Inactive Google Redirect - Trojan.Happili & Trojan.Zbot

[Inactive] Google Redirect - Trojan.Happili & Trojan.Zbot

In the last few days, I've noticed my desktop computer (running Windows XP Pro) would redirect when trying to click on a Google search result. The redirect only occurs the first time during a search, not subsequent clicks on the same search results. The redirect results in a new window opening even if I commanded the link be opened in a new tab. Other than this anomaly, I haven't noticed any other malicious activity except perhaps a little bit of sluggishness. I am current on all of the latest Windows updates.

As per the instructions, I ran Malwarebytes and it found three malware trojans which were quarantined and successfully deleted. I also ran GMER, aswMBR and DDS.

Logs are pasted below. Thanks in advance for your help.
_______________________________________________________

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.27.13

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
WP Lanius :: VENTURE2 [administrator]

6/27/2012 5:28:34 PM
mbam-log-2012-06-27 (17-28-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242754
Time elapsed: 6 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Documents and Settings\NetworkService\Application Data\twain_32 (Trojan.Zbot) -> Quarantined and deleted successfully.

Files Detected: 2
C:\Documents and Settings\WP Lanius\Local Settings\temp\0.8273962586169887 (Trojan.Happili) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\twain_32\user.ds (Trojan.Zbot) -> Quarantined and deleted successfully.

(end)
______________________________
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-28 06:40:15
Windows 5.1.2600 Service Pack 3
Running: xmefmykt.exe; Driver: C:\DOCUME~1\WPLANI~1\LOCALS~1\Temp\pfldypow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB97F1360, 0x24526E, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{05AF50AA-22D7-AA1D-A4F48F393CAE2202}\{78C6AA3D-BD77-7FA2-B188C82FA3887936}\{102B7915-3D5B-6524-E77B0FDDDBDD9024}
Reg HKLM\SOFTWARE\Classes\CLSID\{05AF50AA-22D7-AA1D-A4F48F393CAE2202}\{78C6AA3D-BD77-7FA2-B188C82FA3887936}\{102B7915-3D5B-6524-E77B0FDDDBDD9024}@NRDFOBLVNAUE2QOGEQXAH1Y2DD1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{17739CC8-1062-40F7-1C3862585ABD2CDA}\{84278681-95F8-776A-6C175249145B2CFC}\{113E55B4-CE67-C34A-F065E12B6143C7DD}
Reg HKLM\SOFTWARE\Classes\CLSID\{17739CC8-1062-40F7-1C3862585ABD2CDA}\{84278681-95F8-776A-6C175249145B2CFC}\{113E55B4-CE67-C34A-F065E12B6143C7DD}@NRDFOBLVNAUE2QOGEQXAH1Y2DD1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{18E09523-0BB1-0E75-6B141AE958ABE9E7}\{8E8BA3D9-389B-9F43-3B5B6490B54F898E}\{0E0922CC-9ECE-C3AB-5B05A5FA1997F2CA}
Reg HKLM\SOFTWARE\Classes\CLSID\{18E09523-0BB1-0E75-6B141AE958ABE9E7}\{8E8BA3D9-389B-9F43-3B5B6490B54F898E}\{0E0922CC-9ECE-C3AB-5B05A5FA1997F2CA}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{207A1422-7CE2-3F0D-CB0619EAC3E5A348}\{36711064-4D57-673B-128E50084FEF4668}\{C13F5A8B-0B9D-FCC2-F6ECFF62882D3E51}
Reg HKLM\SOFTWARE\Classes\CLSID\{207A1422-7CE2-3F0D-CB0619EAC3E5A348}\{36711064-4D57-673B-128E50084FEF4668}\{C13F5A8B-0B9D-FCC2-F6ECFF62882D3E51}@NRDFOBLVNAUE2QOGEQXAH1Y2DD1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{3B85D734-4D1E-A5B8-7A2C9FEBD20E3A7C}\{9B78C2B1-5ACD-EEEE-C2C08A9F5ADC5CE8}\{497F871A-1051-F8C7-F54470C03EAE9AE4}
Reg HKLM\SOFTWARE\Classes\CLSID\{3B85D734-4D1E-A5B8-7A2C9FEBD20E3A7C}\{9B78C2B1-5ACD-EEEE-C2C08A9F5ADC5CE8}\{497F871A-1051-F8C7-F54470C03EAE9AE4}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{42E6D7B2-B1C8-2837-2B153136718EFEB8}\{8E0BC5B0-8FBD-4DC6-72B4724501FBC409}\{8BABC9F6-A6DF-6175-8337ACE301A74A27}
Reg HKLM\SOFTWARE\Classes\CLSID\{42E6D7B2-B1C8-2837-2B153136718EFEB8}\{8E0BC5B0-8FBD-4DC6-72B4724501FBC409}\{8BABC9F6-A6DF-6175-8337ACE301A74A27}@NRDFOBLVNAUE2QOGEQXAH1Y2DD1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{48418982-249C-E344-B1C048196FA2EDFD}\{A41EB0B4-3EE0-E472-B7C2AAEB5A9566C4}\{DB4C8A45-FEFF-6FD9-65B4662880A15182}
Reg HKLM\SOFTWARE\Classes\CLSID\{48418982-249C-E344-B1C048196FA2EDFD}\{A41EB0B4-3EE0-E472-B7C2AAEB5A9566C4}\{DB4C8A45-FEFF-6FD9-65B4662880A15182}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{4E801B1F-2C34-C71B-55752B4DE71FAE4A}\{6707E13D-DFA5-4083-2A160A7F601D7F5F}\{38345692-AD4C-2D4A-1F4885FC450939AB}
Reg HKLM\SOFTWARE\Classes\CLSID\{4E801B1F-2C34-C71B-55752B4DE71FAE4A}\{6707E13D-DFA5-4083-2A160A7F601D7F5F}\{38345692-AD4C-2D4A-1F4885FC450939AB}@NRDFOBLVNAUE2QOGEQXAH1Y2DD1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{5B0B6C35-3AEA-9EAE-179EBB09B20EA2F1}\{75565C86-DCE5-4077-B0F3502E93E7104E}\{6B409343-0D15-4A1C-46DBD99A1375331F}
Reg HKLM\SOFTWARE\Classes\CLSID\{5B0B6C35-3AEA-9EAE-179EBB09B20EA2F1}\{75565C86-DCE5-4077-B0F3502E93E7104E}\{6B409343-0D15-4A1C-46DBD99A1375331F}@NRDFOBLVNAUE2QOGEQXAH1Y2DD1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7D123B2E-0C5F-D919-194C2B3C78E1FEC1}\{313463E6-9B37-5C56-F570B6CAA31EBA6B}\{14D54DC1-EDC1-0F67-65A1433CC409F39D}
Reg HKLM\SOFTWARE\Classes\CLSID\{7D123B2E-0C5F-D919-194C2B3C78E1FEC1}\{313463E6-9B37-5C56-F570B6CAA31EBA6B}\{14D54DC1-EDC1-0F67-65A1433CC409F39D}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{8FD8A5D7-9511-025F-16B31A5B051F5A4D}\{7F4BC209-0230-7A50-936F3704F4AD01D8}\{4F172B6C-B722-D8DB-046FD06C67D2EAC6}
Reg HKLM\SOFTWARE\Classes\CLSID\{8FD8A5D7-9511-025F-16B31A5B051F5A4D}\{7F4BC209-0230-7A50-936F3704F4AD01D8}\{4F172B6C-B722-D8DB-046FD06C67D2EAC6}@NRDFOBLVNAUE2QOGEQXAH1Y2DD1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{9D7D745F-2DA2-E26E-67E2A61C92B5C873}\{869A1319-CB5B-72EF-32E86935B8210920}\{0F637A1B-C125-DB37-203685E7DE12B741}
Reg HKLM\SOFTWARE\Classes\CLSID\{9D7D745F-2DA2-E26E-67E2A61C92B5C873}\{869A1319-CB5B-72EF-32E86935B8210920}\{0F637A1B-C125-DB37-203685E7DE12B741}@NRDFOBLVNAUE2QOGEQXAH1Y2DD1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{A356E26F-F64B-8F5D-7C18E49D604F2F76}\{6A54AA76-7D92-69B0-4B2831BB70973615}\{981C58D8-528B-1766-742A6B252CC7665F}
Reg HKLM\SOFTWARE\Classes\CLSID\{A356E26F-F64B-8F5D-7C18E49D604F2F76}\{6A54AA76-7D92-69B0-4B2831BB70973615}\{981C58D8-528B-1766-742A6B252CC7665F}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{B2236175-3D9F-05C6-8B4893E47EF3B357}\{715026F0-32B2-9A38-0A89C09A617BF317}\{121623C5-7E2D-B1BB-98FD332A06B7F4F2}
Reg HKLM\SOFTWARE\Classes\CLSID\{B2236175-3D9F-05C6-8B4893E47EF3B357}\{715026F0-32B2-9A38-0A89C09A617BF317}\{121623C5-7E2D-B1BB-98FD332A06B7F4F2}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{BF11F383-757D-CF48-6D213AC2BB6130AD}\{12507465-D6D8-AFB1-97ED5D21195D77D5}\{90E47118-DD98-E716-1AABCD138C042D55}
Reg HKLM\SOFTWARE\Classes\CLSID\{BF11F383-757D-CF48-6D213AC2BB6130AD}\{12507465-D6D8-AFB1-97ED5D21195D77D5}\{90E47118-DD98-E716-1AABCD138C042D55}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{CD33F05B-57D8-EB8D-1C637C8E18479BDE}\{4B66B287-DF55-8BF6-0C7A245C073DF874}\{2B094E66-D192-13E4-CB3BD0799FCAC2FC}
Reg HKLM\SOFTWARE\Classes\CLSID\{CD33F05B-57D8-EB8D-1C637C8E18479BDE}\{4B66B287-DF55-8BF6-0C7A245C073DF874}\{2B094E66-D192-13E4-CB3BD0799FCAC2FC}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F1AB0511-A375-41F8-28F286EA5B314AE1}\{CDE856FA-B0FC-53AE-2E76D427065C9F08}\{06F28CA4-0E64-79D3-A5453F20806788AF}
Reg HKLM\SOFTWARE\Classes\CLSID\{F1AB0511-A375-41F8-28F286EA5B314AE1}\{CDE856FA-B0FC-53AE-2E76D427065C9F08}\{06F28CA4-0E64-79D3-A5453F20806788AF}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F71B406A-64B6-7890-A4E79C228CB5B5C7}\{B2D97AB2-1AAA-0E19-47D2DF75F80031A6}\{B1F98325-4C85-36BE-448BCE0A416EDA34}
Reg HKLM\SOFTWARE\Classes\CLSID\{F71B406A-64B6-7890-A4E79C228CB5B5C7}\{B2D97AB2-1AAA-0E19-47D2DF75F80031A6}\{B1F98325-4C85-36BE-448BCE0A416EDA34}@NRDFOBLVNAUE2QOGEQXAH1Y2DD1 0x01 0x00 0x01 0x00 ...

