002-01-18 122880]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 HpRfDev;HP RF Device Service; C:\WINDOWS\system32\HpRfDev.exe [2002-01-18 69632]
S2 WinPPPoverEthernet;WinPPPoverEthernet; C:\Program Files\Verizon Online\WinPoET\WrOS.EXE []
S3 awhost32;pcAnywhere Host Service; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [2002-02-15 114749]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-08-04 3220856]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S4 ATMsrvc;ATM Service; C:\WINDOWS\System32\ATMsrvc.exe [2000-05-24 15360]

-----------------EOF-----------------

Here is info.txt

info.txt logfile of random's system information tool 1.04 2008-11-09 20:59:50

======Uninstall list======

-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Groove Playback Engine-->RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
3DVIA Player 4.1-->MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Download Manager 1.2 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Adobe Type Manager 4.1-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ArcSoft Camera Suite-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\Camera Suite\Uninst.isu"
Atomic Pop-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6FAA3A53-F51F-4E18-B4D5-CE339F46E2C3}\setup.exe"
Batesville Digital Litho Book 2004-->MsiExec.exe /I{B009AD06-DF8C-4F2E-AF36-98495155666C}
Batesville Digital Litho Book April 2005-->MsiExec.exe /I{1520E194-3DB2-41DD-8C11-5F4A00FC046B}
Batesville Digital Litho Book Update 2005 US-->MsiExec.exe /I{60FD7EDC-E15A-419D-9A24-F8F6DD20E1C7}
Batesville Digital Litho Book Update Spring 2004 US-->MsiExec.exe /I{7313F452-4D11-4E4E-9DA7-DFB28D4E87FB}
Batesville Digital Litho Book, Winter 2004 US Update-->MsiExec.exe /I{B7FBE84E-2D97-44E0-96C3-95FBEF9575E2}
Batesville Digital Litho Book-->MsiExec.exe /I{28AB0980-D2D2-453D-8202-B16D7150108D}
Batesville Digital Litho Book-->MsiExec.exe /I{88973158-6F2D-4EA5-B09A-044CC7F6B2D6}
BlasterBall Wild-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F9576535-5077-4EF1-887D-71D249C6ADE1}\setup.exe"
Canon IXY 200a, PowerShot S200, IXUS v2 WIA Driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\IXY200A PSS200 IXUSV2 WIA\Uninst.isu" -c"C:\Program Files\Canon\IXY200A PSS200 IXUSV2 WIA\UNSTE116.dll"
Canon PhotoRecord-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\PhotoRecord\Program\uninstdll.dll"
Canon Utilities PhotoStitch 3.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoStitch\Uninst.isu"
Canon Utilities RAW Image Converter2-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\RAW Image Converter2\Uninst.isu"
Canon Utilities RemoteCapture 2.4-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\RemoteCapture\Uninst.isu"
Canon Utilities ZoomBrowser EX-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ZoomBrowser EX\Uninst.isu" -c"C:\Program Files\Canon\ZoomBrowser EX\Program\uninstallutilities.dll"
CasePrinter-->C:\WINDOWS\uninst.exe -fc:\cpwin\DeIsL1.isu -cc:\cpwin\_ISREG32.DLL
ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
CDCheck (remove only)-->"C:\Program Files\CDCheck\uninst.exe"
Checkers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87446305-AF82-462F-9939-2A4A6349C6F6}\setup.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Component Framework-->MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
DarkOrbit-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2ED5402B-695D-11D5-A8E1-00A0CC663B7C}\setup.exe"
Directors Tribute Creator version 3.0.0.615-->"C:\Program Files\Directors Tribute Creator\unins000.exe"
Easy Internet Sign-up-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B5DDB2C-0807-47FD-9C11-80EA761902C0}\Setup.exe" -l0x9
e-DiagTools for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{38E71FA0-59B0-11D4-BB75-00500478B0F5}\Setup.exe"
FDMS Memorial Maker for Word2002-->C:\WINDOWS\IsUninst.exe -fC:\Winword\Memorial\Uninmm2k2.isu
FDMS2000 for Windows v6-->C:\WINDOWS\IsUninst.exe -fC:\FD\Uninst.isu
FDMS2000 for Windows v7-->C:\WINDOWS\IsUninst.exe -fC:\FD\Uninst.isu
GemMaster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA6DB07B-696D-11D5-A8E1-00A0CC663B7C}\setup.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hooked on Phonics Learn to Read-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Hooked on Phonics Learning\Hooked on Phonics Learn to Read\DeIsL1.isu"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Desktop Zoom-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0604F35-314C-4341-A05E-3FEABCFDD470}\SETUP.EXE"
HP DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
HP LaserJet 2200 Uninstaller-->C:\Program Files\Hewlett-Packard\LaserJet All-in-one\Uninstall\2200\setup.exe uninst22.ini
HP Notebook Utilities-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8F2DCDE-AE4E-4AC9-BECD-496FB80FBF6A}\Setup.exe" -l0x9
HP One-Touch Buttons-->C:\WINDOWS\UnInst32.exe CP4HPOT.UNI
HP Photo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B23F9FE-C25F-40BF-88B2-5F8E32E8B261}\setup.exe"
HP RecordNow-->MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
HP Wireless LAN-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E1D54D7-47EB-11D5-AE90-00D0590FFE27}\setup.exe"
Hpsetup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6792A59-15B3-4FD4-BE35-45F1E00A51AF}\SETUP.EXE"
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LiveUpdate BVRP Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Macromedia Shockwave Player-->MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}
magicolor 2300W-->MUINST_J.EXE /PRN:"magicolor 2300W"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Medi@Show-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\CyberLink\MediaShow\Uninst.isu"
Microsoft FrontPage 98-->"C:\Program Files\Microsoft FrontPage\bin\fpuninst.exe" C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Microsoft FrontPage\DeIsL1.isu"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Office XP Small Business-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
Microsoft PowerPoint Viewer 97-->C:\Program Files\PowerPoint Viewer\setup\setup.exe
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mobile PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9
Motorola PST-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8CC5BF82-4DD4-11D4-A39F-00C04F05E3F0}\Setup.exe" -l0x9 anything
MSN Messenger 7.5-->MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSN Toolbar-->C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\mtbs.exe c
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MUSICMATCH Jukebox-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MusicMatch\MusicMatch Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
MyFonts Order M518625-->MsiExec.exe /I{EE139451-19E1-88A5-5354-20E60D8D9472}
Nero 7-->MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton AntiVirus (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}_15_5_0_23\Setup.exe" /X
Norton AntiVirus Help-->MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus-->MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton Protection Center-->MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
NoteWorthy Composer-->C:\PROGRA~1\NOTEWO~1\UNINSTAL.EXE C:\PROGRA~1\NOTEWO~1\INSTALL.LOG
ORiNOCO Client Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82425B27-1E96-11D4-95C9-0060B0FBF2F6}\Setup.exe" -l0x9 -a
Outlook Express Backup Wizard version 1.1-->"C:\Program Files\Outlook Express Backup Wizard\unins000.exe"
ProSavageDDR and Utilities-->C:\PROGRA~1\S3\P4M266\s3setvga.exe -s -fC:\PROGRA~1\S3\P4M266\P4M266.uns
Quicken 2005-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
Quicken Financial Center-->C:\PROGRA~1\QUICKE~1\rem\UNWISE.EXE /s C:\PROGRA~1\QUICKE~1\rem\INSTALL.LOG
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
Reversi-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4E0F57C-6BC4-4B53-AE6C-E455F1A43A0D}\setup.exe"
S3Display-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
SabreWing 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07F45C50-6693-4D53-9A6C-1F5B39BA2A16}\setup.exe"
Samsung USB Driver (MCCI 3.40)-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{7D8367E4-9EF5-40F5-BECD-32615B0FE215}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Snapshot Viewer-->C:\Program Files\Snapshot Viewer\Setup\Setup.exe /T snap90.stf
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Speedway-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A3892EB-696D-11D5-A8E1-00A0CC663B7C}\setup.exe"
StuffIt Standard-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}
Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Symantec pcAnywhere-->MsiExec.exe /I{D05E8183-866A-11D3-97DF-0000F8D8F2E9}
Symantec Real Time Storage Protection Component-->MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Uninstall ESS Modem-->C:\WINDOWS\remvess
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Virtual Warfare Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{626F20B3-01A5-4942-89F7-C59B4237A581}\setup.exe"
VTech® Photo Editor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{43D2A1DD-69C9-4E86-8F51-4890A6263863}\setup.exe"
WIBU-KEY Setup (WIBU-KEY Remove)-->C:\Program Files\WIBUKEY\Setup\SETUP32.EXE /R:{00060000-0000-1004-8002-0000C06B5161}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
X-Fonter 5.5-->"C:\Program Files\X-Fonter\unins000.exe"

======Security center information======

AV: Norton AntiVirus (disabled)
FW: Norton AntiVirus

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Symantec\pcAnywhere
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0204
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CI_HOLOS_CLI"=C:\Program Files\Seagate Software\Open OLAP
"VSL"=C:\PVSW\BIN
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

Hello

Please download the OTMoveIt3 by OldTimer or from here.

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  CODE
  :Processes
  explorer.exe
  
  :Services
  "Error Reporting Service (ERSvc) "
  
  :Reg
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]
  
  
• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Also post a new HJT log and tell me how your PC is running

Hello Rorschach112,

My PC is running better. Google searches now go where they are supposed to.

Here is OTMoveIt3 log:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service "Error Reporting Service (ERSvc) " .
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys\\ deleted successfully.
========== FILES ==========
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\JETFBA6.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11102008_174353

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\JETFBA6.tmp not found!
---- EOF -----

Here is HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:55:50 PM, on 11/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
C:\Windows\system32\HpSrvUI.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ORiNOCO\Client Manager\CmLUC.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ORiNOCO Client Manager.lnk = C:\Program Files\ORiNOCO\Client Manager\CmLUC.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/bizcenter-o
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2098F239-F08E-4840-9F81-B758A4971D83} - http://www.batesville.com/us/setup.cab
O16 - DPF: {3F807625-B32A-498F-9010-7ABB2BB5D3B3} - http://www.batesville.com/us/install.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.a...meInstaller.exe
O16 - DPF: {5A3AD060-E5D9-4DEF-8E77-B44336153FD9} - http://www.batesville.com/dlb/setup.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - https://ccgfalmouth.dyndns.org/Remote/msrdp.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab
O16 - DPF: {8B2BE470-543C-4662-8536-54D191F82675} - http://www.batesville.com/dlb/setup.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft Terminal Services Client Control (redist)) - http://68.160.177.202:10367/tsweb/msrdp.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab
O16 - DPF: {BB707357-1966-4198-B14B-1F8156D79B98} - http://www.batesville.com/us/setup.cab
O16 - DPF: {CFC1C622-8C5B-4683-A64F-5A964EE397E1} - http://www.batesville.com/dlb/setup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://webmail.gpjco.com/dwa7W.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - (no file)
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WinPPPoverEthernet - Unknown owner - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE (file missing)

--
End of file - 9646 bytes

Looks like we're there.

One final thing

Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

• Open the OTScanIt2 folder and double-click on OTScanIt.exe to start the program.
• Under File Age at the top, change it from 30 days to 90 days
• Under Additional Scans check the boxes beside Reg - ColumnHandlers, Reg - Desktop Components, Reg - Disabled MS Config Items, Reg - File Associations, Reg - NetSvcs, Reg - Protocol Filters, Reg - Protocol Handlers, Reg - Session Manager Settings, Reg - Winsock2 Catalogs, File - Lop Check, File - Purity Scan, Files - Signature Check, and Evnt - EventViewer Logs ( Last 10 Errors).
• Under Rootkit Search change it to Yes
• Now click the Run Scan button on the toolbar.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way

Here is OTScanIt2 log.

