Hijackthis Log[INACTIVE]


Recommended Posts

Hey there. My friend is having some computer problems. He is running Windows XP. He is unable to get Windows Live Update to turn on which is required for us to be able to log on to the schools servers. He is also getting some other weird happenings, a few weeks ago he was unable to install or run any programs. I tried MalwareBytes but there was an error when installing so it will not run. We have run SuperAntiSpyware a few times and were able to remove close to 10 items but some problems remain.

Here is his hijackthis log. Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:11:52 PM, on 9/3/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Microsoft Location Finder\LocationFinder.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Fantastic Flame Screensaver\FantasticFlameAgent.exe

C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

O1 - Hosts: ::1 localhost

O1 - Hosts: 91.206.201.8 intsecureprof.microsoft.com

O1 - Hosts: 91.206.201.8 intsecureprof.com

O1 - Hosts: 91.206.201.8 www.intsecureprof.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [NACAgentUI] C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Fantastic Flame Agent.lnk = C:\Program Files\Fantastic Flame Screensaver\FantasticFlameAgent.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?55aba75feb9849d0892ae1b0c6532571

O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?55aba75feb9849d0892ae1b0c6532571

O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop

O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB

O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} (Cisco NAC Web Agent Control) - https://nas1.sdstate.edu/auth/taweb.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1239825734265

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1239825706968

O16 - DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} (CCAWebLogin Control) - https://nas1.sdstate.edu/auth/CCALogin.CAB

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Cisco NAC Agent (NACAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe

O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 14550 bytes

Edited by Sccrluk9
Link to post
Share on other sites

Hi Sccrluk9, Welcome to Best Techie :thumbsup:

Step #1

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Step #2

We Need to check for Rootkits with RootRepeal

  1. Download RootRepeal from the following location and save it to your desktop.

[*]Rar Mirrors - Only if you know what a RAR is and can extract it.

[*]Extract RootRepeal.exe from the archive.

[*]Open rootRepealDesktopIcon.png on your desktop.

[*]Click the reportTab.png tab.

[*]Click the btnScan.png button.

[*]Check all seven boxes: checkBoxes2.png

[*]Push Ok

[*]Check the box for your main system drive (Usually C:), and press Ok.

[*]Allow RootRepeal to run a scan of your system. This may take some time.

[*]Once the scan completes, push the saveReport.png button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Step #3

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Link to post
Share on other sites

OTL Log

OTL logfile created on: 9/8/2009 12:53:27 PM - Run 1

OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Tyler Odegaard\Desktop\New Folder

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.17 Mb Total Physical Memory | 185.66 Mb Available Physical Memory | 20.76% Memory free

2.12 Gb Paging File | 1.47 Gb Available in Paging File | 69.29% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 62.67 Gb Total Space | 26.70 Gb Free Space | 42.61% Space Free | Partition Type: NTFS

Drive D: | 11.83 Gb Total Space | 0.65 Gb Free Space | 5.47% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

Drive F: | 1003.77 Mb Total Space | 995.16 Mb Free Space | 99.14% Space Free | Partition Type: FAT

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PC264411574023

Current User Name: Tyler Odegaard

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)

PRC - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe ()

PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)

PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)

PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

PRC - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

PRC - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)

PRC - C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )

PRC - C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe (HP)

PRC - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)

PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)

PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Microsoft Location Finder\LocationFinder.exe (Microsoft Corporation)

PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

PRC - C:\Program Files\Fantastic Flame Screensaver\FantasticFlameAgent.exe ()

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe (Hewlett-Packard Company)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)

PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

PRC - C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe (Cisco Systems, Inc.)

PRC - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe (ExtendMedia Inc.)

PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)

PRC - C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)

PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)

PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\Program Files\HPQ\shared\HpqToaster.exe ()

PRC - C:\Documents and Settings\Tyler Odegaard\Desktop\New Folder\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)

SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)

SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (DefWatch [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)

SRV - (Diskeeper [Auto | Running]) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)

SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (hpqwmiex [Auto | Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)

SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (idsvc [unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)

SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)

SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)

SRV - (NACAgent [Auto | Running]) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe (Cisco Systems, Inc.)

SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (OpenCASE Media Agent [Auto | Running]) -- C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe (ExtendMedia Inc.)

SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)

SRV - (SavRoam [On_Demand | Stopped]) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)

SRV - (SNDSrvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)

SRV - (SPBBCSvc [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)

SRV - (StyleXPService [Auto | Running]) -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe ()

SRV - (Symantec AntiVirus [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)

SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)

SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)

SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (AmdK8 [system | Running]) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys (Advanced Micro Devices)

DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)

DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys (Broadcom Corporation)

DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)

DRV - (CAMCAUD [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\camc6aud.sys (Conexant Systems Inc.)

DRV - (CAMCHALA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\camc6hal.sys (Conexant Systems Inc.)

DRV - (eabfiltr [system | Running]) -- C:\WINDOWS\System32\drivers\EABFiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (eabusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\eabusb.sys (Hewlett-Packard Development Company, L.P.)

DRV - (eeCtrl [system | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)

DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)

DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)

DRV - (HSFHWATI [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWATI.sys (Conexant Systems, Inc.)

DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)

DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)

DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090907.002\NAVENG.SYS (Symantec Corporation)

DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090907.002\NAVEX15.SYS (Symantec Corporation)

DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)

DRV - (SASDIFSV [system | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL [system | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SAVRT [system | Running]) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)

DRV - (SAVRTPEL [system | Running]) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)

DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (SPBBCDrv [system | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)

DRV - (StyleXPHelper [system | Running]) -- C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe (Windows ® 2000 DDK provider)

DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)

DRV - (SYMTDI [system | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)

DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)

DRV - (tifm21 [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\tifm21.sys (Texas Instruments)

DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)

DRV - (usbohci [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usbohci.sys ()

DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"

FF - prefs.js..extensions.enabledItems: {3f0da09b-c1ab-40c5-8d7f-53f475ac3fe8}:0.10.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3789

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - prefs.js..extensions.enabledItems: {d122ad80-ff45-11dd-87af-0800200c9a66}:0.5

FF - prefs.js..extensions.enabledItems: {86FA6F53-95FE-7A69-D8C3-E1454281F8B6}:1.0f3

FF - prefs.js..extensions.enabledItems: {5b35cb30-16b4-11de-8c30-0800200c9a66}:0.2

FF - prefs.js..extensions.enabledItems: {20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}:3.11

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/04/16 01:28:05 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/02 15:55:15 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/27 23:58:10 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/27 15:29:27 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components

FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins

[2009/04/01 12:33:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Odegaard\Application Data\mozilla\Extensions

[2009/04/01 12:33:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Odegaard\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/09/03 22:13:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Odegaard\Application Data\mozilla\Firefox\Profiles\187mhxgv.default\extensions

[2009/07/24 18:13:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Odegaard\Application Data\mozilla\Firefox\Profiles\187mhxgv.default\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}

[2009/07/24 18:13:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Odegaard\Application Data\mozilla\Firefox\Profiles\187mhxgv.default\extensions\{3f0da09b-c1ab-40c5-8d7f-53f475ac3fe8}

[2009/04/02 14:07:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Odegaard\Application Data\mozilla\Firefox\Profiles\187mhxgv.default\extensions\{5b35cb30-16b4-11de-8c30-0800200c9a66}

[2009/05/01 12:57:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Odegaard\Application Data\mozilla\Firefox\Profiles\187mhxgv.default\extensions\{86FA6F53-95FE-7A69-D8C3-E1454281F8B6}

[2009/07/24 18:12:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Odegaard\Application Data\mozilla\Firefox\Profiles\187mhxgv.default\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66}

[2009/04/01 12:42:29 | 00,002,273 | ---- | M] () -- C:\Documents and Settings\Tyler Odegaard\Application Data\Mozilla\FireFox\Profiles\187mhxgv.default\searchplugins\ask.xml

[2009/04/01 12:42:29 | 00,000,567 | ---- | M] () -- C:\Documents and Settings\Tyler Odegaard\Application Data\Mozilla\FireFox\Profiles\187mhxgv.default\searchplugins\yahoo.xml

[2009/09/03 22:03:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/08/04 22:55:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/08/18 20:34:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}

[2009/05/02 15:55:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009/09/01 00:52:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

[2009/08/04 22:54:25 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/08/04 22:54:26 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009/07/31 15:23:11 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2009/08/04 22:54:39 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2004/12/14 02:19:18 | 00,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2009/08/27 15:29:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2009/08/27 15:29:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2009/08/27 15:29:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2009/08/27 15:29:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2009/08/27 15:29:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2009/08/27 15:29:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2009/08/27 15:29:25 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

[2009/03/26 13:56:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2009/03/26 13:56:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2009/03/26 13:56:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2009/03/26 13:56:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2009/03/26 13:56:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/03/26 13:56:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2009/03/26 13:56:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (146 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 91.206.201.8 intsecureprof.microsoft.com

O1 - Hosts: 91.206.201.8 intsecureprof.com

O1 - Hosts: 91.206.201.8 www.intsecureprof.com

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)

O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll File not found

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll File not found

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll File not found

O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()

O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )

O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)

O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe (HP)

O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [iSUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [NACAgentUI] C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)

O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe ()

O4 - HKLM..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe (SoftThinks)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [userFaultCheck] File not found

O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)

O4 - HKCU..\Run: [Aim6] File not found

O4 - HKCU..\Run: [Microsoft Location Finder] C:\Program Files\Microsoft Location Finder\LocationFinder.exe (Microsoft Corporation)

O4 - HKCU..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKCU..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe ()

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Fantastic Flame Agent.lnk = C:\Program Files\Fantastic Flame Screensaver\FantasticFlameAgent.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()

O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O8 - Extra context menu item: Add to Windows &Live Favorites - File not found

O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)

O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)

O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll File not found

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB (Hewlett-Packard Online Support Services)

O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} https://nas1.sdstate.edu/auth/taweb.cab (Cisco NAC Web Agent Control)

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab (Windows Live Safety Center Base Module)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1239825734265 (WUWebControl Class)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1239825706968 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} https://nas1.sdstate.edu/auth/CCALogin.CAB (CCAWebLogin Control)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (C:\Program) - File not found

O20 - HKLM Winlogon: UIHost - (Files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE) - File not found

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll (Symantec Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2001/07/27 22:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2004/04/30 14:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]

O33 - MountPoints2\{6484f7e4-be4c-11dc-8a66-0014a5e8fe40}\Shell - "" = AutoRun

O33 - MountPoints2\{6484f7e4-be4c-11dc-8a66-0014a5e8fe40}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{6484f7e4-be4c-11dc-8a66-0014a5e8fe40}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O33 - MountPoints2\{758f6161-7a1e-11db-8826-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{758f6161-7a1e-11db-8826-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]

[1 C:\WINDOWS\*.tmp files]

[5 C:\Documents and Settings\Tyler Odegaard\My Documents\*.tmp files]

[2009/09/08 12:51:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tyler Odegaard\Desktop\New Folder

[2009/09/03 15:11:32 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Tyler Odegaard\Desktop\HijackThis.lnk

[2009/09/03 15:11:30 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/09/03 12:55:45 | 00,154,887 | ---- | C] () -- C:\Documents and Settings\Tyler Odegaard\Desktop\fixit4me.gadget

[2009/09/03 12:22:29 | 93,767,6800 | -HS- | C] () -- C:\hiberfil.sys

[2009/09/02 17:50:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2

[2009/09/02 17:44:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tyler Odegaard\Desktop\Dial-a-fix-v0.60.0.24

