I've read through a few threads in which you guys have helped other users eradicate their malware, and all I can say is WOW! Great stuff! Hopefully you can help me too.

I've noticed lately that, when using Google to search the internet, it frequently redirects the 'target' to another search or a site offering similar info. I believe this started after downloading some 'free' codecs (a big mistake, I now realize!).

As requested, here's a copy of my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:31:00 PM, on 11/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\viewport.exe
C:\WINDOWS\Mixer.exe
C:\PROGRAM FILES\SCANJET\PrecisionScanPro\HPLamp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\MMTray.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionViewport] viewport.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HP Lamp] C:\PROGRAM FILES\SCANJET\PrecisionScanPro\HPLamp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdizh.exe] C:\WINDOWS\system32\kdizh.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218690370859
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe

--
End of file - 6267 bytes

Hello and Welcome to the forums!

My name is peku006and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:


If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Please continue to respond until I give you the "All Clear"

If you follow these instructions, everything should go smoothly.

1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:

Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:

C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - download and run RSIT

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

3 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log
description of any problems you are having with your PC

Thanks peku006

Hi Peku006 - thanks for the help so far!

I forgot to mention in my initial post that I also have a USB hard drive; the initial log from HJT does not include the log from the USB drive. I seem to be having problems with the USB hard drive - it won't stay on long enough to complete any sort of virus or malware scan. So for now, I'll leave it off and hope for the best until I can figure out what the problem is with that drive and fix it. But that is the reason for my delay in replying to this thread.

OK, here are the logs you've requested:

RSIT Log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Mark at 2008-11-24 19:39:08
Microsoft Windows XP Professional Service Pack 2
System drive C: has 145 GB (76%) free of 191 GB
Total RAM: 1023 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:25 PM, on 11/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\viewport.exe
C:\WINDOWS\Mixer.exe
C:\PROGRAM FILES\SCANJET\PrecisionScanPro\HPLamp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\MMTray.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mark\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mark.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionViewport] viewport.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HP Lamp] C:\PROGRAM FILES\SCANJET\PrecisionScanPro\HPLamp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdizh.exe] C:\WINDOWS\system32\kdizh.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218690370859
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c94acba94c51dc) (gupdate1c94acba94c51dc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe

--
End of file - 6943 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-14 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39EA7695-B3F2-4C44-A4BC-297ADA8FD235}]
Sophos Web Content Scanner - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll [2008-11-19 240696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-29 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll [2008-11-14 1667072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"=C:\WINDOWS\system32\atiptaxx.exe [2001-10-26 270336]
"HydarVisionDesktopManager"= []
"HydraVisionViewport"=C:\WINDOWS\system32\viewport.exe [2001-08-20 466944]
"C-Media Mixer"=Mixer.exe /startup []
"HP Lamp"=C:\PROGRAM FILES\SCANJET\PrecisionScanPro\HPLamp.exe [1998-07-16 42496]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-05 29744]
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"C:\WINDOWS\system32\kdizh.exe"=C:\WINDOWS\system32\kdizh.exe []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"MMTray"=C:\WINDOWS\system32\MMTray.exe [2001-11-08 53248]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"= []
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-08-11 21741864]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-21 61440]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SAVService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======List of files/folders created in the last 2 months======

2008-11-24 19:39:08 ----D---- C:\rsit
2008-11-21 18:23:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-19 20:14:07 ----D---- C:\Program Files\Trend Micro
2008-11-19 16:40:16 ----D---- C:\Documents and Settings\Mark\Application Data\Malwarebytes
2008-11-19 16:40:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-17 14:24:22 ----A---- C:\WINDOWS\huffyuv.ini
2008-11-17 11:52:55 ----D---- C:\Program Files\Exterminate It!
2008-11-17 11:47:42 ----D---- C:\fixwareout
2008-11-14 09:35:17 ----A---- C:\logfile.txt
2008-11-14 09:33:08 ----D---- C:\WINDOWS\CSC
2008-11-14 09:33:01 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-13 21:20:07 ----A---- C:\WINDOWS\M3JPEG.INI
2008-11-13 21:19:49 ----A---- C:\WINDOWS\system32\MMTray.exe
2008-11-13 21:19:49 ----A---- C:\WINDOWS\system32\MMIJG32.dll
2008-11-13 21:19:46 ----D---- C:\Program Files\Morgan
2008-11-13 21:01:53 ----D---- C:\Program Files\Ulead Systems
2008-11-13 19:45:02 ----D---- C:\Program Files\iPod
2008-11-13 19:44:59 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-13 03:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 03:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-12 18:23:18 ----D---- C:\WINDOWS\Downloaded Installations
2008-11-12 18:01:26 ----D---- C:\Program Files\QuickTime
2008-11-12 17:49:22 ----D---- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-11-07 22:15:42 ----D---- C:\Program Files\Avery
2008-10-24 09:50:47 ----D---- C:\Documents and Settings\Mark\Application Data\BitTorrent
2008-10-24 09:48:44 ----D---- C:\Program Files\BitTorrent
2008-10-23 22:38:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-23 16:38:11 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-22 20:53:14 ----D---- C:\Program Files\iTunes
2008-10-15 22:49:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 22:48:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 22:48:47 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 22:48:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 22:48:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-15 22:47:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-30 06:19:50 ----A---- C:\WINDOWS\system32\sdccoinstaller.dll

======List of files/folders modified in the last 2 months======

2008-11-24 19:38:32 ----D---- C:\WINDOWS\Prefetch
2008-11-24 19:37:13 ----D---- C:\Program Files\Mozilla Firefox
2008-11-24 19:36:25 ----D---- C:\Documents and Settings\Mark\Application Data\Skype
2008-11-24 19:35:20 ----D---- C:\Documents and Settings\Mark\Application Data\skypePM
2008-11-24 19:35:02 ----D---- C:\WINDOWS\Temp
2008-11-24 19:33:43 ----D---- C:\WINDOWS\system32\drivers
2008-11-24 19:33:43 ----D---- C:\WINDOWS\system32
2008-11-24 19:32:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-24 16:30:33 ----D---- C:\WINDOWS
2008-11-24 15:50:02 ----A---- C:\WINDOWS\ODBC.INI
2008-11-23 08:49:43 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-11-22 20:33:39 ----HD---- C:\WINDOWS\inf
2008-11-22 18:48:29 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-21 18:23:28 ----RD---- C:\Program Files
2008-11-21 10:22:00 ----A---- C:\WINDOWS\CMMIXER.INI
2008-11-21 10:21:21 ----A---- C:\WINDOWS\mixerdef.ini
2008-11-20 18:28:50 ----A---- C:\WINDOWS\ULead32.ini
2008-11-20 18:26:19 ----A---- C:\WINDOWS\msdevctl.ini
2008-11-20 14:52:54 ----SHD---- C:\WINDOWS\Installer
2008-11-20 14:52:50 ----D---- C:\Program Files\Google
2008-11-19 20:51:34 ----SD---- C:\WINDOWS\Tasks
2008-11-19 19:47:53 ----D---- C:\Documents and Settings\Mark\Application Data\WinFF
2008-11-16 15:19:26 ----D---- C:\Documents and Settings\Mark\Application Data\AdobeUM
2008-11-16 15:07:05 ----A---- C:\WINDOWS\AviSplitter.INI
2008-11-15 07:12:57 ----D---- C:\WINDOWS\system32\Macromed
2008-11-14 10:52:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-13 19:47:45 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-11-13 19:43:52 ----D---- C:\Program Files\Common Files\Apple
2008-11-13 10:14:39 ----D---- C:\Program Files\RealFlightG3
2008-11-13 09:44:35 ----D---- C:\Program Files\Blaze Media Pro
2008-11-13 03:01:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-13 03:01:14 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 03:01:11 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 03:00:47 ----D---- C:\WINDOWS\WinSxS
2008-11-12 21:08:10 ----RSD---- C:\WINDOWS\Fonts
2008-11-12 20:51:48 ----D---- C:\Temp
2008-11-12 20:51:18 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-10 15:46:05 ----D---- C:\Program Files\Winsim
2008-11-03 13:23:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-29 06:23:15 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-29 06:23:15 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-22 20:50:14 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-15 22:48:05 ----D---- C:\Program Files\Internet Explorer
2008-10-15 08:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-10 08:48:54 ----A---- C:\WINDOWS\hpccopy.INI
2008-10-09 10:14:57 ----A---- C:\WINDOWS\nero.INI
2008-09-30 06:17:20 ----A---- C:\WINDOWS\system32\sophosboottasks.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 SAVOnAccessControl;SAVOnAccessControl; C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2008-09-30 104704]
R1 SAVOnAccessFilter;SAVOnAccessFilter; C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2008-09-30 35584]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-22 23936]
R2 CINEMSUP;Software Cinemaster NT4.0 Driver; C:\WINDOWS\SYSTEM32\DRIVERS\CINEMSUP.SYS [2001-10-01 6144]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2001-10-26 349184]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SiSV;SiSV; C:\WINDOWS\system32\DRIVERS\SiSV.sys [2001-08-17 50432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S2 ATITUNEP;ATI WDM TV Tuner; C:\WINDOWS\system32\DRIVERS\atintuxx.sys [2001-10-26 35952]
S2 ATIXSAudio;ATI WDM TV Audio Crossbar; C:\WINDOWS\system32\DRIVERS\atinxsxx.sys [2001-10-26 32752]
S2 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2001-10-26 11280]
S2 NAVAPEL;NAVAPEL; \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS []
S2 PCDCODEC;ATI WDM Specialized PCD Codec; C:\WINDOWS\system32\DRIVERS\atinpdxx.sys [2001-10-26 11760]
S3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2001-10-26 65024]
S3 ativraxx;ATI WDM Rage Theater Audio; C:\WINDOWS\system32\DRIVERS\atinraxx.sys [2001-10-26 32848]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
S3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-03-08 8320]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NAVAP;NAVAP; \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys []
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080919.007\NAVENG.sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080919.007\NAVEX15.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 Ndisprot;ArcNet NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\Ndisprot.sys []
S3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 SophosBootDriver;SophosBootDriver; C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys [2008-09-30 14976]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-29 168432]
R2 SAVAdminService;Sophos Anti-Virus status reporter; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2008-10-23 69632]
R2 SAVService;Sophos Anti-Virus; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [2008-09-30 98304]
R2 Sophos Agent;Sophos Agent; C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe [2008-10-23 266240]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [2008-09-30 172032]
R2 Sophos Message Router;Sophos Message Router; C:\Program Files\Sophos\Remote Management System\RouterNT.exe [2008-10-23 794624]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 gupdate1c94acba94c51dc;Google Update Service (gupdate1c94acba94c51dc); C:\Program Files\Google\Update\GoogleUpdate.exe [2008-11-19 133104]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-05 29744]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

