Page 3 of 3 FirstFirst 123
Results 21 to 29 of 29

Thread: redirect problem!

  1. #21
    Visiting Fellow
    Join Date
    Nov 2009
    Location
    Land Of The Leprechauns
    Posts
    461

    Default

    Hi.
    I have ABSOLUTELY no idea either, and i was wondering "why did you ask?"
    I asked because some IP addresses are malicious but in this case i think it's ok.
    Are you're searches still being redirected i need to know?
    As to what is causes excessive downloading there is nothing in you're logs that would cause that.

    Your computer was infected with a ROOTKIT. In particular, the TDL3/TDSS rootkit, also known as Win32/Alureon. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

    Due to its rootkit functionality, it's impossible to tell what may have been done when the system was compromised.

    Therefore once you're PC is clean it may be prudent to:

    1. Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.
    2. Change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password)


    What are rootkits from Wikipedia

    How do I respond to a possible identity theft and how do I prevent it



    Fix HijackThis entries

    Run HijackThis

    • If you are on the Main Menu page... Click "Do a system scan only"
    • If you are on the "scan & fix stuff" page... Press the Scan...button.
    • When the scan finishes...Place a check mark next to the following entries (if they are still present)
    • Note: Only check those items listed below.
      O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
      O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
      O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
      O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
    • After checking these items... CLOSE ALL open windows except HijackThis.
    • Click the Fix Checked ...button...to remove the entries you checked.
    • Choose YES...when prompted to fix the selected items.



    Next.


    • Please navigate to Start >> All Programs >> ERUNT, then double-click ERUNT from the menu.
    • Click on OK within the pop-up menu.
    • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
      • System registry.
      • Current user registry.
    • Next click on "OK"... at the prompt... reply "Yes".
      After a short duration the Registry backup is complete! pop-up message will appear.
    • Now click on "OK". A registry backup has now been created.



    Next.

    Re-run OTM
    • Double-click OTM.exe to run it.
    • Right-click then copy the following code, Do not include the word Code.
      Code:
      :Reg
      [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12607271-78e8-11de-91a9-0025b3488224}]
      [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c9d89be-952b-11de-91cc-0025b3488224}]
      [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a61f0bb4-7200-11de-9197-0025b3488224}]
      [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a61f0bb6-7200-11de-9197-0025b3488224}]
      [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a91adfa7-72a9-11de-9199-0025b3488224}]
      
      :Commands
      [emptytemp]
      [start explorer]
      [Reboot]
      • Return to OTM, right-click then paste the code into the blank box below
      • Next click on the large button.
      • OTM may ask to reboot the machine. Please do so if asked.
      • Copy everything in the Results window (under the green bar), and paste it in your next reply.


    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


    Next.

    Re-run - RSIT (Random's System Information Tool)

    You should still have this program on your desktop.
    • Double click on RSIT.exe to run it.
    • Please read the disclaimer... click on Continue.
    • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
    • Please post ONLY the "log.txt", file contents in your next reply.
      (This log can be lengthy, so a separate post may be needed.)



    Logs/Information to Post in your Next Reply

    • OTM log.
    • RSITlog.txt log.
    • Please give me an update on your computers performance, are you're searches still redirected?
    Last edited by Cypher; 2010-05-30 at 13:19.

  2. #22
    Junior Member
    Join Date
    May 2010
    Posts
    15

    Unhappy cypher...

    It said on one of the links you gave me that the Alureon was able to take information like p/w, usernames and details. Do you think MY instance is stealing them? I am quite worried
    I, so far have not to been redirected... Though i haven't used it too much to be sure.

    i will post the logs next time
    thanks

  3. #23
    Visiting Fellow
    Join Date
    Nov 2009
    Location
    Land Of The Leprechauns
    Posts
    461

    Default

    Hi.
    Do you think MY instance is stealing them? I am quite worried
    All i can tell you is due to the nature of this infection the possibility is there.
    Thats why i am advising you to change all you're PW's, and call you're credit card company's and banks if you do any online banking.
    So to clarify im not saying you're details have been stolen, just that the attacker may have gained access to you're information so better safe than sorry.
    Please post the requested logs when ready and we can finish cleaning you're PC.