[2009/09/01 21:33:54 | 00,000,000 | -HSD | C] -- C:\Diskeeper

[2009/09/01 12:15:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Diskeeper Corporation

[2009/09/01 12:15:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation

[2009/09/01 12:15:27 | 00,000,000 | ---D | C] -- C:\Program Files\Diskeeper Corporation

[2009/09/01 12:05:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2009/09/01 12:05:21 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk

[2009/09/01 12:05:10 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2009/09/01 12:05:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tyler Odegaard\Application Data\SUPERAntiSpyware.com

[2009/09/01 12:04:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2009/09/01 12:01:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tyler Odegaard\Application Data\WinRAR

[2009/09/01 12:00:42 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2009/09/01 10:22:18 | 04,366,555 | ---- | C] (Cisco Systems, Inc.) -- C:\Documents and Settings\Tyler Odegaard\Desktop\Update(2).exe

[2009/09/01 00:52:41 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2009/09/01 00:52:41 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2009/09/01 00:52:41 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2009/09/01 00:48:41 | 00,714,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Tyler Odegaard\Desktop\jxpiinstall.exe

[2009/08/31 23:26:33 | 04,366,555 | ---- | C] (Cisco Systems, Inc.) -- C:\Documents and Settings\Tyler Odegaard\Desktop\Update.exe

[2009/08/31 10:34:58 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2009/08/31 09:51:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cisco

[2009/08/31 09:51:42 | 00,001,845 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Cisco NAC Agent.lnk

[2009/08/31 09:51:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco

[2009/08/31 09:51:22 | 00,000,000 | ---D | C] -- C:\Program Files\Cisco

[2009/08/27 15:52:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tyler Odegaard\My Documents\ImTOO Software Studio

[2009/08/27 15:52:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tyler Odegaard\Application Data\ImTOO Software Studio

[2009/08/27 15:51:42 | 00,001,761 | ---- | C] () -- C:\Documents and Settings\Tyler Odegaard\Desktop\ImTOO MPEG Encoder Standard.lnk

[2009/08/27 15:49:58 | 00,000,000 | ---D | C] -- C:\Program Files\ImTOO

[2009/08/27 15:46:18 | 16,028,095 | ---- | C] () -- C:\Documents and Settings\Tyler Odegaard\Desktop\mpeg-encoder-standard-41214.exe

[2009/08/19 18:02:54 | 00,001,634 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM 6.lnk

[2009/08/18 21:17:58 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Tyler Odegaard\My Documents\2009 SDSU Mens Soccer.doc

[2009/08/18 20:40:05 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/08/18 20:40:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tyler Odegaard\Application Data\skypePM

[2009/08/18 20:34:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tyler Odegaard\Application Data\Skype

[2009/08/18 20:33:28 | 00,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2009/08/18 20:33:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2009/08/18 20:33:02 | 00,000,000 | R--D | C] -- C:\Program Files\Skype

[2009/08/18 20:26:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype

[2008/12/01 20:50:12 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2008/12/01 20:50:11 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2008/12/01 20:50:11 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2008/01/14 17:47:06 | 00,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll

[2007/12/27 18:48:29 | 00,007,165 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini

[2007/12/27 18:47:48 | 00,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini

[2007/11/02 17:36:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI

[2006/11/30 22:58:50 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll

[2006/11/30 22:38:35 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/06/19 03:55:13 | 00,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2006/06/19 03:53:19 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini

[2006/06/19 03:37:38 | 00,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2006/06/19 03:18:26 | 00,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2005/12/02 05:09:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2005/08/17 12:39:42 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/08/17 12:21:06 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2005/08/17 11:59:14 | 00,000,608 | ---- | C] () -- C:\WINDOWS\win.ini

[2005/08/17 04:45:30 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

[2005/08/06 00:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2005/02/05 15:46:00 | 00,004,608 | ---- | C] () -- C:\WINDOWS\fgexec.dll

[2004/08/10 10:00:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\mmcbase.dll

[2004/08/10 10:00:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbohci.sys

[2001/07/07 05:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]

[1 C:\WINDOWS\*.tmp files]

[5 C:\Documents and Settings\Tyler Odegaard\My Documents\*.tmp files]

[2009/09/08 12:50:29 | 00,000,045 | ---- | M] () -- C:\TEST.XML

[2009/09/08 12:47:13 | 00,000,297 | ---- | M] () -- C:\hpqp.ini

[2009/09/08 12:47:12 | 00,000,039 | ---- | M] () -- C:\XP_TV.ini

[2009/09/08 12:46:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/09/08 12:46:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/09/08 12:46:45 | 93,767,6800 | -HS- | M] () -- C:\hiberfil.sys

[2009/09/03 16:43:00 | 00,000,272 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

[2009/09/03 15:11:32 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Tyler Odegaard\Desktop\HijackThis.lnk

[2009/09/03 12:55:45 | 00,154,887 | ---- | M] () -- C:\Documents and Settings\Tyler Odegaard\Desktop\fixit4me.gadget

[2009/09/03 12:32:07 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2009/09/03 12:32:07 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2009/09/03 10:38:19 | 00,041,418 | ---- | M] () -- C:\Documents and Settings\Tyler Odegaard\Application Data\wklnhst.dat

[2009/09/03 00:28:02 | 00,442,932 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/09/03 00:28:02 | 00,072,038 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/09/03 00:09:14 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm

[2009/09/03 00:09:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm

[2009/09/02 19:56:33 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm

[2009/09/02 19:56:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm

[2009/09/02 17:41:11 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm

[2009/09/02 17:41:10 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm

[2009/09/02 16:55:57 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm

[2009/09/02 16:55:55 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm

[2009/09/02 12:41:53 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm

[2009/09/02 12:41:52 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm

[2009/09/01 21:08:05 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm

[2009/09/01 21:08:04 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm

[2009/09/01 19:03:56 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm

[2009/09/01 19:03:56 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

[2009/09/01 12:05:21 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk

[2009/09/01 10:22:32 | 04,366,555 | ---- | M] (Cisco Systems, Inc.) -- C:\Documents and Settings\Tyler Odegaard\Desktop\Update(2).exe