And the Malwarebytes' log file:

Malwarebytes' Anti-Malware 1.30
Database version: 1421
Windows 5.1.2600 Service Pack 2

11/24/2008 7:32:30 PM
mbam-log-2008-11-24 (19-32-30).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 219965
Time elapsed: 1 hour(s), 56 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{1C64E302-10B3-43ED-A238-EC05B007DE7A}\RP110\A0054286.sys (Trojan.Downloader) -> Quarantined and deleted successfully.
-----------------------------------------------------------

Specific problems I've encountered are the re-direct of search results to another search engine or web site, and also an error that Google (my default search engine) gets stuck in a 'redirect loop', so that it won't even load Google's web site. I can see the Firefox browser flipping between Google.ca and Google.com quickly before I get this error message in my Firefox window:

-------------------------------
Redirect Loop

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

The browser has stopped trying to retrieve the requested item. The site is redirecting the request in a way that will never complete.

* Have you disabled or blocked cookies required by this site?
* NOTE: If accepting the site's cookies does not resolve the problem, it is likely a server configuration issue and not your computer.
----------------------------------

Thanks!
Mantraguy

Hi mantraguy

OTScanIt

Please download OTScanIt.exe (http://download.bleepingcomputer.com/oldtimer/OTScanIt.exe) from Bleeping Computer by OldTimer and save it to your desktop.
Double click on OTScanIt.exe to run it.
Click on Extract. Once done, you will be prompted. Click OK and click Close.
Double click on the OTScanIt folder. Double click on OTScanIt.exe to run it.
Under Drivers section, select Non-Microsoft.
Click on the Run Scan button at the top left hand corner.
OTScanIt will start running. Once done, Notepad will open. Please post the contents of this Notepad file in your next reply.

Thanks peku006

OK - done. Here's the OTScanIt.txt file contents:



OTScanIt logfile created on: 11/25/2008 10:01:50 PM
OTScanIt by OldTimer - Version 1.0.19.0 Folder = C:\Temp\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.47 Mb Total Physical Memory | 545.45 Mb Available Physical Memory | 53.29% Memory free
2.41 Gb Paging File | 2.10 Gb Available in Paging File | 87.46% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 141.94 Gb Free Space | 76.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 298.08 Gb Total Space | 149.97 Gb Free Space | 50.31% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOP
Current User Name: Mark
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

[Processes - Non-Microsoft Only]
savservice.exe -> %ProgramFiles%\Sophos\Sophos Anti-Virus\SavService.exe -> Sophos Plc [Ver = 1.0.0.3921 | Size = 98304 bytes | Modified Date = 9/30/2008 6:16:57 AM | Attr = ]
savadminservice.exe -> %ProgramFiles%\Sophos\Sophos Anti-Virus\SAVAdminService.exe -> Sophos Plc [Ver = 1.0.0.3930 | Size = 69632 bytes | Modified Date = 10/23/2008 7:56:52 AM | Attr = ]
managementagentnt.exe -> %ProgramFiles%\Sophos\Remote Management System\ManagementAgentNT.exe -> Sophos Plc [Ver = 3,0,9,1742 | Size = 266240 bytes | Modified Date = 10/23/2008 7:55:27 AM | Attr = ]
alsvc.exe -> %ProgramFiles%\Sophos\AutoUpdate\ALsvc.exe -> Sophos Plc [Ver = 3.7.21.172 | Size = 172032 bytes | Modified Date = 9/30/2008 6:18:47 AM | Attr = ]
routernt.exe -> %ProgramFiles%\Sophos\Remote Management System\RouterNT.exe -> Sophos Plc [Ver = 3,0,9,1742 | Size = 794624 bytes | Modified Date = 10/23/2008 7:55:52 AM | Attr = ]
atiptaxx.exe -> %SystemRoot%\system32\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.13.2524 | Size = 270336 bytes | Modified Date = 10/26/2001 9:32:54 PM | Attr = ]
mixer.exe -> %SystemRoot%\mixer.exe -> C-Media Electronic Inc. (www.cmedia.com.tw) [Ver = 1.58 | Size = 1818624 bytes | Modified Date = 10/15/2002 5:00:20 PM | Attr = ]
hplamp.exe -> %ProgramFiles%\SCANJET\PrecisionScanPro\HPLamp.exe -> [Ver = | Size = 42496 bytes | Modified Date = 7/16/1998 | Attr = ]
mmtray.exe -> %SystemRoot%\system32\MMTray.exe -> Morgan Multimedia [Ver = 3, 0, 0, 1 | Size = 53248 bytes | Modified Date = 11/8/2001 4:19:16 PM | Attr = ]
skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.8.0.154 | Size = 21741864 bytes | Modified Date = 8/11/2008 4:46:50 PM | Attr = R ]
almon.exe -> %ProgramFiles%\Sophos\AutoUpdate\ALMon.exe -> Sophos Plc [Ver = 3.10.54.138 | Size = 245760 bytes | Modified Date = 8/10/2007 1:09:30 AM | Attr = ]
skypepm.exe -> %ProgramFiles%\Skype\Plugin Manager\skypePM.exe -> Skype Technologies [Ver = 2.0.0.58 | Size = 76744 bytes | Modified Date = 8/11/2008 4:46:50 PM | Attr = R ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.9.0.4 | Size = 307712 bytes | Modified Date = 10/31/2008 12:55:59 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(SAVAdminService) Sophos Anti-Virus status reporter [Win32_Own | Unknown | Running] -> %ProgramFiles%\Sophos\Sophos Anti-Virus\SAVAdminService.exe -> Sophos Plc [Ver = 1.0.0.3930 | Size = 69632 bytes | Modified Date = 10/23/2008 7:56:52 AM | Attr = ]
(SAVService) Sophos Anti-Virus [Win32_Own | Unknown | Running] -> %ProgramFiles%\Sophos\Sophos Anti-Virus\SavService.exe -> Sophos Plc [Ver = 1.0.0.3921 | Size = 98304 bytes | Modified Date = 9/30/2008 6:16:57 AM | Attr = ]
(Sophos Agent) Sophos Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Sophos\Remote Management System\ManagementAgentNT.exe -> Sophos Plc [Ver = 3,0,9,1742 | Size = 266240 bytes | Modified Date = 10/23/2008 7:55:27 AM | Attr = ]
(Sophos AutoUpdate Service) Sophos AutoUpdate Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Sophos\AutoUpdate\ALsvc.exe -> Sophos Plc [Ver = 3.7.21.172 | Size = 172032 bytes | Modified Date = 9/30/2008 6:18:47 AM | Attr = ]
(Sophos Message Router) Sophos Message Router [Win32_Own | Auto | Running] -> %ProgramFiles%\Sophos\Remote Management System\RouterNT.exe -> Sophos Plc [Ver = 3,0,9,1742 | Size = 794624 bytes | Modified Date = 10/23/2008 7:55:52 AM | Attr = ]