Sorry but can I get you to post it here instead of attaching it, or host it at a site like mediafire.com

It gets messed up attaching it here

Sure thing! Here it is.

OTScanIt2 logfile created on: 11/10/2008 8:36:24 PM - Run 1
OTScanIt2 by OldTimer - Version 1.0.0.33b Folder = C:\Documents and Settings\Owner\Desktop\OTScanIt2
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

751.48 Mb Total Physical Memory | 425.82 Mb Available Physical Memory | 56.66% Memory free
1.05 Gb Paging File | 0.79 Gb Available in Paging File | 74.98% Paging File free
Paging file location(s): C:\pagefile.sys 360 720;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.89 Gb Total Space | 11.72 Gb Free Space | 42.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CWB-NOTEBOOK
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 90 Days

[Processes - Safe List]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\CCSVCHST.EXE -> [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation)
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [2008/05/13 07:35:43 | 01,245,064 | ---- | M] ()
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft)
hptasks.exe -> %ProgramFiles%\Hewlett-Packard\HP Notebook Utilities\hptasks.exe -> [2002/03/07 19:57:50 | 00,061,440 | ---- | M] (Hewlett-Packard)
onetouch.exe -> %ProgramFiles%\Hewlett-Packard\One-Touch\ONETOUCH.EXE -> [2002/02/22 13:17:18 | 00,090,112 | ---- | M] (Dritek System Inc.)
hpsrvui.exe -> %SystemRoot%\system32\HpSrvUI.exe -> [2001/11/29 06:49:24 | 00,032,768 | ---- | M] (Hewlett-Packard Co.)
hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> [2001/07/19 23:50:04 | 00,052,736 | ---- | M] (Hewlett-Packard Company)
tfswctrl.exe -> %SystemRoot%\system32\dla\tfswctrl.exe -> [2002/03/14 03:25:00 | 00,102,455 | ---- | M] (VERITAS Software, Inc.)
essspk.exe -> %SystemRoot%\essspk.exe -> [2002/05/31 10:34:36 | 00,167,936 | ---- | M] ()
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_07\bin\jusched.exe -> [2006/05/03 01:56:56 | 00,036,975 | ---- | M] (Sun Microsystems, Inc.)
point32.exe -> %ProgramFiles%\Microsoft IntelliPoint\point32.exe -> [2005/03/23 18:26:09 | 00,217,088 | ---- | M] (Microsoft Corporation)
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> [2008/02/09 19:06:33 | 00,238,968 | ---- | M] (Symantec Corporation)
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\CCSVCHST.EXE -> [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation)
hpconfig.exe -> %SystemRoot%\system32\HPConfig.exe -> [2002/03/14 14:12:46 | 00,151,552 | ---- | M] (Hewlett-Packard)
radiosvr.exe -> %SystemRoot%\system32\RadioSvr.exe -> [2002/01/18 19:33:44 | 00,122,880 | ---- | M] (Hewlett-Packard)
wdfmgr.exe -> %SystemRoot%\system32\wdfmgr.exe -> [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation)
cmluc.exe -> %ProgramFiles%\ORiNOCO\Client Manager\CmLUC.exe -> [2002/07/04 10:24:38 | 00,339,968 | ---- | M] ()
wuauclt.exe -> %SystemRoot%\system32\wuauclt.exe -> [2008/07/18 21:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation)
jucheck.exe -> %ProgramFiles%\Java\jre1.5.0_07\bin\jucheck.exe -> [2006/05/03 01:56:56 | 00,237,679 | ---- | M] (Sun Microsystems, Inc.)
msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/11/09 11:18:54 | 00,464,896 | ---- | M] (OldTimer Tools)

[Win32 Services - Safe List]
(aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft)
(ATMsrvc) ATM Service [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\ATMsrvc.exe -> [2000/05/24 14:20:36 | 00,015,360 | ---- | M] (Adobe Systems Incorporated)
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> [2008/02/09 19:06:33 | 00,238,968 | ---- | M] (Symantec Corporation)
(awhost32) pcAnywhere Host Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\pcAnywhere\AWHOST32.EXE -> [2002/02/15 09:51:00 | 00,114,749 | ---- | M] (Symantec Corporation)
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSVCHST.EXE -> [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation)
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSVCHST.EXE -> [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation)
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSVCHST.EXE -> [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation)
(Error Reporting Service (ERSvc) ) Error Reporting Service (ERSvc) [Win32_Own | Auto | Stopped] -> -> File not found
(HPConfig) HP Configuration Interface Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\HPConfig.exe -> [2002/03/14 14:12:46 | 00,151,552 | ---- | M] (Hewlett-Packard)
(HpRfDev) HP RF Device Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\HpRfDev.exe -> [2002/01/18 19:33:40 | 00,069,632 | ---- | M] (Hewlett-Packard)
(LiveUpdate) LiveUpdate [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_4.EXE -> [2008/08/04 10:20:16 | 03,220,856 | ---- | M] (Symantec Corporation)
(LiveUpdate Notice) LiveUpdate Notice [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSVCHST.EXE -> [2008/10/17 14:52:10 | 00,149,352 | ---- | M] (Symantec Corporation)
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> [2007/03/12 12:49:46 | 00,271,920 | ---- | M] (Nero AG)
(RadioSvr) RadioSvr [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\RadioSvr.exe -> [2002/01/18 19:33:44 | 00,122,880 | ---- | M] (Hewlett-Packard)
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [2008/05/13 07:35:43 | 01,245,064 | ---- | M] ()
(UMWdf) Windows User Mode Driver Framework [Win32_Own | Auto | Running] -> %SystemRoot%\system32\wdfmgr.exe -> [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation)
(WinPPPoverEthernet) WinPPPoverEthernet [Win32_Own | Auto | Stopped] -> -> File not found