  4. #24
    Junior Member
    Join Date
    May 2010
    Posts
    15

    Default here,

    but O15 about trusted sites was found in RSIT but not when i ran hijack this.
    otm is here
    All processes killed
    ========== REGISTRY ==========
    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12607271-78e8-11de-91a9-0025b3488224}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12607271-78e8-11de-91a9-0025b3488224}\ not found.
    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c9d89be-952b-11de-91cc-0025b3488224}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c9d89be-952b-11de-91cc-0025b3488224}\ not found.
    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a61f0bb4-7200-11de-9197-0025b3488224}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a61f0bb4-7200-11de-9197-0025b3488224}\ not found.
    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a61f0bb6-7200-11de-9197-0025b3488224}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a61f0bb6-7200-11de-9197-0025b3488224}\ not found.
    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a91adfa7-72a9-11de-9199-0025b3488224}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a91adfa7-72a9-11de-9199-0025b3488224}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Anna
    ->Temp folder emptied: 388822 bytes
    ->Temporary Internet Files folder emptied: 48097079 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 2697 bytes

    User: Darren
    ->Temp folder emptied: 841337 bytes
    ->Temporary Internet Files folder emptied: 21459802 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 6394 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Kitajima
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: KML
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 483 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 68.00 mb


    OTM by OldTimer - Version 3.1.12.0 log created on 06022010_195326

    Files moved on Reboot...
    File C:\Documents and Settings\Darren\Local Settings\Temp\~DF15C5.tmp not found!
    File C:\Documents and Settings\Darren\Local Settings\Temp\~DF15D0.tmp not found!
    File C:\Documents and Settings\Darren\Local Settings\Temp\~DF1655.tmp not found!
    File C:\Documents and Settings\Darren\Local Settings\Temp\~DF1660.tmp not found!
    C:\Documents and Settings\Darren\Local Settings\Temporary Internet Files\Content.IE5\P66ZCWN1\showthread[2].htm moved successfully.
    C:\Documents and Settings\Darren\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

    Registry entries deleted on Reboot...

    RSIT IS HERE
    Logfile of random's system information tool 1.07 (written by random/random)
    Run by Darren at 2010-05-29 16:25:54
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 64 GB (42%) free of 153 GB
    Total RAM: 3063 MB (73% free)

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:26:16 PM, on 29/05/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\idt\wdm\STacSV.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\LSI SoftModem\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\PDF Complete\pdfsvc.exe
    C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\AESTFltr.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroDist.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\SYMANT~1\vptray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Documents and Settings\Darren\Desktop\PPStream\ppsap.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Symantec AntiVirus\DoScan.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\Darren\Desktop\RSIT.exe
    C:\Program Files\trend micro\Darren.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usyd.edu.au/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [zCpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files\Hewlett-Packard\HP Webcam" UpdateWithCreateOnce "Software\CyberLink\HP Webcam\1.0"
    O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD8SESD\DVDCheck.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [PPS Accelerator] C:\Documents and Settings\Darren\Desktop\PPStream\ppsap.exe
    O4 - HKCU\..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Pro] 0
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)" -"http://www.cambridgescp.com/ws2_tlc/ws2_tlc_launcher_direct.php?p=^670^"
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
    O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
    O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
    O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
    O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequireme...eqlab_srlx.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.1.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    --
    End of file - 15388 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\Critical Battery Alarm Program.job
    C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3026737473-3361966335-588483073-1010Core.job
    C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3026737473-3361966335-588483073-1010UA.job
    C:\WINDOWS\tasks\User_Feed_Synchronization-{551F040B-76D1-4AB8-8536-503DBFB2F6FC}.job
    C:\WINDOWS\tasks\User_Feed_Synchronization-{9E8C28DF-85A3-4C3E-9116-EF1EFE510461}.job
    C:\WINDOWS\tasks\User_Feed_Synchronization-{ABC2112B-DCC9-452C-9E0D-E354AA0D3FEB}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-03 75200]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
    Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
    Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-04-03 349640]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}]
    C:\Program Files\PicLensIE\cooliris.dll [2010-01-05 4692448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
    SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-04-03 349640]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-04-03 349640]
    Locked