[Driver Services - Non-Microsoft Only]
(Aspi32) Aspi32 [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\aspi32.sys -> Adaptec [Ver = 4.57 (1008) | Size = 23936 bytes | Modified Date = 12/22/1997 5:02:46 PM | Attr = ]
(atinrvxx) ATI WDM Rage Theater Video [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\atinrvxx.sys -> [Ver = | Size = 65024 bytes | Modified Date = 10/26/2001 7:47:30 PM | Attr = ]
(ATITUNEP) ATI WDM TV Tuner [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\atintuxx.sys -> [Ver = | Size = 35952 bytes | Modified Date = 10/26/2001 7:46:22 PM | Attr = ]
(ativraxx) ATI WDM Rage Theater Audio [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\atinraxx.sys -> [Ver = | Size = 32848 bytes | Modified Date = 10/26/2001 7:49:22 PM | Attr = ]
(ATIXSAudio) ATI WDM TV Audio Crossbar [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\atinxsxx.sys -> [Ver = | Size = 32752 bytes | Modified Date = 10/26/2001 7:50:02 PM | Attr = ]
(CINEMSUP) Software Cinemaster NT4.0 Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\cinemsup.sys -> Ravisent Technologies, Inc. [Ver = 1.0.01.0006 | Size = 6144 bytes | Modified Date = 10/1/2001 2:29:22 PM | Attr = ]
(cmpci) C-Media PCI Audio Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\cmaudio.sys -> C-Media Inc [Ver = 5.12.01.0643 | Size = 377358 bytes | Modified Date = 11/18/2002 2:51:40 PM | Attr = ]
(grmnusb) grmnusb [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\grmnusb.sys -> GARMIN Corp. [Ver = 2, 2, 1, 0 | Size = 8320 bytes | Modified Date = 3/8/2007 4:18:00 PM | Attr = ]
(MVDCODEC) ATI WDM Specialized MVD Codec [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\atinmdxx.sys -> [Ver = | Size = 11280 bytes | Modified Date = 10/26/2001 7:49:30 PM | Attr = ]
(NAVAP) NAVAP [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys -> File not found
(NAVAPEL) NAVAPEL [Kernel | Auto | Stopped] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS -> File not found
(NAVENG) NAVENG [Kernel | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080919.007\NAVENG.sys -> File not found
(NAVEX15) NAVEX15 [Kernel | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080919.007\NAVEX15.sys -> File not found
(Ndisprot) ArcNet NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ndisprot.sys -> Windows (R) Codename Longhorn DDK provider [Ver = 6.0.6000.16386 built by: WinDDK | Size = 27904 bytes | Modified Date = 11/12/2008 8:58:37 PM | Attr = ]
(PCDCODEC) ATI WDM Specialized PCD Codec [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\atinpdxx.sys -> [Ver = | Size = 11760 bytes | Modified Date = 10/26/2001 7:49:38 PM | Attr = ]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 2:31:34 PM | Attr = ]
(SAVOnAccessControl) SAVOnAccessControl [File_System | System | Running] -> %SystemRoot%\system32\drivers\savonaccesscontrol.sys -> Sophos Plc [Ver = 3.8.1.255 | Size = 104704 bytes | Modified Date = 9/30/2008 6:17:40 AM | Attr = ]
(SAVOnAccessFilter) SAVOnAccessFilter [File_System | System | Running] -> %SystemRoot%\system32\drivers\savonaccessfilter.sys -> Sophos Plc [Ver = 3.8.1.255 | Size = 35584 bytes | Modified Date = 9/30/2008 6:17:36 AM | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 7/17/2004 7:36:38 AM | Attr = ]
(SophosBootDriver) SophosBootDriver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\SophosBootDriver.sys -> Sophos Plc [Ver = 1.0.0.101 | Size = 14976 bytes | Modified Date = 9/30/2008 6:17:45 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AtiPTA -> %SystemRoot%\system32\atiptaxx.exe [atiptaxx.exe] -> ATI Technologies, Inc. [Ver = 6.13.2524 | Size = 270336 bytes | Modified Date = 10/26/2001 9:32:54 PM | Attr = ]
C:\WINDOWS\system32\kdizh.exe -> %SystemRoot%\system32\kdizh.exe [C:\WINDOWS\system32\kdizh.exe] -> File not found
C-Media Mixer -> %SystemRoot%\mixer.exe [Mixer.exe /startup] -> C-Media Electronic Inc. (www.cmedia.com.tw) [Ver = 1.58 | Size = 1818624 bytes | Modified Date = 10/15/2002 5:00:20 PM | Attr = ]
Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> Google [Ver = 5.7.806.10245 | Size = 29744 bytes | Modified Date = 9/5/2008 7:57:44 AM | Attr = ]
HP Lamp -> %ProgramFiles%\SCANJET\PrecisionScanPro\HPLamp.exe [C:\PROGRAM FILES\SCANJET\PrecisionScanPro\HPLamp.exe] -> [Ver = | Size = 42496 bytes | Modified Date = 7/16/1998 | Attr = ]
HydarVisionDesktopManager -> [] -> File not found
HydraVisionViewport -> %SystemRoot%\system32\ViewPort.exe [viewport.exe] -> ATI Technologies Inc. [Ver = 2.50.00.0018 | Size = 466944 bytes | Modified Date = 8/20/2001 8:30:00 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 8.0.1.11 | Size = 289576 bytes | Modified Date = 10/1/2008 6:57:12 PM | Attr = ]
MMTray -> %SystemRoot%\system32\MMTray.exe [MMTray.exe] -> Morgan Multimedia [Ver = 3, 0, 0, 1 | Size = 53248 bytes | Modified Date = 11/8/2001 4:19:16 PM | Attr = ]
NeroCheck -> %SystemRoot%\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 1:50:42 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.5.5 (990.7) | Size = 413696 bytes | Modified Date = 9/6/2008 3:09:14 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 3:27:04 AM | Attr = ]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ATI Launchpad -> [] -> File not found
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe ["C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> Skype Technologies S.A. [Ver = 3.8.0.154 | Size = 21741864 bytes | Modified Date = 8/11/2008 4:46:50 PM | Attr = R ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk -> %ProgramFiles%\Sophos\AutoUpdate\ALMon.exe -> Sophos Plc [Ver = 3.10.54.138 | Size = 245760 bytes | Modified Date = 8/10/2007 1:09:30 AM | Attr = ]
< Mark Startup Folder > -> C:\Documents and Settings\Mark\Start Menu\Programs\Startup ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> Google [Ver = 5.7.806.10245 | Size = 113664 bytes | Modified Date = 9/5/2008 7:57:52 AM | Attr = ]
C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL -> %ProgramFiles%\Sophos\Sophos Anti-Virus\sophos_detoured.dll -> Sophos Plc [Ver = 1.0.0.3770 | Size = 173056 bytes | Modified Date = 9/20/2008 11:37:37 AM | Attr = ]
*MultiFile Done* -> ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/3/2004 8:56:50 PM | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/3/2004 8:56:58 PM | Attr = ]
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/3/2004 8:56:52 PM | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 8384000 bytes | Modified Date = 8/3/2004 8:56:46 PM | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/3/2004 8:56:58 PM | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 61440 bytes | Modified Date = 2/21/2006 7:40:30 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found. -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
Reg Error: Key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> ->
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/3/2004 6:59:54 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
< Drives with AutoRun files > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 8/13/2008 8:57:15 PM | Attr = ]
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/keyword/%s[gogl] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.0.2003051500 | Size = 50376 bytes | Modified Date = 5/14/2003 11:47:54 PM | Attr = ]
{39EA7695-B3F2-4C44-A4BC-297ADA8FD235} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Sophos\Sophos Anti-Virus\SophosBHO.dll [Sophos Web Content Scanner] -> Sophos Plc [Ver = 2.4.2.3941 | Size = 240696 bytes | Modified Date = 11/19/2008 6:13:45 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 3:27:02 AM | Attr = ]
{AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [AcroIEToolbarHelper Class] -> [Ver = | Size = 147456 bytes | Modified Date = 5/15/2003 12:03:46 AM | Attr = ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 4, 1, 805, 4472 | Size = 652784 bytes | Modified Date = 10/29/2008 8:06:17 PM | Attr = ]
{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll [Google Gears Helper] -> Google Inc. [Ver = 0.5.4.0 | Size = 1667072 bytes | Modified Date = 11/14/2008 10:30:38 AM | Attr = ]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [Ver = | Size = 147456 bytes | Modified Date = 5/15/2003 12:03:46 AM | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [Ver = | Size = 147456 bytes | Modified Date = 5/15/2003 12:03:46 AM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [Ver = | Size = 147456 bytes | Modified Date = 5/15/2003 12:03:46 AM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 3:27:02 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 3:27:02 AM | Attr = ]
{09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5}:{0B4350D1-055F-47A3-B112-5F2F2B0D6F08} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll [&Gears Settings] -> Google Inc. [Ver = 0.5.4.0 | Size = 1667072 bytes | Modified Date = 11/14/2008 10:30:38 AM | Attr = ]
{44226DFF-747E-4edc-B30C-78752E50CD0C}:BandCLSID -> %ProgramFiles%\ATI Multimedia\TV\EXPLBAR.DLL [ATI TV] -> ATI Technologies Inc. [Ver = 7.5.003 | Size = 131072 bytes | Modified Date = 8/24/2001 7:27:34 AM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 3:27:02 AM | Attr = ]
CmdMapping\\{09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll [&Gears Settings] -> Google Inc. [Ver = 0.5.4.0 | Size = 1667072 bytes | Modified Date = 11/14/2008 10:30:38 AM | Attr = ]
CmdMapping\\{44226DFF-747E-4edc-B30C-78752E50CD0C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ATI Multimedia\TV\EXPLBAR.DLL [&ATI TV] -> ATI Technologies Inc. [Ver = 7.5.003 | Size = 131072 bytes | Modified Date = 8/24/2001 7:27:34 AM | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{1CA20587-94F4-4CEC-8B7E-139A304A5F4A} -> (1394 Net Adapter) ->
{88E7FFF5-0FD8-495F-A205-DADC3BF25373} -> () ->
{B817D263-0F44-4431-970E-BC0234B1C485} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 29, 0 | Size = 1942864 bytes | Modified Date = 8/11/2008 4:46:50 PM | Attr = R ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218690370859[MUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> ->



[Files/Folders - Created Within 30 days]
fixwareout -> %SystemDrive%\fixwareout -> [Folder | Created Date = 11/17/2008 11:47:42 AM | Attr = ]
rsit -> %SystemDrive%\rsit -> [Folder | Created Date = 11/24/2008 7:39:08 PM | Attr = ]
ndisprot.sys -> %SystemRoot%\System32\drivers\ndisprot.sys -> Windows (R) Codename Longhorn DDK provider [Ver = 6.0.6000.16386 built by: WinDDK | Size = 27904 bytes | Created Date = 11/12/2008 8:58:37 PM | Attr = ]
M3JPEGdec.ax -> %SystemRoot%\System32\M3JPEGdec.ax -> Morgan Multimedia [Ver = 3, 0, 0, 3 | Size = 62976 bytes | Created Date = 11/13/2008 9:19:49 PM | Attr = ]
M3JPEGenc.ax -> %SystemRoot%\System32\M3JPEGenc.ax -> Morgan Multimedia [Ver = 3, 0, 0, 3 | Size = 51200 bytes | Created Date = 11/13/2008 9:19:49 PM | Attr = ]
MMIJG32.dll -> %SystemRoot%\System32\MMIJG32.dll -> Morgan Multimedia [Ver = 1, 0, 0, 1 | Size = 224256 bytes | Created Date = 11/13/2008 9:19:49 PM | Attr = ]
MMTray.exe -> %SystemRoot%\System32\MMTray.exe -> Morgan Multimedia [Ver = 3, 0, 0, 1 | Size = 53248 bytes | Created Date = 11/13/2008 9:19:49 PM | Attr = ]
QuickTime.qtp -> %SystemRoot%\System32\QuickTime.qtp -> [Ver = | Size = 9599 bytes | Created Date = 11/12/2008 6:01:34 PM | Attr = ]
CSC -> %SystemRoot%\CSC -> [Folder | Created Date = 11/14/2008 9:33:08 AM | Attr = ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Created Date = 11/12/2008 6:23:18 PM | Attr = ]
huffyuv.ini -> %SystemRoot%\huffyuv.ini -> [Ver = | Size = 77 bytes | Created Date = 11/17/2008 2:24:22 PM | Attr = ]
M3JPEG.INI -> %SystemRoot%\M3JPEG.INI -> [Ver = | Size = 639 bytes | Created Date = 11/13/2008 9:20:07 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 11/12/2008 10:12:53 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 11/12/2008 10:12:53 PM | Attr = H ]