[Driver Services - Safe List]
(awlegacy) awlegacy [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AWLEGACY.SYS -> [2000/09/11 09:51:00 | 00,010,816 | ---- | M] (Symantec Corporation)
(AW_HOST) AW_HOST [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AW_HOST5.sys -> [2002/02/11 09:51:00 | 00,033,496 | ---- | M] (Symantec Corporation)
(BT3CSer) 3Com Bluetooth Serial Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\BT3CSer.sys -> [2001/06/05 12:54:08 | 00,006,237 | ---- | M] (3Com Corporation)
(bt3cusb) bt3cusb [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\bt3cusb.sys -> [2001/11/20 18:02:28 | 00,041,261 | ---- | M] (3Com Corporation)
(COH_Mon) COH_Mon [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\COH_Mon.sys -> [2008/07/30 16:42:12 | 00,023,888 | ---- | M] (Symantec Corporation)
(dot4) MS IEEE-1284.4 Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Dot4.sys -> [2004/08/04 00:58:30 | 00,207,360 | ---- | M] (Microsoft Corporation)
(Dot4Print) Print Class Driver for IEEE-1284.4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Dot4Prt.sys -> [2001/08/17 13:47:32 | 00,012,928 | ---- | M] (Microsoft Corporation)
(dot4usb) Dot4USB Filter Dot4USB Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Dot4usb.sys -> [2001/08/17 13:47:32 | 00,023,808 | ---- | M] (Microsoft Corporation)
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> [2002/02/15 03:21:00 | 00,078,048 | ---- | M] (VERITAS Software, Inc.)
(drvnddm) drvnddm [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\drvnddm.sys -> [2002/02/12 02:56:00 | 00,040,096 | ---- | M] (VERITAS Software, Inc.)
(Edspport) EDSP Port Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\es56hpi.sys -> [2003/03/24 11:32:08 | 00,702,188 | ---- | M] (ESS Technology, Inc.)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> [2008/09/02 03:00:00 | 00,371,248 | ---- | M] (Symantec Corporation)
(ENECBPTH) ENE Cardbus Patch Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\ENECBPTH.SYS -> [2002/03/22 13:01:32 | 00,004,292 | ---- | M] (EnE Technology Inc.)
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2008/09/02 03:00:00 | 00,099,376 | ---- | M] (Symantec Corporation)
(Gernuwa) Gernuwa [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\GERNUWA.SYS -> [2001/10/09 09:51:00 | 00,014,944 | ---- | M] (Symantec Corporation)
(HPCI) HP Configuration Interface [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hpci.sys -> [2002/01/30 14:33:42 | 00,014,472 | ---- | M] (Hewlett-Packard)
(HPGate) HPGate [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\Hpgate.sys -> [2001/05/03 13:29:58 | 00,006,848 | ---- | M] (Hewlett-Packard Co.)
(kbdhid) Keyboard HID Driver [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\kbdhid.sys -> [2004/08/03 23:58:34 | 00,014,848 | ---- | M] (Microsoft Corporation)
(KBFiltr) Dritek HotKey Keyboard Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\KBFILTR.SYS -> [2001/11/05 20:26:14 | 00,014,474 | ---- | M] (Dritek System Inc.)
(MLPTDR_J) MLPTDR_J [Kernel | Auto | Running] -> %SystemRoot%\system32\MLPTDR_J.SYS -> [2003/01/30 19:30:06 | 00,019,904 | ---- | M] (Minolta Co., Ltd.)
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\MODEMCSA.sys -> [2001/08/17 15:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation)
(MxlW2k) MxlW2k [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\MxlW2k.sys -> [2002/04/11 21:00:06 | 00,027,924 | ---- | M] (MusicMatch, Inc.)
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20081110.003\NAVENG.SYS -> [2008/08/23 03:00:00 | 00,089,104 | ---- | M] (Symantec Corporation)
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20081110.003\NAVEX15.SYS -> [2008/08/23 03:00:00 | 00,873,552 | ---- | M] (Symantec Corporation)
(P2k) Motorola USB Device [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\P2k.sys -> [2004/08/19 12:45:48 | 00,038,016 | ---- | M] (Motorola Inc)
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pfc.sys -> [2001/06/28 01:27:18 | 00,013,780 | ---- | M] (Padus, Inc.)
(Point32) Microsoft IntelliPoint Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\point32.sys -> [2005/03/15 04:45:20 | 00,020,352 | ---- | M] (Microsoft Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2001/08/18 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2002/02/26 02:02:00 | 00,016,288 | ---- | M] (VERITAS Software, Inc.)
(QCDonner) Logitech QuickCam Express [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\OVCD.sys -> [2001/08/17 14:05:16 | 00,028,032 | ---- | M] (Microsoft Corporation)
(rtl8139) Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rtl8139.sys -> [2004/08/04 00:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation)
(S3Psddr) S3Psddr [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\s3gnbm.sys -> [2004/08/13 12:42:22 | 00,167,168 | ---- | M] (S3 Graphics, Inc.)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> [2008/09/05 13:31:42 | 00,447,024 | ---- | M] (Symantec Corporation)
(SRTSP) SRTSP [File_System | On_Demand | Running] -> %SystemRoot%\system32\drivers\srtsp.sys -> [2008/01/31 20:51:16 | 00,279,088 | ---- | M] (Symantec Corporation)
(SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\srtspl.sys -> [2008/01/31 20:51:16 | 00,317,616 | ---- | M] (Symantec Corporation)
(SRTSPX) SRTSPX [Kernel | System | Running] -> %SystemRoot%\system32\drivers\srtspx.sys -> [2008/01/31 20:51:16 | 00,043,696 | ---- | M] (Symantec Corporation)
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %SystemRoot%\system32\drivers\sscdbhk5.sys -> [2002/01/28 17:04:04 | 00,005,589 | ---- | M] (VERITAS Software, Inc.)
(sscdbus) SAMSUNG USB Composite Device driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sscdbus.sys -> [2002/12/12 01:17:24 | 00,043,248 | R--- | M] (MCCI)
(sscdmdfl) SAMSUNG CDMA Modem Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sscdmdfl.sys -> [2002/12/12 01:20:32 | 00,006,000 | R--- | M] (MCCI)
(sscdmdm) SAMSUNG CDMA Modem Drivers [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sscdmdm.sys -> [2002/12/12 01:20:38 | 00,078,144 | R--- | M] (MCCI)
(ssrtln) ssrtln [File_System | System | Running] -> %SystemRoot%\system32\drivers\ssrtln.sys -> [2002/01/28 17:03:18 | 00,022,963 | ---- | M] (VERITAS Software, Inc.)
(SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symdns.sys -> [2008/06/13 13:13:38 | 00,013,616 | ---- | M] (Symantec Corporation)
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SYMEVENT.SYS -> [2008/08/23 18:08:07 | 00,123,952 | ---- | M] (Symantec Corporation)
(SYMFW) SYMFW [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symfw.sys -> [2008/06/13 13:13:38 | 00,096,432 | ---- | M] (Symantec Corporation)
(SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symids.sys -> [2008/06/13 13:13:38 | 00,038,576 | ---- | M] (Symantec Corporation)
(SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\SymcData\ipsdefs\20081108.004\symidsco.sys -> [2008/09/12 02:33:21 | 00,250,224 | ---- | M] (Symantec Corporation)
(SymIM) Symantec Network Security Intermediate Filter Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SymIM.sys -> [2008/06/13 13:14:02 | 00,031,280 | ---- | M] (Symantec Corporation)
(SymIMMP) SymIMMP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SymIM.sys -> [2008/06/13 13:14:02 | 00,031,280 | ---- | M] (Symantec Corporation)
(symlcbrd) symlcbrd [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\symlcbrd.sys -> [2006/01/01 08:34:36 | 00,010,344 | ---- | M] (Symantec Corporation)
(SYMNDIS) SYMNDIS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symndis.sys -> [2008/06/13 13:13:38 | 00,037,424 | ---- | M] (Symantec Corporation)
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symredrv.sys -> [2008/06/13 13:13:38 | 00,022,320 | ---- | M] (Symantec Corporation)
(SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\symtdi.sys -> [2008/06/13 13:13:40 | 00,184,240 | ---- | M] (Symantec Corporation)
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnboio.sys -> [2002/03/14 03:25:00 | 00,023,607 | ---- | M] (VERITAS Software, Inc.)
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsncofs.sys -> [2002/03/14 03:25:00 | 00,034,743 | ---- | M] (VERITAS Software, Inc.)
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndrct.sys -> [2002/03/14 03:25:00 | 00,004,119 | ---- | M] (VERITAS Software, Inc.)
(tfsndres) tfsndres [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndres.sys -> [2002/03/14 03:25:00 | 00,002,203 | ---- | M] (VERITAS Software, Inc.)
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnifs.sys -> [2002/03/14 03:25:00 | 00,052,758 | ---- | M] (VERITAS Software, Inc.)
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnopio.sys -> [2002/03/14 03:25:00 | 00,013,847 | ---- | M] (VERITAS Software, Inc.)
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnpool.sys -> [2002/03/14 03:25:00 | 00,006,327 | ---- | M] (VERITAS Software, Inc.)
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudf.sys -> [2002/03/14 03:25:00 | 00,088,758 | ---- | M] (VERITAS Software, Inc.)
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudfa.sys -> [2002/03/14 03:25:00 | 00,094,679 | ---- | M] (VERITAS Software, Inc.)
(usbser) Motorola USB Modem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbser.sys -> [2004/08/04 01:08:42 | 00,025,600 | ---- | M] (Microsoft Corporation)
(VIAIRDA) VIA Infrared Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\viairda.sys -> [2002/01/04 16:42:36 | 00,024,244 | ---- | M] (VIA Technologies, Inc.)
(VIAudio) VIA AC'97 Enhanced Audio Controller (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\viaudio.sys -> [2002/03/12 01:57:00 | 00,043,776 | ---- | M] (VIA Technologies, Inc.)
(WBSD) Winbond Secure Digital Storage (SD/MMC) Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wbsd.sys -> [2002/03/31 18:39:54 | 00,024,320 | ---- | M] (Winbond Electronics Corp.)
(WIBUKEY) WIBU-KEY Kernel Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\Wibukey.sys -> [2001/12/27 09:59:34 | 00,067,072 | ---- | M] (WIBU-SYSTEMS AG)
(wlags48b) Agere Wireless PCCard Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wlags48b.sys -> [2003/01/09 16:43:48 | 00,163,328 | ---- | M] (Agere Systems)
(wlluc48) Wireless LAN PC Card Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wlluc48.sys -> [2002/08/29 00:59:26 | 00,154,624 | ---- | M] (Lucent Technologies)
(wlluc48b) ORINOCO PC Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wlluc48b.sys -> [2002/07/15 10:38:16 | 00,156,672 | ---- | M] (Lucent Technologies)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKEY_LOCAL_MACHINE\: "ProxyEnable" -> 1 ->
HKEY_LOCAL_MACHINE\: "ProxyOverride" -> *.local;<local> ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Default_Search_URL" -> http://srch-us4nb.hpwis.com/ ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.yahoo.com/ ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local;<local> ->
< HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 23:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> %CommonProgramFiles%\Symantec Shared\IDS\IPSBHO.dll [Symantec Intrusion Prevention] -> [2008/05/13 07:38:12 | 00,116,088 | ---- | M] (Symantec Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_07\bin\ssv.dll [SSVHelper Class] -> [2006/05/03 02:14:37 | 00,434,279 | ---- | M] (Sun Microsystems, Inc.)
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} [HKLM] -> %ProgramFiles%\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll [ST] -> [2004/08/13 17:42:00 | 00,155,648 | ---- | M] (Microsoft Corporation)
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKLM] -> %ProgramFiles%\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll [MSNToolBandBHO] -> [2006/01/17 16:04:16 | 00,282,624 | ---- | M] (Microsoft Corporation)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> %ProgramFiles%\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll [MSN] -> [2006/01/17 16:04:16 | 00,282,624 | ---- | M] (Microsoft Corporation)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
ShellBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> %ProgramFiles%\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll [MSN] -> [2006/01/17 16:04:16 | 00,282,624 | ---- | M] (Microsoft Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Adobe Reader Speed Launcher" -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/01/11 22:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"ccApp" -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> [2008/10/17 14:52:10 | 00,051,048 | ---- | M] (Symantec Corporation)
"CP4HPOT" -> %ProgramFiles%\Hewlett-Packard\One-Touch\ONETOUCH.EXE [C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE] -> [2002/02/22 13:17:18 | 00,090,112 | ---- | M] (Dritek System Inc.)
"dla" -> %SystemRoot%\system32\dla\tfswctrl.exe [C:\WINDOWS\system32\dla\tfswctrl.exe] -> [2002/03/14 03:25:00 | 00,102,455 | ---- | M] (VERITAS Software, Inc.)
"EssSpkPhone" -> %SystemRoot%\essspk.exe [essspk.exe] -> [2002/05/31 10:34:36 | 00,167,936 | ---- | M] ()
"HP Display Settings" -> %ProgramFiles%\Hewlett-Packard\HP Notebook Utilities\hptasks.exe [C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s] -> [2002/03/07 19:57:50 | 00,061,440 | ---- | M] (Hewlett-Packard)
"hp Silent Service" -> %SystemRoot%\system32\HpSrvUI.exe [C:\Windows\system32\HpSrvUI.exe] -> [2001/11/29 06:49:24 | 00,032,768 | ---- | M] (Hewlett-Packard Co.)
"HP TV Now" -> %ProgramFiles%\Hewlett-Packard\HP TV Now\HpTvNow.exe [C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK] -> [2002/03/14 14:12:38 | 00,237,568 | ---- | M] (Hewlett-Packard)
"hpScannerFirstBoot" -> %SystemDrive%\HP\DRIVERS\scanners\ScannerFB.EXE [c:\hp\drivers\scanners\scannerfb.exe] -> [2001/12/13 05:24:52 | 00,020,480 | ---- | M] (Hewlett-Packard Co.)
"hpsysdrv" -> %SystemRoot%\system\hpsysdrv.exe [c:\windows\system\hpsysdrv.exe] -> [2001/07/19 23:50:04 | 00,052,736 | ---- | M] (Hewlett-Packard Company)
"IntelliPoint" -> %ProgramFiles%\Microsoft IntelliPoint\point32.exe ["C:\Program Files\Microsoft IntelliPoint\point32.exe"] -> [2005/03/23 18:26:09 | 00,217,088 | ---- | M] (Microsoft Corporation)
"ISUSPM Startup" -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> [2005/02/16 15:15:22 | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2005/02/16 15:15:20 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"NeroFilterCheck" -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe [C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe] -> [2007/03/09 17:53:56 | 00,153,136 | ---- | M] (Nero AG)
"osCheck" -> %ProgramFiles%\Norton AntiVirus\osCheck.exe ["C:\Program Files\Norton AntiVirus\osCheck.exe"] -> [2008/02/07 01:49:38 | 00,718,704 | ---- | M] (Symantec Corporation)
"QuickTime Task" -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2004/11/05 19:00:09 | 00,098,304 | ---- | M] (Apple Computer, Inc.)
"S3TRAY2" -> %SystemRoot%\system32\S3tray2.exe [S3tray2.exe] -> [2003/09/09 02:30:46 | 00,077,824 | ---- | M] (S3 Graphics, Inc.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre1.5.0_07\bin\jusched.exe [C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe] -> [2006/05/03 01:56:56 | 00,036,975 | ---- | M] (Sun Microsystems, Inc.)
"Synchronization Manager" -> %SystemRoot%\system32\mobsync.exe [%SystemRoot%\system32\mobsync.exe /logon] -> [2004/08/04 02:56:51 | 00,143,360 | ---- | M] (Microsoft Corporation)
"VTPreset" -> %SystemRoot%\system32\VTPreset.exe [VTPreset.exe] -> [2004/02/24 19:17:18 | 00,045,056 | ---- | M] (S3 Graphics, Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\ORiNOCO Client Manager.lnk -> %ProgramFiles%\ORiNOCO\Client Manager\CmLUC.exe -> [2002/07/04 10:24:38 | 00,339,968 | ---- | M] ()
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [227] -> File not found
\\"NoDrives" -> [0] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"DisableRegistryTools" -> [0] -> File not found
\\"HideLegacyLogonScripts" -> [0] -> File not found
\\"HideLogoffScripts" -> [0] -> File not found
\\"RunLogonScriptSync" -> [1] -> File not found
\\"RunStartupScriptSync" -> [0] -> File not found
\\"HideStartupScripts" -> [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"HideLegacyLogonScripts" -> [0] -> File not found
\\"HideLogoffScripts" -> [0] -> File not found
\\"HideStartupScripts" -> [0] -> File not found
\\"RunLogonScriptSync" -> [1] -> File not found
\\"RunStartupScriptSync" -> [0] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\Office10\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000] -> [2008/08/19 08:15:34 | 09,364,480 | R--- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_07\bin\NPJPI150_07.dll [Menu: Sun Java Console] -> [2006/05/03 02:14:37 | 00,069,746 | ---- | M] (Sun Microsystems, Inc.)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> http://office.microsoft.com/templates/ieawsdc.cab[Microsoft Office Template and Media Control] ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] ->
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://fpdownload.macromedia.com/pub/shock...director/sw.cab[Shockwave ActiveX Control] ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] ->
{2098F239-F08E-4840-9F81-B758A4971D83} [HKLM] -> http://www.batesville.com/us/setup.cab[Reg Error: Key does not exist or could not be opened.] ->
{3334504D-9980-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/0/C...C4D/mp43dmo.CAB[Reg Error: Key does not exist or could not be opened.] ->
{33564D57-0000-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB[Reg Error: Key does not exist or could not be opened.] ->
{33564D57-9980-0010-8000-00AA00389B71} [HKLM] -> http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab[Reg Error: Key does not exist or could not be opened.] ->
{3F807625-B32A-498F-9010-7ABB2BB5D3B3} [HKLM] -> http://www.batesville.com/us/install.cab[Reg Error: Key does not exist or could not be opened.] ->
{41F17733-B041-4099-A042-B518BB6A408C} [HKLM] -> http://apple.speedera.net/qtinstall.info.a...meInstaller.exe[Reg Error: Key does not exist or could not be opened.] ->
{5A3AD060-E5D9-4DEF-8E77-B44336153FD9} [HKLM] -> http://www.batesville.com/dlb/setup.cab[Reg Error: Key does not exist or could not be opened.] ->
{6A344D34-5231-452A-8A57-D064AC9B7862} [HKLM] -> https://webdl.symantec.com/activex/symdlmgr.cab[Symantec Download Manager] ->
{7584C670-2274-4EFB-B00B-D6AABA6D3850} [HKLM] -> https://ccgfalmouth.dyndns.org/Remote/msrdp.cab[Microsoft Terminal Services Client Control (redist)] ->
{77E32299-629F-43C6-AB77-6A1E6D7663F6} [HKLM] -> http://www.nick.com/common/groove/gx/GrooveAX27.cab[Groove Control] ->
{88D969C0-F192-11D4-A65F-0040963251E5} [HKLM] -> http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab[XML DOM Document 4.0] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_07] ->
{8B2BE470-543C-4662-8536-54D191F82675} [HKLM] -> http://www.batesville.com/dlb/setup.cab[Reg Error: Key does not exist or could not be opened.] ->
{9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} [HKLM] -> http://68.160.177.202:10367/tsweb/msrdp.cab[Microsoft Terminal Services Client Control (redist)] ->
{9C024426-7859-4B2D-AB4C-B1E370AE7549} [HKLM] -> http://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab[Reg Error: Key does not exist or could not be opened.] ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F} [HKLM] -> http://v4.windowsupdate.microsoft.com/CAB/...8041.1679976852[Reg Error: Key does not exist or could not be opened.] ->
{BB707357-1966-4198-B14B-1F8156D79B98} [HKLM] -> http://www.batesville.com/us/setup.cab[Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_07] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_07] ->
{CFC1C622-8C5B-4683-A64F-5A964EE397E1} [HKLM] -> http://www.batesville.com/dlb/setup.cab[Reg Error: Key does not exist or could not be opened.] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.adobe.com/pub/shockwave/...ash/swflash.cab[Shockwave Flash Object] ->
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8} [HKLM] -> http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe[Virtools WebPlayer Class] ->
{E008A543-CEFB-4559-912F-C27C2B89F13B} [HKLM] -> https://webmail.gpjco.com/dwa7W.cab[Domino Web Access 7 Control] ->
{E77C0D62-882A-456F-AD8F-7C6C9569B8C7} [HKLM] -> https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab[Reg Error: Key does not exist or could not be opened.] ->
Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0BAD0623-AF7E-46EB-AE76-4A37644FC5BB} -> (1394 Net Adapter) ->
{2D6692EE-6676-4558-A9DF-B502500F2323} -> () ->
{624446E8-FC7E-4A07-B1D4-CCA3C56569E9} -> (ORiNOCO PC Card (5 volt)) ->
{C8024ACE-8209-4087-BB54-92BEB0D37893} -> (Realtek RTL8139/810X Family PCI Fast Ethernet NIC) ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
PCANotify -> %SystemRoot%\system32\PCANotify.dll -> [2002/02/15 09:51:00 | 00,024,638 | ---- | M] (Symantec Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/04 02:56:56 | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5] -> [2005/10/12 17:13:32 | 07,086,080 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/04 02:56:56 | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\microsoft frontpage\bin\fpexplor.exe" -> C:\Program Files\microsoft frontpage\bin\fpexplor.exe [C:\Program Files\microsoft frontpage\bin\fpexplor.exe:*:Enabled:Microsoft FrontPage Explorer] -> [2002/09/14 13:20:39 | 01,509,136 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5] -> [2005/10/12 17:13:32 | 07,086,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE" -> C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE [C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE:*:Enabled:pcAnywhere Host Service] -> [2002/02/15 09:51:00 | 00,114,749 | ---- | M] (Symantec Corporation)
"C:\Program Files\Symantec\pcAnywhere\awrem32.exe" -> C:\Program Files\Symantec\pcAnywhere\awrem32.exe [C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Enabled:pcAnywhere Remote Service] -> [2002/02/15 09:51:00 | 00,172,092 | ---- | M] (Symantec Corporation)
"C:\Program Files\Symantec\pcAnywhere\WINAW32.EXE" -> C:\Program Files\Symantec\pcAnywhere\WINAW32.EXE [C:\Program Files\Symantec\pcAnywhere\WINAW32.EXE:*:Enabled:pcAnywhere Main Program] -> [2002/02/15 09:51:00 | 00,507,964 | ---- | M] (Symantec Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> [2004/08/04 00:59:52 | 00,049,536 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2002/08/21 18:09:50 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->