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "MsmqIntCert"=regsvr32 /s mqrt.dll []
    "AESTFltr"=C:\WINDOWS\system32\AESTFltr.exe [2009-02-18 737280]
    "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-12-17 186904]
    "PDF Complete"=C:\Program Files\PDF Complete\pdfsty.exe [2008-08-09 319000]
    "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-02-06 1430824]
    "WirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2009-02-19 506424]
    "QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-02-04 287288]
    "HP Software Update"=c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2008-12-09 54576]
    "zCpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2008-12-11 81920]
    "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
    "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
    "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
    "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
    "HPCam_Menu"=c:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe [2009-02-25 218408]
    "WatchDog"=C:\Program Files\InterVideo\DVD8SESD\DVDCheck.exe [2009-04-03 200848]
    "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
    "ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-06-24 53096]
    "Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2010-04-03 38840]
    "Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2010-04-03 640440]
    "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2004-02-13 155648]
    "OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
    "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-25 952768]
    "AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
    "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-01-21 134656]
    "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-01-21 166912]
    "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-01-21 134656]
    "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-03-17 421888]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120]
    "vptray"=C:\PROGRA~1\SYMANT~1\\vptray.exe [2008-09-30 125368]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
    "AdobeBridge"= []
    "PPS Accelerator"=C:\Documents and Settings\Darren\Desktop\PPStream\ppsap.exe [2009-07-22 210312]
    "Wisdom-soft AutoScreenRecorder 3.1 Pro"=0 []
    "AutoScreenRecorder 3.1 Pro"= []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Shockwave Updater"=C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe [2009-07-21 468408]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