[2009/09/01 00:48:50 | 00,714,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Tyler Odegaard\Desktop\jxpiinstall.exe

[2009/09/01 00:42:28 | 00,001,845 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Cisco NAC Agent.lnk

[2009/08/31 23:26:50 | 04,366,555 | ---- | M] (Cisco Systems, Inc.) -- C:\Documents and Settings\Tyler Odegaard\Desktop\Update.exe

[2009/08/31 14:58:27 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2009/08/31 14:15:15 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm

[2009/08/31 14:15:15 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm

[2009/08/31 10:11:16 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm

[2009/08/31 10:11:15 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm

[2009/08/30 00:24:54 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2009/08/30 00:23:27 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm

[2009/08/30 00:23:27 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm

[2009/08/30 00:18:33 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/08/27 18:09:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009/08/27 16:17:22 | 00,012,800 | ---- | M] () -- C:\Documents and Settings\Tyler Odegaard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/08/27 15:51:42 | 00,001,761 | ---- | M] () -- C:\Documents and Settings\Tyler Odegaard\Desktop\ImTOO MPEG Encoder Standard.lnk

[2009/08/27 15:48:31 | 16,028,095 | ---- | M] () -- C:\Documents and Settings\Tyler Odegaard\Desktop\mpeg-encoder-standard-41214.exe

[2009/08/23 23:21:48 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm

[2009/08/23 23:21:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm

[2009/08/22 13:01:00 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm

[2009/08/22 13:01:00 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm

[2009/08/22 08:45:23 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm

[2009/08/22 08:45:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm

[2009/08/19 18:58:19 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm

[2009/08/19 18:58:18 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm

[2009/08/19 18:06:37 | 00,001,847 | -H-- | M] () -- C:\IPH.PH

[2009/08/19 18:02:54 | 00,001,634 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM 6.lnk

[2009/08/19 17:57:15 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm

[2009/08/19 17:57:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm

[2009/08/18 21:39:43 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Tyler Odegaard\My Documents\2009 SDSU Mens Soccer.doc

[2009/08/18 20:40:05 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/08/09 13:45:58 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm

[2009/08/09 13:45:57 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm

[2009/08/09 13:03:15 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm

[2009/08/09 13:03:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm

========== LOP Check ==========

[2009/09/03 12:43:39 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data

[2009/01/22 20:56:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[2008/12/29 16:41:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore

[2008/12/29 16:42:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar

[2009/08/31 09:51:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco

[2006/06/19 03:58:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink

[2009/09/01 12:15:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation

[2008/04/04 01:02:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Efofex

[2007/11/13 12:49:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ExtendMedia

[2007/05/30 20:34:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg

[2008/09/24 21:19:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios

[2006/06/19 03:55:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit

[2009/02/27 12:08:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Laconic Software

[2007/04/12 19:46:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6

[2006/06/19 03:54:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies

[2006/06/19 01:55:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI

[2009/08/19 18:03:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2007/09/15 08:46:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar

[2009/02/22 01:59:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2009/09/03 12:46:14 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Tyler Odegaard\Application Data

[2009/06/08 23:23:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Odegaard\Application Data\acccore

[2009/06/08 23:23:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Odegaard\Application Data\CiscoCAA

[2009/06/08 23:23:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Odegaard\Application Data\CyberLink

[2008/04/04 01:02:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Odegaard\Application Data\Efofex

[2007/09/24 15:02:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Odegaard\Application Data\Image Zone Express

[2009/08/27 15:52:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Odegaard\Application Data\ImTOO Software Studio

[2006/06/19 03:55:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Odegaard\Application Data\Intuit

[2009/08/27 17:28:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Odegaard\Application Data\LimeWire

[2008/04/04 00:47:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Odegaard\Application Data\MiKTeX

[2008/12/16 15:58:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Odegaard\Application Data\MSN6

[2008/04/13 23:44:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Odegaard\Application Data\MSNInstaller

[2007/09/24 15:02:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Odegaard\Application Data\Printer Info Cache

[2008/04/03 23:35:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Odegaard\Application Data\Soft4science

[2007/10/19 19:52:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Odegaard\Application Data\Template

[2009/04/18 15:31:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Odegaard\Application Data\U3

[2009/02/22 01:27:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Odegaard\Application Data\Uniblue

[2008/01/29 00:57:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tyler Odegaard\Application Data\Viewpoint

[2009/08/27 18:09:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

[2009/09/03 16:43:00 | 00,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

[2004/08/10 10:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/09/08 12:46:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

< End of report >

Extras.txt

OTL Extras logfile created on: 9/8/2009 12:53:27 PM - Run 1

OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Tyler Odegaard\Desktop\New Folder

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.17 Mb Total Physical Memory | 185.66 Mb Available Physical Memory | 20.76% Memory free

2.12 Gb Paging File | 1.47 Gb Available in Paging File | 69.29% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 62.67 Gb Total Space | 26.70 Gb Free Space | 42.61% Space Free | Partition Type: NTFS

Drive D: | 11.83 Gb Total Space | 0.65 Gb Free Space | 5.47% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

Drive F: | 1003.77 Mb Total Space | 995.16 Mb Free Space | 99.14% Space Free | Partition Type: FAT

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PC264411574023

Current User Name: Tyler Odegaard

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)

"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

"C:\Program Files\NBC Direct\StoreFrontPlayer.exe" = C:\Program Files\NBC Direct\StoreFrontPlayer.exe:*:Enabled:NBC Direct Beta -- File not found

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found

"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Standard

"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300

"{06040048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta Encyclopedia Standard 2006