[Files/Folders - Modified Within 30 days]
PDOXUSRS.NET -> %SystemDrive%\PDOXUSRS.NET -> [Ver = | Size = 13030 bytes | Modified Date = 11/16/2008 10:32:40 PM | Attr = ]
ndisprot.sys -> %SystemRoot%\System32\drivers\ndisprot.sys -> Windows (R) Codename Longhorn DDK provider [Ver = 6.0.6000.16386 built by: WinDDK | Size = 27904 bytes | Modified Date = 11/12/2008 8:58:37 PM | Attr = ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [Ver = | Size = 1636 bytes | Modified Date = 11/20/2008 10:04:39 AM | Attr = ]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 211288 bytes | Modified Date = 11/8/2008 7:34:10 AM | Attr = ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 40836 bytes | Modified Date = 11/3/2008 1:23:18 PM | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 314508 bytes | Modified Date = 11/3/2008 1:23:18 PM | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 360124 bytes | Modified Date = 11/3/2008 1:23:18 PM | Attr = ]
QuickTime.qtp -> %SystemRoot%\System32\QuickTime.qtp -> [Ver = | Size = 9599 bytes | Modified Date = 11/12/2008 6:07:49 PM | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 11/24/2008 8:47:59 AM | Attr = ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
AviSplitter.INI -> %SystemRoot%\AviSplitter.INI -> [Ver = | Size = 38 bytes | Modified Date = 11/16/2008 3:07:05 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 11/25/2008 8:59:22 PM | Attr = S]
CMMIXER.INI -> %SystemRoot%\CMMIXER.INI -> [Ver = | Size = 101 bytes | Modified Date = 11/21/2008 10:22:00 AM | Attr = ]
huffyuv.ini -> %SystemRoot%\huffyuv.ini -> [Ver = | Size = 77 bytes | Modified Date = 11/17/2008 2:24:22 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 11/13/2008 3:01:11 AM | Attr = ]
M3JPEG.INI -> %SystemRoot%\M3JPEG.INI -> [Ver = | Size = 639 bytes | Modified Date = 11/22/2008 10:50:25 PM | Attr = ]
mixerdef.ini -> %SystemRoot%\mixerdef.ini -> [Ver = | Size = 92 bytes | Modified Date = 11/21/2008 10:21:21 AM | Attr = ]
msdevctl.ini -> %SystemRoot%\msdevctl.ini -> [Ver = | Size = 23 bytes | Modified Date = 11/20/2008 6:26:19 PM | Attr = ]
ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 2623 bytes | Modified Date = 11/24/2008 3:50:02 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 11/12/2008 10:12:53 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 11/13/2008 7:22:36 PM | Attr = H ]
ULead32.ini -> %SystemRoot%\ULead32.ini -> [Ver = | Size = 1260 bytes | Modified Date = 11/20/2008 6:28:50 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 11/22/2008 1:11:02 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 11/25/2008 8:59:34 PM | Attr = H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 8/13/2008 9:10:32 PM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5682 bytes | Modified Date = 11/21/2008 9:45:39 AM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4232 bytes | Modified Date = 11/21/2008 9:45:40 AM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 8/14/2008 11:37:46 AM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 8/14/2008 11:37:46 AM | Attr = ]
C:\Documents and Settings\Mark\Local Settings\Temp\crt\ -> C:\Documents and Settings\Mark\Local Settings\Temp\crt -> [Folder | Modified Date = 9/20/2008 11:34:34 AM | Attr = ]
avremove.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\crt\avremove.exe -> [Ver = 2.0.0 | Size = 19000 bytes | Modified Date = 4/14/2008 1:14:36 AM | Attr = ]
avremovew.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\crt\avremovew.exe -> [Ver = 2.0.0 | Size = 19512 bytes | Modified Date = 4/14/2008 1:14:36 AM | Attr = ]
w9xpopen.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\crt\w9xpopen.exe -> [Ver = | Size = 4608 bytes | Modified Date = 4/14/2008 1:14:36 AM | Attr = ]
C:\Documents and Settings\Mark\Local Settings\Temp\mia1\ -> C:\Documents and Settings\Mark\Local Settings\Temp\mia1 -> [Folder | Modified Date = 9/18/2008 8:13:26 AM | Attr = ]
atl.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\mia1\atl.exe -> Microsoft Corporation [Ver = 5.00.2516.1900 | Size = 142608 bytes | Modified Date = 6/2/1999 9:47:56 PM | Attr = ]
C:\Documents and Settings\Mark\Local Settings\Temp\{AC76BA86-1033-0000-BA7E-000000000001}\ -> C:\Documents and Settings\Mark\Local Settings\Temp\{AC76BA86-1033-0000-BA7E-000000000001} -> [Folder | Modified Date = 10/23/2008 3:36:00 PM | Attr = ]
asn.er.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\{AC76BA86-1033-0000-BA7E-000000000001}\asn.er.dll -> Adobe Systems Incorporated [Ver = 1.50x2, EndUser, Release | Size = 241664 bytes | Modified Date = 10/23/2008 6:07:00 PM | Attr = ]
C:\Documents and Settings\Mark\Local Settings\Temp\crt\ -> C:\Documents and Settings\Mark\Local Settings\Temp\crt -> [Folder | Modified Date = 9/20/2008 11:34:34 AM | Attr = ]
msvcr71.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\crt\msvcr71.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 8/1/2007 8:27:00 AM | Attr = ]
psapi.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\crt\psapi.dll -> Microsoft Corporation [Ver = 4.00 | Size = 18192 bytes | Modified Date = 4/14/2008 1:14:36 AM | Attr = ]
C:\Documents and Settings\Mark\Local Settings\Temp\mia1\ -> C:\Documents and Settings\Mark\Local Settings\Temp\mia1 -> [Folder | Modified Date = 9/18/2008 8:13:26 AM | Attr = ]
mDXExec.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\mia1\mDXExec.dll -> [Ver = | Size = 404992 bytes | Modified Date = 7/5/2008 4:52:18 PM | Attr = ]
mFileBagEXE.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\mia1\mFileBagEXE.dll -> [Ver = | Size = 97280 bytes | Modified Date = 7/5/2008 4:52:55 PM | Attr = ]
mMFCExec.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\mia1\mMFCExec.dll -> [Ver = | Size = 406528 bytes | Modified Date = 7/5/2008 4:52:24 PM | Attr = ]
mMSIExec.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\mia1\mMSIExec.dll -> [Ver = | Size = 433152 bytes | Modified Date = 7/5/2008 4:52:29 PM | Attr = ]
mVBExec.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\mia1\mVBExec.dll -> [Ver = | Size = 405504 bytes | Modified Date = 7/5/2008 4:52:31 PM | Attr = ]
mWinRunExec.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\mia1\mWinRunExec.dll -> [Ver = | Size = 407040 bytes | Modified Date = 7/5/2008 4:52:10 PM | Attr = ]
mWMFExec.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\mia1\mWMFExec.dll -> [Ver = | Size = 405504 bytes | Modified Date = 7/5/2008 4:52:26 PM | Attr = ]
C:\Documents and Settings\Mark\Local Settings\Temp\ -> C:\Documents and Settings\Mark\Local Settings\Temp -> [Folder | Modified Date = 11/25/2008 9:59:59 PM | Attr = ]
2921.dat -> C:\Documents and Settings\Mark\Local Settings\Temp\2921.dat -> [Ver = | Size = 43248 bytes | Modified Date = 11/17/2008 12:21:11 AM | Attr = ]
118 C:\Documents and Settings\Mark\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Mark\Local Settings\Temp\*.tmp ->
C:\Documents and Settings\Mark\Local Settings\Temp\crt\ -> C:\Documents and Settings\Mark\Local Settings\Temp\crt -> [Folder | Modified Date = 9/20/2008 11:34:34 AM | Attr = ]
manifest.dat -> C:\Documents and Settings\Mark\Local Settings\Temp\crt\manifest.dat -> [Ver = | Size = 3306 bytes | Modified Date = 4/14/2008 1:14:36 AM | Attr = ]
C:\WINDOWS\Temp\_ISTMP0.DIR\ -> C:\WINDOWS\Temp\_ISTMP0.DIR\ -> [Folder | Modified Date = 8/14/2008 6:48:00 AM | Attr = ]
UNINST.EXE -> C:\WINDOWS\Temp\_ISTMP0.DIR\UNINST.EXE -> Stirling Technologies, Inc. [Ver = 2.20.911.0 | Size = 283648 bytes | Modified Date = 1/9/1996 9:38:54 AM | Attr = ]
C:\WINDOWS\Temp\_ISTMP1.DIR\ -> C:\WINDOWS\Temp\_ISTMP1.DIR\ -> [Folder | Modified Date = 8/14/2008 6:48:13 AM | Attr = ]
UNINST.EXE -> C:\WINDOWS\Temp\_ISTMP1.DIR\UNINST.EXE -> Stirling Technologies, Inc. [Ver = 2.20.911.0 | Size = 283648 bytes | Modified Date = 1/9/1996 9:38:54 AM | Attr = ]
C:\WINDOWS\Temp\giscc0d1f\ -> C:\WINDOWS\Temp\giscc0d1f -> [Folder | Modified Date = 10/29/2008 8:06:19 PM | Attr = ]
GoogleUpdater.exe -> C:\WINDOWS\Temp\giscc0d1f\GoogleUpdater.exe -> Google [Ver = 2.4.1368.5602.beta | Size = 161264 bytes | Modified Date = 10/29/2008 8:06:09 PM | Attr = ]
GoogleUpdaterService.exe -> C:\WINDOWS\Temp\giscc0d1f\GoogleUpdaterService.exe -> Google [Ver = 2.4.1368.5602.beta | Size = 168432 bytes | Modified Date = 10/29/2008 8:06:09 PM | Attr = ]
C:\WINDOWS\Temp\giscc0d1f\2.4.1368.5602\ -> C:\WINDOWS\Temp\giscc0d1f\2.4.1368.5602 -> [Folder | Modified Date = 10/29/2008 8:06:09 PM | Attr = ]
GoogleUpdaterAdminPrefs.exe -> C:\WINDOWS\Temp\giscc0d1f\2.4.1368.5602\GoogleUpdaterAdminPrefs.exe -> Google [Ver = 2.4.1368.5602.beta | Size = 228336 bytes | Modified Date = 10/29/2008 8:06:08 PM | Attr = ]