[Registry - Additional Scans - Safe List]
< ColumnHandlers - Folder [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ ->
{00020000-0000-1011-8004-0000C06B5161} [HKLM] -> %ProgramFiles%\WIBU-SYSTEMS\System\WibuShellExt.dll [WIBU-SYSTEMS Shell Extension] -> [2001/12/27 10:02:12 | 00,335,872 | ---- | M] (WIBU-SYSTEMS AG)
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\pdfshell.dll [PDF Shell Extension] -> [2007/05/10 22:54:08 | 00,372,736 | ---- | M] (Adobe Systems, Inc.)
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state ->
"bootini" -> 0 ->
"services" -> 0 ->
"startup" -> 0 ->
"system.ini" -> 0 ->
"win.ini" -> 0 ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> "%1" %* ->
.chm [@ = chm.file] -> %SystemRoot%\hh.exe -> [2005/05/26 18:22:01 | 00,010,752 | ---- | M] (Microsoft Corporation)
.cmd [@ = cmdfile] -> "%1" %* ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
.hlp [@ = hlpfile] -> %SystemRoot%\system32\winhlp32.exe -> [2001/08/18 07:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation)
.hta [@ = htafile] -> %SystemRoot%\system32\mshta.exe -> [2007/08/13 17:32:30 | 00,045,568 | ---- | M] (Microsoft Corporation)
.html [@ = htmlfile] -> %ProgramFiles%\Internet Explorer\iexplore.exe -> [2008/08/23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation)
.inf [@ = inffile] -> %SystemRoot%\system32\notepad.exe -> [2004/08/04 02:56:54 | 00,069,120 | ---- | M] (Microsoft Corporation)
.ini [@ = inifile] -> %SystemRoot%\system32\notepad.exe -> [2004/08/04 02:56:54 | 00,069,120 | ---- | M] (Microsoft Corporation)
.js [@ = JSFile] -> %SystemRoot%\system32\wscript.exe -> [2004/08/04 02:56:57 | 00,114,688 | ---- | M] (Microsoft Corporation)
.jse [@ = JSEFile] -> %SystemRoot%\system32\wscript.exe -> [2004/08/04 02:56:57 | 00,114,688 | ---- | M] (Microsoft Corporation)
.pif [@ = piffile] -> "%1" %* ->
.reg [@ = regfile] -> %SystemRoot%\regedit.exe -> [2004/08/04 02:56:55 | 00,146,432 | ---- | M] (Microsoft Corporation)
.scr [@ = scrfile] -> "%1" /S ->
.txt [@ = txtfile] -> %SystemRoot%\system32\notepad.exe -> [2004/08/04 02:56:54 | 00,069,120 | ---- | M] (Microsoft Corporation)
.vbe [@ = VBEFile] -> %SystemRoot%\system32\wscript.exe -> [2004/08/04 02:56:57 | 00,114,688 | ---- | M] (Microsoft Corporation)
.vbs [@ = VBSFile] -> %SystemRoot%\system32\wscript.exe -> [2004/08/04 02:56:57 | 00,114,688 | ---- | M] (Microsoft Corporation)
.wsf [@ = WSFFile] -> %SystemRoot%\system32\wscript.exe -> [2004/08/04 02:56:57 | 00,114,688 | ---- | M] (Microsoft Corporation)
.wsh [@ = WSHFile] -> %SystemRoot%\system32\wscript.exe -> [2004/08/04 02:56:57 | 00,114,688 | ---- | M] (Microsoft Corporation)
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 -> [] ->
AppMgmt -> C:\WINDOWS\System32\appmgmts.dll [C:\WINDOWS\System32\appmgmts.dll] -> File not found
Ias -> [] ->
Iprip -> [] ->
Irmon -> C:\WINDOWS\system32\irmon.dll [C:\WINDOWS\system32\irmon.dll] -> [2004/08/04 02:56:42 | 00,027,136 | ---- | M] (Microsoft Corporation)
NWCWorkstation -> [] ->
Nwsapagent -> [] ->
Wmi -> [] ->
WmdmPmSp -> [] ->
TermService -> C:\WINDOWS\system32\termsrv.dll [C:\WINDOWS\system32\termsrv.dll] -> [2004/08/04 02:56:46 | 00,295,424 | ---- | M] (Microsoft Corporation)
helpsvc -> C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll [C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll] -> [2004/08/04 02:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKLM] -> No CLSID value
ippx00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2004/01/29 09:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation)
msdaipp: [HKLM] -> No CLSID value
msdaippx00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2004/01/29 09:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation)
msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAIPP.BINDER] -> [2004/01/29 09:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation)
msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> %ProgramFiles%\MSN Messenger\msgrapp.dll[Reg Error: Value does not exist or could not be read.] -> [2005/10/12 17:11:08 | 00,086,016 | ---- | M] (Microsoft Corporation)
mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Web Components\10\OWC10.DLL[Data Page Pluggable Protocol mso-offdap Handler] -> [2008/01/24 14:22:56 | 07,255,384 | ---- | M] (Microsoft Corporation)
< Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager ->
"BootExecute" -> autocheck autochk *;lsdelete; ->
"ExcludeFromKnownDlls" -> ->
*ObjectDirectories* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\ObjectDirectories ->
\Windows -> -> File not found
\RPC Control -> -> File not found
*MultiFile Done* -> ->
< Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment ->
"ComSpec" -> C:\WINDOWS\system32\cmd.exe -> [2004/08/04 02:56:48 | 00,388,608 | ---- | M] (Microsoft Corporation)
"TEMP" -> %SystemRoot%\TEMP ->
"TMP" -> %SystemRoot%\TEMP ->
"windir" -> %SystemRoot% ->
*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path ->
%systemroot%\system32 -> %SystemRoot%\system32 -> [2008/11/08 15:21:35 | 00,000,000 | ---D | M]
%systemroot% -> %SystemRoot% -> [2008/11/08 15:21:30 | 00,000,000 | ---D | M]
%systemroot%\system32\wbem -> %SystemRoot%\system32\wbem -> [2007/03/12 21:20:15 | 00,000,000 | ---D | M]
C:\Program Files\Symantec\pcAnywhere -> %ProgramFiles%\Symantec\pcAnywhere -> [2005/09/19 08:29:52 | 00,000,000 | ---D | M]
*MultiFile Done* -> ->
*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT ->
.COM -> -> File not found
.EXE -> -> File not found
.BAT -> -> File not found
.CMD -> -> File not found
.VBS -> -> File not found
.VBE -> -> File not found
.JS -> -> File not found
.JSE -> -> File not found
.WSF -> -> File not found
.WSH -> -> File not found
*MultiFile Done* -> ->
< Session Manager FileRenameOperations Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations ->
< Session Manager KnownDlls Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls ->
"advapi32" -> C:\WINDOWS\system32\advapi32.dll -> [2004/08/04 02:56:41 | 00,616,960 | ---- | M] (Microsoft Corporation)
"comdlg32" -> C:\WINDOWS\system32\comdlg32.dll -> [2004/08/04 02:56:41 | 00,276,992 | ---- | M] (Microsoft Corporation)
"DllDirectory" -> C:\WINDOWS\system32 -> [2008/11/08 15:21:35 | 00,000,000 | ---D | M]
"gdi32" -> C:\WINDOWS\system32\gdi32.dll -> [2008/02/20 01:51:05 | 00,282,624 | ---- | M] (Microsoft Corporation)
"imagehlp" -> C:\WINDOWS\system32\imagehlp.dll -> [2004/08/04 02:56:42 | 00,144,384 | ---- | M] (Microsoft Corporation)
"kernel32" -> C:\WINDOWS\system32\kernel32.dll -> [2007/04/16 10:52:53 | 00,984,576 | ---- | M] (Microsoft Corporation)
"lz32" -> C:\WINDOWS\system32\lz32.dll -> [2001/08/18 07:00:00 | 00,002,560 | ---- | M] (Microsoft Corporation)
"ole32" -> C:\WINDOWS\system32\ole32.dll -> [2005/07/25 23:39:48 | 01,285,120 | ---- | M] (Microsoft Corporation)
"oleaut32" -> C:\WINDOWS\system32\oleaut32.dll -> [2007/12/04 13:38:13 | 00,550,912 | ---- | M] (Microsoft Corporation)
"olecli32" -> C:\WINDOWS\system32\olecli32.dll -> [2005/07/25 23:39:48 | 00,074,752 | ---- | M] (Microsoft Corporation)
"olecnv32" -> C:\WINDOWS\system32\olecnv32.dll -> [2005/07/25 23:39:49 | 00,037,888 | ---- | M] (Microsoft Corporation)
"olesvr32" -> C:\WINDOWS\system32\olesvr32.dll -> [2001/08/18 07:00:00 | 00,022,016 | ---- | M] (Microsoft Corporation)
"olethk32" -> C:\WINDOWS\system32\olethk32.dll -> [2001/08/18 07:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
"rpcrt4" -> C:\WINDOWS\system32\rpcrt4.dll -> [2007/07/09 08:09:42 | 00,584,192 | ---- | M] (Microsoft Corporation)
"shell32" -> C:\WINDOWS\system32\shell32.dll -> [2007/10/25 22:36:51 | 08,454,656 | ---- | M] (Microsoft Corporation)
"url" -> C:\WINDOWS\system32\url.dll -> [2008/08/26 02:24:30 | 00,105,984 | ---- | M] (Microsoft Corporation)
"urlmon" -> C:\WINDOWS\system32\urlmon.dll -> [2008/08/26 02:24:31 | 01,159,680 | ---- | M] (Microsoft Corporation)
"user32" -> C:\WINDOWS\system32\user32.dll -> [2007/03/08 10:36:28 | 00,577,536 | ---- | M] (Microsoft Corporation)
"version" -> C:\WINDOWS\system32\version.dll -> [2004/08/04 02:56:46 | 00,018,944 | ---- | M] (Microsoft Corporation)
"wininet" -> C:\WINDOWS\system32\wininet.dll -> [2008/08/26 02:24:31 | 00,826,368 | ---- | M] (Microsoft Corporation)
"wldap32" -> C:\WINDOWS\system32\wldap32.dll -> [2004/08/04 02:56:46 | 00,172,032 | ---- | M] (Microsoft Corporation)
< Session Manager SFC Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SFC ->
"CommonFilesDir" -> C:\Program Files\Common Files -> [2008/11/08 15:03:40 | 00,000,000 | ---D | M]
"ProgramFilesDir" -> C:\Program Files -> [2008/11/09 16:42:31 | 00,000,000 | ---D | M]
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 9/30/2008 8:07:34 AM Computer Name = CWB-NOTEBOOK | Source = Application Hang | ID = 1002 -> Description = Hanging application msimn.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 11/7/2008 2:47:07 PM Computer Name = CWB-NOTEBOOK | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
System [ Error ] 11/9/2008 7:42:53 PM Computer Name = CWB-NOTEBOOK | Source = Disk | ID = 262151 -> Description = The device, \Device\Harddisk0\D, has a bad block.
System [ Error ] 11/9/2008 7:43:01 PM Computer Name = CWB-NOTEBOOK | Source = Disk | ID = 262151 -> Description = The device, \Device\Harddisk0\D, has a bad block.
System [ Error ] 11/9/2008 7:43:10 PM Computer Name = CWB-NOTEBOOK | Source = Disk | ID = 262151 -> Description = The device, \Device\Harddisk0\D, has a bad block.
System [ Error ] 11/10/2008 6:35:48 PM Computer Name = CWB-NOTEBOOK | Source = Service Control Manager | ID = 7000 -> Description = The WinPPPoverEthernet service failed to start due to the following error: %%2
System [ Error ] 11/10/2008 6:47:06 PM Computer Name = CWB-NOTEBOOK | Source = Service Control Manager | ID = 7000 -> Description = The WinPPPoverEthernet service failed to start due to the following error: %%2
System [ Error ] 11/10/2008 7:11:45 PM Computer Name = CWB-NOTEBOOK | Source = Service Control Manager | ID = 7000 -> Description = The WinPPPoverEthernet service failed to start due to the following error: %%2
System [ Error ] 11/10/2008 9:30:18 PM Computer Name = CWB-NOTEBOOK | Source = Disk | ID = 262151 -> Description = The device, \Device\Harddisk0\D, has a bad block.
System [ Error ] 11/10/2008 9:30:27 PM Computer Name = CWB-NOTEBOOK | Source = Disk | ID = 262151 -> Description = The device, \Device\Harddisk0\D, has a bad block.
System [ Error ] 11/10/2008 9:30:35 PM Computer Name = CWB-NOTEBOOK | Source = Disk | ID = 262151 -> Description = The device, \Device\Harddisk0\D, has a bad block.
System [ Error ] 11/10/2008 9:30:44 PM Computer Name = CWB-NOTEBOOK | Source = Disk | ID = 262151 -> Description = The device, \Device\Harddisk0\D, has a bad block.