---- EOF - GMER 1.0.15 ----
__________________________________
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-28 06:48:00
-----------------------------
06:48:00.843 OS Version: Windows 5.1.2600 Service Pack 3
06:48:00.843 Number of processors: 2 586 0xF06
06:48:00.843 ComputerName: VENTURE2 UserName:
06:48:01.187 Initialize success
06:48:47.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
06:48:47.937 Disk 0 Vendor: WDC_WD3000HLFS-01G6U4 04.04V06 Size: 286168MB BusType: 3
06:48:47.937 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
06:48:47.937 Disk 1 Vendor: WDC_WD3000HLFS-01G6U3 04.04V05 Size: 286168MB BusType: 3
06:48:47.937 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-20
06:48:47.937 Disk 2 Vendor: WDC_WD1001FALS-00Y6A0 05.01D05 Size: 953869MB BusType: 3
06:48:47.937 Disk 3 \Device\Harddisk3\DR3 -> \Device\Scsi\JRAID1Port4Path0Target0Lun0
06:48:47.937 Disk 3 Vendor: eSATA-2_ Size: 1831294MB BusType: 1
06:48:47.953 Disk 0 MBR read successfully
06:48:47.953 Disk 0 MBR scan
06:48:47.953 Disk 0 Windows XP default MBR code
06:48:47.953 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 286165 MB offset 63
06:48:47.953 Disk 0 scanning sectors +586067265
06:48:47.984 Disk 0 scanning C:\WINDOWS\system32\drivers
06:48:51.750 Service scanning
06:48:57.703 Modules scanning
06:49:01.234 Disk 0 trace - called modules:
06:49:01.250 ntkrnlpa.exe CLASSPNP.SYS disk.sys vsflt53.sys hal.dll ACPI.sys atapi.sys pciide.sys PCIIDEX.SYS
06:49:01.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad26ab8]
06:49:01.250 3 CLASSPNP.SYS[ba118fd7] -> nt!IofCallDriver -> [0x8ad72d68]
06:49:01.250 5 vsflt53.sys[b9f60c2b] -> nt!IofCallDriver -> \Device\00000068[0x8ad35f18]
06:49:01.250 7 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8ad34d98]
06:49:01.250 Scan finished successfully
06:50:09.750 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\WP Lanius\Desktop\MBR.dat "
06:50:09.750 The log file has been saved successfully to "C:\Documents and Settings\WP Lanius\Desktop\20120628aswMBR-scanlog.txt "
_________________________________________
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by WP Lanius at 6:51:36 on 2012-06-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3007.2574 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\iPod\bin\iPodService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.wplsports.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Apple] rundll32.exe "c:\documents and settings\wp lanius\local settings\application data\apple computer\apple\ckzrye.dll ",CreateInstance
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [JMB36X Configure] c:\windows\system32\JMRaidTool.exe boot
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMax] "c:\program files\analog devices\soundmax\smax4.exe" /tray
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe "
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe "
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
dRun: [Apple] rundll32.exe "c:\documents and settings\wp lanius\local settings\application data\apple computer\apple\ckzrye.dll ",CreateInstance
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cinefo~1.lnk - c:\program files\cineform\tools\GoProCineFormStatusViewer.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkvmon~1.lnk - c:\program files\nikon\nkview6\NkvMon.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files\opanda\iexif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\opanda\iexif 2.3\IExifCom.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.mpix.com/customer/uploading/activex/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\wp lanius\application data\mozilla\firefox\profiles\szgbk7n1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
.
============= SERVICES / DRIVERS ===============
.
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [2011-11-14 125472]
R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [2011-11-14 83392]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-3-26 4463400]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2007-4-17 36224]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-3-26 16168]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-18 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-18 136176]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
.
=============== Created Last 30 ================
.
2012-06-18 18:00:55 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
==================== Find3M ====================
.
2012-06-18 22:42:06 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-18 22:42:05 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 21:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 21:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 21:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 21:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 21:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-04 21:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 6:52:16.84 ===============
_______________________________________________________
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/16/2007 12:33:17 PM
System Uptime: 6/28/2012 6:31:10 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5B-Deluxe
Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz | LGA 775 | 2399/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 279 GiB total, 127.482 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 279 GiB total, 274.014 GiB free.
F: is CDROM ()
M: is FIXED (NTFS) - 1788 GiB total, 1056.66 GiB free.
N: is Removable
O: is FIXED (NTFS) - 932 GiB total, 290.331 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Generic Marvell Yukon Chipset based Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_43401148&REV_12\4&24CAFEBD&0&00E5
Manufacturer: Marvell
Name: Generic Marvell Yukon Chipset based Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_43401148&REV_12\4&24CAFEBD&0&00E5
Service: yukonwxp
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\D3D4CE11D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\D3D4CE11D800
Service: NIC1394
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_14\4&1FAF5EA3&0&20F0
Manufacturer: Marvell
Name: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_14\4&1FAF5EA3&0&20F0
Service: yukonwxp
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Packet Scheduler Miniport
Device ID: ROOT\MS_PSCHEDMP\0002
Manufacturer: Microsoft
Name: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller - Packet Scheduler Miniport
PNP Device ID: ROOT\MS_PSCHEDMP\0002
Service: PSched
.
==== System Restore Points ===================
.
RP1850: 3/30/2012 6:03:07 PM - System Checkpoint
RP1851: 3/31/2012 7:02:02 PM - System Checkpoint
RP1852: 4/1/2012 7:06:32 PM - System Checkpoint
RP1853: 4/2/2012 8:03:07 PM - System Checkpoint
RP1854: 4/3/2012 8:35:19 PM - System Checkpoint
RP1855: 4/4/2012 9:34:00 PM - System Checkpoint
RP1856: 4/5/2012 9:35:06 PM - System Checkpoint
RP1857: 4/6/2012 10:37:41 PM - System Checkpoint
RP1858: 4/7/2012 11:33:49 PM - System Checkpoint
RP1859: 4/9/2012 12:33:49 AM - System Checkpoint
RP1860: 4/10/2012 1:33:49 AM - System Checkpoint
RP1861: 4/11/2012 2:33:49 AM - System Checkpoint