    C:\Documents and Settings\Darren\Start Menu\Programs\Startup
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxdev.dll [2009-01-21 205824]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    C:\WINDOWS\system32\NavLogon.dll [2008-09-30 43448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
    "E:\Games\IPCurve\ipcurve.exe"="E:\Games\IPCurve\ipcurve.exe:*:Enabled:ipcurve"
    "E:\TrackMania Sunrise\TmSunrise.exe"="E:\TrackMania Sunrise\TmSunrise.exe:*:Enabled:TmSunrise"
    "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe"="C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe:*:Enabled:Visual Studio Remote Debugging Monitor"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Microsoft XNA\XNA Game Studio\v3.1\Bin\XnaLiveProxy.exe"="C:\Program Files\Microsoft XNA\XNA Game Studio\v3.1\Bin\XnaLiveProxy.exe:LocalSubNet:Enabled:XNA Framework Games for Windows - LIVE"
    "C:\Program Files\Sibelius Software\Sibelius 6 Demo\RegTool.exe"="C:\Program Files\Sibelius Software\Sibelius 6 Demo\RegTool.exe:*:Enabled:RegTool.exe"
    "C:\Program Files\Sibelius Software\Sibelius 6 Demo\Sibelius.exe"="C:\Program Files\Sibelius Software\Sibelius 6 Demo\Sibelius.exe:*:Enabled:Sibelius.exe"
    "C:\Documents and Settings\Darren\Desktop\ppstreamsetup.exe"="C:\Documents and Settings\Darren\Desktop\ppstreamsetup.exe:*:Enabled:PPStream Installer"
    "C:\Documents and Settings\Darren\Desktop\PPStream\PPStream.exe"="C:\Documents and Settings\Darren\Desktop\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ"
    "C:\Documents and Settings\Darren\Desktop\PPStream\PPSAP.exe"="C:\Documents and Settings\Darren\Desktop\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷"
    "C:\TrackMania Sunrise\TmSunrise.exe"="C:\TrackMania Sunrise\TmSunrise.exe:*:Enabled:TmSunrise"
    "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
    "C:\Documents and Settings\Darren\Desktop\Games\aa\Toblo\Toblo 1.2.exe"="C:\Documents and Settings\Darren\Desktop\Games\aa\Toblo\Toblo 1.2.exe:*:Enabled:Toblo"
    "C:\Documents and Settings\Darren\Desktop\Games\Toblo\Toblo 1.2.exe"="C:\Documents and Settings\Darren\Desktop\Games\Toblo\Toblo 1.2.exe:*:Enabled:Toblo 1.2"
    "C:\Documents and Settings\Darren\Desktop\Games\Multiwinia\multiwinia.exe"="C:\Documents and Settings\Darren\Desktop\Games\Multiwinia\multiwinia.exe:*:Enabled:Multiwinia"
    "C:\Documents and Settings\Darren\Desktop\Games\SecondLife\SLVoice.exe"="C:\Documents and Settings\Darren\Desktop\Games\SecondLife\SLVoice.exe:*:Enabled:SLVoice"
    "C:\Warcraft III\Warcraft III.exe"="C:\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
    "C:\Documents and Settings\Darren\Desktop\Games\lol\Yugioh Virtual Desktop 9.exe"="C:\Documents and Settings\Darren\Desktop\Games\lol\Yugioh Virtual Desktop 9.exe:*:Enabled:YGO Virtual Desktop Executable"
    "C:\Documents and Settings\Darren\Desktop\Games\lol\Utilities\Relay Server.exe"="C:\Documents and Settings\Darren\Desktop\Games\lol\Utilities\Relay Server.exe:*:Enabled:Relay Server"
    "C:\Documents and Settings\Darren\Desktop\Games\Kaiba Corp VDS\KCVDS.exe"="C:\Documents and Settings\Darren\Desktop\Games\Kaiba Corp VDS\KCVDS.exe:*:Enabled:KCVDS"
    "C:\Documents and Settings\Darren\Desktop\Games\Kaiba Offline\Yugioh Virtual Desktop 9.exe"="C:\Documents and Settings\Darren\Desktop\Games\Kaiba Offline\Yugioh Virtual Desktop 9.exe:*:Enabled:Yugioh_Virtual_Desktop_9.exe"
    "C:\Documents and Settings\Darren\Desktop\Games\Kaiba Offline\Utilities\Relay Server.exe"="C:\Documents and Settings\Darren\Desktop\Games\Kaiba Offline\Utilities\Relay Server.exe:*:Enabled:Relay Server"
    "C:\Documents and Settings\Darren\Desktop\Games\Kaiba Offline\Utilities\Basic IRC.exe"="C:\Documents and Settings\Darren\Desktop\Games\Kaiba Offline\Utilities\Basic IRC.exe:*:Enabled:Basic IRC"
    "C:\Documents and Settings\Darren\Desktop\Games\aaa\mobione.exe"="C:\Documents and Settings\Darren\Desktop\Games\aaa\mobione.exe:*:Enabled:mobione"
    "C:\Documents and Settings\Darren\Desktop\Games\Powder Toy\New Folder\BurningSand2.exe"="C:\Documents and Settings\Darren\Desktop\Games\Powder Toy\New Folder\BurningSand2.exe:*:Enabled:BurningSand2"
    "C:\TrackMania Nations ESWC\TmNationsESWC.exe"="C:\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
    "C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
    "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"="C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12607271-78e8-11de-91a9-0025b3488224}]
    shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c9d89be-952b-11de-91cc-0025b3488224}]
    shell\AutoRun\command - Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a61f0bb4-7200-11de-9197-0025b3488224}]
    shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a61f0bb6-7200-11de-9197-0025b3488224}]
    shell\AutoRun\command - E:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a91adfa7-72a9-11de-9199-0025b3488224}]
    shell\AutoRun\command - E:\AutoRun.exe