[Files/Folders - Created Within 90 Days]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2008/11/10 20:32:22 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/11/10 20:32:02 | 00,635,481 | ---- | C] ()
RECYCLER -> %SystemDrive%\RECYCLER -> [2008/11/10 17:44:12 | 00,000,000 | -HSD | C]
NVCfgData11_09_08.cfg -> %UserProfile%\My Documents\NVCfgData11_09_08.cfg -> [2008/11/09 21:04:15 | 00,000,708 | ---- | C] ()
rsit -> %SystemDrive%\rsit -> [2008/11/09 20:59:35 | 00,000,000 | ---D | C]
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2008/11/09 20:59:01 | 00,305,705 | ---- | C] ()
Malwarebytes -> %AppData%\Malwarebytes -> [2008/11/09 16:42:39 | 00,000,000 | ---D | C]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/11/09 16:42:35 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2008/11/09 16:42:35 | 00,000,706 | ---- | C] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/11/09 16:42:33 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2008/11/09 16:42:31 | 00,000,000 | ---D | C]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2008/11/09 16:42:31 | 00,000,000 | ---D | C]
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2008/11/09 16:41:08 | 02,372,472 | ---- | C] (Malwarebytes Corporation )
Boot.bak -> %SystemDrive%\Boot.bak -> [2008/11/08 13:35:39 | 00,000,211 | ---- | C] ()
cmldr -> %SystemDrive%\cmldr -> [2008/11/08 13:35:34 | 00,260,272 | ---- | C] ()
cmdcons -> %SystemDrive%\cmdcons -> [2008/11/08 13:35:19 | 00,000,000 | RHSD | C]
SWXCACLS.exe -> %SystemRoot%\SWXCACLS.exe -> [2008/11/08 13:32:42 | 00,212,480 | ---- | C] (SteelWerX)
SWREG.exe -> %SystemRoot%\SWREG.exe -> [2008/11/08 13:32:42 | 00,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> %SystemRoot%\SWSC.exe -> [2008/11/08 13:32:42 | 00,136,704 | ---- | C] (SteelWerX)
sed.exe -> %SystemRoot%\sed.exe -> [2008/11/08 13:32:42 | 00,098,816 | ---- | C] ()
fdsv.exe -> %SystemRoot%\fdsv.exe -> [2008/11/08 13:32:42 | 00,089,504 | ---- | C] (Smallfrogs Studio)
grep.exe -> %SystemRoot%\grep.exe -> [2008/11/08 13:32:42 | 00,080,412 | ---- | C] ()
zip.exe -> %SystemRoot%\zip.exe -> [2008/11/08 13:32:42 | 00,068,096 | ---- | C] ()
VFIND.exe -> %SystemRoot%\VFIND.exe -> [2008/11/08 13:32:42 | 00,049,152 | ---- | C] ()
NIRCMD.exe -> %SystemRoot%\NIRCMD.exe -> [2008/11/08 13:32:42 | 00,028,672 | ---- | C] (NirSoft)
Qoobox -> %SystemDrive%\Qoobox -> [2008/11/08 13:32:35 | 00,000,000 | ---D | C]
ERDNT -> %SystemRoot%\ERDNT -> [2008/11/08 13:32:35 | 00,000,000 | ---D | C]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [2008/11/08 13:14:58 | 00,000,000 | ---D | C]
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [2008/11/08 13:12:25 | 03,043,976 | R--- | C] ()
OTMoveIt3.exe -> %UserProfile%\Desktop\OTMoveIt3.exe -> [2008/11/08 13:11:36 | 00,334,848 | ---- | C] (OldTimer Tools)
Lop SD -> %SystemDrive%\Lop SD -> [2008/11/08 11:40:49 | 00,000,000 | ---D | C]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2008/11/08 11:02:44 | 78,805,8112 | -HS- | C] ()
ERUNT -> %SystemRoot%\ERUNT -> [2008/11/08 10:45:59 | 00,000,000 | ---D | C]
SDFix -> %SystemDrive%\SDFix -> [2008/11/08 10:38:44 | 00,000,000 | ---D | C]
LopSD.exe -> %UserProfile%\Desktop\LopSD.exe -> [2008/11/08 10:38:15 | 00,529,069 | ---- | C] ()
SDFix.exe -> %UserProfile%\Desktop\SDFix.exe -> [2008/11/08 10:37:36 | 01,529,241 | ---- | C] ()
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008/11/08 00:01:47 | 00,001,744 | ---- | C] ()
Trend Micro -> %ProgramFiles%\Trend Micro -> [2008/11/08 00:01:46 | 00,000,000 | ---D | C]
Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk -> [2008/11/07 21:15:30 | 00,000,803 | ---- | C] ()
Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [2008/11/07 21:15:30 | 00,000,803 | ---- | C] ()
Lavasoft -> %ProgramFiles%\Lavasoft -> [2008/11/07 21:15:23 | 00,000,000 | ---D | C]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [2008/11/07 21:15:21 | 00,000,000 | ---D | C]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [2008/11/07 21:14:08 | 00,000,000 | ---D | C]
NVCfgData11708.cfg -> %UserProfile%\My Documents\NVCfgData11708.cfg -> [2008/11/07 10:36:26 | 00,000,708 | ---- | C] ()
NVCfgData102908.cfg -> %UserProfile%\My Documents\NVCfgData102908.cfg -> [2008/10/29 17:02:00 | 00,000,583 | ---- | C] ()
MSECache -> %ProgramFiles%\MSECache -> [2008/10/28 13:21:41 | 00,000,000 | ---D | C]
andrade_paul_obituary.doc -> %UserProfile%\My Documents\andrade_paul_obituary.doc -> [2008/10/22 17:12:43 | 00,025,600 | ---- | C] ()
delaney_cristofori letter.doc -> %UserProfile%\My Documents\delaney_cristofori letter.doc -> [2008/10/13 23:21:04 | 00,025,600 | ---- | C] ()
kerry_john.doc -> %UserProfile%\My Documents\kerry_john.doc -> [2008/09/07 09:00:22 | 00,026,624 | ---- | C] ()
jackson_derrick_op_ed.doc -> %UserProfile%\My Documents\jackson_derrick_op_ed.doc -> [2008/09/06 17:17:58 | 00,026,112 | ---- | C] ()
48 freeman.mht -> %UserProfile%\My Documents\48 freeman.mht -> [2008/08/30 16:58:03 | 00,194,261 | ---- | C] ()
burial_permit_westlaw.pdf -> %UserProfile%\My Documents\burial_permit_westlaw.pdf -> [2008/08/28 13:19:42 | 00,197,787 | ---- | C] ()
About Us.doc -> %UserProfile%\My Documents\About Us.doc -> [2008/08/28 13:15:13 | 00,026,624 | ---- | C] ()
CatRoot_bak -> %SystemRoot%\System32\CatRoot_bak -> [2008/08/24 13:52:44 | 00,000,000 | ---D | C]
msadce.dll -> %SystemRoot%\System32\dllcache\msadce.dll -> [2008/08/15 07:34:54 | 00,331,776 | ---- | C] (Microsoft Corporation)
webpage docs -> %UserProfile%\My Documents\webpage docs -> [2008/08/14 20:28:02 | 00,000,000 | ---D | C]