RP1862: 4/12/2012 3:33:50 AM - System Checkpoint
RP1863: 4/13/2012 4:33:50 AM - System Checkpoint
RP1864: 4/14/2012 5:10:17 AM - System Checkpoint
RP1865: 4/15/2012 6:10:17 AM - System Checkpoint
RP1866: 4/16/2012 7:10:17 AM - System Checkpoint
RP1867: 4/16/2012 9:28:34 AM - Software Distribution Service 3.0
RP1868: 4/17/2012 9:31:35 AM - System Checkpoint
RP1869: 4/18/2012 11:15:28 AM - System Checkpoint
RP1870: 4/19/2012 11:37:25 AM - System Checkpoint
RP1871: 4/20/2012 11:49:24 AM - System Checkpoint
RP1872: 4/21/2012 12:55:39 PM - System Checkpoint
RP1873: 4/22/2012 1:37:16 PM - System Checkpoint
RP1874: 4/23/2012 2:09:27 PM - System Checkpoint
RP1875: 4/24/2012 2:47:01 PM - System Checkpoint
RP1876: 4/25/2012 3:38:22 PM - System Checkpoint
RP1877: 4/26/2012 4:34:07 PM - System Checkpoint
RP1878: 4/27/2012 4:37:21 PM - System Checkpoint
RP1879: 4/28/2012 4:37:56 PM - System Checkpoint
RP1880: 4/29/2012 10:17:19 AM - Software Distribution Service 3.0
RP1881: 4/30/2012 1:05:33 PM - System Checkpoint
RP1882: 5/1/2012 2:01:47 PM - System Checkpoint
RP1883: 5/2/2012 2:08:28 PM - System Checkpoint
RP1884: 5/3/2012 3:08:28 PM - System Checkpoint
RP1885: 5/4/2012 3:44:28 PM - System Checkpoint
RP1886: 5/5/2012 4:08:06 PM - System Checkpoint
RP1887: 5/6/2012 4:13:42 PM - System Checkpoint
RP1888: 5/7/2012 5:00:57 PM - System Checkpoint
RP1889: 5/8/2012 5:15:03 PM - System Checkpoint
RP1890: 5/9/2012 1:53:10 PM - Removed Sony Sound Forge Audio Studio 9.0a
RP1891: 5/9/2012 1:58:01 PM - Removed BlackBerry Desktop Software 4.7.
RP1892: 5/10/2012 2:08:06 PM - System Checkpoint
RP1893: 5/11/2012 5:19:06 PM - System Checkpoint
RP1894: 5/12/2012 6:17:08 PM - System Checkpoint
RP1895: 5/13/2012 7:18:13 PM - System Checkpoint
RP1896: 5/14/2012 7:22:45 PM - System Checkpoint
RP1897: 5/15/2012 7:28:33 PM - System Checkpoint
RP1898: 5/16/2012 1:04:25 PM - Software Distribution Service 3.0
RP1899: 5/17/2012 1:32:14 PM - System Checkpoint
RP1900: 5/18/2012 3:33:19 PM - System Checkpoint
RP1901: 5/19/2012 4:17:16 PM - System Checkpoint
RP1902: 5/20/2012 4:30:41 PM - System Checkpoint
RP1903: 5/21/2012 5:45:22 PM - System Checkpoint
RP1904: 5/22/2012 3:15:51 PM - Software Distribution Service 3.0
RP1905: 5/23/2012 3:18:22 PM - System Checkpoint
RP1906: 5/24/2012 3:33:46 PM - System Checkpoint
RP1907: 5/25/2012 4:17:17 PM - System Checkpoint
RP1908: 5/26/2012 4:29:55 PM - System Checkpoint
RP1909: 5/27/2012 5:28:51 PM - System Checkpoint
RP1910: 5/28/2012 5:41:30 PM - System Checkpoint
RP1911: 5/29/2012 5:52:52 PM - System Checkpoint
RP1912: 5/30/2012 5:53:57 PM - System Checkpoint
RP1913: 5/31/2012 6:52:52 PM - System Checkpoint
RP1914: 6/1/2012 7:13:17 PM - System Checkpoint
RP1915: 6/2/2012 7:53:39 PM - System Checkpoint
RP1916: 6/3/2012 8:30:01 PM - System Checkpoint
RP1917: 6/4/2012 4:19:56 PM - Software Distribution Service 3.0
RP1918: 6/5/2012 5:42:48 PM - System Checkpoint
RP1919: 6/6/2012 6:10:59 PM - System Checkpoint
RP1920: 6/7/2012 7:12:04 PM - System Checkpoint
RP1921: 6/8/2012 8:11:03 PM - System Checkpoint
RP1922: 6/9/2012 8:35:54 PM - System Checkpoint
RP1923: 6/10/2012 9:45:26 PM - System Checkpoint
RP1924: 6/11/2012 10:11:03 PM - System Checkpoint
RP1925: 6/12/2012 11:11:03 PM - System Checkpoint
RP1926: 6/14/2012 12:11:03 AM - System Checkpoint
RP1927: 6/15/2012 1:11:03 AM - System Checkpoint
RP1928: 6/16/2012 2:10:54 AM - System Checkpoint
RP1929: 6/17/2012 3:10:54 AM - System Checkpoint
RP1930: 6/18/2012 4:34:54 AM - System Checkpoint
RP1931: 6/18/2012 4:33:27 PM - Software Distribution Service 3.0
RP1932: 6/19/2012 4:45:28 PM - System Checkpoint
RP1933: 6/20/2012 4:52:18 PM - System Checkpoint
RP1934: 6/21/2012 5:44:23 PM - System Checkpoint
RP1935: 6/22/2012 6:44:23 PM - System Checkpoint
RP1936: 6/23/2012 7:44:19 PM - System Checkpoint
RP1937: 6/24/2012 8:44:19 PM - System Checkpoint
RP1938: 6/25/2012 9:44:19 PM - System Checkpoint
RP1939: 6/26/2012 10:44:20 PM - System Checkpoint
RP1940: 6/27/2012 10:58:36 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
ABBYY FineReader 6.0 Sprint
Acronis True Image WD*Edition
Adobe Acrobat 5.0
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Help Center 1.0
Adobe PageMaker 7.0
Adobe Photoshop CS2
Adobe Photoshop.com Inspiration Browser
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Adobe Premiere Elements 9
Adobe Reader 8.3.1
Adobe Stock Photos 1.0
Advanced Renamer
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.5
AutoCAD 2000
AviSynth 2.5
Bonjour
BookSmart® 2.5.1 2.5.1
BreezeBrowser Pro
BufferChm
Capture NX
Capture NX 2
CDex - Open Source Digital Audio CD Extractor
Color Efex Pro 3.0 Wacom Edition 6
Compatibility Pack for the 2007 Office system
Cortona® VRML Client
DH Driver Cleaner.NET
DOFMaster
Elements 9 Organizer
Elements STI Installer
EPSON Copy Utility 3
EPSON Perf V700-V750 Guide
EPSON Scan
ffdshow [rev 2583] [2009-01-05]
Google Earth
Google Update Helper
Google Updater
GoPro CineForm Studio 1.1.0
Haali Media Splitter
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Photosmart D5400 Printer Driver Software 10.0 Rel .3
HPSSupply
Ipswitch WS_FTP Professional 2006
iTunes
Java Auto Updater
Java(TM) 6 Update 29
JRAID
LAME v3.98.2 for Audacity
LP Recorder
LP Ripper
Malwarebytes Anti-Malware version 1.61.0.1400
Marvell Miniport Driver
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
Mozilla Firefox (2.0.0.20)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
MyPublisher BookMaker
Nero 7 Essentials
Nikon Message Center
Nikon Message Center 2
Nikon View 6
NikonCapture
NVIDIA Drivers
Opanda IExif 2.3
Opanda PowerExif 1.2 Professional Trial
Photo Mechanic 4.5
Photo Mechanic 4.6
Photo Mechanic 4.6.1
Photodex Presenter
Picture Control Utility
Primatte
ProShow Gold
PS_SF_03_D5400_Software
PS_SF_03_D5400_Software_Min
QuickTime
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
SilverFast Epson
SmartSound Quicktracks for Premiere Elements 9.0
Sothink FLV Player
Sothink Video Encoder for Adobe Flash
SoundMAX
SUPERAntiSpyware Free Edition
Toolbox
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
ViewNX
virtualPhotographer 1.5.6
Wacom Tablet
WebFldrs XP
WebReg
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Service Pack 3
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
6/28/2012 12:51:27 AM, error: DCOM [10000] - Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}. The error: "%1450" Happened while starting this command: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe -Embedding
6/28/2012 1:40:46 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: Insufficient system resources exist to complete the requested service. .
6/28/2012 1:40:46 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Acronis\TrueImageHome\tishell32.dll. Reference error message: The operation completed successfully. .
6/27/2012 5:40:17 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
6/26/2012 4:40:38 PM, error: Dhcp [1002] - The IP address lease 192.168.1.108 for the Network Card with network address 0014BF5A7F37 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
6/26/2012 4:40:37 AM, error: Dhcp [1002] - The IP address lease 192.168.1.109 for the Network Card with network address 0014BF5A7F37 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