    ======List of files/folders created in the last 1 months======

    2010-12-20 19:05:36 ----D---- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
    2010-05-29 16:18:18 ----D---- C:\_OTM
    2010-05-29 16:15:34 ----D---- C:\Program Files\ERUNT
    2010-05-29 15:26:12 ----SHD---- C:\RECYCLER
    2010-05-27 16:50:07 ----A---- C:\WINDOWS\ntbtlog.txt
    2010-05-27 13:23:01 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
    2010-05-25 17:52:43 ----D---- C:\Program Files\trend micro
    2010-05-25 17:52:42 ----D---- C:\rsit
    2010-05-25 16:49:57 ----D---- C:\WINDOWS\pss
    2010-05-24 18:00:20 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
    2010-05-24 18:00:19 ----D---- C:\Program Files\Common Files\Java
    2010-05-24 17:59:56 ----A---- C:\WINDOWS\system32\javaws.exe
    2010-05-24 17:59:56 ----A---- C:\WINDOWS\system32\javaw.exe
    2010-05-24 17:59:56 ----A---- C:\WINDOWS\system32\java.exe
    2010-05-24 17:59:56 ----A---- C:\WINDOWS\system32\deployJava1.dll
    2010-05-24 17:06:56 ----D---- C:\Qoobox
    2010-05-17 15:57:03 ----D---- C:\Program Files\HijackThis
    2010-05-15 18:41:57 ----A---- C:\WINDOWS\NIRCMD.exe
    2010-05-15 18:41:57 ----A---- C:\WINDOWS\MBR.exe
    2010-05-15 18:41:56 ----A---- C:\WINDOWS\zip.exe
    2010-05-15 18:41:56 ----A---- C:\WINDOWS\SWXCACLS.exe
    2010-05-15 18:41:56 ----A---- C:\WINDOWS\SWSC.exe
    2010-05-15 18:41:56 ----A---- C:\WINDOWS\SWREG.exe
    2010-05-15 18:41:56 ----A---- C:\WINDOWS\sed.exe
    2010-05-15 18:41:56 ----A---- C:\WINDOWS\PEV.exe
    2010-05-15 18:41:56 ----A---- C:\WINDOWS\grep.exe
    2010-05-15 18:40:50 ----D---- C:\WINDOWS\ERDNT
    2010-05-15 09:43:34 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
    2010-05-15 09:43:09 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
    2010-05-15 09:42:56 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
    2010-05-15 09:42:43 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
    2010-05-15 09:42:27 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
    2010-05-15 09:40:46 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
    2010-05-14 19:08:36 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
    2010-05-06 18:24:37 ----D---- C:\Program Files\iPod
    2010-05-06 18:24:30 ----D---- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-05-06 18:16:12 ----D---- C:\Program Files\Bonjour
    2010-05-06 18:06:43 ----D---- C:\Documents and Settings\All Users\Application Data\Last.fm
    2010-05-06 18:05:58 ----D---- C:\Program Files\Last.fm
    2010-05-05 16:56:42 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
    2010-05-02 13:58:40 ----D---- C:\Program Files\QuickTime
    2010-05-01 22:10:43 ----D---- C:\Documents and Settings\Darren\Application Data\PlayFirst