GoogleUpdaterInstallMgr.exe -> C:\WINDOWS\Temp\giscc0d1f\2.4.1368.5602\GoogleUpdaterInstallMgr.exe -> Google [Ver = 2.4.1368.5602.beta | Size = 834032 bytes | Modified Date = 10/29/2008 8:06:08 PM | Attr = ]
GoogleUpdaterSetup.exe -> C:\WINDOWS\Temp\giscc0d1f\2.4.1368.5602\GoogleUpdaterSetup.exe -> Google Inc. [Ver = 2.4.1368.5602.beta | Size = 175600 bytes | Modified Date = 10/29/2008 8:06:09 PM | Attr = ]
C:\WINDOWS\Temp\sophos_autoupdate1.dir\ -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\ -> [Folder | Modified Date = 11/25/2008 9:00:24 PM | Attr = ]
ALUpdate.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\ALUpdate.exe -> Sophos Plc [Ver = 5.5.19.172 | Size = 655360 bytes | Modified Date = 9/30/2008 6:18:45 AM | Attr = ]
C:\WINDOWS\Temp\_ISTMP0.DIR\ -> C:\WINDOWS\Temp\_ISTMP0.DIR\ -> [Folder | Modified Date = 8/14/2008 6:48:00 AM | Attr = ]
853f5.DLL -> C:\WINDOWS\Temp\_ISTMP0.DIR\853f5.DLL -> Stirling Technologies, Inc. [Ver = 3.00.084.0 | Size = 90112 bytes | Modified Date = 1/22/1996 7:59:20 PM | Attr = ]
CTL3D32.DLL -> C:\WINDOWS\Temp\_ISTMP0.DIR\CTL3D32.DLL -> [Ver = | Size = 25068 bytes | Modified Date = 9/16/1994 1:00:00 PM | Attr = ]
CTL3D32S.DLL -> C:\WINDOWS\Temp\_ISTMP0.DIR\CTL3D32S.DLL -> Microsoft Corporation [Ver = 2.26.000 | Size = 26112 bytes | Modified Date = 9/16/1994 1:00:00 PM | Attr = ]
DSETUP.DLL -> C:\WINDOWS\Temp\_ISTMP0.DIR\DSETUP.DLL -> Microsoft Corporation [Ver = 4.06.00.0318 | Size = 127488 bytes | Modified Date = 7/29/1998 5:00:06 PM | Attr = ]
DSETUP16.DLL -> C:\WINDOWS\Temp\_ISTMP0.DIR\DSETUP16.DLL -> Microsoft Corporation [Ver = 4.06.00.0318 | Size = 63248 bytes | Modified Date = 7/29/1998 5:00:06 PM | Attr = ]
DSETUP32.DLL -> C:\WINDOWS\Temp\_ISTMP0.DIR\DSETUP32.DLL -> Microsoft Corporation [Ver = 4.06.00.0318 | Size = 51712 bytes | Modified Date = 7/29/1998 5:00:06 PM | Attr = ]
C:\WINDOWS\Temp\_ISTMP1.DIR\ -> C:\WINDOWS\Temp\_ISTMP1.DIR\ -> [Folder | Modified Date = 8/14/2008 6:48:13 AM | Attr = ]
887c6.DLL -> C:\WINDOWS\Temp\_ISTMP1.DIR\887c6.DLL -> Stirling Technologies, Inc. [Ver = 3.00.084.0 | Size = 90112 bytes | Modified Date = 1/22/1996 7:59:20 PM | Attr = ]
CTL3D32.DLL -> C:\WINDOWS\Temp\_ISTMP1.DIR\CTL3D32.DLL -> [Ver = | Size = 25068 bytes | Modified Date = 9/16/1994 1:00:00 PM | Attr = ]
CTL3D32S.DLL -> C:\WINDOWS\Temp\_ISTMP1.DIR\CTL3D32S.DLL -> Microsoft Corporation [Ver = 2.26.000 | Size = 26112 bytes | Modified Date = 9/16/1994 1:00:00 PM | Attr = ]
DSETUP.DLL -> C:\WINDOWS\Temp\_ISTMP1.DIR\DSETUP.DLL -> Microsoft Corporation [Ver = 4.06.00.0318 | Size = 127488 bytes | Modified Date = 7/29/1998 5:00:06 PM | Attr = ]
DSETUP16.DLL -> C:\WINDOWS\Temp\_ISTMP1.DIR\DSETUP16.DLL -> Microsoft Corporation [Ver = 4.06.00.0318 | Size = 63248 bytes | Modified Date = 7/29/1998 5:00:06 PM | Attr = ]
DSETUP32.DLL -> C:\WINDOWS\Temp\_ISTMP1.DIR\DSETUP32.DLL -> Microsoft Corporation [Ver = 4.06.00.0318 | Size = 51712 bytes | Modified Date = 7/29/1998 5:00:06 PM | Attr = ]
C:\WINDOWS\Temp\giscc0d1f\2.4.1368.5602\ -> C:\WINDOWS\Temp\giscc0d1f\2.4.1368.5602 -> [Folder | Modified Date = 10/29/2008 8:06:09 PM | Attr = ]
ci.dll -> C:\WINDOWS\Temp\giscc0d1f\2.4.1368.5602\ci.dll -> Google [Ver = 2.4.1368.5602.beta | Size = 1119232 bytes | Modified Date = 10/29/2008 8:06:08 PM | Attr = ]
cires.dll -> C:\WINDOWS\Temp\giscc0d1f\2.4.1368.5602\cires.dll -> [Ver = | Size = 94208 bytes | Modified Date = 10/29/2008 8:06:08 PM | Attr = ]
npCIDetect13.dll -> C:\WINDOWS\Temp\giscc0d1f\2.4.1368.5602\npCIDetect13.dll -> Google [Ver = 2.4.1368.5602.beta | Size = 94208 bytes | Modified Date = 10/29/2008 8:06:08 PM | Attr = ]
C:\WINDOWS\Temp\sophos_autoupdate1.dir\ -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\ -> [Folder | Modified Date = 11/25/2008 9:00:24 PM | Attr = ]
boost_date_time-vc71-mt-1_32.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\boost_date_time-vc71-mt-1_32.dll -> [Ver = | Size = 45056 bytes | Modified Date = 7/27/2007 12:09:02 PM | Attr = ]
ChannelUpdater.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\ChannelUpdater.dll -> Sophos Plc [Ver = 1.1.10.172 | Size = 172032 bytes | Modified Date = 9/30/2008 6:18:56 AM | Attr = ]
CidSync.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\CidSync.dll -> Sophos Plc [Ver = 3.2.3.131 | Size = 176128 bytes | Modified Date = 8/10/2007 1:09:34 AM | Attr = ]
crypto.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\crypto.dll -> [Ver = | Size = 20480 bytes | Modified Date = 7/27/2007 12:08:46 PM | Attr = ]
libcurl.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\libcurl.dll -> The cURL library, http://curl.haxx.se/ [Ver = 7.15.0 | Size = 159744 bytes | Modified Date = 7/27/2007 12:08:54 PM | Attr = ]
libeay32.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\libeay32.dll -> [Ver = | Size = 745472 bytes | Modified Date = 7/27/2007 12:09:16 PM | Attr = ]
MSVCP71.DLL -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\MSVCP71.DLL -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 7/27/2007 12:09:00 PM | Attr = ]
MSVCR71.DLL -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\MSVCR71.DLL -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 7/27/2007 12:08:50 PM | Attr = ]
retailer.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\retailer.dll -> Sophos Plc [Ver = 1.1.8.172 | Size = 208896 bytes | Modified Date = 9/30/2008 6:18:47 AM | Attr = ]
SharedRes.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\SharedRes.dll -> Sophos Plc [Ver = 1.4.38.166 | Size = 18432 bytes | Modified Date = 4/14/2008 1:14:36 AM | Attr = ]
xmlcpp.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\xmlcpp.dll -> [Ver = | Size = 14336 bytes | Modified Date = 7/27/2007 12:09:04 PM | Attr = ]
xmlparse.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\xmlparse.dll -> [Ver = | Size = 57344 bytes | Modified Date = 7/27/2007 12:08:54 PM | Attr = ]
xmltok.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\xmltok.dll -> [Ver = | Size = 73728 bytes | Modified Date = 7/27/2007 12:09:20 PM | Attr = ]
C:\WINDOWS\Temp\Cookies\ -> C:\WINDOWS\Temp\Cookies -> [Folder | Modified Date = 11/15/2008 1:11:04 PM | Attr = S]
index.dat -> C:\WINDOWS\Temp\Cookies\index.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/15/2008 1:11:03 PM | Attr = ]
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ -> [Folder | Modified Date = 11/15/2008 1:11:04 PM | Attr = S]
index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 11/15/2008 1:11:05 PM | Attr = ]
C:\WINDOWS\Temp\sophos_autoupdate1.dir\ -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\ -> [Folder | Modified Date = 11/25/2008 9:00:24 PM | Attr = ]
scf.dat -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\scf.dat -> [Ver = | Size = 2970 bytes | Modified Date = 9/30/2008 6:18:52 AM | Attr = ]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 11/15/2008 1:11:04 PM | Attr = S]
index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 11/15/2008 1:11:04 PM | Attr = ]
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ -> [Folder | Modified Date = 11/15/2008 1:11:04 PM | Attr = S]
desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini -> [Ver = | Size = 113 bytes | Modified Date = 11/15/2008 1:11:04 PM | Attr = HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 11/15/2008 1:11:04 PM | Attr = S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 11/15/2008 1:11:04 PM | Attr = HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\09UL454T\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\09UL454T -> [Folder | Modified Date = 11/15/2008 1:11:15 PM | Attr = S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\09UL454T\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 11/15/2008 1:11:04 PM | Attr = HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CTQV8L8P\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CTQV8L8P -> [Folder | Modified Date = 11/15/2008 1:11:17 PM | Attr = S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CTQV8L8P\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 11/15/2008 1:11:04 PM | Attr = HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\EHWX0X27\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\EHWX0X27 -> [Folder | Modified Date = 11/15/2008 1:11:15 PM | Attr = S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\EHWX0X27\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 11/15/2008 1:11:04 PM | Attr = HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SXG9O32H\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SXG9O32H -> [Folder | Modified Date = 11/15/2008 1:11:16 PM | Attr = S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SXG9O32H\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 11/15/2008 1:11:04 PM | Attr = HS]

< End of report >

Hi mantraguy

Start OTScanIt. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.


[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> C:\WINDOWS\system32\kdizh.exe -> %SystemRoot%\system32\kdizh.exe [C:\WINDOWS\system32\kdizh.exe]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > ->
YN -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
YN -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
YN -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm
YN -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
YN -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
YN -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
< Internet Explorer Settings [HKEY_CURRENT_USER\] > ->
YN -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm
[Files/Folders - Created Within 30 days]
NY -> fixwareout -> %SystemDrive%\fixwareout
NY -> rsit -> %SystemDrive%\rsit
[Files/Folders - Modified Within 30 days]
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

your HijackThis log doesn't look complete.

There are no IE start and Search pages set up: R0, R1, R2, R3

How To Set Your Browser's Home Page (http://websearch.about.com/od/internetresearch/a/customhomepage.htm)

Please reply with OTScanIt log along with a new HijackThis log.

Thanks Peku006,

I ran the OTScanIt code you posted, and it required a re-boot after completion so I did that. Here's the log file that appeared after the re-boot:

[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\C:\WINDOWS\system32\kdizh.exe deleted successfully.
File C:\WINDOWS\system32\kdizh.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page deleted successfully.
[Files/Folders - Created Within 30 days]
C:\fixwareout\FindT folder moved successfully.
C:\fixwareout folder moved successfully.
C:\rsit folder moved successfully.
[Files/Folders - Modified Within 30 days]
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
< End of fix log >
OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 11262008_080246

Files moved on Reboot...
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat moved successfully.

--------------------------------------------------------------------
My browser's home page is, and has always been, set to http://www.google.ca/. I just confirmed this and it has not been changed.

Here's a new Hijack This log:
--------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:48 AM, on 11/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\viewport.exe
C:\WINDOWS\Mixer.exe
C:\PROGRAM FILES\SCANJET\PrecisionScanPro\HPLamp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\MMTray.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionViewport] viewport.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HP Lamp] C:\PROGRAM FILES\SCANJET\PrecisionScanPro\HPLamp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218690370859
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c94acba94c51dc) (gupdate1c94acba94c51dc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe

--
End of file - 7061 bytes

There are no IE start and Search pages set up: R0, R1, R2, R3


I just realized that I checked my Firefox start page, not my IE start page. I regularly use Firefox instead of IE. However, my IE start page is also set to http://www.google.com/. Upon startup, IE also cycles quickly between trying to load google.com and google.ca, and does not load either - it gets stuck in a loop until I hit 'stop'.

typo :oops:

Hi mantraguy

I cannot see any sign that you are using a firewall. Are you using Windows XP Firewall?

Go to Start > Run
Type regedit and click OK.

On the leftside, click to highlight My Computer at the top.
Go up to "File > Export"
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put backup
Choose to save it to C:\ or in somewhere else safe location so that you will remember where you put it (don't put it on the Desktop!)
Click Save and then go to File > Exit.

Open Notepad and copy the contents of the following box to a new file.


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.google.com"

Save it as fix.reg (save type: "All files" (*.*)) to your desktop.

It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif

Go to Desktop, double-click fix.reg and merge the infomation with the registry.


After that, Reboot

Please reply with



a fresh HijackThis log
Is problem away ?

Thanks peku006

Yes, I have the Windows firewall enabled.

I've followed your instructions but the problem is still present. Here's the latest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:16:31 PM, on 11/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\viewport.exe
C:\WINDOWS\Mixer.exe
C:\PROGRAM FILES\SCANJET\PrecisionScanPro\HPLamp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\MMTray.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionViewport] viewport.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HP Lamp] C:\PROGRAM FILES\SCANJET\PrecisionScanPro\HPLamp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.0\gears.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218690370859
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c94acba94c51dc) (gupdate1c94acba94c51dc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe

--
End of file - 7027 bytes

Hi
I don't believe your issue is malware related.

I get this error message in my Firefox window

-------------------------------
Redirect Loop

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

The browser has stopped trying to retrieve the requested item. The site is redirecting the request in a way that will never complete.

* Have you disabled or blocked cookies required by this site?
* NOTE: If accepting the site's cookies does not resolve the problem, it is likely a server configuration issue and not your computer.

Firefox has detected that the server is redirecting the request for this address in a way that will never complete. (http://www.google.com/search?hl=fi&q=Firefox+has+detected+that+the+server+is+redirecting+the+request+for+this+address+in+a+way+that+will+never+complete.&btnG=Google-haku&lr=)

Please Clear the Browser cache and the cookies

How to Clear Your Browser's Cache (http://www.wikihow.com/Clear-Your-Browser%27s-Cache)
How to delete cookies (http://www.aboutcookies.org/Default.aspx?page=2)

and post back if it helped.

Thanks peku006

Hello!

Do you still need help

It has been three days since my last post.

Do you still need help with this?
Do you need more time?
Are you having problems following my instructions?

Note: If after 48hrs you have not replied to this thread then it will have to be CLOSED!

I've searched for fixes to this problem, but haven't found anything that works. It happens both in IE and in Firefox; clearing the cache and cookies did not help. In addition, I still get the re-direct from any search results page (ie from Yahoo etc.).

Hi

Please download OTViewIt (http://oldtimer.geekstogo.com/OTViewIt.exe) by OldTimer and save it to your Desktop.
Close all applications and windows.
Double-click on the OTViewIt.exeto start OTViewIt.
Place a checkmark in the blue-colored "Scan All Users" checkbox.
Click the blue Run Scan button.
OTViewIt will now start its scan.
When the scan is complete, two text files will be created, OTViewIt.Txt <- this one will be opened in Notepad and Extras.txt, on Desktop.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTViewIt.Txt and the Extras.txt to your post.

Thanks Peku006,

Here's the content of OTViewIt.txt:

OTViewIt logfile created on: 12/2/2008 10:25:09 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Mark\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.47 Mb Total Physical Memory | 621.53 Mb Available Physical Memory | 60.73% Memory free
2.41 Gb Paging File | 2.16 Gb Available in Paging File | 89.78% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 140.84 Gb Free Space | 75.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 298.08 Gb Total Space | 150.42 Gb Free Space | 50.46% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOP
Current User Name: Mark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/09/30 06:16:57 | 00,098,304 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/10/29 20:06:12 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2008/10/23 07:56:52 | 00,069,632 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
[2008/11/19 20:51:24 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[2008/10/23 07:55:27 | 00,266,240 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
[2008/09/30 06:18:47 | 00,172,032 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
[2008/10/23 07:55:52 | 00,794,624 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe
[2001/10/26 21:32:54 | 00,270,336 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\system32\atiptaxx.exe
[2001/08/20 20:30:00 | 00,466,944 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ViewPort.exe
[2002/10/15 17:00:20 | 01,818,624 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe
[1998/07/16 00:00:00 | 00,042,496 | ---- | M] () -- C:\Program Files\SCANJET\PrecisionScanPro\HPLamp.exe
[2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2001/11/08 16:19:16 | 00,053,248 | ---- | M] (Morgan Multimedia) -- C:\WINDOWS\system32\MMTray.exe
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2006/11/13 12:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[2008/08/11 16:46:50 | 21,741,864 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
[2007/08/10 01:09:30 | 00,245,760 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
[2006/11/13 12:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/07/18 21:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/08/11 16:46:50 | 00,076,744 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
[2008/12/02 22:24:12 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2008/09/05 07:57:44 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103 [On_Demand | Stopped])
[2008/11/19 20:51:24 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c94acba94c51dc [Auto | Stopped])
[2008/10/29 20:06:12 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/10/23 07:56:52 | 00,069,632 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService [Unknown | Running])
[2008/09/30 06:16:57 | 00,098,304 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService [Unknown | Running])
[2008/10/23 07:55:27 | 00,266,240 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent [Auto | Running])
[2008/09/30 06:18:47 | 00,172,032 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service [Auto | Running])
[2008/10/23 07:55:52 | 00,794,624 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router [Auto | Running])

========== Driver Services ==========

[1997/12/22 17:02:46 | 00,023,936 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running])
[2001/10/26 21:47:14 | 00,349,184 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2001/10/26 19:47:30 | 00,065,024 | ---- | M] () -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx [On_Demand | Stopped])
[2001/10/26 19:46:22 | 00,035,952 | ---- | M] () -- C:\WINDOWS\system32\drivers\atintuxx.sys -- (ATITUNEP [Auto | Stopped])
[2001/10/26 19:49:22 | 00,032,848 | ---- | M] () -- C:\WINDOWS\system32\drivers\atinraxx.sys -- (ativraxx [On_Demand | Stopped])
[2001/10/26 19:50:02 | 00,032,752 | ---- | M] () -- C:\WINDOWS\system32\drivers\atinxsxx.sys -- (ATIXSAudio [Auto | Stopped])
[2001/10/01 14:29:22 | 00,006,144 | ---- | M] (Ravisent Technologies, Inc.) -- C:\WINDOWS\system32\drivers\cinemsup.sys -- (CINEMSUP [Auto | Running])
[2002/11/18 14:51:40 | 00,377,358 | ---- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci [On_Demand | Running])
[2001/08/17 04:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk [On_Demand | Stopped])
[2001/08/17 04:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k [On_Demand | Stopped])
[2001/08/17 04:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1 [On_Demand | Stopped])
[2004/08/03 15:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2007/03/08 16:18:00 | 00,008,320 | ---- | M] (GARMIN Corp.) -- C:\WINDOWS\system32\drivers\grmnusb.sys -- (grmnusb [On_Demand | Stopped])
[2001/10/26 19:49:30 | 00,011,280 | ---- | M] () -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC [Auto | Stopped])
[2008/11/12 20:58:37 | 00,027,904 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\ndisprot.sys -- (Ndisprot [On_Demand | Stopped])
[2001/10/26 19:49:38 | 00,011,760 | ---- | M] () -- C:\WINDOWS\system32\drivers\atinpdxx.sys -- (PCDCODEC [Auto | Stopped])
[2001/08/23 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2004/08/03 14:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Running])
[2008/09/30 06:17:40 | 00,104,704 | ---- | M] (Sophos Plc) -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl [System | Running])
[2008/09/30 06:17:36 | 00,035,584 | ---- | M] (Sophos Plc) -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter [System | Running])
[2004/07/17 07:36:38 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2001/08/17 04:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman [On_Demand | Stopped])
[2001/08/17 04:50:56 | 00,050,432 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SiSV.sys -- (SiSV [On_Demand | Running])
[2008/09/30 06:17:45 | 00,014,976 | ---- | M] (Sophos Plc) -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver [Disabled | Stopped])
[2008/10/01 12:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2006/11/06 17:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.google.com
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-220523388-484061587-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.google.com
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-220523388-484061587-725345543-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s
"provider"=gogl

[HKEY_USERS\S-1-5-21-220523388-484061587-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-220523388-484061587-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{39EA7695-B3F2-4C44-A4BC-297ADA8FD235} (HKLM) -- C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} (HKLM) -- C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

[HKEY_USERS\S-1-5-21-220523388-484061587-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"=atiptaxx.exe (ATI Technologies, Inc.)
"C-Media Mixer"=Mixer.exe /startup (C-Media Electronic Inc. (www.cmedia.com.tw))
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
"HP Lamp"=C:\PROGRAM FILES\SCANJET\PrecisionScanPro\HPLamp.exe ()
"HydarVisionDesktopManager"= File not found
"HydraVisionViewport"=viewport.exe (ATI Technologies Inc.)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"MMTray"=MMTray.exe (Morgan Multimedia)
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"= File not found
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" (Microsoft Corporation)
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)

[HKEY_USERS\S-1-5-21-220523388-484061587-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"= File not found
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" (Microsoft Corporation)
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)

========== (O4) Startup Folders ==========

[2007/08/10 01:09:30 | 00,245,760 | ---- | M] (Sophos Plc) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-220523388-484061587-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2007/05/31 12:41:06 | 10,352,472 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-220523388-484061587-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2007/05/31 12:41:06 | 10,352,472 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5}: Menu: &Gears Settings -- %ProgramFiles%\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll [2008/11/29 16:27:46 | 01,667,072 | ---- | M] (Google Inc.)
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}: Button: Create Mobile Favorite -- %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [2006/11/13 12:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation)
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}: Menu: Create Mobile Favorite... -- %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [2006/11/13 12:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation)
{44226DFF-747E-4edc-B30C-78752E50CD0C}: Button: ATI TV -- %ProgramFiles%\ATI Multimedia\TV\EXPLBAR.DLL [2001/08/24 07:27:34 | 00,131,072 | ---- | M] (ATI Technologies Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/04 00:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/04 00:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} [HKLM] -> %ProgramFiles%\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll [&Gears Settings] -> [2008/11/29 16:27:46 | 01,667,072 | ---- | M] (Google Inc.)
CmdMapping\\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite] -> [2006/11/13 12:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite...] -> [2006/11/13 12:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation)
CmdMapping\\{44226DFF-747E-4edc-B30C-78752E50CD0C} [HKLM] -> %ProgramFiles%\ATI Multimedia\TV\EXPLBAR.DLL [&ATI TV] -> [2001/08/24 07:27:34 | 00,131,072 | ---- | M] (ATI Technologies Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 00:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 00:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 00:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-220523388-484061587-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} [HKLM] -> %ProgramFiles%\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll [&Gears Settings] -> [2008/11/29 16:27:46 | 01,667,072 | ---- | M] (Google Inc.)
CmdMapping\\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite] -> [2006/11/13 12:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite...] -> [2006/11/13 12:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation)
CmdMapping\\{44226DFF-747E-4edc-B30C-78752E50CD0C} [HKLM] -> %ProgramFiles%\ATI Multimedia\TV\EXPLBAR.DLL [&ATI TV] -> [2001/08/24 07:27:34 | 00,131,072 | ---- | M] (ATI Technologies Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 00:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218690370859 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07

========== (O17) DNS Name Servers ==========

{1CA20587-94F4-4CEC-8B7E-139A304A5F4A} (Servers: | Description: 1394 Net Adapter)
{88E7FFF5-0FD8-495F-A205-DADC3BF25373} (Servers: | Description: )
{B817D263-0F44-4431-970E-BC0234B1C485} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
>[2008/09/05 07:57:52 | 00,113,664 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
>[2008/09/20 11:37:37 | 00,173,056 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/08/13 20:57:15 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2008/12/02 22:24:01 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTViewIt.exe
[2008/11/26 21:07:46 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/11/26 21:07:15 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/11/26 21:07:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/11/26 21:05:20 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/11/26 21:03:18 | 00,000,000 | ---D | C] -- C:\Program Files\WinFF
[2008/11/26 20:58:56 | 03,549,587 | ---- | C] (WinFF.org ) -- C:\Documents and Settings\Mark\Desktop\WinFF-0.43-setup.exe
[2008/11/26 16:12:10 | 00,000,142 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\fix.reg
[2008/11/26 16:11:05 | 71,371,754 | ---- | C] () -- C:\backup.reg
[2008/11/26 08:02:46 | 00,000,000 | ---D | C] -- C:\_OTScanIt
[2008/11/25 21:12:11 | 00,576,581 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\OTScanIt.exe
[2008/11/24 19:38:15 | 00,305,705 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\RSIT.exe
[2008/11/21 18:23:32 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/11/21 18:23:32 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/21 18:23:29 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/11/21 18:23:28 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/11/21 18:22:40 | 02,372,472 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mark\Desktop\mbam-setup.exe
[2008/11/21 13:11:20 | 00,000,000 | ---D | C] -- F:\AAAStick
[2008/11/19 20:14:07 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/11/19 20:13:36 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Mark\Desktop\HJTInstall.exe
[2008/11/19 16:40:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Application Data\Malwarebytes
[2008/11/19 16:40:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/11/18 23:26:29 | 03,330,176 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\ACDC_Highway_To_Hell.mp3
[2008/11/18 23:24:31 | 04,679,145 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Thunderstruck.mp3
[2008/11/17 14:24:22 | 00,000,077 | ---- | C] () -- C:\WINDOWS\huffyuv.ini
[2008/11/17 11:52:55 | 00,000,000 | ---D | C] -- C:\Program Files\Exterminate It!
[2008/11/17 11:34:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Desktop\backups
[2008/11/14 10:42:50 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/11/14 09:33:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2008/11/13 22:28:41 | 00,000,724 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\OnTheRocks.dvp.lnk
[2008/11/13 21:20:07 | 00,000,639 | ---- | C] () -- C:\WINDOWS\M3JPEG.INI
[2008/11/13 21:19:49 | 00,224,256 | ---- | C] (Morgan Multimedia) -- C:\WINDOWS\System32\MMIJG32.dll
[2008/11/13 21:19:49 | 00,062,976 | ---- | C] (Morgan Multimedia) -- C:\WINDOWS\System32\M3JPEGdec.ax
[2008/11/13 21:19:49 | 00,053,248 | ---- | C] (Morgan Multimedia) -- C:\WINDOWS\System32\MMTray.exe
[2008/11/13 21:19:49 | 00,051,200 | ---- | C] (Morgan Multimedia) -- C:\WINDOWS\System32\M3JPEGenc.ax
[2008/11/13 21:19:46 | 00,000,000 | ---D | C] -- C:\Program Files\Morgan
[2008/11/13 21:01:53 | 00,000,000 | ---D | C] -- C:\Program Files\Ulead Systems
[2008/11/12 22:12:53 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/11/12 22:12:53 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/11/12 20:58:37 | 00,027,904 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ndisprot.sys
[2008/11/12 18:23:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2008/11/12 18:01:34 | 00,009,599 | ---- | C] () -- C:\WINDOWS\System32\QuickTime.qtp
[2008/11/12 18:01:26 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/11/12 17:49:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2008/11/12 14:19:19 | 00,453,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/11/12 08:40:31 | 00,019,968 | ---- | C] () -- F:\SmallEnvelope.doc
[2008/11/08 20:11:28 | 00,000,000 | R--D | C] -- F:\My Pictures
[2008/11/07 22:15:42 | 00,000,000 | ---D | C] -- C:\Program Files\Avery
[2008/11/07 22:01:30 | 24,585,544 | ---- | C] (Avery ) -- C:\Documents and Settings\Mark\Desktop\Avery Wizard 3.1.5.exe
[2008/11/07 14:56:30 | 00,000,000 | ---D | C] -- F:\Web
[2008/11/05 18:34:44 | 00,000,000 | ---D | C] -- F:\RC Planes

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/12/02 22:24:12 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTViewIt.exe
[2008/12/02 20:24:52 | 00,072,192 | ---- | M] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/02 20:24:43 | 00,000,639 | ---- | M] () -- C:\WINDOWS\M3JPEG.INI
[2008/12/02 20:07:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/02 20:06:51 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/02 20:06:48 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/01 22:39:11 | 00,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2008/12/01 13:26:42 | 00,002,623 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2008/12/01 11:07:57 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/11/29 17:36:01 | 00,000,040 | ---- | M] () -- C:\WINDOWS\nero.INI
[2008/11/29 13:11:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/11/27 09:35:26 | 00,000,712 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
[2008/11/26 23:04:22 | 00,001,258 | ---- | M] () -- C:\WINDOWS\ULead32.ini
[2008/11/26 21:12:57 | 00,000,023 | ---- | M] () -- C:\WINDOWS\msdevctl.ini
[2008/11/26 21:00:15 | 03,549,587 | ---- | M] (WinFF.org ) -- C:\Documents and Settings\Mark\Desktop\WinFF-0.43-setup.exe
[2008/11/26 16:12:10 | 00,000,142 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\fix.reg
[2008/11/26 16:11:17 | 71,371,754 | ---- | M] () -- C:\backup.reg
[2008/11/25 21:59:59 | 00,576,581 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\OTScanIt.exe
[2008/11/24 19:38:19 | 00,305,705 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\RSIT.exe
[2008/11/21 18:23:32 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/21 18:23:01 | 02,372,472 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mark\Desktop\mbam-setup.exe
[2008/11/21 10:22:00 | 00,000,101 | ---- | M] () -- C:\WINDOWS\CMMIXER.INI
[2008/11/21 10:21:21 | 00,000,092 | ---- | M] () -- C:\WINDOWS\mixerdef.ini
[2008/11/20 10:04:39 | 00,001,636 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/11/19 20:13:45 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Mark\Desktop\HJTInstall.exe
[2008/11/18 23:28:29 | 03,330,176 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\ACDC_Highway_To_Hell.mp3
[2008/11/18 23:28:27 | 04,679,145 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Thunderstruck.mp3
[2008/11/17 14:24:22 | 00,000,077 | ---- | M] () -- C:\WINDOWS\huffyuv.ini
[2008/11/16 15:07:05 | 00,000,038 | ---- | M] () -- C:\WINDOWS\AviSplitter.INI
[2008/11/14 10:42:50 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/11/13 23:54:39 | 00,051,248 | ---- | M] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/11/13 22:28:40 | 00,000,724 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\OnTheRocks.dvp.lnk
[2008/11/13 19:22:36 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/11/13 15:31:48 | 00,000,666 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Shortcut to TMPGEnc.exe.lnk
[2008/11/13 03:01:11 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/11/12 22:12:53 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/11/12 20:58:37 | 00,027,904 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ndisprot.sys
[2008/11/12 18:07:49 | 00,009,599 | ---- | M] () -- C:\WINDOWS\System32\QuickTime.qtp
[2008/11/12 08:40:31 | 00,019,968 | ---- | M] () -- F:\SmallEnvelope.doc
[2008/11/08 07:34:10 | 00,211,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/07 22:03:18 | 24,585,544 | ---- | M] (Avery ) -- C:\Documents and Settings\Mark\Desktop\Avery Wizard 3.1.5.exe
[2008/11/03 13:23:18 | 00,360,124 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/11/03 13:23:18 | 00,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/03 13:23:18 | 00,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
< End of report >

And the content of Extras.txt:

OTViewIt Extras logfile created on: 12/2/2008 10:25:09 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Mark\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.47 Mb Total Physical Memory | 621.53 Mb Available Physical Memory | 60.73% Memory free
2.41 Gb Paging File | 2.16 Gb Available in Paging File | 89.78% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 140.84 Gb Free Space | 75.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 298.08 Gb Total Space | 150.42 Gb Free Space | 50.46% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOP
Current User Name: Mark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=1
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/03 20:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/11/13 12:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 12:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 12:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/03 20:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/11/13 12:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 12:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 12:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[2004/08/03 20:56:50 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[2004/08/03 20:56:56 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App
[2008/10/16 13:38:28 | 00,634,672 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/08/11 16:46:50 | 21,741,864 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/03/14 12:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/08/11 16:46:50 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 12:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001AB29C-5468-4972-8D24-2EBDB2B12133}"=Camera Window DVC
"{001EB665-D9EC-415E-9E13-AD2125B2B992}"=RAW Image Task 2.1
"{034759DA-E21A-4795-BFB3-C66D17FAD183}"=Sophos Anti-Virus
"{15C418EB-7675-42be-B2B3-281952DA014D}"=Sophos AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}"=PhotoStitch
"{2A9C3F41-DACA-37AB-84FB-2E6193C42151}"=Google Gears
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{38B9A4E1-4482-44D9-AC14-64F70938CCB5}"=Garmin MapSource
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}"=HydraVision
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}"=MapSource
"{6693BD7C-CB4E-43AC-A0D6-10D1A1B88DCF}"=Canon PhotoRecord
"{68D27126-BF6A-457D-8DD0-5F35E8D41310}"=MovieEdit Task
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}"=Camera Window DS
"{7288831E-1418-40E5-A70A-A55D0AA6657B}"=Simply Accounting by Sage 2006
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{76275358-C154-11D5-8D5A-00105A22D3D2}"=ATI Multimedia Center
"{89EB3ED7-225A-412E-B048-623D502C000F}"=Camera Window MC
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{99052DB7-9592-4522-A558-5417BBAD48EE}"=Microsoft ActiveSync
"{99D34763-7E45-4FE5-8424-28DBC3A5F0BF}"=GUIDE PLUS+(TM) for Windows® System - ATI
"{A1D0D14A-B776-4907-BC00-5149F2298086}"=Camera Support Core Library
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"=Google Update
"{AC76BA86-1033-0000-BA7E-000000000001}"=Adobe Acrobat 6.0 Standard
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}"=Avery Wizard 3.1
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}"=Canon ZoomBrowser EX
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}"=Blaze Media Pro
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"{FF11005D-CBC8-45D5-A288-25C7BB304121}"=Sophos Remote Management System
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player
"ATI Display Driver"=ATI Display Driver
"AVI Codec Pack"=AVI Codec Pack
"Blaze Media Pro"=Blaze Media Pro
"Free WMA MP3 Converter"=Free WMA MP3 Converter
"Free WMA to MP3 Converter_is1"=Free WMA to MP3 Converter 1.16
"Google Desktop"=Google Desktop
"Google Updater"=Google Updater
"HijackThis"=HijackThis 2.0.2
"HP Scanning Software"=HP PrecisionScan Pro and Utilities
"HUFFYUV"=Huffyuv AVI lossless video codec (Remove Only)
"InstallShield_{001AB29C-5468-4972-8D24-2EBDB2B12133}"=Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{001EB665-D9EC-415E-9E13-AD2125B2B992}"=Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}"=Canon Utilities PhotoStitch 3.1
"InstallShield_{68D27126-BF6A-457D-8DD0-5F35E8D41310}"=Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}"=Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{89EB3ED7-225A-412E-B048-623D502C000F}"=Canon Camera Window MC 5 for ZoomBrowser EX
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}"=Canon Camera Support Core Library
"LiveUpdate1.7"=LiveUpdate 1.7 (Symantec Corporation)
"m3jpegV3"=Morgan M-JPEG codec V3
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.4)"=Mozilla Firefox (3.0.4)
"Nero - Burning Rom!UninstallKey"=Ahead Nero Burning ROM
"NZ Open Autorouting GPS Project"=NZ Open Autorouting GPS Project 1 Mar 2008
"OziExplorer 3.95_is1"=OziExplorer 3.95
"PCI Audio Driver"=PCI Audio Driver
"WinFF_is1"=WinFF 0.43
"WinISO_is1"=WinISO 5.3
"WinZip"=WinZip
"WS_FTP Pro"=Ipswitch WS_FTP Pro
"WXTide32"=WXTide32
"XP Codec Pack"=XP Codec Pack

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent"=BitTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-220523388-484061587-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent"=BitTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/3/2008 12:40:43 AM | Computer Name = DESKTOP | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: wins2.%3

Error - 12/3/2008 12:51:32 AM | Computer Name = DESKTOP | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: wins2.%3

Error - 12/3/2008 1:02:21 AM | Computer Name = DESKTOP | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: wins2.%3

Error - 12/3/2008 1:13:10 AM | Computer Name = DESKTOP | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: wins2.%3

Error - 12/3/2008 1:23:58 AM | Computer Name = DESKTOP | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: wins2.%3

Error - 12/3/2008 1:34:48 AM | Computer Name = DESKTOP | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: wins2.%3

Error - 12/3/2008 1:45:37 AM | Computer Name = DESKTOP | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: wins2.%3

Error - 12/3/2008 1:56:27 AM | Computer Name = DESKTOP | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: wins2.%3

Error - 12/3/2008 2:07:15 AM | Computer Name = DESKTOP | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: wins2.%3

Error - 12/3/2008 2:18:07 AM | Computer Name = DESKTOP | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: wins2.%3

[ System Events ]
Error - 12/1/2008 1:29:34 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ATI WDM TV Audio Crossbar service failed to start due to the following
error: %%1058

Error - 12/1/2008 1:29:34 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ATI WDM Specialized MVD Codec service failed to start due to the
following error: %%1058

Error - 12/1/2008 1:29:34 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The NAVAPEL service failed to start due to the following error: %%3

Error - 12/1/2008 1:29:34 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ATI WDM Specialized PCD Codec service failed to start due to the
following error: %%1058

Error - 12/2/2008 1:01:10 AM | Computer Name = DESKTOP | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 12/3/2008 12:07:19 AM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ATI WDM TV Tuner service failed to start due to the following
error: %%1058

Error - 12/3/2008 12:07:19 AM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ATI WDM TV Audio Crossbar service failed to start due to the following
error: %%1058

Error - 12/3/2008 12:07:19 AM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ATI WDM Specialized MVD Codec service failed to start due to the
following error: %%1058

Error - 12/3/2008 12:07:19 AM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The NAVAPEL service failed to start due to the following error: %%3

Error - 12/3/2008 12:07:19 AM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7000
Description = The ATI WDM Specialized PCD Codec service failed to start due to the
following error: %%1058


< End of report >

Thanks!

Something I just noticed: on a different computer running Vista, I have a Google toolbar. The link on the toolbar points to http://www.google.com/webhp?sourceid=navclient&ie=UTF-8 instead of just google.com. So, I typed all that into my browser on the infected computer, and it works fine! But for some reason, just typing 'www.google.com' gives me the redirect error.

Hi mantraguy
I'm not seeing anything malicious in your logs...


typing 'www.google.com' gives me the redirect error
What kind of errors ?

let´s try this...

Click Start> Run> type in CMD tap enter key
Copy/Paste: ipconfig /flushdns
If you are typing this in, note the space between the g /f
It needs to be there.

After that, Reboot

post back if it helped.