 

ComboFix ran without a problem. Here is the log.
____________________________________________
ComboFix 12-06-28.03 - WP Lanius 06/29/2012 1:07.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3007.2376 [GMT -6:00]
Running from: c:\documents and settings\WP Lanius\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
c:\documents and settings\WP Lanius\Local Settings\Application Data\Apple Computer\Apple\ckzrye.dll
c:\documents and settings\WP Lanius\WINDOWS
C:\Microsoft
c:\microsoft\FileFormatConverters.exe
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 )))))))))))))))))))))))))))))))
.
.
2012-06-18 18:00 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-18 22:42 . 2012-04-03 19:31 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-18 22:42 . 2011-06-22 02:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 21:19 . 2007-05-22 18:52 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 21:19 . 2007-05-22 18:52 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 21:19 . 2007-04-16 18:29 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 21:19 . 2007-04-16 18:29 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 21:19 . 2007-04-16 18:29 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 21:19 . 2007-05-22 18:52 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 21:19 . 2007-04-16 18:29 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 21:19 . 2007-04-16 18:29 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 21:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 21:19 . 2005-05-26 10:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 21:19 . 2007-05-22 18:52 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 21:19 . 2007-04-16 18:29 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 21:19 . 2007-04-16 18:29 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2006-02-28 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2006-02-28 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2007-04-16 18:26 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-04 21:56 . 2009-05-29 20:05 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-18 23:09 . 2008-05-24 14:07 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2011-12-18 23:09 . 2008-05-24 14:07 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2011-12-18 23:09 . 2008-05-24 14:07 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2011-12-18 23:09 . 2008-05-24 14:07 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2011-12-18 23:09 . 2008-05-24 14:07 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM "= "c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-18 843776]
"JMB36X Configure "= "c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-08-12 7630848]
"nwiz "= "nwiz.exe" [2006-08-12 1519616]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2006-08-12 86016]
"AdobeAAMUpdater-1.0 "= "c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TrueImageMonitor.exe "= "c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-06-22 2637824]
"Acronis Scheduler2 Service "= "c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-06-22 395392]
"Nikon Message Center 2 "= "c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-26 619008]
"APSDaemon "= "c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2007-4-24 49254]
CineForm Status.lnk - c:\program files\CineForm\Tools\GoProCineFormStatusViewer.exe [2011-10-20 152064]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 18:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Ipswitch\\WS_FTP Professional\\wsftpgui.exe "=
"c:\\Program Files\\Adobe\\Adobe Photoshop CS2\\Photoshop.exe "=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe "=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe "=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe "=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
.
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [11/14/2011 4:21 PM 125472]
R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [11/14/2011 4:21 PM 83392]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [9/30/2010 4:06 AM 169408]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [3/26/2010 7:55 AM 4463400]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [4/17/2007 1:17 PM 36224]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [3/26/2010 7:55 AM 16168]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/18/2011 4:12 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/18/2011 4:12 PM 136176]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-28 c:\windows\Tasks\AdobeAAMUpdater-1.0-VENTURE2-WP Lanius.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 08:25]
.
2012-06-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 23:57]
.
2012-06-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-12 02:20]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-18 22:12]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-18 22:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wplsports.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.mpix.com/customer/uploading/activex/ImageUploader6.cab
FF - ProfilePath - c:\documents and settings\WP Lanius\Application Data\Mozilla\Firefox\Profiles\szgbk7n1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Apple - c:\documents and settings\WP Lanius\Local Settings\Application Data\Apple Computer\Apple\ckzrye.dll
HKU-Default-Run-Apple - c:\documents and settings\WP Lanius\Local Settings\Application Data\Apple Computer\Apple\ckzrye.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-29 01:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1935655697-1580436667-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05AF50AA-22D7-AA1D-A4F48F393CAE2202}\{78C6AA3D-BD77-7FA2-B188C82FA3887936}\{102B7915-3D5B-6524-E77B0FDDDBDD9024}*]
"NRDFOBLVNAUE2QOGEQXAH1Y2DD1 "=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{17739CC8-1062-40F7-1C3862585ABD2CDA}\{84278681-95F8-776A-6C175249145B2CFC}\{113E55B4-CE67-C34A-F065E12B6143C7DD}*]
"NRDFOBLVNAUE2QOGEQXAH1Y2DD1 "=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{18E09523-0BB1-0E75-6B141AE958ABE9E7}\{8E8BA3D9-389B-9F43-3B5B6490B54F898E}\{0E0922CC-9ECE-C3AB-5B05A5FA1997F2CA}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 "=hex:01,00,01,00,0c,00,00,00,47,4b,36,
b7,5f,7f,8e,fc,bf,be,53,8c,e4,31,b0,a5,f8,29,3d,7e,51,d8,2a,4e,19,71,db,46,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{207A1422-7CE2-3F0D-CB0619EAC3E5A348}\{36711064-4D57-673B-128E50084FEF4668}\{C13F5A8B-0B9D-FCC2-F6ECFF62882D3E51}*]
"NRDFOBLVNAUE2QOGEQXAH1Y2DD1 "=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3B85D734-4D1E-A5B8-7A2C9FEBD20E3A7C}\{9B78C2B1-5ACD-EEEE-C2C08A9F5ADC5CE8}\{497F871A-1051-F8C7-F54470C03EAE9AE4}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 "=hex:01,00,01,00,0c,00,00,00,47,4b,36,
b7,5f,7f,8e,fc,bf,be,53,8c,e4,31,b0,a5,f8,29,3d,7e,51,d8,2a,4e,19,71,db,46,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{42E6D7B2-B1C8-2837-2B153136718EFEB8}\{8E0BC5B0-8FBD-4DC6-72B4724501FBC409}\{8BABC9F6-A6DF-6175-8337ACE301A74A27}*]
"NRDFOBLVNAUE2QOGEQXAH1Y2DD1 "=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{48418982-249C-E344-B1C048196FA2EDFD}\{A41EB0B4-3EE0-E472-B7C2AAEB5A9566C4}\{DB4C8A45-FEFF-6FD9-65B4662880A15182}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 "=hex:01,00,01,00,0c,00,00,00,47,4b,36,
b7,5f,7f,8e,fc,bf,be,53,8c,e4,31,b0,a5,f8,29,3d,7e,51,d8,2a,4e,19,71,db,46,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4E801B1F-2C34-C71B-55752B4DE71FAE4A}\{6707E13D-DFA5-4083-2A160A7F601D7F5F}\{38345692-AD4C-2D4A-1F4885FC450939AB}*]
"NRDFOBLVNAUE2QOGEQXAH1Y2DD1 "=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5B0B6C35-3AEA-9EAE-179EBB09B20EA2F1}\{75565C86-DCE5-4077-B0F3502E93E7104E}\{6B409343-0D15-4A1C-46DBD99A1375331F}*]
"NRDFOBLVNAUE2QOGEQXAH1Y2DD1 "=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7D123B2E-0C5F-D919-194C2B3C78E1FEC1}\{313463E6-9B37-5C56-F570B6CAA31EBA6B}\{14D54DC1-EDC1-0F67-65A1433CC409F39D}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 "=hex:01,00,01,00,0c,00,00,00,47,4b,36,
b7,5f,7f,8e,fc,bf,be,53,8c,e4,31,b0,a5,f8,29,3d,7e,51,d8,2a,4e,19,71,db,46,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8FD8A5D7-9511-025F-16B31A5B051F5A4D}\{7F4BC209-0230-7A50-936F3704F4AD01D8}\{4F172B6C-B722-D8DB-046FD06C67D2EAC6}*]
"NRDFOBLVNAUE2QOGEQXAH1Y2DD1 "=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9D7D745F-2DA2-E26E-67E2A61C92B5C873}\{869A1319-CB5B-72EF-32E86935B8210920}\{0F637A1B-C125-DB37-203685E7DE12B741}*]
"NRDFOBLVNAUE2QOGEQXAH1Y2DD1 "=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A356E26F-F64B-8F5D-7C18E49D604F2F76}\{6A54AA76-7D92-69B0-4B2831BB70973615}\{981C58D8-528B-1766-742A6B252CC7665F}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 "=hex:01,00,01,00,0c,00,00,00,47,4b,36,
b7,5f,7f,8e,fc,bf,be,53,8c,e4,31,b0,a5,f8,29,3d,7e,51,d8,2a,4e,19,71,db,46,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B2236175-3D9F-05C6-8B4893E47EF3B357}\{715026F0-32B2-9A38-0A89C09A617BF317}\{121623C5-7E2D-B1BB-98FD332A06B7F4F2}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 "=hex:01,00,01,00,0c,00,00,00,47,4b,36,
b7,5f,7f,8e,fc,bf,be,53,8c,e4,31,b0,a5,f8,29,3d,7e,51,d8,2a,4e,19,71,db,46,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BF11F383-757D-CF48-6D213AC2BB6130AD}\{12507465-D6D8-AFB1-97ED5D21195D77D5}\{90E47118-DD98-E716-1AABCD138C042D55}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 "=hex:01,00,01,00,0c,00,00,00,47,4b,36,
b7,5f,7f,8e,fc,bf,be,53,8c,e4,31,b0,a5,f8,29,3d,7e,51,d8,2a,4e,19,71,db,46,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CD33F05B-57D8-EB8D-1C637C8E18479BDE}\{4B66B287-DF55-8BF6-0C7A245C073DF874}\{2B094E66-D192-13E4-CB3BD0799FCAC2FC}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 "=hex:01,00,01,00,0c,00,00,00,47,4b,36,
b7,5f,7f,8e,fc,bf,be,53,8c,e4,31,b0,a5,f8,29,3d,7e,51,d8,2a,4e,19,71,db,46,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F1AB0511-A375-41F8-28F286EA5B314AE1}\{CDE856FA-B0FC-53AE-2E76D427065C9F08}\{06F28CA4-0E64-79D3-A5453F20806788AF}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 "=hex:01,00,01,00,0c,00,00,00,47,4b,36,
b7,5f,7f,8e,fc,bf,be,53,8c,e4,31,b0,a5,f8,29,3d,7e,51,d8,2a,4e,19,71,db,46,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F71B406A-64B6-7890-A4E79C228CB5B5C7}\{B2D97AB2-1AAA-0E19-47D2DF75F80031A6}\{B1F98325-4C85-36BE-448BCE0A416EDA34}*]
"NRDFOBLVNAUE2QOGEQXAH1Y2DD1 "=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2012-06-29 01:16:00
ComboFix-quarantined-files.txt 2012-06-29 07:15
.
Pre-Run: 140,907,143,168 bytes free
Post-Run: 148,872,040,448 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 19FE2CD0CADC975FE77066E26C1411B0