"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module

"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup

"{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}" = Safari

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{1771FDC8-D846-4B77-996A-C80DAD42C03F}" = OpenCASE Media Agent

"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus

"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime

"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress

"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 16

"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006

"{286F29AF-0BE2-4D5F-AB17-B7631A810553}" = muvee autoProducer 4.5

"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)

"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)

"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant

"{3AE76A6A-DE52-4920-9814-905CA5551C2D}" = Cisco NAC Agent

"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap

"{428102E6-8A39-48B9-8389-847F5A44A600}" = MSXML 4.0

"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 C1

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.0

"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant

"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar)

"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config

"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant

"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig

"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant

"{50E125D1-88E5-48CE-80AE-98EC9698E639}" = Symantec AntiVirus

"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1

"{52AE81CB-B786-490E-93CF-240A9891B392}" = HP User Guides 0025

"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder

"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)

"{54BB0384-1C33-488F-A95B-877E480D3EDC}" = MSXML 4.0

"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig

"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger

"{593D4F8A-5F11-4901-A74A-6E7971E45790}" = Diskeeper 2009 Pro Premier

"{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Digital Image Standard 2006 Editor

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler

"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg

"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)

"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI

"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox

"{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Digital Image Standard 2006 Library

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme

"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1

"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)

"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar

"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK

"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI

"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI

"{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}" = LightScribe 1.4.56.1

"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig

"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status

"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006

"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour

"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002

"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =

"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM

"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy

"{9D18F7F8-B984-4249-8512-CC621BC59F12}" = Microsoft Location Finder

"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour

"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker

"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module

"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0

"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module

"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder

"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply

"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig

"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery

"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C0E5147E-C9F3-4360-9ED0-2E875F11766C}" = Respondus LockDown Browser

"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver

"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries

"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt

"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront

"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 G1

"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.1

"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar

"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp

"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp

"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade

"{DF821FC5-C198-452B-A0D4-82433EFEAE9B}" = OneCare Advisor (Windows Live Toolbar)

"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch

"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help

"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential

"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support

"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)

"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC

"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan

"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes

"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA

"{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}" = HP Deskjet 3740

"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations

"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA

"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices

"103EFD47-9F2C-4490-95DD-AE6C442AFB92" = SCRABBLE from Hewlett-Packard Laptops (remove only)

"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic

"1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86" = Tradewinds from Hewlett-Packard Laptops (remove only)

"5758A0E8-A112-4A1D-82EC-EC72F7F16B88" = Lexibox Deluxe from Hewlett-Packard Laptops (remove only)

"7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54" = Polar Bowler from Hewlett-Packard Laptops (remove only)

"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AIM Toolbar" = AIM Toolbar

"AIM_6" = AIM 6

"ATI Display Driver" = ATI Display Driver

"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto

"CNXT_AUDIO" = Conexant AC-Link Audio

"CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP

"D2E44AA4-8665-4490-A6C9-2D0744B47B27" = Polar Golfer from Hewlett-Packard Laptops (remove only)

"Diablo II" = Diablo II

"E332F38A-75F6-4EF2-88CC-246E8A1CB5D7" = Oasis from Hewlett-Packard Laptops (remove only)

"EF860173-4FB7-4DE1-8BE8-5400F05A0DC5" = Puzzle Express from Hewlett-Packard Laptops (remove only)

"Fantastic Flame Screensaver" = Fantastic Flame Screensaver

"HijackThis" = HijackThis 2.0.2

"HP Game Console" = HP Game Console and games

"HP Imaging Device Functions" = HP Imaging Device Functions 7.0

"HP Photo & Imaging" = HP Photosmart Premier Software 6.0

"HP Rhapsody" = HP Rhapsody

"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0

"HPExtendedCapabilities" = HP Customer Participation Program 7.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"ImTOO MPEG Encoder Standard" = ImTOO MPEG Encoder Standard

"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement

"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.

"LimeWire" = LimeWire 4.16.6

"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)

"Macromedia Shockwave Player" = Macromedia Shockwave Player

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MiKTeX 2.5" = MiKTeX 2.5

"Money2006b" = Microsoft Money 2006

"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)

"MSNINST" = MSN

"Netscape Browser" = Netscape Browser (remove only)

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"PictureItPrem_v11" = Microsoft Digital Image Standard 2006

"Shop for HP Supplies" = Shop for HP Supplies

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"StyleXP" = StyleXP (remove only)

"Super DX-Ball_is1" = Super DX-Ball v1.1

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Themexp.org File" = Themexp.org File

"ViewpointMediaPlayer" = Viewpoint Media Player

"Windows Live Toolbar" = Windows Live Toolbar

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"winmxor.zip" = winmxor.zip

"WinRAR archiver" = WinRAR archiver

"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 9/3/2009 1:42:40 AM | Computer Name = PC264411574023 | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Risk: Adware.NDotNet in File: Unavailable by:

Manual scan. Action: Reboot Required. Action Description: Quarantine was partially

successful.

Error - 9/3/2009 7:42:55 AM | Computer Name = PC264411574023 | Source = Symantec AntiVirus | ID = 16711726

Description = Security Risk Found!Risk: SpywareProtect2009 in File: C:\System Volume

Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP441\A0075483.dll by:

Manual scan. Action: Quarantine failed. Action Description: The file was left

unchanged.

Error - 9/3/2009 7:42:56 AM | Computer Name = PC264411574023 | Source = Symantec AntiVirus | ID = 16711685

Description = Risk Found!Risk: Trojan.ByteVerify in File: C:\Documents and Settings\Tyler

Odegaard\Application Data\Sun\Java\Deployment\cache\6.0\14\7879b84e-645bf2aa>>OP.class

by: Manual scan. Action: Cleaned by Deletion. Action Description: Risk Found!Risk:

in File: C:\Documents and Settings\Tyler Odegaard\Application Data\Sun\Java\Deployment\cache\6.0\14\7879b84e-645bf2aa

by: Manual scan. Action: Compressed file processing succeeded. Action Description:

The file was left unchanged. Risk Found!Risk: Trojan.Hanambot in File: C:\Program

Files\Mozilla Firefox\chrome\amba.jar>>amba.js by: Manual scan. Action: Cleaned

by Deletion. Action Description: Risk Found!Risk: in File: C:\Program Files\Mozilla

Firefox\chrome\amba.jar by: Manual scan. Action: Compressed file processing succeeded.

Action Description: The file was left unchanged.

Error - 9/3/2009 7:43:10 AM | Computer Name = PC264411574023 | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Risk: SpywareProtect2009 in File: C:\System Volume

Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP441\A0075483.dll by:

Manual scan. Action: Reboot Required. Action Description: The file was quarantined

successfully.

Error - 9/3/2009 10:55:11 AM | Computer Name = PC264411574023 | Source = Symantec AntiVirus | ID = 16711685

Description = Risk: in File: Internet browser temporary file cache by: Manual scan.

Action: Quarantine failed : Leave Alone failed. Action Description: The file

was deleted successfully. Risk Found!Risk: SpywareProtect2009 in File: C:\System

Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP441\A0075483.dll

by: Manual scan. Action: Quarantine failed. Action Description: The file was

left unchanged.

Error - 9/3/2009 1:26:37 PM | Computer Name = PC264411574023 | Source = Symantec AntiVirus | ID = 16711720

Description = Symantec AntiVirus has determined that the virus definitions are missing

on this computer. This computer will remain unprotected from viruses until virus

definitions are downloaded to this computer.

Error - 9/3/2009 1:32:59 PM | Computer Name = PC264411574023 | Source = Application Error | ID = 1000

Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting

module unknown, version 0.0.0.0, fault address 0x15ff5004.

Error - 9/3/2009 1:34:35 PM | Computer Name = PC264411574023 | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 9/8/2009 1:53:04 PM | Computer Name = PC264411574023 | Source = Application Hang | ID = 1002

Description = Hanging application OTL.exe, version 3.0.10.7, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 9/8/2009 1:53:04 PM | Computer Name = PC264411574023 | Source = Application Hang | ID = 1002

Description = Hanging application OTL.exe, version 3.0.10.7, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

[ System Events ]

Error - 9/3/2009 1:36:40 AM | Computer Name = PC264411574023 | Source = Service Control Manager | ID = 7001

Description = The IPSEC Services service depends on the IPSEC driver service which

failed to start because of the following error: %%31

Error - 9/3/2009 1:36:40 AM | Computer Name = PC264411574023 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

AFD AmdK8 eabfiltr eeCtrl Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SAVRT

SAVRTPEL

SPBBCDrv

StyleXPHelper

SYMTDI

Tcpip

Error - 9/3/2009 1:37:42 AM | Computer Name = PC264411574023 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service netman with

arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 9/3/2009 3:46:09 AM | Computer Name = PC264411574023 | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable. Please

run the chkdsk utility on the volume C:.

Error - 9/3/2009 11:17:45 AM | Computer Name = PC264411574023 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service netman with

arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 9/3/2009 1:20:11 PM | Computer Name = PC264411574023 | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/3/2009 1:33:12 PM | Computer Name = PC264411574023 | Source = Service Control Manager | ID = 7031

Description = The Remote Procedure Call (RPC) service terminated unexpectedly.

It has done this 1 time(s). The following corrective action will be taken in 60000

milliseconds: Reboot the machine.

Error - 9/3/2009 1:39:47 PM | Computer Name = PC264411574023 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the OpenCASE Media Agent

service to connect.

Error - 9/3/2009 1:39:47 PM | Computer Name = PC264411574023 | Source = Service Control Manager | ID = 7000

Description = The OpenCASE Media Agent service failed to start due to the following

error: %%1053

Error - 9/7/2009 6:46:24 PM | Computer Name = PC264411574023 | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the WZCSVC service.

< End of report >

RootRepeal Report

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/09/08 12:59

Program Version: Version 1.3.5.0

Windows Version: Windows XP Media Center Edition SP3

==================================================

Drivers

-------------------

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xED2DA000 Size: 98304 File Visible: No Signed: -

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xF7B84000 Size: 8192 File Visible: No Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xEE042000 Size: 49152 File Visible: No Signed: -

Status: -

Hidden/Locked Files

-------------------

Path: C:\hiberfil.sys

Status: Locked to the Windows API!

Path: c:\documents and settings\tyler odegaard\local settings\temp\perflib_perfdata_5e4.dat

Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090907.002\EraserUtilDrv10920.sys

Status: Locked to the Windows API!

SSDT

-------------------

#: 012 Function Name: NtAlertResumeThread

Status: Hooked by "<unknown>" at address 0x8576d340

#: 013 Function Name: NtAlertThread

Status: Hooked by "<unknown>" at address 0x8575e420

#: 017 Function Name: NtAllocateVirtualMemory

Status: Hooked by "<unknown>" at address 0x857f85c0

#: 031 Function Name: NtConnectPort

Status: Hooked by "<unknown>" at address 0x856e5fc0

#: 043 Function Name: NtCreateMutant

Status: Hooked by "<unknown>" at address 0x85778610

#: 053 Function Name: NtCreateThread

Status: Hooked by "<unknown>" at address 0x857f9678

#: 065 Function Name: NtDeleteValueKey

Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xedf4a350

#: 083 Function Name: NtFreeVirtualMemory

Status: Hooked by "<unknown>" at address 0x856d9ac8

#: 089 Function Name: NtImpersonateAnonymousToken

Status: Hooked by "<unknown>" at address 0x85779c50

#: 091 Function Name: NtImpersonateThread

Status: Hooked by "<unknown>" at address 0x857646e0

#: 108 Function Name: NtMapViewOfSection

Status: Hooked by "<unknown>" at address 0x856b2dd0

#: 114 Function Name: NtOpenEvent

Status: Hooked by "<unknown>" at address 0x8577a008

#: 123 Function Name: NtOpenProcessToken

Status: Hooked by "<unknown>" at address 0x8570a220

#: 129 Function Name: NtOpenThreadToken

Status: Hooked by "<unknown>" at address 0x856da560

#: 177 Function Name: NtQueryValueKey

Status: Hooked by "<unknown>" at address 0x857fdb30

#: 206 Function Name: NtResumeThread

Status: Hooked by "<unknown>" at address 0x85720238

#: 213 Function Name: NtSetContextThread

Status: Hooked by "<unknown>" at address 0x856be4b8

#: 228 Function Name: NtSetInformationProcess

Status: Hooked by "<unknown>" at address 0x8577f218

#: 229 Function Name: NtSetInformationThread

Status: Hooked by "<unknown>" at address 0x8572ba70

#: 247 Function Name: NtSetValueKey

Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xedf4a580

#: 253 Function Name: NtSuspendProcess

Status: Hooked by "<unknown>" at address 0x857af6e0

#: 254 Function Name: NtSuspendThread

Status: Hooked by "<unknown>" at address 0x8573cc98

#: 257 Function Name: NtTerminateProcess

Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xed4180b0

#: 258 Function Name: NtTerminateThread

Status: Hooked by "<unknown>" at address 0x8572d1a8

#: 267 Function Name: NtUnmapViewOfSection

Status: Hooked by "<unknown>" at address 0x85775d38

#: 277 Function Name: NtWriteVirtualMemory

Status: Hooked by "<unknown>" at address 0x857f6e50

==EOF==

MBAM Log

Malwarebytes' Anti-Malware 1.40

Database version: 2551

Windows 5.1.2600 Service Pack 3

9/8/2009 3:20:40 PM

mbam-log-2009-09-08 (15-20-40).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 195966

Time elapsed: 1 hour(s), 4 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\syssvc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\chrome\amba.jar (Trojan.Hanam) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hi,

Step #1

Run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O20 - HKLM Winlogon: UIHost - (C:\Program) - File not found
    O33 - MountPoints2\{6484f7e4-be4c-11dc-8a66-0014a5e8fe40}\Shell - "" = AutoRun
    O33 - MountPoints2\{6484f7e4-be4c-11dc-8a66-0014a5e8fe40}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{6484f7e4-be4c-11dc-8a66-0014a5e8fe40}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{758f6161-7a1e-11db-8826-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{758f6161-7a1e-11db-8826-806d6172696f}\Shell\AutoRun - "" = Auto&Play

    :Files
    C:\Documents and Settings\Tyler Odegaard\Application Data\Viewpoint
    C:\Documents and Settings\All Users\Application Data\Viewpoint

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

Step #2

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

J2SE Runtime Environment 5.0 Update 6

Javaâ„¢ SE Runtime Environment 6 Update 1

Javaâ„¢ 6 Update 2

Javaâ„¢ 6 Update 3

Step #3

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 16.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u16-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u14-windows-i586.exe and select "Run as an Administrator.")

Link to post
Share on other sites

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the "C:\Combo-Fix.txt" for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

Sorry for the long delay, it was a hectic weekend.

ComboFix 09-09-14.02 - Tyler Odegaard 09/14/2009 14:58.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.380 [GMT -5:00]

Running from: c:\documents and settings\Tyler Odegaard\Desktop\Combo-Fix.exe

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Tyler Odegaard\nah_vkka.exe

c:\windows\kb913800.exe

c:\windows\system32\azip32.dll

c:\windows\system32\wuauclt.exe

D:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2009-08-14 to 2009-09-14 )))))))))))))))))))))))))))))))

.

2009-09-14 01:09 . 2009-09-14 01:09 -------- d-----w- c:\program files\Common Files\Cisco

2009-09-14 01:09 . 2009-09-14 01:09 -------- d-----w- c:\program files\Cisco

2009-09-10 21:43 . 2009-09-14 20:09 -------- d-----w- c:\windows\system32\CatRoot2

2009-09-10 21:01 . 2009-09-10 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint

2009-09-10 20:34 . 2009-09-10 20:34 -------- d-----w- C:\_OTL

2009-09-08 18:18 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-08 18:18 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-03 20:11 . 2009-09-03 20:11 -------- d-----w- c:\program files\Trend Micro

2009-09-02 02:33 . 2009-09-02 02:33 -------- d-----w- C:\Diskeeper

2009-09-01 17:15 . 2009-09-01 17:15 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation

2009-09-01 17:15 . 2009-09-01 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Diskeeper Corporation

2009-09-01 17:15 . 2009-09-01 17:15 -------- d-----w- c:\program files\Diskeeper Corporation

2009-09-01 17:05 . 2009-09-01 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-09-01 17:05 . 2009-09-01 17:08 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-09-01 17:05 . 2009-09-01 17:05 -------- d-----w- c:\documents and settings\Tyler Odegaard\Application Data\SUPERAntiSpyware.com

2009-09-01 17:04 . 2009-09-01 17:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-08-31 19:12 . 2009-08-31 19:12 -------- d-sh--w- c:\documents and settings\Tyler Odegaard\IECompatCache

2009-08-31 19:10 . 2009-08-31 19:10 -------- d-sh--w- c:\documents and settings\Tyler Odegaard\PrivacIE

2009-08-31 15:55 . 2009-08-31 15:55 -------- d-sh--w- c:\documents and settings\Tyler Odegaard\IETldCache

2009-08-31 15:47 . 2009-08-31 15:47 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-08-31 15:34 . 2009-08-31 15:39 -------- dc-h--w- c:\windows\ie8

2009-08-31 14:51 . 2009-08-31 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Cisco

2009-08-27 20:52 . 2009-08-27 20:52 -------- d-----w- c:\documents and settings\Tyler Odegaard\Application Data\ImTOO Software Studio

2009-08-27 20:49 . 2009-08-27 20:49 -------- d-----w- c:\program files\ImTOO

2009-08-19 01:40 . 2009-08-19 01:40 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-08-19 01:40 . 2009-08-27 22:33 -------- d-----w- c:\documents and settings\Tyler Odegaard\Application Data\skypePM

2009-08-19 01:34 . 2009-09-14 01:06 -------- d-----w- c:\documents and settings\Tyler Odegaard\Application Data\Skype

2009-08-19 01:33 . 2009-08-19 01:33 -------- d-----w- c:\program files\Common Files\Skype

2009-08-19 01:33 . 2009-08-19 01:34 -------- d-----r- c:\program files\Skype

2009-08-19 01:26 . 2009-08-19 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-14 20:10 . 2009-08-06 23:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-14 19:52 . 2008-01-15 17:46 -------- d-----w- c:\program files\Symantec AntiVirus

2009-09-14 18:47 . 2006-12-01 03:51 41200 -c--a-w- c:\documents and settings\Tyler Odegaard\Application Data\wklnhst.dat

2009-09-14 01:02 . 2006-06-19 08:07 -------- d-----w- c:\program files\Java

2009-09-11 21:54 . 2008-12-02 01:30 -------- d-----w- c:\program files\Diablo II

2009-09-10 21:40 . 2009-05-02 20:55 411368 -c--a-w- c:\windows\system32\deploytk.dll

2009-09-10 21:33 . 2006-06-19 08:52 -------- d-----w- c:\program files\Google

2009-08-27 22:28 . 2008-01-27 03:27 -------- d-----w- c:\documents and settings\Tyler Odegaard\Application Data\LimeWire

2009-08-19 23:02 . 2007-03-27 23:10 -------- d-----w- c:\program files\AIM6

2009-08-19 22:59 . 2007-03-27 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads

2009-08-07 04:43 . 2007-11-13 17:51 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2009-08-07 02:13 . 2009-08-07 02:13 -------- d-----w- c:\documents and settings\Tyler Odegaard\Application Data\Malwarebytes

2009-08-06 23:47 . 2009-08-06 23:47 -------- d-----w- c:\program files\Windows Live Safety Center

2009-08-06 23:11 . 2009-08-06 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.

------- Sigcheck -------

[7] 2008-10-16 . E654B78D2F1D791B30D0ED9A8195EC22 . 51224 . . [7.2.6001.788] . . c:\windows\system32\dllcache\wuauclt.exe

[7] 2008-04-14 . ED7262E52C31CF1625B65039102BC16C . 111104 . . [5.4.3790.5512] . . c:\windows\ServicePackFiles\i386\wuauclt.exe

c:\windows\system32\wuauclt.exe ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Microsoft Location Finder"="c:\program files\Microsoft Location Finder\LocationFinder.exe" [2005-08-25 101080]

"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]

"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]

"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]

"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]

"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]

"NACAgentUI"="c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2009-06-22 446088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Fantastic Flame Agent.lnk - c:\program files\Fantastic Flame Screensaver\FantasticFlameAgent.exe [2006-10-14 25600]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="files\tgtsoft\stylexp\logon\currentlogon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\msiexec.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]

R2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [6/22/2009 10:24 AM 715400]

R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [1/16/2008 3:58 PM 814728]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/3/2009 12:33 PM 102448]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 4:06 AM 231424]

S3 EraserUtilDrv10910;EraserUtilDrv10910;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [?]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 8:48 PM 116416]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-09-14 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 17:20]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?55aba75feb9849d0892ae1b0c6532571

IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?55aba75feb9849d0892ae1b0c6532571

DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://nas1.sdstate.edu/auth/taweb.cab

DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} - hxxps://nas1.sdstate.edu/auth/CCALogin.CAB

FF - ProfilePath - c:\documents and settings\Tyler Odegaard\Application Data\Mozilla\Firefox\Profiles\187mhxgv.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe

HKCU-Run-Aim6 - (no file)

MSConfigStartUp-CTFMON - (no file)

AddRemove-103EFD47-9F2C-4490-95DD-AE6C442AFB92 - c:\program files\WildTangent\Apps\GameChannel\Games\103EFD47-9F2C-4490-95DD-AE6C442AFB92\Uninstall.exe

AddRemove-12133444-BF36-4d4e-B7FB-A3424C645DE4 - c:\program files\GemMaster\uninstallgemmaster.exe

AddRemove-HP Game Console - c:\program files\WildTangent\Apps\hpuninstall.exe

AddRemove-winmxor.zip - c:\progra~1\FILESU~1\winmxor.zip\UNWISE.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-14 15:11

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????1?n??|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

@DACL=(02 0000)

"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

"Installed"="1"

"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

"Installed"="1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(824)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3376)

c:\windows\system32\ieframe.dll

c:\windows\system32\OneX.DLL

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\program files\TGTSoft\StyleXP\StyleXPService.exe

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

c:\windows\system32\ati2evxx.exe

c:\program files\HP\Digital Imaging\bin\hpqimzone.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\wdfmgr.exe

c:\windows\ehome\mcrdsvc.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wscntfy.exe

c:\progra~1\HPQ\shared\HPQTOA~1.EXE

.

**************************************************************************

.

Completion time: 2009-09-14 15:17 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-14 20:17

Pre-Run: 28,603,797,504 bytes free

Post-Run: 28,571,406,336 bytes free

246 --- E O F --- 2009-01-16 16:35

Edited by Sccrluk9
Link to post
Share on other sites

Hi no worries,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::

c:\documents and settings\All Users\Application Data\Viewpoint

RegLock::

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Link to post
Share on other sites
  • 2 weeks later...
Guest
This topic is now closed to further replies.