    ======List of files/folders modified in the last 1 months======

    2010-12-21 10:14:38 ----D---- C:\Documents and Settings\All Users\Application Data\PDFC
    2010-05-29 16:26:08 ----A---- C:\Documents and Settings\All Users\Application Data\HPWALog.txt
    2010-05-29 16:24:23 ----A---- C:\WINDOWS\PCDNSetting.ini
    2010-05-29 16:22:58 ----D---- C:\Program Files\Symantec AntiVirus
    2010-05-29 16:22:28 ----D---- C:\WINDOWS\Temp
    2010-05-29 16:20:27 ----A---- C:\WINDOWS\SchedLgU.Txt
    2010-05-29 16:20:00 ----D---- C:\WINDOWS\system32
    2010-05-29 16:20:00 ----D---- C:\WINDOWS
    2010-05-29 16:15:34 ----RD---- C:\Program Files
    2010-05-29 16:15:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2010-05-29 16:09:57 ----D---- C:\WINDOWS\system32\drivers
    2010-05-29 16:07:14 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt
    2010-05-29 15:59:34 ----A---- C:\WINDOWS\psnetwork.ini
    2010-05-29 15:23:44 ----D---- C:\WINDOWS\system32\CatRoot2
    2010-05-29 15:07:15 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
    2010-05-28 20:30:50 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #3.txt
    2010-05-28 19:18:46 ----SHD---- C:\WINDOWS\Installer
    2010-05-27 13:23:18 ----HD---- C:\WINDOWS\inf
    2010-05-26 10:45:59 ----A---- C:\WINDOWS\IE4 Error Log.txt
    2010-05-25 16:56:45 ----RASH---- C:\boot.ini
    2010-05-25 16:56:45 ----A---- C:\WINDOWS\win.ini
    2010-05-25 16:56:45 ----A---- C:\WINDOWS\system.ini
    2010-05-25 16:33:32 ----D---- C:\WINDOWS\Prefetch
    2010-05-24 18:00:19 ----D---- C:\Program Files\Common Files
    2010-05-24 17:59:50 ----D---- C:\Program Files\Java
    2010-05-23 17:42:10 ----A---- C:\WINDOWS\NeroDigital.ini
    2010-05-20 16:34:17 ----D---- C:\.jagex_cache_32
    2010-05-17 16:44:02 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2010-05-15 09:43:43 ----A---- C:\WINDOWS\imsins.BAK
    2010-05-15 09:43:40 ----RSHD---- C:\WINDOWS\system32\dllcache
    2010-05-15 09:43:16 ----HD---- C:\WINDOWS\$hf_mig$
    2010-05-15 09:41:01 ----D---- C:\WINDOWS\ie8updates
    2010-05-15 09:40:50 ----D---- C:\Program Files\Outlook Express
    2010-05-11 17:57:47 ----RD---- C:\new folder
    2010-05-06 18:25:53 ----D---- C:\Program Files\iTunes
    2010-05-06 18:24:36 ----D---- C:\Program Files\Common Files\Apple
    2010-05-06 18:19:58 ----SD---- C:\WINDOWS\Tasks
    2010-05-06 18:17:17 ----D---- C:\WINDOWS\system32\ReinstallBackups
    2010-05-05 16:53:11 ----D---- C:\Program Files\Microsoft Visual Studio 8
    2010-05-05 16:41:13 ----D---- C:\Documents and Settings\Darren\Application Data\Apple Computer
    2010-05-01 19:21:30 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
    2010-04-30 11:51:08 ----A---- C:\WINDOWS\system32\MRT.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
    R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-04 213768]
    R1 mfetdik;McAfee Inc. mfetdik; C:\WINDOWS\system32\drivers\mfetdik.sys [2009-03-04 55176]
    R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
    R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
    R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-08-20 188808]
    R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
    R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
    R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
    R2 regi;regi; C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 11032]
    R3 AESTAud;AE Audio Service; C:\WINDOWS\system32\drivers\AESTAud.sys [2009-02-18 113536]
    R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-11-21 1204128]
    R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
    R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-29 9344]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
    R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]
    R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-01-21 6278560]
    R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2005-09-21 10368]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
    R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100526.006\naveng.sys []
    R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100526.006\navex15.sys []
    R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2009-03-04 4202496]
    R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
    R3 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
    R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2009-03-26 1765168]
    R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2009-03-30 1550891]
    R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
    R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-08-20 23944]
    R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-02-06 205232]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
    R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
    R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-28 503008]
    R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2009-04-12 296960]
    S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
    S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
    S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-03-17 101376]
    S3 MfeAVFK;McAfee Inc. MfeAVFK; C:\WINDOWS\system32\drivers\MfeAVFK.sys [2009-03-04 79880]
    S3 MfeBOPK;McAfee Inc. MfeBOPK; C:\WINDOWS\system32\drivers\MfeBOPK.sys [2009-03-04 35272]
    S3 MfeRKDK;McAfee Inc. MfeRKDK; C:\WINDOWS\system32\drivers\MfeRKDK.sys [2009-03-04 34216]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
    S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2009-10-24 27136]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
    S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
    S3 nocashio;nocashio; C:\WINDOWS\system32\drivers\nocashio.sys [2010-02-13 4096]
    S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
    S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-18 35913]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-10-16 41472]
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
    S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944]
    S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-10-12 721904]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2008-08-26 14336]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376]
    R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
    R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2008-06-24 191848]
    R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2008-06-24 169320]
    R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2008-09-30 31160]
    R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-12-17 354840]
    R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-01-10 79136]
    R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
    R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-14 4608]
    R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-14 117248]
    R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2008-08-09 777240]
    R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
    R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2007-07-26 1181016]
    R2 STacSV;Audio Service; c:\program files\idt\wdm\STacSV.exe [2009-03-30 254042]
    R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2008-09-30 1956792]
    R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
    R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
    R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-02-04 209464]
    R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-10-24 223232]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-04-28 545576]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-10-23 655624]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
    S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-27 145184]
    S3 RoxMediaDB10;RoxMediaDB10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
    S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2008-09-30 116664]
    S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2008-08-20 214408]
    S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------