 

Ran ComboFix with script - log file follows:
__________________________________
ComboFix 12-06-28.03 - WP Lanius 06/29/2012 11:04:53.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3007.2327 [GMT -6:00]
Running from: c:\documents and settings\WP Lanius\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\WP Lanius\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 )))))))))))))))))))))))))))))))
.
.
2012-06-18 18:00 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-18 22:42 . 2012-04-03 19:31 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-18 22:42 . 2011-06-22 02:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 21:19 . 2007-05-22 18:52 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 21:19 . 2007-05-22 18:52 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 21:19 . 2007-04-16 18:29 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 21:19 . 2007-04-16 18:29 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 21:19 . 2007-04-16 18:29 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 21:19 . 2007-05-22 18:52 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 21:19 . 2007-04-16 18:29 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 21:19 . 2007-04-16 18:29 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 21:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 21:19 . 2005-05-26 10:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 21:19 . 2007-05-22 18:52 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 21:19 . 2007-04-16 18:29 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 21:19 . 2007-04-16 18:29 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2006-02-28 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2006-02-28 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2007-04-16 18:26 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-04 21:56 . 2009-05-29 20:05 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-18 23:09 . 2008-05-24 14:07 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2011-12-18 23:09 . 2008-05-24 14:07 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2011-12-18 23:09 . 2008-05-24 14:07 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2011-12-18 23:09 . 2008-05-24 14:07 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2011-12-18 23:09 . 2008-05-24 14:07 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM "= "c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-18 843776]
"JMB36X Configure "= "c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-08-12 7630848]
"nwiz "= "nwiz.exe" [2006-08-12 1519616]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2006-08-12 86016]
"AdobeAAMUpdater-1.0 "= "c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TrueImageMonitor.exe "= "c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-06-22 2637824]
"Acronis Scheduler2 Service "= "c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-06-22 395392]
"Nikon Message Center 2 "= "c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-26 619008]
"APSDaemon "= "c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2007-4-24 49254]
CineForm Status.lnk - c:\program files\CineForm\Tools\GoProCineFormStatusViewer.exe [2011-10-20 152064]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 18:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Ipswitch\\WS_FTP Professional\\wsftpgui.exe "=
"c:\\Program Files\\Adobe\\Adobe Photoshop CS2\\Photoshop.exe "=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe "=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe "=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe "=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
.
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [11/14/2011 4:21 PM 125472]
R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [11/14/2011 4:21 PM 83392]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [9/30/2010 4:06 AM 169408]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [3/26/2010 7:55 AM 4463400]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [4/17/2007 1:17 PM 36224]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [3/26/2010 7:55 AM 16168]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/18/2011 4:12 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/18/2011 4:12 PM 136176]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-29 c:\windows\Tasks\AdobeAAMUpdater-1.0-VENTURE2-WP Lanius.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 08:25]
.
2012-06-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 23:57]
.
2012-06-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-12 02:20]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-18 22:12]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-18 22:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wplsports.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.mpix.com/customer/uploading/activex/ImageUploader6.cab
FF - ProfilePath - c:\documents and settings\WP Lanius\Application Data\Mozilla\Firefox\Profiles\szgbk7n1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-29 11:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1935655697-1580436667-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1480)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-06-29 11:09:12
ComboFix-quarantined-files.txt 2012-06-29 17:09
ComboFix2.txt 2012-06-29 07:16
.
Pre-Run: 148,952,387,584 bytes free
Post-Run: 148,982,530,048 bytes free
.
- - End Of File - - 643D27415452DB24AD8EAA416FDA8872

 

I was not able to get OTL to finish running with script pasted in box. I tried running it twice. It started okay but got hung up both times at the following line:

Scanning HKEY_LOCAL_MACHINE\SYSTEM\Current Control Set\Control\Session Manager\DOS Devices\AUX...

I have a screen grab if you need to see it.

The computer seems to be without the redirect now. The last several times I've tried to reproduce the situation where it used to redirect, it does not do it.

 

Ran OTL with scipt in Safe Mode. OTL.Txt log follows:
_________________________________________________________
OTL logfile created on: 6/30/2012 8:03:38 AM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\WP Lanius\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 90.60% Memory free
5.78 Gb Paging File | 5.72 Gb Available in Paging File | 98.83% Paging File free
Paging file location(s): C:\pagefile.sys 3072 6144 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 138.69 Gb Free Space | 49.63% Space Free | Partition Type: NTFS
Drive E: | 279.46 Gb Total Space | 274.01 Gb Free Space | 98.05% Space Free | Partition Type: NTFS
Drive M: | 1788.37 Gb Total Space | 1060.65 Gb Free Space | 59.31% Space Free | Partition Type: NTFS
Drive O: | 931.51 Gb Total Space | 292.67 Gb Free Space | 31.42% Space Free | Partition Type: NTFS

Computer Name: VENTURE2 | User Name: WP Lanius | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/29 11:36:26 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WP Lanius\Desktop\OTL.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2011/06/22 12:17:08 | 000,846,056 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/09/30 04:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2009/11/24 13:25:34 | 004,463,400 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\WINDOWS\system32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2008/10/12 13:39:08 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/11/27 10:05:11 | 000,181,312 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\WPLANI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/11/14 16:21:12 | 000,601,408 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2011/11/14 16:21:07 | 000,125,472 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vididr.sys -- (vididr)
DRV - [2011/11/14 16:21:05 | 000,083,392 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vsflt53.sys -- (vidsflt53) Acronis Disk Storage Filter (53)
DRV - [2011/11/14 16:21:02 | 000,169,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2009/08/27 16:06:32 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009/05/26 10:05:56 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/05/26 10:05:54 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/05/26 10:05:52 | 000,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/05/20 12:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/02/16 12:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/07/05 06:55:58 | 000,043,392 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2006/06/15 02:02:22 | 000,142,464 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adidts.sys -- (ADIDTSFiltService)
DRV - [2006/05/23 08:56:00 | 000,245,248 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/02/07 05:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO)
DRV - [2004/08/12 20:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/03 16:31:20 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2001/10/24 18:16:10 | 000,036,224 | R--- | M] (LinkSys Group Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lne100v5.sys -- (LNE100) Linksys LNE100TX(v5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1935655697-1580436667-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1935655697-1580436667-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wplsports.com/
IE - HKU\S-1-5-21-1935655697-1580436667-839522115-1003\..\SearchScopes,DefaultScope = {02947637-F70E-4B4C-BA47-96B319EF9911}
IE - HKU\S-1-5-21-1935655697-1580436667-839522115-1003\..\SearchScopes\{02947637-F70E-4B4C-BA47-96B319EF9911}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=
IE - HKU\S-1-5-21-1935655697-1580436667-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1935655697-1580436667-839522115-1003\..\SearchScopes\{C9DE5D94-0CCF-4B62-8B9D-9D7ED4F22CFE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
IE - HKU\S-1-5-21-1935655697-1580436667-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1935655697-1580436667-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.foxnews.com/ "
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/13 21:59:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/13 22:00:06 | 000,000,000 | ---D | M]

[2012/06/18 08:33:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WP Lanius\Application Data\Mozilla\Firefox\Profiles\szgbk7n1.default\extensions
[2009/11/19 12:48:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\WP Lanius\Application Data\Mozilla\Firefox\Profiles\szgbk7n1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/18 17:19:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/21 11:25:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/18 08:20:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/04 11:39:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/16 06:50:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/21 10:06:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/08 09:06:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/19 12:28:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/12/18 17:09:05 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2008/12/23 09:30:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/12/18 17:09:02 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2011/12/18 17:09:02 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2011/12/18 17:09:02 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2011/12/18 17:09:03 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2011/12/18 17:09:03 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/03/24 20:21:00 | 002,889,088 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2012/06/29 01:14:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CineForm Status.lnk = C:\Program Files\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1935655697-1580436667-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-1580436667-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1935655697-1580436667-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1935655697-1580436667-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm ()
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.mpix.com/customer/uploading/activex/ImageUploader6.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://www.ritzpix.com/net/Uploader/LPUploader57.cab (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F209F4E2-ACDD-4573-92F9-A0F792CEDAD4}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\WP Lanius\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\WP Lanius\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/16 12:31:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.CFHD - C:\WINDOWS\System32\CFHD.dll (CineForm Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 10

========== Files/Folders - Created Within 30 Days ==========

[2012/06/29 11:36:25 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\WP Lanius\Desktop\OTL.exe
[2012/06/29 11:34:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/29 01:02:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/06/29 01:00:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/06/29 01:00:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/06/29 01:00:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/06/29 01:00:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/06/29 01:00:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/27 17:18:14 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\WP Lanius\Desktop\aswMBR.exe
[2012/06/27 17:14:51 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\WP Lanius\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/16 13:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WP Lanius\My Documents\iPad Photos
[2012/06/10 06:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WP Lanius\My Documents\Patio Ideas
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/30 08:02:05 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/30 08:01:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/30 07:57:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/30 05:57:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/30 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-VENTURE2-WP Lanius.job
[2012/06/29 14:40:26 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\WP Lanius\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012/06/29 12:50:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/06/29 11:36:26 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WP Lanius\Desktop\OTL.exe
[2012/06/29 11:20:25 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/06/29 11:09:56 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\WP Lanius\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2012/06/29 01:14:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/29 01:02:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/06/28 23:54:06 | 004,566,027 | R--- | M] (Swearware) -- C:\Documents and Settings\WP Lanius\Desktop\ComboFix.exe
[2012/06/28 06:50:09 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\WP Lanius\Desktop\MBR.dat
[2012/06/27 17:27:32 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/27 17:25:30 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\WP Lanius\Desktop\dds.scr
[2012/06/27 17:18:14 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\WP Lanius\Desktop\aswMBR.exe
[2012/06/27 17:16:39 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\WP Lanius\Desktop\xmefmykt.exe
[2012/06/27 17:15:01 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\WP Lanius\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/27 13:11:44 | 001,683,322 | ---- | M] () -- C:\Documents and Settings\WP Lanius\My Documents\DripDesignGuide.pdf
[2012/06/27 13:10:11 | 003,493,714 | ---- | M] () -- C:\Documents and Settings\WP Lanius\My Documents\LDLDesignGuide.pdf
[2012/06/27 13:09:30 | 001,593,415 | ---- | M] () -- C:\Documents and Settings\WP Lanius\My Documents\LowVolumeGuide.pdf
[2012/06/27 13:08:31 | 010,372,203 | ---- | M] () -- C:\Documents and Settings\WP Lanius\My Documents\DripApplicationGuide.pdf
[2012/06/27 13:08:16 | 002,989,710 | ---- | M] () -- C:\Documents and Settings\WP Lanius\My Documents\IrrigationDesignManual.pdf
[2012/06/27 11:20:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/27 09:57:40 | 000,016,486 | ---- | M] () -- C:\WINDOWS\System32\Wacom_Tablet.dat
[2012/06/19 10:17:40 | 000,073,902 | ---- | M] () -- C:\Documents and Settings\WP Lanius\My Documents\WAL Africa Itinerary.pdf
[2012/06/18 16:40:42 | 000,632,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/18 16:38:20 | 000,435,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/18 16:38:20 | 000,068,584 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/18 16:35:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/10 21:18:27 | 001,575,897 | ---- | M] () -- C:\Documents and Settings\WP Lanius\My Documents\wcd4.pdf
[2012/06/10 07:21:05 | 039,712,768 | ---- | M] () -- C:\Documents and Settings\WP Lanius\My Documents\GlulamBrochure.pdf
[2012/06/10 06:09:12 | 001,698,456 | ---- | M] () -- C:\Documents and Settings\WP Lanius\My Documents\IntroLoadPath.pdf
[2012/06/01 06:37:10 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/29 01:02:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/06/29 01:02:33 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/06/29 01:00:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/29 01:00:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/29 01:00:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/29 01:00:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/29 01:00:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/28 06:50:09 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\WP Lanius\Desktop\MBR.dat
[2012/06/27 17:27:32 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/27 17:16:38 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\WP Lanius\Desktop\xmefmykt.exe
[2012/06/27 13:11:44 | 001,683,322 | ---- | C] () -- C:\Documents and Settings\WP Lanius\My Documents\DripDesignGuide.pdf
[2012/06/27 13:10:11 | 003,493,714 | ---- | C] () -- C:\Documents and Settings\WP Lanius\My Documents\LDLDesignGuide.pdf
[2012/06/27 13:09:29 | 001,593,415 | ---- | C] () -- C:\Documents and Settings\WP Lanius\My Documents\LowVolumeGuide.pdf
[2012/06/27 13:08:29 | 010,372,203 | ---- | C] () -- C:\Documents and Settings\WP Lanius\My Documents\DripApplicationGuide.pdf
[2012/06/27 13:08:16 | 002,989,710 | ---- | C] () -- C:\Documents and Settings\WP Lanius\My Documents\IrrigationDesignManual.pdf
[2012/06/19 10:15:13 | 000,073,902 | ---- | C] () -- C:\Documents and Settings\WP Lanius\My Documents\WAL Africa Itinerary.pdf
[2012/06/10 21:18:27 | 001,575,897 | ---- | C] () -- C:\Documents and Settings\WP Lanius\My Documents\wcd4.pdf
[2012/06/10 07:21:05 | 039,712,768 | ---- | C] () -- C:\Documents and Settings\WP Lanius\My Documents\GlulamBrochure.pdf
[2012/06/10 06:09:12 | 001,698,456 | ---- | C] () -- C:\Documents and Settings\WP Lanius\My Documents\IntroLoadPath.pdf
[2012/02/15 21:01:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/07/08 13:14:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2011/07/08 13:11:56 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\MTSTACK.EXE
[2011/05/18 10:46:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/12/06 12:00:41 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\WP Lanius\default.pls
[2010/11/18 06:43:53 | 000,094,680 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/11 12:46:00 | 000,016,486 | ---- | C] () -- C:\WINDOWS\System32\Wacom_Tablet.dat
[2009/10/27 09:05:14 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/06/28 15:14:37 | 000,012,638 | ---- | C] () -- C:\Documents and Settings\WP Lanius\contents
[2008/11/13 08:37:50 | 000,002,294 | ---- | C] () -- C:\Documents and Settings\WP Lanius\test.prx
[2008/10/30 13:12:39 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\PDEs
[2008/10/30 13:12:39 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\WP Lanius\Application Data\Noise Gate
[2008/10/30 13:12:39 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbw.DAT
[2008/10/27 17:31:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\WP Lanius\Ÿ9Ÿ9
[2008/10/10 00:26:29 | 000,001,028 | ---- | C] () -- C:\Documents and Settings\WP Lanius\Application Data\WavCodec.wff
[2008/09/01 09:27:36 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Organs
[2008/09/01 09:27:36 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\WP Lanius\Application Data\Nature Sounds
[2008/09/01 09:27:36 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
[2008/09/01 09:27:35 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Overdrive
[2008/09/01 09:27:35 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\WP Lanius\Application Data\NetServices
[2008/09/01 09:24:52 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2008/05/31 08:48:49 | 000,020,531 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\T09F8
[2008/04/08 17:57:53 | 000,000,111 | ---- | C] () -- C:\Documents and Settings\WP Lanius\rpdeluxe.properties
[2008/02/16 09:02:47 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Folder Actions
[2008/02/16 09:02:47 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\WP Lanius\Application Data\Flags
[2008/02/16 09:02:47 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2008/01/26 07:54:36 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\PPD Plugins
[2008/01/26 07:54:36 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\WP Lanius\Application Data\Organic
[2008/01/26 07:54:26 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
[2007/04/24 11:27:14 | 000,009,381 | ---- | C] () -- C:\Documents and Settings\WP Lanius\Application Data\Comma Separated Values (Windows).EML
[2007/04/18 19:59:13 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\WP Lanius\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/18 19:52:08 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLea.DAT

========== LOP Check ==========

[2011/11/14 16:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2008/09/01 09:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ambience
[2008/10/30 13:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applause and Laugher
[2008/01/26 07:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Audio Units
[2008/08/11 09:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Camera Bits, Inc
[2008/10/30 13:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/12/12 13:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2008/02/16 09:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fonts
[2008/11/12 19:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/01/28 11:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2010/12/12 13:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/12/12 11:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2008/10/30 13:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2008/09/01 09:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vhosts
[2010/08/10 08:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/11/14 16:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WP Lanius\Application Data\6EA84FA6-F0A5-439D-A0BF-C95551232952
[2011/11/14 16:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WP Lanius\Application Data\Acronis
[2012/04/03 10:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WP Lanius\Application Data\Audacity
[2008/06/05 09:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WP Lanius\Application Data\Camera Bits, Inc
[2010/12/12 13:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WP Lanius\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/06/22 14:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WP Lanius\Application Data\EPSON
[2012/01/05 20:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WP Lanius\Application Data\GoPro
[2012/02/19 11:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WP Lanius\Application Data\Hulubulu
[2007/04/24 12:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WP Lanius\Application Data\InterTrust
[2012/05/10 15:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WP Lanius\Application Data\Lasersoft Imaging
[2008/05/31 08:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WP Lanius\Application Data\Leadertech
[2007/07/18 06:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WP Lanius\Application Data\MyPublisher
[2012/05/09 13:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WP Lanius\Application Data\NCH Swift Sound
[2007/11/27 10:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WP Lanius\Application Data\Netscape
[2010/04/30 05:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WP Lanius\Application Data\Nik Software
[2008/09/01 09:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WP Lanius\Application Data\Nikon
[2007/09/19 10:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WP Lanius\Application Data\Opera
[2007/11/27 10:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WP Lanius\Application Data\Photodex
[2008/10/11 07:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WP Lanius\Application Data\Publish Providers
[2008/01/24 14:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WP Lanius\Application Data\Snapfish
[2008/10/11 07:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WP Lanius\Application Data\Sony

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/12/12 13:43:41 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2007/04/16 12:31:19 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/04/16 12:24:52 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/06/29 01:02:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/06/29 11:09:12 | 000,011,009 | ---- | M] () -- C:\ComboFix.txt
[2007/04/16 12:31:19 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/04/16 12:31:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/04/16 12:31:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/02/19 19:23:36 | 000,009,216 | ---- | M] () -- C:\My3DGraph.grf
[2006/02/28 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/29 15:07:36 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/06/30 08:01:16 | 3221,225,472 | -HS- | M] () -- C:\pagefile.sys
[2007/11/27 10:05:20 | 000,001,793 | ---- | M] () -- C:\photodex-presenter-install.log
[2011/12/18 13:18:54 | 000,083,430 | ---- | M] () -- C:\PRE-BD-Log.txt
[2012/05/15 14:03:08 | 033,554,750 | ---- | M] () -- C:\PRE-DVD-Log.txt
[2010/12/12 08:26:59 | 001,292,747 | ---- | M] () -- C:\pxplay.log
[2000/02/26 07:33:22 | 000,581,632 | ---- | M] (Joshua F. Madison) -- C:\Units Converter.exe
[2011/10/11 13:47:35 | 000,000,000 | ---- | M] () -- C:\wizard.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2007/04/16 12:30:59 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/12/17 18:05:32 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2007/04/16 06:11:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2007/04/16 06:11:48 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2007/04/16 06:11:47 | 000,909,312 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/29 15:11:05 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/04/16 12:41:46 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\WP Lanius\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2007/04/16 12:41:46 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\WP Lanius\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/06/27 17:18:14 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\WP Lanius\Desktop\aswMBR.exe
[2012/06/28 23:54:06 | 004,566,027 | R--- | M] (Swearware) -- C:\Documents and Settings\WP Lanius\Desktop\ComboFix.exe
[2009/05/29 18:47:30 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\WP Lanius\Desktop\HJTInstall.exe
[2012/06/27 17:15:01 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\WP Lanius\Desktop\mbam-setup-1.61.0.1400.exe
[2009/05/29 14:02:56 | 003,371,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\WP Lanius\Desktop\mbam-setup.exe
[2012/06/29 11:36:26 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WP Lanius\Desktop\OTL.exe
[2012/06/27 17:16:39 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\WP Lanius\Desktop\xmefmykt.exe
[2009/05/29 15:09:41 | 000,286,208 | ---- | M] () -- C:\Documents and Settings\WP Lanius\Desktop\y977gu85.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/06/30 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-VENTURE2-WP Lanius.job
[2012/06/27 11:20:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2006/02/28 06:00:00 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
[2012/06/29 12:50:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/06/30 05:57:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/30 07:57:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/30 07:59:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/04/16 12:41:46 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\WP Lanius\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2009/05/29 07:53:46 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\WP Lanius\Cookies\desktop.ini
[2012/06/30 08:02:00 | 003,047,424 | ---- | M] () -- C:\Documents and Settings\WP Lanius\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/13 18:12:38 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
[2006/06/23 00:48:54 | 000,032,768 | R--- | M] (AsusTek Inc.) -- C:\WINDOWS\inf\UpdateUSB.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 18:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 08:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 11:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 18:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 12:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 12:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 12:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install\LastSuccessTime /rs >

< End of report >

 

OTL Extras.Txt file log follows:
_____________________________________________________________
OTL Extras logfile created on: 6/30/2012 8:03:38 AM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\WP Lanius\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 90.60% Memory free
5.78 Gb Paging File | 5.72 Gb Available in Paging File | 98.83% Paging File free
Paging file location(s): C:\pagefile.sys 3072 6144 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 138.69 Gb Free Space | 49.63% Space Free | Partition Type: NTFS
Drive E: | 279.46 Gb Total Space | 274.01 Gb Free Space | 98.05% Space Free | Partition Type: NTFS
Drive M: | 1788.37 Gb Total Space | 1060.65 Gb Free Space | 59.31% Space Free | Partition Type: NTFS
Drive O: | 931.51 Gb Total Space | 292.67 Gb Free Space | 31.42% Space Free | Partition Type: NTFS

Computer Name: VENTURE2 | User Name: WP Lanius | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Ipswitch\WS_FTP Professional\wsftpgui.exe" = C:\Program Files\Ipswitch\WS_FTP Professional\wsftpgui.exe:*:Enabled:WS_FTP Pro Application -- (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
"C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe" = C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe:*:Enabled:Adobe Photoshop CS2 -- (Adobe Systems, Incorporated)
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*isabled:Nero ShowTime -- (Nero AG)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07474E69-E9E4-4B03-AC0E-D24B04231033}" = Nero 7 Essentials
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{10900ADA-A280-4fd4-ADC6-FC290B758283}" = BreezeBrowser Pro
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DDC579-834B-4C14-8122-853994FA2214}" = NikonCapture
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JRAID
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4dd83a18-e502-461e-adfb-a458bd25e45d}" = PS_SF_03_D5400_Software_Min
"{581cae33-36d4-41e1-9673-bceb97763864}" = PS_SF_03_D5400_Software
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B683A28-2172-4CF1-B85D-41375E80652A}" = Acronis True Image WD*Edition
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}" = Nikon View 6
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2006
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAE390A5-2864-46b6-BC80-A656A2068CB4}" = HP Photosmart D5400 Printer Driver Software 10.0 Rel .3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1" = Sothink FLV Player
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{F86B6D9F-FA9A-4164-A66A-EAFF7C067272}_is1" = Sothink Video Encoder for Adobe Flash
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Advanced Renamer_is1" = Advanced Renamer
"Audacity 1.3 Beta_is1" = Audacity 1.3.5
"AutoCAD 2000 Uninstall" = AutoCAD 2000
"AviSynth" = AviSynth 2.5
"BookSmart® 2.5.1 2.5.1" = BookSmart® 2.5.1 2.5.1
"Capture NX" = Capture NX
"Capture NX 2" = Capture NX 2
"CDex" = CDex - Open Source Digital Audio CD Extractor
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Color Efex Pro 3.0 Wacom Edition 6" = Color Efex Pro 3.0 Wacom Edition 6
"Cortona® VRML Client" = Cortona® VRML Client
"DOFMaster" = DOFMaster
"DriverCleanerDotNET" = DH Driver Cleaner.NET
"EPSON Scanner" = EPSON Scan
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"Google Updater" = Google Updater
"GoPro CineForm Studio" = GoPro CineForm Studio 1.1.0
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LP Recorder" = LP Recorder
"LP Ripper" = LP Ripper
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyPublisher BookMaker" = MyPublisher BookMaker
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Opanda IExif_is1" = Opanda IExif 2.3
"Opanda PowerExif Professional Trial_is1" = Opanda PowerExif 1.2 Professional Trial
"Photo Mechanic 4.5" = Photo Mechanic 4.5
"Photo Mechanic 4.6" = Photo Mechanic 4.6
"Photo Mechanic 4.6.1" = Photo Mechanic 4.6.1
"Photodex Presenter" = Photodex Presenter
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"PremElem90" = Adobe Premiere Elements 9
"Primatte PS" = Primatte
"ProShow Gold" = ProShow Gold
"Shop for HP Supplies" = Shop for HP Supplies
"Silent Package Run-Time Sample" = EPSON Perf V700-V750 Guide
"SilverFast Epson_is1" = SilverFast Epson
"virtualPhotographer_is1" = virtualPhotographer 1.5.6
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/27/2012 11:54:54 AM | Computer Name = VENTURE2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ieframe.dll, version 8.0.6001.19258, fault address 0x00125bd3.

Error - 6/28/2012 2:57:29 AM | Computer Name = VENTURE2 | Source = Bonjour Service | ID = 100
Description = mDNSPoll:263 - WaitForMultipleObjects() failed: 1450

Error - 6/29/2012 2:01:44 PM | Computer Name = VENTURE2 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.53.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 6/30/2012 10:02:17 AM | Computer Name = VENTURE2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 6/30/2012 10:02:19 AM | Computer Name = VENTURE2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/30/2012 10:02:27 AM | Computer Name = VENTURE2 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 6/30/2012 10:02:27 AM | Computer Name = VENTURE2 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 6/30/2012 10:02:27 AM | Computer Name = VENTURE2 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 6/30/2012 10:02:27 AM | Computer Name = VENTURE2 | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 6/30/2012 10:02:27 AM | Computer Name = VENTURE2 | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 6/30/2012 10:02:27 AM | Computer Name = VENTURE2 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 6/30/2012 10:02:27 AM | Computer Name = VENTURE2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip WS2IFSL

Error - 6/30/2012 11:34:47 AM | Computer Name = VENTURE2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

 

Yes, back now. Sorry to take so long responding. Will be able to get scans done in the next few days. Thanks for your help so far.