[Files/Folders - Modified Within 90 Days]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [2002/07/11 18:15:09 | 00,000,000 | ---D | M]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/10/28 19:28:50 | 00,004,232 | ---- | M] ()
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/10/28 19:28:49 | 00,004,617 | ---- | M] ()
C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data -> [2002/06/05 16:35:29 | 00,000,000 | ---D | M]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [2002/06/05 16:42:04 | 00,001,538 | ---- | M] ()
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/11/10 20:32:06 | 00,635,481 | ---- | M] ()
Norton AntiVirus - Run Full System Scan - Owner.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - Owner.job -> [2008/11/10 20:31:44 | 00,000,556 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008/11/10 18:11:42 | 00,001,158 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008/11/10 18:11:07 | 00,000,006 | -H-- | M] ()
hpsysdrv.DAT -> %SystemRoot%\System\hpsysdrv.DAT -> [2008/11/10 18:11:06 | 00,000,186 | ---- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008/11/10 18:10:35 | 00,002,048 | --S- | M] ()
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2008/11/10 18:10:26 | 78,805,8112 | -HS- | M] ()
hpbafd.ini -> %SystemRoot%\hpbafd.ini -> [2008/11/10 09:37:43 | 00,000,188 | ---- | M] ()
NVCfgData11_09_08.cfg -> %UserProfile%\My Documents\NVCfgData11_09_08.cfg -> [2008/11/09 21:04:15 | 00,000,708 | ---- | M] ()
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2008/11/09 20:59:03 | 00,305,705 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2008/11/09 16:42:35 | 00,000,706 | ---- | M] ()
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2008/11/09 16:41:18 | 02,372,472 | ---- | M] (Malwarebytes Corporation )
system.ini -> %SystemRoot%\system.ini -> [2008/11/08 15:10:00 | 00,000,227 | ---- | M] ()
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2008/11/08 15:08:44 | 00,000,027 | ---- | M] ()
boot.ini -> %SystemDrive%\boot.ini -> [2008/11/08 13:35:39 | 00,000,281 | RHS- | M] ()
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [2008/11/08 13:12:26 | 03,043,976 | R--- | M] ()
OTMoveIt3.exe -> %UserProfile%\Desktop\OTMoveIt3.exe -> [2008/11/08 13:11:47 | 00,334,848 | ---- | M] (OldTimer Tools)
LopSD.exe -> %UserProfile%\Desktop\LopSD.exe -> [2008/11/08 10:38:20 | 00,529,069 | ---- | M] ()
SDFix.exe -> %UserProfile%\Desktop\SDFix.exe -> [2008/11/08 10:37:47 | 01,529,241 | ---- | M] ()
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008/11/08 00:01:48 | 00,001,744 | ---- | M] ()
Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk -> [2008/11/07 21:15:30 | 00,000,803 | ---- | M] ()
Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [2008/11/07 21:15:30 | 00,000,803 | ---- | M] ()
Microsoft Word.lnk -> %UserProfile%\Desktop\Microsoft Word.lnk -> [2008/11/07 20:31:56 | 00,002,483 | ---- | M] ()
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2008/11/07 13:59:20 | 00,358,194 | ---- | M] ()
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2008/11/07 13:59:20 | 00,313,514 | ---- | M] ()
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2008/11/07 13:59:20 | 00,041,066 | ---- | M] ()
personal_password_list.xls -> %UserProfile%\My Documents\personal_password_list.xls -> [2008/11/07 10:41:56 | 00,020,992 | ---- | M] ()
NVCfgData11708.cfg -> %UserProfile%\My Documents\NVCfgData11708.cfg -> [2008/11/07 10:36:27 | 00,000,708 | ---- | M] ()
Default.rdp -> %UserProfile%\My Documents\Default.rdp -> [2008/11/03 18:14:04 | 00,001,828 | -H-- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2008/10/31 17:44:34 | 00,271,472 | ---- | M] ()
NVCfgData102908.cfg -> %UserProfile%\My Documents\NVCfgData102908.cfg -> [2008/10/29 17:02:00 | 00,000,583 | ---- | M] ()
Microsoft Excel.lnk -> %UserProfile%\Desktop\Microsoft Excel.lnk -> [2008/10/23 15:51:28 | 00,002,481 | ---- | M] ()
andrade_paul_obituary.doc -> %UserProfile%\My Documents\andrade_paul_obituary.doc -> [2008/10/22 17:12:43 | 00,025,600 | ---- | M] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation)
netapi32.dll -> %SystemRoot%\System32\netapi32.dll -> [2008/10/15 11:57:55 | 00,332,800 | ---- | M] (Microsoft Corporation)
netapi32.dll -> %SystemRoot%\System32\dllcache\netapi32.dll -> [2008/10/15 11:57:55 | 00,332,800 | ---- | M] (Microsoft Corporation)
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2008/10/15 02:09:59 | 00,001,393 | ---- | M] ()
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [2008/10/13 23:28:07 | 00,054,156 | -H-- | M] ()
delaney_cristofori letter.doc -> %UserProfile%\My Documents\delaney_cristofori letter.doc -> [2008/10/13 23:21:04 | 00,025,600 | ---- | M] ()
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2008/10/07 14:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation)
ieframe.dll -> %SystemRoot%\System32\ieframe.dll -> [2008/10/03 12:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation)
ieframe.dll -> %SystemRoot%\System32\dllcache\ieframe.dll -> [2008/10/03 12:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation)
walkers_note.dot -> %UserProfile%\Desktop\walkers_note.dot -> [2008/10/01 05:20:47 | 00,024,064 | ---- | M] ()
win.ini -> %SystemRoot%\win.ini -> [2008/09/26 16:46:08 | 00,000,908 | ---- | M] ()
win32k.sys -> %SystemRoot%\System32\win32k.sys -> [2008/09/15 06:57:41 | 01,846,016 | ---- | M] (Microsoft Corporation)
win32k.sys -> %SystemRoot%\System32\dllcache\win32k.sys -> [2008/09/15 06:57:41 | 01,846,016 | ---- | M] (Microsoft Corporation)
kerry_john.doc -> %UserProfile%\My Documents\kerry_john.doc -> [2008/09/07 09:00:23 | 00,026,624 | ---- | M] ()
jackson_derrick_op_ed.doc -> %UserProfile%\My Documents\jackson_derrick_op_ed.doc -> [2008/09/06 17:25:07 | 00,026,112 | ---- | M] ()
Mashpee Remote Desktop.lnk -> %UserProfile%\Desktop\Mashpee Remote Desktop.lnk -> [2008/08/31 11:04:26 | 00,000,826 | ---- | M] ()
48 freeman.mht -> %UserProfile%\My Documents\48 freeman.mht -> [2008/08/30 16:58:06 | 00,194,261 | ---- | M] ()
burial_permit_westlaw.pdf -> %UserProfile%\My Documents\burial_permit_westlaw.pdf -> [2008/08/28 13:19:42 | 00,197,787 | ---- | M] ()
About Us.doc -> %UserProfile%\My Documents\About Us.doc -> [2008/08/28 13:15:14 | 00,026,624 | ---- | M] ()
srv.sys -> %SystemRoot%\System32\drivers\srv.sys -> [2008/08/28 05:04:17 | 00,333,056 | ---- | M] (Microsoft Corporation)
srv.sys -> %SystemRoot%\System32\dllcache\srv.sys -> [2008/08/28 05:04:17 | 00,333,056 | ---- | M] (Microsoft Corporation)
mshtml.dll -> %SystemRoot%\System32\mshtml.dll -> [2008/08/27 03:24:32 | 03,593,216 | ---- | M] (Microsoft Corporation)
mshtml.dll -> %SystemRoot%\System32\dllcache\mshtml.dll -> [2008/08/27 03:24:32 | 03,593,216 | ---- | M] (Microsoft Corporation)
urlmon.dll -> %SystemRoot%\System32\urlmon.dll -> [2008/08/26 02:24:31 | 01,159,680 | ---- | M] (Microsoft Corporation)
urlmon.dll -> %SystemRoot%\System32\dllcache\urlmon.dll -> [2008/08/26 02:24:31 | 01,159,680 | ---- | M] (Microsoft Corporation)
wininet.dll -> %SystemRoot%\System32\wininet.dll -> [2008/08/26 02:24:31 | 00,826,368 | ---- | M] (Microsoft Corporation)
wininet.dll -> %SystemRoot%\System32\dllcache\wininet.dll -> [2008/08/26 02:24:31 | 00,826,368 | ---- | M] (Microsoft Corporation)
webcheck.dll -> %SystemRoot%\System32\webcheck.dll -> [2008/08/26 02:24:31 | 00,233,472 | ---- | M] (Microsoft Corporation)
webcheck.dll -> %SystemRoot%\System32\dllcache\webcheck.dll -> [2008/08/26 02:24:31 | 00,233,472 | ---- | M] (Microsoft Corporation)
inetcpl.cpl -> %SystemRoot%\System32\inetcpl.cpl -> [2008/08/26 02:24:30 | 01,831,424 | ---- | M] (Microsoft Corporation)
inetcpl.cpl -> %SystemRoot%\System32\dllcache\inetcpl.cpl -> [2008/08/26 02:24:30 | 01,831,424 | ---- | M] (Microsoft Corporation)
mstime.dll -> %SystemRoot%\System32\mstime.dll -> [2008/08/26 02:24:30 | 00,671,232 | ---- | M] (Microsoft Corporation)
mstime.dll -> %SystemRoot%\System32\dllcache\mstime.dll -> [2008/08/26 02:24:30 | 00,671,232 | ---- | M] (Microsoft Corporation)
mshtmled.dll -> %SystemRoot%\System32\mshtmled.dll -> [2008/08/26 02:24:30 | 00,477,696 | ---- | M] (Microsoft Corporation)
mshtmled.dll -> %SystemRoot%\System32\dllcache\mshtmled.dll -> [2008/08/26 02:24:30 | 00,477,696 | ---- | M] (Microsoft Corporation)
msfeeds.dll -> %SystemRoot%\System32\msfeeds.dll -> [2008/08/26 02:24:30 | 00,459,264 | ---- | M] (Microsoft Corporation)
msfeeds.dll -> %SystemRoot%\System32\dllcache\msfeeds.dll -> [2008/08/26 02:24:30 | 00,459,264 | ---- | M] (Microsoft Corporation)
msrating.dll -> %SystemRoot%\System32\msrating.dll -> [2008/08/26 02:24:30 | 00,193,024 | ---- | M] (Microsoft Corporation)
msrating.dll -> %SystemRoot%\System32\dllcache\msrating.dll -> [2008/08/26 02:24:30 | 00,193,024 | ---- | M] (Microsoft Corporation)
url.dll -> %SystemRoot%\System32\url.dll -> [2008/08/26 02:24:30 | 00,105,984 | ---- | M] (Microsoft Corporation)
url.dll -> %SystemRoot%\System32\dllcache\url.dll -> [2008/08/26 02:24:30 | 00,105,984 | ---- | M] (Microsoft Corporation)
occache.dll -> %SystemRoot%\System32\occache.dll -> [2008/08/26 02:24:30 | 00,102,912 | ---- | M] (Microsoft Corporation)
occache.dll -> %SystemRoot%\System32\dllcache\occache.dll -> [2008/08/26 02:24:30 | 00,102,912 | ---- | M] (Microsoft Corporation)
msfeedsbs.dll -> %SystemRoot%\System32\msfeedsbs.dll -> [2008/08/26 02:24:30 | 00,052,224 | ---- | M] (Microsoft Corporation)
msfeedsbs.dll -> %SystemRoot%\System32\dllcache\msfeedsbs.dll -> [2008/08/26 02:24:30 | 00,052,224 | ---- | M] (Microsoft Corporation)
pngfilt.dll -> %SystemRoot%\System32\pngfilt.dll -> [2008/08/26 02:24:30 | 00,044,544 | ---- | M] (Microsoft Corporation)
pngfilt.dll -> %SystemRoot%\System32\dllcache\pngfilt.dll -> [2008/08/26 02:24:30 | 00,044,544 | ---- | M] (Microsoft Corporation)
jsproxy.dll -> %SystemRoot%\System32\jsproxy.dll -> [2008/08/26 02:24:30 | 00,027,648 | ---- | M] (Microsoft Corporation)
jsproxy.dll -> %SystemRoot%\System32\dllcache\jsproxy.dll -> [2008/08/26 02:24:30 | 00,027,648 | ---- | M] (Microsoft Corporation)
iedkcs32.dll -> %SystemRoot%\System32\iedkcs32.dll -> [2008/08/26 02:24:29 | 00,384,512 | ---- | M] (Microsoft Corporation)
iedkcs32.dll -> %SystemRoot%\System32\dllcache\iedkcs32.dll -> [2008/08/26 02:24:29 | 00,384,512 | ---- | M] (Microsoft Corporation)
iertutil.dll -> %SystemRoot%\System32\iertutil.dll -> [2008/08/26 02:24:29 | 00,267,776 | ---- | M] (Microsoft Corporation)
iertutil.dll -> %SystemRoot%\System32\dllcache\iertutil.dll -> [2008/08/26 02:24:29 | 00,267,776 | ---- | M] (Microsoft Corporation)
iernonce.dll -> %SystemRoot%\System32\iernonce.dll -> [2008/08/26 02:24:29 | 00,044,544 | ---- | M] (Microsoft Corporation)
iernonce.dll -> %SystemRoot%\System32\dllcache\iernonce.dll -> [2008/08/26 02:24:29 | 00,044,544 | ---- | M] (Microsoft Corporation)
ieapfltr.dll -> %SystemRoot%\System32\ieapfltr.dll -> [2008/08/26 02:24:28 | 00,383,488 | ---- | M] (Microsoft Corporation)
ieapfltr.dll -> %SystemRoot%\System32\dllcache\ieapfltr.dll -> [2008/08/26 02:24:28 | 00,383,488 | ---- | M] (Microsoft Corporation)
dxtmsft.dll -> %SystemRoot%\System32\dxtmsft.dll -> [2008/08/26 02:24:28 | 00,347,136 | ---- | M] (Microsoft Corporation)
dxtmsft.dll -> %SystemRoot%\System32\dllcache\dxtmsft.dll -> [2008/08/26 02:24:28 | 00,347,136 | ---- | M] (Microsoft Corporation)
ieaksie.dll -> %SystemRoot%\System32\ieaksie.dll -> [2008/08/26 02:24:28 | 00,230,400 | ---- | M] (Microsoft Corporation)
ieaksie.dll -> %SystemRoot%\System32\dllcache\ieaksie.dll -> [2008/08/26 02:24:28 | 00,230,400 | ---- | M] (Microsoft Corporation)
dxtrans.dll -> %SystemRoot%\System32\dxtrans.dll -> [2008/08/26 02:24:28 | 00,214,528 | ---- | M] (Microsoft Corporation)
dxtrans.dll -> %SystemRoot%\System32\dllcache\dxtrans.dll -> [2008/08/26 02:24:28 | 00,214,528 | ---- | M] (Microsoft Corporation)
ieakeng.dll -> %SystemRoot%\System32\ieakeng.dll -> [2008/08/26 02:24:28 | 00,153,088 | ---- | M] (Microsoft Corporation)
ieakeng.dll -> %SystemRoot%\System32\dllcache\ieakeng.dll -> [2008/08/26 02:24:28 | 00,153,088 | ---- | M] (Microsoft Corporation)
extmgr.dll -> %SystemRoot%\System32\extmgr.dll -> [2008/08/26 02:24:28 | 00,133,120 | ---- | M] (Microsoft Corporation)
extmgr.dll -> %SystemRoot%\System32\dllcache\extmgr.dll -> [2008/08/26 02:24:28 | 00,133,120 | ---- | M] (Microsoft Corporation)
advpack.dll -> %SystemRoot%\System32\dllcache\advpack.dll -> [2008/08/26 02:24:28 | 00,124,928 | ---- | M] (Microsoft Corporation)
advpack.dll -> %SystemRoot%\System32\advpack.dll -> [2008/08/26 02:24:28 | 00,124,928 | ---- | M] (Microsoft Corporation)
icardie.dll -> %SystemRoot%\System32\icardie.dll -> [2008/08/26 02:24:28 | 00,063,488 | ---- | M] (Microsoft Corporation)
icardie.dll -> %SystemRoot%\System32\dllcache\icardie.dll -> [2008/08/26 02:24:28 | 00,063,488 | ---- | M] (Microsoft Corporation)
ieudinit.exe -> %SystemRoot%\System32\ieudinit.exe -> [2008/08/25 03:38:00 | 00,013,824 | ---- | M] (Microsoft Corporation)
ieudinit.exe -> %SystemRoot%\System32\dllcache\ieudinit.exe -> [2008/08/25 03:38:00 | 00,013,824 | ---- | M] (Microsoft Corporation)
ie4uinit.exe -> %SystemRoot%\System32\ie4uinit.exe -> [2008/08/25 03:37:59 | 00,070,656 | ---- | M] (Microsoft Corporation)
ie4uinit.exe -> %SystemRoot%\System32\dllcache\ie4uinit.exe -> [2008/08/25 03:37:59 | 00,070,656 | ---- | M] (Microsoft Corporation)
SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT -> [2008/08/23 18:08:08 | 00,010,671 | ---- | M] ()
SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF -> [2008/08/23 18:08:08 | 00,000,805 | ---- | M] ()
SYMEVENT.SYS -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> [2008/08/23 18:08:07 | 00,123,952 | ---- | M] (Symantec Corporation)
S32EVNT1.DLL -> %SystemRoot%\System32\S32EVNT1.DLL -> [2008/08/23 18:08:07 | 00,060,800 | ---- | M] (Symantec Corporation)
iexplore.exe -> %SystemRoot%\System32\dllcache\iexplore.exe -> [2008/08/23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation)
ieakui.dll -> %SystemRoot%\System32\ieakui.dll -> [2008/08/23 00:54:51 | 00,161,792 | ---- | M] (Microsoft Corporation)
ieakui.dll -> %SystemRoot%\System32\dllcache\ieakui.dll -> [2008/08/23 00:54:51 | 00,161,792 | ---- | M] (Microsoft Corporation)
ntoskrnl.exe -> %SystemRoot%\System32\ntoskrnl.exe -> [2008/08/14 05:00:45 | 02,180,352 | ---- | M] (Microsoft Corporation)
ntoskrnl.exe -> %SystemRoot%\System32\dllcache\ntoskrnl.exe -> [2008/08/14 05:00:45 | 02,180,352 | ---- | M] (Microsoft Corporation)
ntkrnlmp.exe -> %SystemRoot%\System32\dllcache\ntkrnlmp.exe -> [2008/08/14 04:58:27 | 02,136,064 | ---- | M] (Microsoft Corporation)
afd.sys -> %SystemRoot%\System32\drivers\afd.sys -> [2008/08/14 04:51:43 | 00,138,368 | ---- | M] (Microsoft Corporation)
afd.sys -> %SystemRoot%\System32\dllcache\afd.sys -> [2008/08/14 04:51:43 | 00,138,368 | ---- | M] (Microsoft Corporation)
ntkrpamp.exe -> %SystemRoot%\System32\dllcache\ntkrpamp.exe -> [2008/08/14 04:22:14 | 02,015,744 | ---- | M] (Microsoft Corporation)
ntkrnlpa.exe -> %SystemRoot%\System32\ntkrnlpa.exe -> [2008/08/14 04:22:13 | 02,057,728 | ---- | M] (Microsoft Corporation)
ntkrnlpa.exe -> %SystemRoot%\System32\dllcache\ntkrnlpa.exe -> [2008/08/14 04:22:13 | 02,057,728 | ---- | M] (Microsoft Corporation)
[File - Lop Check]
Application Data -> C:\Documents and Settings\All Users\Application Data -> [2008/11/09 16:42:31 | 00,000,000 | -H-D | M]
BVRP Software -> C:\Documents and Settings\All Users\Application Data\BVRP Software -> [2006/05/14 11:25:56 | 00,000,000 | ---D | M]
Intuit -> C:\Documents and Settings\All Users\Application Data\Intuit -> [2007/08/06 19:07:05 | 00,000,000 | ---D | M]
SBSI -> C:\Documents and Settings\All Users\Application Data\SBSI -> [2002/04/11 21:16:58 | 00,000,000 | ---D | M]
Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2007/03/09 21:25:08 | 00,000,000 | ---D | M]
Visual Networks -> C:\Documents and Settings\All Users\Application Data\Visual Networks -> [2002/10/06 17:09:57 | 00,000,000 | ---D | M]
Application Data -> C:\Documents and Settings\Owner\Application Data -> [2008/11/09 16:42:39 | 00,000,000 | -H-D | M]
Ahead -> C:\Documents and Settings\Owner\Application Data\Ahead -> [2007/04/04 08:42:50 | 00,000,000 | ---D | M]
Allume Systems -> C:\Documents and Settings\Owner\Application Data\Allume Systems -> [2006/04/05 15:23:32 | 00,000,000 | ---D | M]
CyberLink -> C:\Documents and Settings\Owner\Application Data\CyberLink -> [2002/08/12 18:06:13 | 00,000,000 | ---D | M]
InterVideo -> C:\Documents and Settings\Owner\Application Data\InterVideo -> [2002/08/12 19:21:48 | 00,000,000 | ---D | M]
Intuit -> C:\Documents and Settings\Owner\Application Data\Intuit -> [2007/08/06 19:00:19 | 00,000,000 | ---D | M]
Leadertech -> C:\Documents and Settings\Owner\Application Data\Leadertech -> [2007/04/04 17:03:38 | 00,000,000 | ---D | M]
VERITAS -> C:\Documents and Settings\Owner\Application Data\VERITAS -> [2002/08/06 11:16:17 | 00,000,000 | ---D | M]
Viewpoint -> C:\Documents and Settings\Owner\Application Data\Viewpoint -> [2007/03/09 21:25:11 | 00,000,000 | ---D | M]
C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2008/05/13 14:30:32 | 00,000,000 | --SD | M]
desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2001/08/18 07:00:00 | 00,000,065 | RH-- | M] ()
Norton AntiVirus - Run Full System Scan - Owner.job -> C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job -> [2008/11/10 20:31:44 | 00,000,556 | ---- | M] ()
SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2008/11/10 18:11:07 | 00,000,006 | -H-- | M] ()
[File - Purity Scan]

[File - Signature Check]
< Cached Copy > -> < OS Copy > -> < MD5's >
C:\WINDOWS\system32\dllcache\explorer.exe [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\explorer.exe [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -> Cached Copy = 97BD6515465659FF8F3B7BE375B2EA87 \ OS Copy = 97BD6515465659FF8F3B7BE375B2EA87
C:\WINDOWS\servicepackfiles\i386\csrss.exe [2004/08/04 02:56:48 | 00,006,144 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\csrss.exe [2004/08/04 02:56:48 | 00,006,144 | ---- | M] (Microsoft Corporation) -> Cached Copy = F12B178B1678D778CFD3FF1FC38C71FB \ OS Copy = F12B178B1678D778CFD3FF1FC38C71FB
C:\WINDOWS\servicepackfiles\i386\lsass.exe [2004/08/04 02:56:50 | 00,013,312 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\lsass.exe [2004/08/04 02:56:50 | 00,013,312 | ---- | M] (Microsoft Corporation) -> Cached Copy = 84885F9B82F4D55C6146EBF6065D75D2 \ OS Copy = 84885F9B82F4D55C6146EBF6065D75D2
C:\WINDOWS\servicepackfiles\i386\rundll32.exe [2004/08/04 02:56:55 | 00,033,280 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\rundll32.exe [2004/08/04 02:56:55 | 00,033,280 | ---- | M] (Microsoft Corporation) -> Cached Copy = DA285490BBD8A1D0CE6623577D5BA1FF \ OS Copy = DA285490BBD8A1D0CE6623577D5BA1FF
C:\WINDOWS\servicepackfiles\i386\services.exe [2004/08/04 02:56:55 | 00,108,032 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\services.exe [2004/08/04 02:56:55 | 00,108,032 | ---- | M] (Microsoft Corporation) -> Cached Copy = C6CE6EEC82F187615D1002BB3BB50ED4 \ OS Copy = C6CE6EEC82F187615D1002BB3BB50ED4
C:\WINDOWS\servicepackfiles\i386\smss.exe [2004/08/04 02:56:56 | 00,050,688 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\smss.exe [2004/08/04 02:56:56 | 00,050,688 | ---- | M] (Microsoft Corporation) -> Cached Copy = BD7FB0957C716F1A60333AEE04DE2178 \ OS Copy = BD7FB0957C716F1A60333AEE04DE2178
C:\WINDOWS\servicepackfiles\i386\spoolsv.exe [2004/08/04 02:56:57 | 00,057,856 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\spoolsv.exe [2005/06/10 18:53:32 | 00,057,856 | ---- | M] (Microsoft Corporation) -> Cached Copy = 7435B108B935E42EA92CA94F59C8E717 \ OS Copy = DA81EC57ACD4CDC3D4C51CF3D409AF9F
C:\WINDOWS\servicepackfiles\i386\svchost.exe [2004/08/04 02:56:57 | 00,014,336 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\svchost.exe [2004/08/04 02:56:57 | 00,014,336 | ---- | M] (Microsoft Corporation) -> Cached Copy = 8F078AE4ED187AAABC0A305146DE6716 \ OS Copy = 8F078AE4ED187AAABC0A305146DE6716
C:\WINDOWS\servicepackfiles\i386\taskmgr.exe [2004/08/04 02:56:57 | 00,135,680 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\taskmgr.exe [2004/08/04 02:56:57 | 00,135,680 | ---- | M] (Microsoft Corporation) -> Cached Copy = FC160ACE21C81837692B339D230DD4BE \ OS Copy = FC160ACE21C81837692B339D230DD4BE
C:\WINDOWS\servicepackfiles\i386\userinit.exe [2004/08/04 02:56:57 | 00,024,576 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\userinit.exe [2004/08/04 02:56:57 | 00,024,576 | ---- | M] (Microsoft Corporation) -> Cached Copy = 39B1FFB03C2296323832ACBAE50D2AFF \ OS Copy = 39B1FFB03C2296323832ACBAE50D2AFF
C:\WINDOWS\servicepackfiles\i386\winlogon.exe [2004/08/04 02:56:57 | 00,502,272 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\winlogon.exe [2004/08/04 02:56:57 | 00,502,272 | ---- | M] (Microsoft Corporation) -> Cached Copy = 01C3346C241652F43AED8E2149881BFE \ OS Copy = 01C3346C241652F43AED8E2149881BFE

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
< Document and Settings folder & sub folders >
scanning hidden files ...
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-3499916212-2805738209-4071888707-1003$201c4e7c3090b70.tif:Xj1phwzh5qcwungrN45kt3kiCe 776 bytes
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-3499916212-2805738209-4071888707-1003$201c4e7c3090b70.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp7F85C73.TMP 0 bytes
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\A8A13755.TMP 0 bytes
C:\Documents and Settings\Owner\Favorites\Emerald Lake Lodge - Romantic Mountain Getaways in Canada.url:favicon 822 bytes
C:\Documents and Settings\Owner\Favorites\Volvo S70-V70 1998-2000 --- The Volvo Parts, Accessories and Performance Specialists Since 1963.url:favicon 894 bytes
C:\Documents and Settings\Owner\Favorites\Google searches redirected - Lavasoft Support Forums.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\Toyota Paseo vehicles for parts.url:favicon 2550 bytes
C:\Documents and Settings\Owner\Favorites\National Data Buoy Center.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Favorites\http--www.electricgeneratorsdirect.com-.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\Boston Crusaders 08 Summer Tour or Where's Curt.url:favicon 3638 bytes
scan completed successfully
hidden files: 101

< End of report >

Hello


Start OTScanIt2. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.



The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.




Also post a new HJT log

Here is OTScanIt2 log:

Explorer killed successfully
[Processes - Safe List]
Unable to kill process aawservice.exe .
[Win32 Services - Safe List]
Unable to stop service Error Reporting Service (ERSvc .
Unable to delete service Error Reporting Service (ERSvc .
File not found.
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
[Files/Folders - Created Within 90 Days]
C:\rsit folder moved successfully.
C:\Documents and Settings\Owner\Desktop\RSIT.exe moved successfully.
C:\Documents and Settings\Owner\Desktop\OTMoveIt3.exe moved successfully.
C:\Lop SD folder moved successfully.
C:\SDFix\backups\890166 folder moved successfully.
C:\SDFix\backups folder moved successfully.
C:\SDFix\apps\Replace\xp folder moved successfully.
C:\SDFix\apps\Replace\w2k folder moved successfully.
C:\SDFix\apps\Replace folder moved successfully.
C:\SDFix\apps folder moved successfully.
C:\SDFix folder moved successfully.
C:\Documents and Settings\Owner\Desktop\LopSD.exe moved successfully.
C:\Documents and Settings\Owner\Desktop\SDFix.exe moved successfully.
[Empty Temp Folders]
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\JETF3D3.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.0.33b fix logfile created on 11112008_114339

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\JETF3D3.tmp moved successfully.
--- End of File---

and here it HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:37 PM, on 11/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
C:\Windows\system32\HpSrvUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ORiNOCO\Client Manager\CmLUC.exe
C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ORiNOCO Client Manager.lnk = C:\Program Files\ORiNOCO\Client Manager\CmLUC.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/bizcenter-o
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2098F239-F08E-4840-9F81-B758A4971D83} - http://www.batesville.com/us/setup.cab
O16 - DPF: {3F807625-B32A-498F-9010-7ABB2BB5D3B3} - http://www.batesville.com/us/install.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.a...meInstaller.exe
O16 - DPF: {5A3AD060-E5D9-4DEF-8E77-B44336153FD9} - http://www.batesville.com/dlb/setup.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - https://ccgfalmouth.dyndns.org/Remote/msrdp.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab
O16 - DPF: {8B2BE470-543C-4662-8536-54D191F82675} - http://www.batesville.com/dlb/setup.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft Terminal Services Client Control (redist)) - http://68.160.177.202:10367/tsweb/msrdp.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab
O16 - DPF: {BB707357-1966-4198-B14B-1F8156D79B98} - http://www.batesville.com/us/setup.cab
O16 - DPF: {CFC1C622-8C5B-4683-A64F-5A964EE397E1} - http://www.batesville.com/dlb/setup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://webmail.gpjco.com/dwa7W.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - (no file)
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WinPPPoverEthernet - Unknown owner - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE (file missing)

--
End of file - 9647 bytes

Your logs are clean

Follow these steps to uninstall Combofix and tools used in the removal of malware

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

• Make sure you have an Internet Connection.
• Download OTCleanIt to your desktop and run it
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so.
• Click Yes to beging the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com/products/acrobat/readstep2.html




Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

Make Internet Explorer more secure

• Click Start > Run
• Type Inetcpl.cpl & click OK
• Click on the Security tab
• Click Reset all zones to default level
• Make sure the Internet Zone is selected & Click Custom level
• In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
• Next Click OK, then Apply button and then OK to exit the Internet Properties page.

*ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

*Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

Rorschach112,

I can't thank you enough! You've been a great help! I will certainly address your security suggestions. If there is a site to make a donation, please let me know.

Thanks again!

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

Everyone else please begin a New Topic.

Thank you !