  5. #25
    Visiting Fellow
    Join Date
    Nov 2009
    Location
    Land Of The Leprechauns
    Posts
    461

    Default

    Hi.
    Those Trusted Zone lines are not really a problem.
    Things look better but we need to make sure there are no leftovers.


    Java SE Runtime Environment (JRE).

    Please download from HERE
    • Find Java SE Runtime Environment (JRE) 6 Update 20.
    • Click the Download JRE button to the right.
    • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
    • Click the Continue button.
    • Click on the filename under Windows Offline Installation and save it to your desktop.
    • Close all active windows.
    • Install the program.


    Next.

    Please download ATF Cleaner to your desktop.

    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.


    Next.

    Please disable you're Anti-virus temporally so it will not interfere with the below scan.
    Re-enable it after the scan.


    Next.

    ESET online scannner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    • Please go Here then click on:
      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:

      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on:
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.




    Logs/Information to Post in your Next Reply

    • ESET log
    • Please give me an update on your computers performance, any more redirects?
    Last edited by Cypher; 2010-06-02 at 13:59. Reason: Added faulty link

  6. #26
    Visiting Fellow
    Join Date
    Nov 2009
    Location
    Land Of The Leprechauns
    Posts
    461

    Default

    This topic has been archived due to inactivity.

    If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new HijackThis log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

    Applies only to the original poster, anyone else with similar problems please start a new topic.

  7. #27
    Visiting Fellow
    Join Date
    Nov 2009
    Location
    Land Of The Leprechauns
    Posts
    461

    Default

    Topic reopened.
    Please post the ESET log when ready.

  8. #28
    Visiting Fellow
    Join Date
    Nov 2009
    Location
    Land Of The Leprechauns
    Posts
    461

    Default

    Hi
    Are you still with me?

  9. #29
    Visiting Fellow
    Join Date
    Nov 2009
    Location
    Land Of The Leprechauns
    Posts
    461

    Default

    gogogo.
    This topic is now closed and will not be reopened.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •