Google links being hijacked...

[milesinfront]

ComboFix 09-12-21.08 - Rick 23/12/2009 8:28.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1325 [GMT 10:00]
Running from: c:\documents and settings\Rick\My Documents\Downloads\ComboFix.exe
AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
c:\windows\EventSystem.log

.
((((((((((((((((((((((((( Files Created from 2009-11-22 to 2009-12-22 )))))))))))))))))))))))))))))))
.

2009-12-22 04:05 . 2009-12-22 04:05 -------- d-----w- c:\documents and settings\Rick\Local Settings\Application Data\Nero
2009-12-21 22:53 . 2009-12-22 04:37 -------- d-----w- c:\documents and settings\Rick\Application Data\vlc
2009-12-21 22:47 . 2009-12-21 22:47 -------- d-----w- c:\program files\VideoLAN
2009-12-20 22:41 . 2009-12-20 22:41 -------- d-----w- C:\_OTM
2009-12-17 05:28 . 2009-12-17 05:28 117760 ----a-w- c:\documents and settings\Rick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-17 05:27 . 2009-12-17 05:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-17 05:26 . 2009-12-17 21:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-17 05:26 . 2009-12-17 05:26 -------- d-----w- c:\documents and settings\Rick\Application Data\SUPERAntiSpyware.com
2009-12-17 05:26 . 2009-12-17 05:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-13 22:17 . 2009-12-13 22:18 -------- d-----w- c:\documents and settings\Rick\Application Data\Nero
2009-12-13 21:57 . 2009-12-13 22:10 -------- d-----w- c:\program files\Nero
2009-12-13 21:56 . 2009-12-13 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-12-13 21:56 . 2009-12-13 22:11 -------- d-----w- c:\program files\Common Files\Nero
2009-12-11 22:45 . 2009-12-11 22:45 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-12-06 23:28 . 2009-12-06 23:28 -------- d-----w- c:\program files\ESET
2009-12-05 09:05 . 2009-12-05 09:05 -------- d-----w- c:\documents and settings\Rick\Application Data\Malwarebytes
2009-12-05 09:05 . 2009-12-03 06:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-05 09:05 . 2009-12-05 09:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-05 09:05 . 2009-12-05 09:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-05 09:05 . 2009-12-03 06:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-02 01:20 . 2009-12-02 01:20 10134 ----a-r- c:\documents and settings\Rick\Application Data\Microsoft\Installer\{95BE40AA-D511-42B5-B060-704B5C0A945D}\ARPPRODUCTICON.exe
2009-12-02 01:15 . 2009-12-02 01:15 -------- d-----w- c:\program files\Common Files\Business Objects
2009-12-02 01:15 . 2009-12-02 01:15 -------- d-----w- c:\program files\Business Objects
2009-12-02 00:16 . 2009-12-02 00:16 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\TeamViewer
2009-12-02 00:16 . 2009-12-02 00:16 -------- d-----w- c:\documents and settings\Rick\Application Data\TeamViewer
2009-12-01 02:14 . 2009-11-19 01:48 43008 ----a-w- c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\3ir9oqfa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-01 02:14 . 2009-11-19 01:48 340480 ----a-w- c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\3ir9oqfa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-01 02:14 . 2009-11-19 01:48 346624 ----a-w- c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\3ir9oqfa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-01 02:14 . 2009-11-19 01:48 872960 ----a-w- c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\3ir9oqfa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-30 22:55 . 2009-11-30 22:55 -------- d-----w- c:\program files\Trend Micro
2009-11-25 22:56 . 2009-11-25 22:56 -------- d-----w- c:\program files\ULSDb
2009-11-25 06:55 . 2009-11-25 06:55 -------- d-----w- c:\program files\Common Files\PCSuite
2009-11-25 06:43 . 2008-08-25 23:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-11-25 06:42 . 2009-11-25 06:42 -------- d-----w- c:\program files\PC Connectivity Solution
2009-11-25 06:37 . 2009-11-25 06:36 34429264 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng.exe
2009-11-25 06:37 . 2009-11-25 06:37 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2009-11-25 06:37 . 2009-11-25 06:37 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2009-11-25 06:37 . 2009-11-25 06:37 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-11-25 06:37 . 2009-11-25 06:37 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2009-11-25 05:14 . 2009-11-25 06:11 -------- d-----w- c:\documents and settings\All Users\Application Data\ULSVL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-22 22:26 . 2006-08-29 23:05 -------- d-----w- c:\documents and settings\Rick\Application Data\U3
2009-12-22 22:15 . 2009-04-14 21:56 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-12-18 01:14 . 2009-04-06 07:19 -------- d-----w- c:\documents and settings\All Users\Application Data\ULSMVX
2009-12-15 02:26 . 2008-12-19 00:59 1 ----a-w- c:\documents and settings\Rick\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-11 22:46 . 2009-08-26 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-09 21:23 . 2006-06-13 06:40 -------- d-----w- c:\program files\Virtual Mechanics
2009-12-02 23:26 . 2006-06-13 17:01 130280 ----a-w- c:\documents and settings\Rick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-01 21:39 . 2007-06-18 03:32 -------- d-----w- c:\documents and settings\Rick\Application Data\Internode
2009-12-01 21:38 . 2007-06-18 03:32 -------- d-----w- c:\program files\Internode
2009-11-26 21:26 . 2009-04-16 21:56 111856 ----a-w- c:\windows\system32\isafprod.dll
2009-11-25 22:56 . 2008-06-03 06:16 -------- d-----w- c:\program files\ULS
2009-11-25 06:54 . 2009-10-09 07:16 -------- d-----w- c:\program files\Common Files\Nokia
2009-11-25 06:54 . 2009-10-09 07:15 -------- d-----w- c:\program files\Nokia
2009-11-25 06:36 . 2009-10-09 07:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-11-24 23:30 . 2006-06-13 05:21 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-24 21:54 . 2009-11-09 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-24 07:00 . 2006-06-07 02:15 -------- d-----w- c:\program files\ThinkPad
2009-11-15 22:49 . 2006-06-13 06:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-10 22:02 . 2007-10-22 22:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-09 21:53 . 2009-11-09 21:53 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-11-01 22:07 . 2009-11-01 22:07 -------- d-----w- c:\documents and settings\Rick\Application Data\Sonic
2009-11-01 22:06 . 2009-11-01 22:06 -------- d-----w- c:\documents and settings\Rick\Application Data\vnulneas
2009-11-01 22:06 . 2009-11-01 22:06 -------- d-----w- c:\documents and settings\Rick\Application Data\Leadertech
2009-11-01 22:06 . 2009-11-01 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-30 04:57 . 2009-10-30 04:57 -------- d-----w- c:\documents and settings\NetworkService\Application Data\vnulneas
2009-10-29 23:20 . 2006-06-07 02:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-29 23:19 . 2009-10-29 23:19 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-29 23:13 . 2009-10-29 23:13 -------- d-----w- c:\program files\Dr.METAZA2
2009-10-29 23:13 . 2006-06-13 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Roland DG Corporation
2009-10-29 20:52 . 2009-04-16 21:56 739696 ----a-w- c:\windows\system32\drivers\vetefile.sys
2009-10-29 20:52 . 2009-04-16 21:56 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys
2009-10-29 20:52 . 2009-04-16 21:56 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys
2009-10-29 20:52 . 2009-04-16 21:56 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys
2009-10-29 20:52 . 2009-04-16 21:56 161008 ----a-w- c:\windows\system32\drivers\vetmonnt.sys
2009-10-29 20:52 . 2009-04-16 21:56 133520 ----a-w- c:\windows\system32\drivers\veteboot.sys
2009-10-29 07:45 . 1980-01-01 07:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 1980-01-01 07:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 1980-01-01 07:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 21:53 . 2008-06-15 20:50 1541416 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\vete_tmp.dll
2009-10-13 10:30 . 1980-01-01 07:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 1980-01-01 07:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 1980-01-01 07:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-11 22:15 . 2009-10-11 22:15 152576 ----a-w- c:\documents and settings\Rick\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-10-09 07:23 . 2009-10-09 07:23 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\msxml6Exec.exe
2009-10-09 07:23 . 2009-10-09 07:23 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\Sleep.exe
2009-10-09 07:23 . 2009-10-09 07:23 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\vcredistExec.exe
2009-10-09 07:22 . 2009-10-09 07:23 24501456 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\NokiaSoftwareUpdaterSetup_en[1].exe
2009-10-09 07:14 . 2009-10-09 07:14 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-10-09 07:14 . 2009-10-09 07:14 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-10-09 07:14 . 2009-10-09 07:14 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-10-09 07:14 . 2009-10-09 07:14 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-10-09 07:13 . 2009-10-09 07:14 33773208 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_web.exe
2009-10-08 04:57 . 2007-10-09 03:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 04:57 . 1980-01-01 07:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 04:56 . 1980-01-01 07:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-06 01:52 . 2009-10-09 07:15 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2003-10-31 00:31 . 2003-10-31 00:31 0 ----a-w- c:\program files\error.dat
2008-08-15 00:06 . 2008-06-04 02:36 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InternodeUsage"="c:\progra~1\INTERN~3\mum.exe" [2009-12-01 1361408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-13 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-17 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-08-29 94208]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-19 127037]
"CAVRID"="c:\program files\CA\eTrust Vet Antivirus\CAVRID.exe" [2009-11-26 271600]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2009-11-11 374000]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-12-11 2245992]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Enable Wireless Keyboard Driver.lnk - c:\program files\Wireless Device\Wireless Keyboard\Magickey.exe [2004-11-22 172032]
Enable Wireless Optical Mouse Driver.lnk - c:\program files\Wireless Device\Wireless Mouse\MouseAp.exe [2004-11-22 217088]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 04:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-06-06 05:46 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-06 06:45 28672 ----a-w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-06-17 05:23 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)
"Messenger"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Laplink\\PCmover\\PCmover.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Internet Camera\\util\\util.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Internet Camera\\admin\\admin.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\Virtual Mechanics\\SiteSpinner Pro V2\\bin\\SiteSpinnerProV2.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer_tab.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"53049:TCP"= 53049:TCPxpsp2res.dll,-22009
"37955:TCP"= 37955:TCPxpsp2res.dll,-22009

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [5/01/2009 11:36 AM 107512]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [18/11/2008 12:14 PM 72696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 8:43 AM 74480]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [17/04/2009 7:56 AM 128240]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [1/08/2006 1:00 AM 316992]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [1/01/1980 5:00 PM 5120]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [12/12/2008 12:37 PM 1153528]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/12/2008 12:58 PM 797176]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [19/12/2008 1:59 PM 297464]
R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [23/04/2009 12:39 PM 1693128]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [12/12/2008 12:37 PM 205304]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [11/04/2009 7:11 PM 10688]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 8:43 AM 7408]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [20/12/2007 5:13 PM 1558000]
S2 COSIDS_TB;COSIDS_TB;c:\progra~1\COSIDS\BIN\TbMux32.exe [22/05/2007 8:20 AM 165376]
S2 PLSLT;ULS PLSLT Series Laser Engraver Firmware Loader;c:\windows\system32\drivers\PLSLTBL.sys [25/01/2008 8:24 AM 7808]
S2 VERSA2;ULS VersaLaser Series Laser Engraver Firmware Loader;c:\windows\system32\drivers\VERSA2BL.sys [9/03/2007 7:56 AM 7808]
S2 VERSALdr;ULS VersaLaser Engraver Firmware LoaderUSB\VID_10C3&PID_012C.DeviceDesc=ULS VersaLaser Air Compressor Firmware Loader;c:\windows\system32\drivers\VERSABL.sys [25/06/2003 6:49 AM 10112]
S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture;c:\windows\system32\drivers\M9205.sys [23/01/2006 9:13 PM 70272]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [6/10/2009 9:21 AM 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [6/10/2009 9:21 AM 3072]
S3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX;c:\windows\system32\drivers\M9207BDA.sys [23/01/2006 9:13 PM 37760]
S3 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\oxser.sys [9/08/2006 4:46 PM 49792]
S3 QSerBus;Quatech PCI/PCMCIA/ISA Multiport Serial Device Enumerator;c:\windows\system32\drivers\qserbus.sys [3/07/2006 7:32 AM 26624]
S3 QTSerial;Quatech Multiport Serial Driver;c:\windows\system32\drivers\qtserial.sys [3/07/2006 7:32 AM 91648]
S3 SWI32;SWI32;\??\c:\program files\ThinkVantage\SystemUpdate\session\79wc17ww\SWI32.sys --> c:\program files\ThinkVantage\SystemUpdate\session\79wc17ww\SWI32.sys [?]
S3 ULSPrint;ULS Print Service;c:\windows\system32\drivers\ULSPRINT.sys [10/07/2007 9:41 AM 17024]
S3 ZteitSerMux;ZteitSerMux;c:\windows\system32\drivers\ZteitSermux.sys [16/12/2006 8:31 AM 37888]
S3 zteitserprt;zteitserprt;c:\windows\system32\drivers\ZteitSerPrt.sys [16/12/2006 8:37 AM 19200]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.amiles.com.au/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\System32\VetRedir.dll
Trusted Zone: amiles.com.au\www
TCP: {71407124-ED89-4796-8404-5222CC3D2CBA} = 192.231.203.132,192.231.203.3
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3FED5791-B952-4958-A556-05892FE80AEC} - hxxp://192.168.10.12/webrtp.cab
DPF: {E62D1A95-8299-4B94-85D0-731DC125A60D} - hxxp://192.168.1.52:5052/ocx/IMMP4Control.ocx
FF - ProfilePath - c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\3ir9oqfa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.amiles.com.au/
FF - component: c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\3ir9oqfa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-DUMMy - c:\docume~1\Rick\LOCALS~1\Temp\_ISTMP2.DIR\_ISTMP0.DIR\dummy.log
AddRemove-SignLab61DeInstKey - c:\engravelab6\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-23 08:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1513153548-3119829742-721034989-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{900CD2A7-7DA5-989B-035D-BEE1872F8C3F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iampoahdcflmlfaljf"=hex:69,65,65,67,67,63,69,6a,6f,62,6a,6a,65,62,65,6f,6d,6a,
67,69,67,6c,6a,63,69,68,67,69,66,63,6c,65,69,62,63,69,6d,63,61,6c,69,69,6c,\
"hampoahdcfglmhkk"=hex:6d,61,6c,62,64,66,64,6b,68,6f,69,6c,6e,6a,65,61,67,62,
66,6f,6f,68,68,64,68,66,00,00
"gampoahdcfcnpc"=hex:61,69,62,6c,6d,62,70,6d,70,6e,6f,67,65,6e,69,6b,6b,6c,61,
6b,67,6f,62,6a,6c,68,66,70,6a,6e,63,69,67,6a,6c,62,6c,65,6a,64,6e,6e,65,6d,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73A803C7-4F74-C091-1EFB-121D42A78ED2}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8BDF16A2-6D31-0350-366C-B753DCC9573B}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Messaging Subsystem\Applications]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1952)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\UmxWnp.Dll
c:\windows\system32\tphklock.dll
.
Completion time: 2009-12-23 08:38:43
ComboFix-quarantined-files.txt 2009-12-22 22:38
ComboFix2.txt 2009-12-03 02:16

Pre-Run: 16,911,937,536 bytes free
Post-Run: 18,843,594,752 bytes free

- - End Of File - - A265B1576272CE8252E8AD02C2C049AD

 

[peku006]

Hi milesinfront

Open notepad and copy/paste the text in the codebox below into it:

Regnull::
[HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
\{900CD2A7-7DA5-989B-035D-BEE1872F8C3F}*]

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with


1. the ComboFix log(C:\ComboFix.txt)
2. a fresh HijackThis log
description of any problems you are having with your PC

Thanks peku006

 

[milesinfront]

After running Combofix with your script my Google links were released, but after a restart they became hijacked again... Hopefully that means we are getting close to a solution...

Here's the logs:-

ComboFix 09-12-22.09 - Rick 24/12/2009 8:39.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1316 [GMT 10:00]
Running from: c:\documents and settings\Rick\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Rick\Desktop\cfscript.txt
AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
.

((((((((((((((((((((((((( Files Created from 2009-11-23 to 2009-12-23 )))))))))))))))))))))))))))))))
.

2009-12-23 05:20 . 2006-06-27 04:27 96359 ----a-w- c:\documents and settings\Rick\Application Data\U3\1942520F558127DB\FEFECB84-0E05-42d8-B044-F2D0FCFF8C15\Exec\ThunderbirdForU3HostCleanup.exe
2009-12-23 05:20 . 2006-06-27 03:40 86385 ----a-w- c:\documents and settings\Rick\Application Data\U3\1942520F558127DB\FEFECB84-0E05-42d8-B044-F2D0FCFF8C15\Exec\ThunderbirdForU3Stop.exe
2009-12-23 05:20 . 2006-03-16 04:08 98304 ----a-w- c:\documents and settings\Rick\Application Data\U3\1942520F558127DB\FEFECB84-0E05-42d8-B044-F2D0FCFF8C15\Exec\appStopXII.exe
2009-12-22 04:05 . 2009-12-22 04:05 -------- d-----w- c:\documents and settings\Rick\Local Settings\Application Data\Nero
2009-12-21 22:53 . 2009-12-23 06:17 -------- d-----w- c:\documents and settings\Rick\Application Data\vlc
2009-12-21 22:47 . 2009-12-21 22:47 -------- d-----w- c:\program files\VideoLAN
2009-12-20 22:41 . 2009-12-20 22:41 -------- d-----w- C:\_OTM
2009-12-17 05:28 . 2009-12-17 05:28 117760 ----a-w- c:\documents and settings\Rick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-17 05:27 . 2009-12-17 05:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-17 05:26 . 2009-12-17 21:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-17 05:26 . 2009-12-17 05:26 -------- d-----w- c:\documents and settings\Rick\Application Data\SUPERAntiSpyware.com
2009-12-17 05:26 . 2009-12-17 05:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-13 22:17 . 2009-12-13 22:18 -------- d-----w- c:\documents and settings\Rick\Application Data\Nero
2009-12-13 21:57 . 2009-12-13 22:10 -------- d-----w- c:\program files\Nero
2009-12-13 21:56 . 2009-12-13 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-12-13 21:56 . 2009-12-13 22:11 -------- d-----w- c:\program files\Common Files\Nero
2009-12-11 22:45 . 2009-12-11 22:45 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-12-06 23:28 . 2009-12-06 23:28 -------- d-----w- c:\program files\ESET
2009-12-05 09:05 . 2009-12-05 09:05 -------- d-----w- c:\documents and settings\Rick\Application Data\Malwarebytes
2009-12-05 09:05 . 2009-12-03 06:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-05 09:05 . 2009-12-05 09:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-05 09:05 . 2009-12-05 09:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-05 09:05 . 2009-12-03 06:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-02 01:20 . 2009-12-02 01:20 10134 ----a-r- c:\documents and settings\Rick\Application Data\Microsoft\Installer\{95BE40AA-D511-42B5-B060-704B5C0A945D}\ARPPRODUCTICON.exe
2009-12-02 01:15 . 2009-12-02 01:15 -------- d-----w- c:\program files\Common Files\Business Objects
2009-12-02 01:15 . 2009-12-02 01:15 -------- d-----w- c:\program files\Business Objects
2009-12-02 00:16 . 2009-12-02 00:16 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\TeamViewer
2009-12-02 00:16 . 2009-12-02 00:16 -------- d-----w- c:\documents and settings\Rick\Application Data\TeamViewer
2009-12-01 02:14 . 2009-11-19 01:48 43008 ----a-w- c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\3ir9oqfa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-01 02:14 . 2009-11-19 01:48 340480 ----a-w- c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\3ir9oqfa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-01 02:14 . 2009-11-19 01:48 346624 ----a-w- c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\3ir9oqfa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-01 02:14 . 2009-11-19 01:48 872960 ----a-w- c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\3ir9oqfa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-30 22:55 . 2009-11-30 22:55 -------- d-----w- c:\program files\Trend Micro
2009-11-25 22:56 . 2009-11-25 22:56 -------- d-----w- c:\program files\ULSDb
2009-11-25 06:55 . 2009-11-25 06:55 -------- d-----w- c:\program files\Common Files\PCSuite
2009-11-25 06:43 . 2008-08-25 23:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-11-25 06:42 . 2009-11-25 06:42 -------- d-----w- c:\program files\PC Connectivity Solution
2009-11-25 06:37 . 2009-11-25 06:36 34429264 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng.exe
2009-11-25 06:37 . 2009-11-25 06:37 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2009-11-25 06:37 . 2009-11-25 06:37 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2009-11-25 06:37 . 2009-11-25 06:37 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-11-25 06:37 . 2009-11-25 06:37 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2009-11-25 05:14 . 2009-11-25 06:11 -------- d-----w- c:\documents and settings\All Users\Application Data\ULSVL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 22:36 . 2009-04-14 21:56 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-12-23 05:20 . 2006-08-29 23:05 -------- d-----w- c:\documents and settings\Rick\Application Data\U3
2009-12-18 01:14 . 2009-04-06 07:19 -------- d-----w- c:\documents and settings\All Users\Application Data\ULSMVX
2009-12-15 02:26 . 2008-12-19 00:59 1 ----a-w- c:\documents and settings\Rick\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-11 22:46 . 2009-08-26 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-09 21:23 . 2006-06-13 06:40 -------- d-----w- c:\program files\Virtual Mechanics
2009-12-02 23:26 . 2006-06-13 17:01 130280 ----a-w- c:\documents and settings\Rick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-01 21:39 . 2007-06-18 03:32 -------- d-----w- c:\documents and settings\Rick\Application Data\Internode
2009-12-01 21:38 . 2007-06-18 03:32 -------- d-----w- c:\program files\Internode
2009-11-26 21:26 . 2009-04-16 21:56 111856 ----a-w- c:\windows\system32\isafprod.dll
2009-11-25 22:56 . 2008-06-03 06:16 -------- d-----w- c:\program files\ULS
2009-11-25 06:54 . 2009-10-09 07:16 -------- d-----w- c:\program files\Common Files\Nokia
2009-11-25 06:54 . 2009-10-09 07:15 -------- d-----w- c:\program files\Nokia
2009-11-25 06:36 . 2009-10-09 07:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-11-24 23:30 . 2006-06-13 05:21 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-24 21:54 . 2009-11-09 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-24 07:00 . 2006-06-07 02:15 -------- d-----w- c:\program files\ThinkPad
2009-11-15 22:49 . 2006-06-13 06:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-10 22:02 . 2007-10-22 22:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-09 21:53 . 2009-11-09 21:53 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-11-01 22:07 . 2009-11-01 22:07 -------- d-----w- c:\documents and settings\Rick\Application Data\Sonic
2009-11-01 22:06 . 2009-11-01 22:06 -------- d-----w- c:\documents and settings\Rick\Application Data\vnulneas
2009-11-01 22:06 . 2009-11-01 22:06 -------- d-----w- c:\documents and settings\Rick\Application Data\Leadertech
2009-11-01 22:06 . 2009-11-01 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-30 04:57 . 2009-10-30 04:57 -------- d-----w- c:\documents and settings\NetworkService\Application Data\vnulneas
2009-10-29 23:20 . 2006-06-07 02:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-29 23:19 . 2009-10-29 23:19 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-29 23:13 . 2009-10-29 23:13 -------- d-----w- c:\program files\Dr.METAZA2
2009-10-29 23:13 . 2006-06-13 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Roland DG Corporation
2009-10-29 20:52 . 2009-04-16 21:56 739696 ----a-w- c:\windows\system32\drivers\vetefile.sys
2009-10-29 20:52 . 2009-04-16 21:56 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys
2009-10-29 20:52 . 2009-04-16 21:56 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys
2009-10-29 20:52 . 2009-04-16 21:56 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys
2009-10-29 20:52 . 2009-04-16 21:56 161008 ----a-w- c:\windows\system32\drivers\vetmonnt.sys
2009-10-29 20:52 . 2009-04-16 21:56 133520 ----a-w- c:\windows\system32\drivers\veteboot.sys
2009-10-29 07:45 . 1980-01-01 07:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 1980-01-01 07:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 1980-01-01 07:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 21:53 . 2008-06-15 20:50 1541416 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\vete_tmp.dll
2009-10-13 10:30 . 1980-01-01 07:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 1980-01-01 07:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 1980-01-01 07:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-11 22:15 . 2009-10-11 22:15 152576 ----a-w- c:\documents and settings\Rick\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-10-09 07:23 . 2009-10-09 07:23 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\msxml6Exec.exe
2009-10-09 07:23 . 2009-10-09 07:23 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\Sleep.exe
2009-10-09 07:23 . 2009-10-09 07:23 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\vcredistExec.exe
2009-10-09 07:22 . 2009-10-09 07:23 24501456 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\NokiaSoftwareUpdaterSetup_en[1].exe
2009-10-09 07:14 . 2009-10-09 07:14 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-10-09 07:14 . 2009-10-09 07:14 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-10-09 07:14 . 2009-10-09 07:14 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-10-09 07:14 . 2009-10-09 07:14 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-10-09 07:13 . 2009-10-09 07:14 33773208 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_web.exe
2009-10-08 04:57 . 2007-10-09 03:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 04:57 . 1980-01-01 07:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 04:56 . 1980-01-01 07:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-06 01:52 . 2009-10-09 07:15 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2003-10-31 00:31 . 2003-10-31 00:31 0 ----a-w- c:\program files\error.dat
2008-08-15 00:06 . 2008-06-04 02:36 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InternodeUsage"="c:\progra~1\INTERN~3\mum.exe" [2009-12-01 1361408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-13 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-17 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-08-29 94208]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-19 127037]
"CAVRID"="c:\program files\CA\eTrust Vet Antivirus\CAVRID.exe" [2009-11-26 271600]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2009-11-11 374000]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-12-11 2245992]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Enable Wireless Keyboard Driver.lnk - c:\program files\Wireless Device\Wireless Keyboard\Magickey.exe [2004-11-22 172032]
Enable Wireless Optical Mouse Driver.lnk - c:\program files\Wireless Device\Wireless Mouse\MouseAp.exe [2004-11-22 217088]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 04:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-06-06 05:46 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-06 06:45 28672 ----a-w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-06-17 05:23 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)
"Messenger"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Laplink\\PCmover\\PCmover.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Internet Camera\\util\\util.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Internet Camera\\admin\\admin.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\Virtual Mechanics\\SiteSpinner Pro V2\\bin\\SiteSpinnerProV2.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer_tab.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"53049:TCP"= 53049:TCPxpsp2res.dll,-22009
"37955:TCP"= 37955:TCPxpsp2res.dll,-22009

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [5/01/2009 11:36 AM 107512]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [18/11/2008 12:14 PM 72696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 8:43 AM 74480]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [17/04/2009 7:56 AM 128240]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [1/08/2006 1:00 AM 316992]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [1/01/1980 5:00 PM 5120]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [12/12/2008 12:37 PM 1153528]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/12/2008 12:58 PM 797176]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [19/12/2008 1:59 PM 297464]
R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [23/04/2009 12:39 PM 1693128]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [12/12/2008 12:37 PM 205304]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [11/04/2009 7:11 PM 10688]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 8:43 AM 7408]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [20/12/2007 5:13 PM 1558000]
S2 COSIDS_TB;COSIDS_TB;c:\progra~1\COSIDS\BIN\TbMux32.exe [22/05/2007 8:20 AM 165376]
S2 PLSLT;ULS PLSLT Series Laser Engraver Firmware Loader;c:\windows\system32\drivers\PLSLTBL.sys [25/01/2008 8:24 AM 7808]
S2 VERSA2;ULS VersaLaser Series Laser Engraver Firmware Loader;c:\windows\system32\drivers\VERSA2BL.sys [9/03/2007 7:56 AM 7808]
S2 VERSALdr;ULS VersaLaser Engraver Firmware LoaderUSB\VID_10C3&PID_012C.DeviceDesc=ULS VersaLaser Air Compressor Firmware Loader;c:\windows\system32\drivers\VERSABL.sys [25/06/2003 6:49 AM 10112]
S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture;c:\windows\system32\drivers\M9205.sys [23/01/2006 9:13 PM 70272]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [6/10/2009 9:21 AM 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [6/10/2009 9:21 AM 3072]
S3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX;c:\windows\system32\drivers\M9207BDA.sys [23/01/2006 9:13 PM 37760]
S3 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\oxser.sys [9/08/2006 4:46 PM 49792]
S3 QSerBus;Quatech PCI/PCMCIA/ISA Multiport Serial Device Enumerator;c:\windows\system32\drivers\qserbus.sys [3/07/2006 7:32 AM 26624]
S3 QTSerial;Quatech Multiport Serial Driver;c:\windows\system32\drivers\qtserial.sys [3/07/2006 7:32 AM 91648]
S3 SWI32;SWI32;\??\c:\program files\ThinkVantage\SystemUpdate\session\79wc17ww\SWI32.sys --> c:\program files\ThinkVantage\SystemUpdate\session\79wc17ww\SWI32.sys [?]
S3 ULSPrint;ULS Print Service;c:\windows\system32\drivers\ULSPRINT.sys [10/07/2007 9:41 AM 17024]
S3 ZteitSerMux;ZteitSerMux;c:\windows\system32\drivers\ZteitSermux.sys [16/12/2006 8:31 AM 37888]
S3 zteitserprt;zteitserprt;c:\windows\system32\drivers\ZteitSerPrt.sys [16/12/2006 8:37 AM 19200]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.amiles.com.au/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\System32\VetRedir.dll
Trusted Zone: amiles.com.au\www
TCP: {71407124-ED89-4796-8404-5222CC3D2CBA} = 192.231.203.132,192.231.203.3
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3FED5791-B952-4958-A556-05892FE80AEC} - hxxp://192.168.10.12/webrtp.cab
DPF: {E62D1A95-8299-4B94-85D0-731DC125A60D} - hxxp://192.168.1.52:5052/ocx/IMMP4Control.ocx
FF - ProfilePath - c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\3ir9oqfa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.amiles.com.au/
FF - component: c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\3ir9oqfa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-24 08:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1513153548-3119829742-721034989-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{900CD2A7-7DA5-989B-035D-BEE1872F8C3F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iampoahdcflmlfaljf"=hex:69,65,65,67,67,63,69,6a,6f,62,6a,6a,65,62,65,6f,6d,6a,
67,69,67,6c,6a,63,69,68,67,69,66,63,6c,65,69,62,63,69,6d,63,61,6c,69,69,6c,\
"hampoahdcfglmhkk"=hex:6d,61,6c,62,64,66,64,6b,68,6f,69,6c,6e,6a,65,61,67,62,
66,6f,6f,68,68,64,68,66,00,00
"gampoahdcfcnpc"=hex:61,69,62,6c,6d,62,70,6d,70,6e,6f,67,65,6e,69,6b,6b,6c,61,
6b,67,6f,62,6a,6c,68,66,70,6a,6e,63,69,67,6a,6c,62,6c,65,6a,64,6e,6e,65,6d,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73A803C7-4F74-C091-1EFB-121D42A78ED2}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8BDF16A2-6D31-0350-366C-B753DCC9573B}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Messaging Subsystem\Applications]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(432)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\UmxWnp.Dll
c:\windows\system32\tphklock.dll

- - - - - - - > 'explorer.exe'(4344)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\System32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-12-24 08:50:17
ComboFix-quarantined-files.txt 2009-12-23 22:50
ComboFix2.txt 2009-12-22 22:38
ComboFix3.txt 2009-12-03 02:16

Pre-Run: 17,560,997,888 bytes free
Post-Run: 17,524,645,888 bytes free

- - End Of File - - 4B614CC6B4EE2BE679F773B37BA68F5F


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:32 AM, on 24/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spnsrvnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\INTERN~3\mum.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\DOCUME~1\Rick\LOCALS~1\Temp\Google Toolbar\gtb15.tmp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe
C:\WINDOWS\system32\msiexec.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amiles.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [InternodeUsage] C:\PROGRA~1\INTERN~3\mum.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Global Startup: Enable Wireless Optical Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: http://www.amiles.com.au
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MT...ttp://www.tagheuer.com/multimedia/3d_list.lbl
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {3FED5791-B952-4958-A556-05892FE80AEC} (ASUS WebRTP Control 1.0) - http://192.168.10.12/webrtp.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://www.officeupdate.com/productupdates/content/opuc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150173135187
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167725641250
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://202.91.196.117:8000/plugin/h263ctrl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E62D1A95-8299-4B94-85D0-731DC125A60D} (IMMP4Control Control) - http://192.168.1.52:5052/ocx/IMMP4Control.ocx
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq.com/falco/SysQuery.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{71407124-ED89-4796-8404-5222CC3D2CBA}: NameServer = 192.231.203.132,192.231.203.3
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: COSIDS_TB - TransAction Software, D 81737 Munich - C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SentinelSuperProNet Server (SuperProServer) - Rainbow Technologies - C:\WINDOWS\system32\spnsrvnt.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: TIS 2000 Apache Web Server - Unknown owner - C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe

--
End of file - 13258 bytes

 

[peku006]

Hi milesinfront
almost ready....

Open notepad and copy/paste the text in the codebox below into it:

RegLockDel::
[HKEY_USERS\S-1-5-21-1513153548-3119829742-721034989-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions
\Approved\{900CD2A7-7DA5-989B-035D-BEE1872F8C3F}*]

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with

the ComboFix log(C:\ComboFix.txt)

Thanks peku006

 

[milesinfront]

No improvement...

ComboFix 09-12-26.05 - Rick 28/12/2009 10:45:27.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1353 [GMT 10:00]
Running from: c:\documents and settings\Rick\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rick\Desktop\CFScript.txt
AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
.

((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-28 )))))))))))))))))))))))))))))))
.

2009-12-22 04:05 . 2009-12-22 04:05 -------- d-----w- c:\documents and settings\Rick\Local Settings\Application Data\Nero
2009-12-21 22:53 . 2009-12-23 06:17 -------- d-----w- c:\documents and settings\Rick\Application Data\vlc
2009-12-21 22:47 . 2009-12-21 22:47 -------- d-----w- c:\program files\VideoLAN
2009-12-20 22:41 . 2009-12-20 22:41 -------- d-----w- C:\_OTM
2009-12-17 05:28 . 2009-12-17 05:28 117760 ----a-w- c:\documents and settings\Rick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-17 05:27 . 2009-12-17 05:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-17 05:26 . 2009-12-17 21:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-17 05:26 . 2009-12-17 05:26 -------- d-----w- c:\documents and settings\Rick\Application Data\SUPERAntiSpyware.com
2009-12-17 05:26 . 2009-12-17 05:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-13 22:17 . 2009-12-13 22:18 -------- d-----w- c:\documents and settings\Rick\Application Data\Nero
2009-12-13 21:57 . 2009-12-13 22:10 -------- d-----w- c:\program files\Nero
2009-12-13 21:56 . 2009-12-13 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-12-13 21:56 . 2009-12-13 22:11 -------- d-----w- c:\program files\Common Files\Nero
2009-12-11 22:45 . 2009-12-11 22:45 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-12-06 23:28 . 2009-12-06 23:28 -------- d-----w- c:\program files\ESET
2009-12-05 09:05 . 2009-12-05 09:05 -------- d-----w- c:\documents and settings\Rick\Application Data\Malwarebytes
2009-12-05 09:05 . 2009-12-03 06:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-05 09:05 . 2009-12-05 09:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-05 09:05 . 2009-12-05 09:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-05 09:05 . 2009-12-03 06:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-02 01:20 . 2009-12-02 01:20 10134 ----a-r- c:\documents and settings\Rick\Application Data\Microsoft\Installer\{95BE40AA-D511-42B5-B060-704B5C0A945D}\ARPPRODUCTICON.exe
2009-12-02 01:15 . 2009-12-02 01:15 -------- d-----w- c:\program files\Common Files\Business Objects
2009-12-02 01:15 . 2009-12-02 01:15 -------- d-----w- c:\program files\Business Objects
2009-12-02 00:16 . 2009-12-02 00:16 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\TeamViewer
2009-12-02 00:16 . 2009-12-02 00:16 -------- d-----w- c:\documents and settings\Rick\Application Data\TeamViewer
2009-12-01 02:14 . 2009-11-19 01:48 43008 ----a-w- c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\3ir9oqfa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-01 02:14 . 2009-11-19 01:48 340480 ----a-w- c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\3ir9oqfa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-01 02:14 . 2009-11-19 01:48 346624 ----a-w- c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\3ir9oqfa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-01 02:14 . 2009-11-19 01:48 872960 ----a-w- c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\3ir9oqfa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-30 22:55 . 2009-11-30 22:55 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-28 00:30 . 2009-04-14 21:56 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-12-23 05:20 . 2006-08-29 23:05 -------- d-----w- c:\documents and settings\Rick\Application Data\U3
2009-12-18 01:14 . 2009-04-06 07:19 -------- d-----w- c:\documents and settings\All Users\Application Data\ULSMVX
2009-12-15 02:26 . 2008-12-19 00:59 1 ----a-w- c:\documents and settings\Rick\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-11 22:46 . 2009-08-26 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-09 21:23 . 2006-06-13 06:40 -------- d-----w- c:\program files\Virtual Mechanics
2009-12-02 23:26 . 2006-06-13 17:01 130280 ----a-w- c:\documents and settings\Rick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-01 21:39 . 2007-06-18 03:32 -------- d-----w- c:\documents and settings\Rick\Application Data\Internode
2009-12-01 21:38 . 2007-06-18 03:32 -------- d-----w- c:\program files\Internode
2009-11-26 21:26 . 2009-04-16 21:56 111856 ----a-w- c:\windows\system32\isafprod.dll
2009-11-25 22:56 . 2008-06-03 06:16 -------- d-----w- c:\program files\ULS
2009-11-25 22:56 . 2009-11-25 22:56 -------- d-----w- c:\program files\ULSDb
2009-11-25 06:55 . 2009-11-25 06:55 -------- d-----w- c:\program files\Common Files\PCSuite
2009-11-25 06:54 . 2009-10-09 07:16 -------- d-----w- c:\program files\Common Files\Nokia
2009-11-25 06:54 . 2009-10-09 07:15 -------- d-----w- c:\program files\Nokia
2009-11-25 06:42 . 2009-11-25 06:42 -------- d-----w- c:\program files\PC Connectivity Solution
2009-11-25 06:37 . 2009-11-25 06:37 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2009-11-25 06:37 . 2009-11-25 06:37 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2009-11-25 06:37 . 2009-11-25 06:37 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-11-25 06:37 . 2009-11-25 06:37 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2009-11-25 06:36 . 2009-10-09 07:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-11-25 06:36 . 2009-11-25 06:37 34429264 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng.exe
2009-11-25 06:11 . 2009-11-25 05:14 -------- d-----w- c:\documents and settings\All Users\Application Data\ULSVL
2009-11-24 23:30 . 2006-06-13 05:21 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-24 21:54 . 2009-11-09 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-24 07:00 . 2006-06-07 02:15 -------- d-----w- c:\program files\ThinkPad
2009-11-15 22:49 . 2006-06-13 06:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-10 22:02 . 2007-10-22 22:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-09 21:53 . 2009-11-09 21:53 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-11-01 22:07 . 2009-11-01 22:07 -------- d-----w- c:\documents and settings\Rick\Application Data\Sonic
2009-11-01 22:06 . 2009-11-01 22:06 -------- d-----w- c:\documents and settings\Rick\Application Data\vnulneas
2009-11-01 22:06 . 2009-11-01 22:06 -------- d-----w- c:\documents and settings\Rick\Application Data\Leadertech
2009-11-01 22:06 . 2009-11-01 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-30 04:57 . 2009-10-30 04:57 -------- d-----w- c:\documents and settings\NetworkService\Application Data\vnulneas
2009-10-29 23:20 . 2006-06-07 02:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-29 23:19 . 2009-10-29 23:19 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-29 23:13 . 2009-10-29 23:13 -------- d-----w- c:\program files\Dr.METAZA2
2009-10-29 23:13 . 2006-06-13 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Roland DG Corporation
2009-10-29 20:52 . 2009-04-16 21:56 739696 ----a-w- c:\windows\system32\drivers\vetefile.sys
2009-10-29 20:52 . 2009-04-16 21:56 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys
2009-10-29 20:52 . 2009-04-16 21:56 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys
2009-10-29 20:52 . 2009-04-16 21:56 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys
2009-10-29 20:52 . 2009-04-16 21:56 161008 ----a-w- c:\windows\system32\drivers\vetmonnt.sys
2009-10-29 20:52 . 2009-04-16 21:56 133520 ----a-w- c:\windows\system32\drivers\veteboot.sys
2009-10-29 07:45 . 1980-01-01 07:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 1980-01-01 07:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 1980-01-01 07:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 21:53 . 2008-06-15 20:50 1541416 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\vete_tmp.dll
2009-10-13 10:30 . 1980-01-01 07:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 1980-01-01 07:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 1980-01-01 07:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-11 22:15 . 2009-10-11 22:15 152576 ----a-w- c:\documents and settings\Rick\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-10-09 07:23 . 2009-10-09 07:23 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\msxml6Exec.exe
2009-10-09 07:23 . 2009-10-09 07:23 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\Sleep.exe
2009-10-09 07:23 . 2009-10-09 07:23 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\vcredistExec.exe
2009-10-09 07:22 . 2009-10-09 07:23 24501456 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\NokiaSoftwareUpdaterSetup_en[1].exe
2009-10-09 07:14 . 2009-10-09 07:14 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-10-09 07:14 . 2009-10-09 07:14 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-10-09 07:14 . 2009-10-09 07:14 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-10-09 07:14 . 2009-10-09 07:14 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-10-09 07:13 . 2009-10-09 07:14 33773208 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_web.exe
2009-10-08 04:57 . 2007-10-09 03:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 04:57 . 1980-01-01 07:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 04:56 . 1980-01-01 07:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-06 01:52 . 2009-10-09 07:15 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2003-10-31 00:31 . 2003-10-31 00:31 0 ----a-w- c:\program files\error.dat
2008-08-15 00:06 . 2008-06-04 02:36 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InternodeUsage"="c:\progra~1\INTERN~3\mum.exe" [2009-12-01 1361408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-13 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-17 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-08-29 94208]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-19 127037]
"CAVRID"="c:\program files\CA\eTrust Vet Antivirus\CAVRID.exe" [2009-11-26 271600]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2009-11-11 374000]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-12-11 2245992]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Enable Wireless Keyboard Driver.lnk - c:\program files\Wireless Device\Wireless Keyboard\Magickey.exe [2004-11-22 172032]
Enable Wireless Optical Mouse Driver.lnk - c:\program files\Wireless Device\Wireless Mouse\MouseAp.exe [2004-11-22 217088]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 04:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-06-06 05:46 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-06 06:45 28672 ----a-w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-06-17 05:23 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)
"Messenger"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Laplink\\PCmover\\PCmover.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Internet Camera\\util\\util.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Internet Camera\\admin\\admin.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\Virtual Mechanics\\SiteSpinner Pro V2\\bin\\SiteSpinnerProV2.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer_tab.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"53049:TCP"= 53049:TCPxpsp2res.dll,-22009
"37955:TCP"= 37955:TCPxpsp2res.dll,-22009

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [5/01/2009 11:36 AM 107512]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [18/11/2008 12:14 PM 72696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 8:43 AM 74480]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [17/04/2009 7:56 AM 128240]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [1/08/2006 1:00 AM 316992]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [1/01/1980 5:00 PM 5120]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [12/12/2008 12:37 PM 1153528]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/12/2008 12:58 PM 797176]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [19/12/2008 1:59 PM 297464]
R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [23/04/2009 12:39 PM 1693128]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [12/12/2008 12:37 PM 205304]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [11/04/2009 7:11 PM 10688]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 8:43 AM 7408]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [20/12/2007 5:13 PM 1558000]
S2 COSIDS_TB;COSIDS_TB;c:\progra~1\COSIDS\BIN\TbMux32.exe [22/05/2007 8:20 AM 165376]
S2 PLSLT;ULS PLSLT Series Laser Engraver Firmware Loader;c:\windows\system32\drivers\PLSLTBL.sys [25/01/2008 8:24 AM 7808]
S2 VERSA2;ULS VersaLaser Series Laser Engraver Firmware Loader;c:\windows\system32\drivers\VERSA2BL.sys [9/03/2007 7:56 AM 7808]
S2 VERSALdr;ULS VersaLaser Engraver Firmware LoaderUSB\VID_10C3&PID_012C.DeviceDesc=ULS VersaLaser Air Compressor Firmware Loader;c:\windows\system32\drivers\VERSABL.sys [25/06/2003 6:49 AM 10112]
S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture;c:\windows\system32\drivers\M9205.sys [23/01/2006 9:13 PM 70272]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [6/10/2009 9:21 AM 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [6/10/2009 9:21 AM 3072]
S3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX;c:\windows\system32\drivers\M9207BDA.sys [23/01/2006 9:13 PM 37760]
S3 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\oxser.sys [9/08/2006 4:46 PM 49792]
S3 QSerBus;Quatech PCI/PCMCIA/ISA Multiport Serial Device Enumerator;c:\windows\system32\drivers\qserbus.sys [3/07/2006 7:32 AM 26624]
S3 QTSerial;Quatech Multiport Serial Driver;c:\windows\system32\drivers\qtserial.sys [3/07/2006 7:32 AM 91648]
S3 SWI32;SWI32;\??\c:\program files\ThinkVantage\SystemUpdate\session\79wc17ww\SWI32.sys --> c:\program files\ThinkVantage\SystemUpdate\session\79wc17ww\SWI32.sys [?]
S3 ULSPrint;ULS Print Service;c:\windows\system32\drivers\ULSPRINT.sys [10/07/2007 9:41 AM 17024]
S3 ZteitSerMux;ZteitSerMux;c:\windows\system32\drivers\ZteitSermux.sys [16/12/2006 8:31 AM 37888]
S3 zteitserprt;zteitserprt;c:\windows\system32\drivers\ZteitSerPrt.sys [16/12/2006 8:37 AM 19200]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.amiles.com.au/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\System32\VetRedir.dll
Trusted Zone: amiles.com.au\www
TCP: {71407124-ED89-4796-8404-5222CC3D2CBA} = 192.231.203.132,192.231.203.3
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3FED5791-B952-4958-A556-05892FE80AEC} - hxxp://192.168.10.12/webrtp.cab
DPF: {E62D1A95-8299-4B94-85D0-731DC125A60D} - hxxp://192.168.1.52:5052/ocx/IMMP4Control.ocx
FF - ProfilePath - c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\3ir9oqfa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.amiles.com.au/
FF - component: c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\3ir9oqfa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-28 10:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1513153548-3119829742-721034989-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{900CD2A7-7DA5-989B-035D-BEE1872F8C3F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iampoahdcflmlfaljf"=hex:69,65,65,67,67,63,69,6a,6f,62,6a,6a,65,62,65,6f,6d,6a,
67,69,67,6c,6a,63,69,68,67,69,66,63,6c,65,69,62,63,69,6d,63,61,6c,69,69,6c,\
"hampoahdcfglmhkk"=hex:6d,61,6c,62,64,66,64,6b,68,6f,69,6c,6e,6a,65,61,67,62,
66,6f,6f,68,68,64,68,66,00,00
"gampoahdcfcnpc"=hex:61,69,62,6c,6d,62,70,6d,70,6e,6f,67,65,6e,69,6b,6b,6c,61,
6b,67,6f,62,6a,6c,68,66,70,6a,6e,63,69,67,6a,6c,62,6c,65,6a,64,6e,6e,65,6d,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73A803C7-4F74-C091-1EFB-121D42A78ED2}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8BDF16A2-6D31-0350-366C-B753DCC9573B}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Messaging Subsystem\Applications]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(252)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\UmxWnp.Dll
c:\windows\system32\tphklock.dll

- - - - - - - > 'explorer.exe'(5356)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\System32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-12-28 11:02:10
ComboFix-quarantined-files.txt 2009-12-28 01:02
ComboFix2.txt 2009-12-23 22:50
ComboFix3.txt 2009-12-22 22:38
ComboFix4.txt 2009-12-03 02:16

Pre-Run: 17,483,067,392 bytes free
Post-Run: 17,452,945,408 bytes free

- - End Of File - - 6A69F047A0031DC67EA2724EB81C96A5


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:58 AM, on 28/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spnsrvnt.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\INTERN~3\mum.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amiles.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [InternodeUsage] C:\PROGRA~1\INTERN~3\mum.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Global Startup: Enable Wireless Optical Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: http://www.amiles.com.au
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MT...ttp://www.tagheuer.com/multimedia/3d_list.lbl
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {3FED5791-B952-4958-A556-05892FE80AEC} (ASUS WebRTP Control 1.0) - http://192.168.10.12/webrtp.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://www.officeupdate.com/productupdates/content/opuc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150173135187
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167725641250
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://202.91.196.117:8000/plugin/h263ctrl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E62D1A95-8299-4B94-85D0-731DC125A60D} (IMMP4Control Control) - http://192.168.1.52:5052/ocx/IMMP4Control.ocx
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq.com/falco/SysQuery.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{71407124-ED89-4796-8404-5222CC3D2CBA}: NameServer = 192.231.203.132,192.231.203.3
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: COSIDS_TB - TransAction Software, D 81737 Munich - C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SentinelSuperProNet Server (SuperProServer) - Rainbow Technologies - C:\WINDOWS\system32\spnsrvnt.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: TIS 2000 Apache Web Server - Unknown owner - C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe

--
End of file - 13428 bytes


http://forums.spybot.info/showthread.php?t=54528

 

[peku006]

Hi milesinfront

• Download RootRepeal from the following location and save it to your desktop.
  • Link 1
  • Link 2
  • Link 3
• Unzip it to your Desktop
• Double click RootRepeal.exe to start the program
• Click on the Report tab at the bottom of the program window
• Click the Scan button
• In the Select Scan dialog, check:
  • Drivers
  • Files
  • Processes
  • SSDT
  • Stealth Objects
  • Hidden Services
  • Shadow SSDT
• Click the OK button
• Check the box for your main system drive (Usually C, and Click OK to start the scan
  
  The scan can take some time. DO NOT run any other programs while the scan is running
  
• When the scan is complete, the Save Report button will become available
• Click this and save the report to your Desktop as RootRepeal.txt
• Go to File, then Exit to close the program

Thanks peku006

 

[peku006]

Due to a lack of response, this topic is now closed

If you still require help, please open a new thread in the Malware Removal forum, include a
fresh HijackThis log, and wait for a new helper.

Your donation helps improving Spybot-S&D!

 

[peku006]

Hi milesinfront

• Download RootRepeal from the following location and save it to your desktop.
  • Link 1
  • Link 2
  • Link 3
• Unzip it to your Desktop
• Double click RootRepeal.exe to start the program
• Click on the Report tab at the bottom of the program window
• Click the Scan button
• In the Select Scan dialog, check:
  • Drivers
  • Files
  • Processes
  • SSDT
  • Stealth Objects
  • Hidden Services
  • Shadow SSDT
• Click the OK button
• Check the box for your main system drive (Usually C, and Click OK to start the scan
  
  The scan can take some time. DO NOT run any other programs while the scan is running
  
• When the scan is complete, the Save Report button will become available
• Click this and save the report to your Desktop as RootRepeal.txt
• Go to File, then Exit to close the program

Thanks peku006

 

[milesinfront]

Thanks for reopening this thread!

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/01/06 10:02
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA8ADC000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA5DE000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA6D4F000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\Prefetch\ROOTREPEAL.EXE-0D13B299.pf
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\PC-TV\DigitalTV\Gallery\NINEHI~2.MPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\kmxagent.sys" at address 0xa8fbace8

==EOF==

 

[peku006]

Hi milesinfront

Download Avenger by Swandog and unzip it to your Desktop.

Note: This programme must be run from an account with Administrator priviledges.

• Open the Avenger folder and double click Avenger.exe to launch the programme.
• Copy the text in the code box below and Paste it into the Input script here: box.

Registry keys to delete:
[HKEY_USERS\S-1-5-21-1513153548-3119829742-721034989-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions
\Approved\{900CD2A7-7DA5-989B-035D-BEE1872F8C3F}*]

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

• Ensure the following:
  • Scan for Rootkits is checked.
  • Automatically disable any rootkits found is Unchecked.
• Press the Execute key.
• Avenger will now process the script you've pasted (this may involve more than one re-boot), when finished it will produce a log file.
• Post the log back here please. (it can also be found at C:\avenger.txt)

Thanks peku006

 

[milesinfront]

I got this error:-

 

[peku006]

Hi milesinfront

I'm sorry the "late response"...... "technical difficulties"

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  :reg
  HKEY_USERS\S-1-5-21-1513153548-3119829742-721034989-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions
  \Approved

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found at on your Desktop entitled SystemLook.txt

Thanks peku006

 

[milesinfront]

SystemLook v1.0 by jpshortstuff (10.01.10)
Log created at 07:51 on 12/01/2010 by Rick (Administrator - Elevation successful)

========== reg ==========

[HKEY_USERS\S-1-5-21-1513153548-3119829742-721034989-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions]
(No values found)

[HKEY_USERS\S-1-5-21-1513153548-3119829742-721034989-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_USERS\S-1-5-21-1513153548-3119829742-721034989-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked]

[HKEY_USERS\S-1-5-21-1513153548-3119829742-721034989-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]


[\Approved]
Hive unrecognized.

-=End Of File=-

 

[peku006]

Hi milesinfront

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

• Double click on OTL.exe to run it.
• Under Output, ensure that Minimal Output is selected.
• Under Extra Registry section, select Use SafeList.
• Click the Scan All Users checkbox.
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
• Please post the contents of these 2 Notepad files in your next reply.

Thanks peku006

 

[milesinfront]

OTL logfile created on: 13/01/2010 7:44:50 AM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\Rick\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.86 Gb Total Space | 16.00 Gb Free Space | 28.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
Drive I: | 14.92 Gb Total Space | 6.04 Gb Free Space | 40.53% Space Free | Partition Type: FAT32

Computer Name: RICKMOVIN
Current User Name: Rick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Rick\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Internode\mum.exe (Angus Johnson)
PRC - C:\Program Files\CA\eTrust Vet Antivirus\vetmsg.exe (CA, Inc.)
PRC - C:\Program Files\CA\eTrust Vet Antivirus\cavrid.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe (Computer Associates International, Inc.)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe (Nokia)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\UltraVNC\winvnc.exe (UltraVNC)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA)
PRC - C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
PRC - C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
PRC - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Documents and Settings\Rick\Application Data\U3\1942520F558127DB\LaunchPad.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CA\eTrust Vet Antivirus\isafe.exe (Computer Associates International, Inc.)
PRC - C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
PRC - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.)
PRC - C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
PRC - C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe ()
PRC - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe ()
PRC - C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe ()
PRC - C:\Program Files\ACT\act.exe (Interact Commerce Corporation)
PRC - C:\Program Files\Wireless Device\Wireless Keyboard\OSD.exe (WayTech Development, Inc.)
PRC - C:\Program Files\cosids\bin\tbmux32.exe (TransAction Software, D 81737 Munich)
PRC - C:\WINDOWS\system32\spnsrvnt.exe (Rainbow Technologies)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Rick\My Documents\Downloads\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (VETMSGNT) -- C:\Program Files\CA\eTrust Vet Antivirus\vetmsg.exe (CA, Inc.)
SRV - (CaCCProvSP) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
SRV - (ccSchedulerSVC) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe (Computer Associates International, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (uvnc_service) -- C:\Program Files\UltraVNC\WinVNC.exe (UltraVNC)
SRV - (UmxPol) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
SRV - (UmxAgent) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA)
SRV - (Norton Ghost) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
SRV - (UmxCfg) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (SymSnapService) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec)
SRV - (Irmon) -- C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
SRV - (CAISafe) -- C:\Program Files\CA\eTrust Vet Antivirus\isafe.exe (Computer Associates International, Inc.)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SentinelKeysServer) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (S24EventMonitor) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (COSIDS_TB) -- C:\Program Files\cosids\bin\tbmux32.exe (TransAction Software, D 81737 Munich)
SRV - (SuperProServer) -- C:\WINDOWS\system32\spnsrvnt.exe (Rainbow Technologies)
SRV - (TIS 2000 Apache Web Server) -- C:\Program Files\cosids\Apache Group\Apache\ApchT2kW.exe ()


========== Driver Services (SafeList) ==========

DRV - (VETEFILE) -- C:\WINDOWS\system32\drivers\vetefile.sys (Computer Associates International, Inc.)
DRV - (VETEBOOT) -- C:\WINDOWS\system32\drivers\veteboot.sys (Computer Associates International, Inc.)
DRV - (vmm) -- C:\WINDOWS\system32\drivers\VMM.sys (Microsoft Corporation)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (EGATHDRV) -- C:\WINDOWS\system32\EGATHDRV.SYS (IBM Corporation)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (mv2) -- C:\WINDOWS\system32\drivers\mv2.sys (UVNC BVBA)
DRV - (KmxStart) -- C:\WINDOWS\System32\DRIVERS\kmxstart.sys (CA)
DRV - (KmxCfg) -- C:\WINDOWS\system32\drivers\KmxCfg.sys (CA)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (KmxAgent) -- C:\WINDOWS\system32\drivers\KmxAgent.sys (CA)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (v2imount) -- C:\WINDOWS\system32\drivers\v2imount.sys (Symantec Corporation)
DRV - (symsnap) -- C:\WINDOWS\system32\DRIVERS\symsnap.sys (StorageCraft)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (wceusbsh) -- C:\WINDOWS\system32\drivers\wceusbsh.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (PLSLT) -- C:\WINDOWS\system32\drivers\PLSLTBL.sys (ULS, Inc.)
DRV - (WimFltr) -- C:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (VProEventMonitor) -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys (Symantec Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ULSPrint) -- C:\WINDOWS\system32\drivers\ULSPRINT.sys (Universal Laser Systems)
DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (VERSA2) -- C:\WINDOWS\system32\drivers\VERSA2BL.sys (ULS, Inc.)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (VPCNetS2) -- C:\WINDOWS\system32\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (zteitserprt) -- C:\WINDOWS\system32\drivers\ZteitSerPrt.sys (ZTEiT)
DRV - (ZteitSerMux) -- C:\WINDOWS\system32\drivers\ZteitSermux.sys (ZTEiT)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (oxser) -- C:\WINDOWS\system32\drivers\oxser.sys (OEM)
DRV - (AEAudioService) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (SNTNLUSB) -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS (SafeNet, Inc.)
DRV - (Haspnt) -- C:\WINDOWS\system32\drivers\Haspnt.sys (Aladdin Knowledge Systems)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - (QTSerial) -- C:\WINDOWS\system32\drivers\qtserial.sys (Quatech, Incorporated)
DRV - (QSerBus) -- C:\WINDOWS\system32\drivers\qserbus.sys (Quatech, Incorporated)
DRV - (DTV-DVBM9205) -- C:\WINDOWS\system32\drivers\M9205.sys ()
DRV - (M9207) -- C:\WINDOWS\system32\drivers\M9207BDA.sys ()
DRV - (hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (aksusb) -- C:\WINDOWS\system32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.)
DRV - (akshasp) -- C:\WINDOWS\system32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.)
DRV - (risdptsk) -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (TPHKDRV) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys (IBM Corporation)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (atmeltpm) -- C:\WINDOWS\system32\drivers\atmeltpm.sys (Atmel, Inc.)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (PcdrNdisuio) -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys (Windows (R) 2000 DDK provider)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (vncdrv) -- C:\WINDOWS\system32\drivers\vncdrv.sys (RDV Soft)
DRV - (U2SP) OEM USB to Serial Converter Driver(Philips) -- C:\WINDOWS\system32\drivers\u2s2kxp.sys (Magic Control Technology Corp.)
DRV - (VETFDDNT) -- C:\WINDOWS\system32\drivers\VetFDDNT.1 (Computer Associates International, Inc.)
DRV - (VETMONNT) -- C:\WINDOWS\system32\drivers\VetMonNT.1 (Computer Associates International, Inc.)
DRV - (VET-FILT) -- C:\WINDOWS\system32\drivers\Vet-Filt.1 ()
DRV - (VET-REC) -- C:\WINDOWS\system32\drivers\Vet-Rec.1 ()
DRV - (VERSALdr) -- C:\WINDOWS\system32\drivers\VERSABL.sys (ULS, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (E100B) Intel(R) -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation)
DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS ()
DRV - (pmem) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS (Microsoft Corporation)
DRV - (CADlink) -- C:\EngraveLab Expert7.1\CADlink.sys (CADlink Technology)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 70 63 08 05 57 86 45 46 8C 04 80 E9 45 EB 98 BE [binary data]
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 70 63 08 05 57 86 45 46 8C 04 80 E9 45 EB 98 BE [binary data]
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 70 63 08 05 57 86 45 46 8C 04 80 E9 45 EB 98 BE [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 70 63 08 05 57 86 45 46 8C 04 80 E9 45 EB 98 BE [binary data]

IE - HKU\S-1-5-21-1513153548-3119829742-721034989-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default Font Size = 01 00 00 00 [binary data]
IE - HKU\S-1-5-21-1513153548-3119829742-721034989-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1513153548-3119829742-721034989-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1513153548-3119829742-721034989-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.amiles.com.au/
IE - HKU\S-1-5-21-1513153548-3119829742-721034989-1005\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 70 63 08 05 57 86 45 46 8C 04 80 E9 45 EB 98 BE [binary data]
IE - HKU\S-1-5-21-1513153548-3119829742-721034989-1005\S-1-5-21-1513153548-3119829742-721034989-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.amiles.com.au/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.723
FF - prefs.js..extensions.enabledItems: {b2881675-6b3a-4b9c-9708-c8d26152bf76}:1.0

FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/11/25 16:55:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/11 09:21:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/11 09:21:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/08/21 09:29:36 | 00,000,000 | ---D | M]

[2009/03/03 13:26:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\Mozilla\Extensions
[2010/01/12 10:37:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\3ir9oqfa.default\extensions
[2009/12/03 11:43:17 | 00,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\3ir9oqfa.default\extensions\{b2881675-6b3a-4b9c-9708-c8d26152bf76}
[2009/11/20 12:39:58 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\3ir9oqfa.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/12 10:37:53 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/03 15:07:42 | 00,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2009/08/19 14:37:48 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/08/19 14:37:48 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/08/19 14:37:48 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/08/19 14:37:49 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1513153548-3119829742-721034989-1005\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1513153548-3119829742-721034989-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [CAVRID] C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [Norton Ghost 14.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKU\S-1-5-21-1513153548-3119829742-721034989-1005..\Run: [InternodeUsage] C:\Program Files\Internode\mum.exe (Angus Johnson)
O4 - HKU\S-1-5-21-1513153548-3119829742-721034989-1005..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-1513153548-3119829742-721034989-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Enable Wireless Optical Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1513153548-3119829742-721034989-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1513153548-3119829742-721034989-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1513153548-3119829742-721034989-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1513153548-3119829742-721034989-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1513153548-3119829742-721034989-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1513153548-3119829742-721034989-1005\..Trusted Domains: am-1 ([]file in Local intranet)
O15 - HKU\S-1-5-21-1513153548-3119829742-721034989-1005\..Trusted Domains: amiles.com.au ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1513153548-3119829742-721034989-1005\..Trusted Domains: 61 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} https://components.viewpoint.com/MT...ttp://www.tagheuer.com/multimedia/3d_list.lbl (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab (IASRunner Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {3FED5791-B952-4958-A556-05892FE80AEC} http://192.168.10.12/webrtp.cab (ASUS WebRTP Control 1.0)
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} http://www.officeupdate.com/productupdates/content/opuc.cab (OPUCatalog Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150173135187 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167725641250 (MUWebControl Class)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www-307.ibm.com/pc/support/IbmEgath.cab (IBM Access Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} http://u3.sandisk.com/download/apps/LPInstaller.CAB (CInstallLPCtrl Object)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37805.9508333333 (Reg Error: Key error.)
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} http://202.91.196.117:8000/plugin/h263ctrl.cab (VaPgCtrl Class)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/techsupp/activedata/SymAData.dll (ActiveDataInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E62D1A95-8299-4B94-85D0-731DC125A60D} http://192.168.1.52:5052/ocx/IMMP4Control.ocx (IMMP4Control Control)
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab (ActiveDataObj Class)
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} http://www29.compaq.com/falco/SysQuery.cab (Compaq System Data Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\Windows\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\System32\UmxWNP.dll (CA)
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Rick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/14 02:29:18 | 00,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 22:26:23 | 00,000,309 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3867e228-7245-11dd-a03e-0013ceb7d937}\Shell - "" = AutoRun
O33 - MountPoints2\{3867e228-7245-11dd-a03e-0013ceb7d937}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3867e228-7245-11dd-a03e-0013ceb7d937}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- [2007/10/23 17:45:39 | 01,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/04 08:46:20 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/12/22 14:05:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rick\Local Settings\Application Data\Nero
[2009/12/22 08:53:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rick\Application Data\vlc
[2009/12/22 08:47:47 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/12/21 08:41:52 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/12/17 15:27:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/12/17 15:26:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rick\Application Data\SUPERAntiSpyware.com
[2009/12/17 15:26:51 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/12/14 08:17:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rick\Application Data\Nero
[2009/12/14 07:57:45 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2009/12/14 07:56:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/12/14 07:56:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2009/12/14 07:55:14 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2009/10/30 14:57:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\vnulneas
[2009/10/30 14:57:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\vnulneas
[2009/03/19 16:34:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2008/12/24 10:41:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Identities
[2008/11/27 22:59:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2008/11/11 17:51:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2008/04/19 11:03:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/07/28 10:42:35 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/07/28 10:38:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/06/14 02:34:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\IBM
[2006/06/07 12:39:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Lenovo
[2004/08/10 03:45:44 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/01/13 07:39:56 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/13 07:38:49 | 08,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
[2010/01/13 07:38:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/13 07:38:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/13 07:38:23 | 21,375,09888 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/12 17:22:36 | 00,004,096 | -HS- | M] () -- C:\VSNAP.IDX
[2010/01/12 17:22:35 | 00,000,192 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2010/01/12 17:22:35 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2010/01/12 17:22:35 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2010/01/12 17:22:35 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2010/01/12 17:22:35 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2010/01/12 17:22:35 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2010/01/12 17:22:35 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2010/01/12 17:22:35 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2010/01/12 17:22:35 | 00,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2010/01/12 17:22:35 | 00,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2010/01/12 17:22:35 | 00,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2010/01/12 17:22:35 | 00,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2010/01/12 17:22:35 | 00,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2010/01/12 17:22:35 | 00,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2010/01/12 17:22:35 | 00,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2010/01/12 17:22:35 | 00,000,028 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2010/01/12 17:22:23 | 12,058,624 | ---- | M] () -- C:\Documents and Settings\Rick\NTUSER.DAT
[2010/01/12 17:22:23 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Rick\ntuser.ini
[2010/01/12 14:03:47 | 00,012,749 | ---- | M] () -- C:\WINDOWS\CASMATE.INI
[2010/01/12 07:50:17 | 00,100,908 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\SystemLook.exe
[2010/01/11 17:17:11 | 00,000,149 | ---- | M] () -- C:\Documents and Settings\Rick\Application Data\default.rss
[2010/01/11 10:25:58 | 00,001,371 | ---- | M] () -- C:\WINDOWS\Brpcfx.ini
[2010/01/07 08:04:13 | 00,015,778 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\Avenger Error 01.jpg
[2010/01/04 08:45:44 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\settings.dat
[2009/12/28 10:55:32 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/22 14:24:25 | 00,166,400 | ---- | M] () -- C:\Documents and Settings\Rick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/22 14:05:52 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/18 08:38:50 | 00,284,915 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\gmer.zip
[2009/12/17 08:59:36 | 00,002,370 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\Rick's X-2 01-02-04 02.jpg
[2009/12/17 08:53:17 | 00,059,691 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\X-2 Cracks 01.jpg
[2009/12/15 11:24:48 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Rick\Desktop\gmer.exe
[2009/12/14 16:32:30 | 00,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/14 16:32:30 | 00,443,368 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/14 16:32:30 | 00,072,178 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/14 08:01:11 | 00,002,338 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk

========== Files Created - No Company Name ==========

[2010/01/12 07:50:17 | 00,100,908 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\SystemLook.exe
[2010/01/07 08:04:10 | 00,015,778 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\Avenger Error 01.jpg
[2010/01/04 08:45:44 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\settings.dat
[2009/12/22 08:38:04 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/18 08:38:48 | 00,284,915 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\gmer.zip
[2009/12/17 08:59:32 | 00,002,370 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\Rick's X-2 01-02-04 02.jpg
[2009/12/17 08:53:07 | 00,059,691 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\X-2 Cracks 01.jpg
[2009/12/16 10:40:59 | 00,000,149 | ---- | C] () -- C:\Documents and Settings\Rick\Application Data\default.rss
[2009/12/15 11:24:48 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Rick\Desktop\gmer.exe
[2009/12/14 08:01:11 | 00,002,338 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2009/10/06 09:21:32 | 00,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2009/10/06 09:21:31 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2009/10/06 09:21:31 | 00,003,072 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/08 13:49:38 | 02,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/12/24 12:07:10 | 00,004,592 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\F58C580D-00DB-4DF6-9FEE-45C7A8865D63.txt
[2008/09/18 11:12:23 | 00,005,590 | ---- | C] () -- C:\Documents and Settings\Rick\Local Settings\Application Data\F58C580D-00DB-4DF6-9FEE-45C7A8865D63.txt
[2008/09/18 11:12:10 | 00,004,328 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\F58C580D-00DB-4DF6-9FEE-45C7A8865D63.txt
[2008/07/24 02:50:52 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/24 02:47:34 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/07/24 02:47:34 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/07/24 02:46:38 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/06/04 12:36:17 | 00,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/05/25 09:55:15 | 00,000,273 | ---- | C] () -- C:\WINDOWS\PICKLIST.INI
[2007/05/25 09:53:36 | 00,000,302 | ---- | C] () -- C:\WINDOWS\MIREPAIR.INI
[2007/05/25 09:53:36 | 00,000,058 | ---- | C] () -- C:\WINDOWS\MITCHELL.INI
[2007/05/25 09:53:28 | 00,002,670 | ---- | C] () -- C:\WINDOWS\ODWIN.INI
[2007/05/25 09:53:28 | 00,000,754 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2007/05/22 08:40:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\frontend.INI
[2007/05/22 08:17:46 | 00,073,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\SENTINEL.SYS
[2007/01/04 15:34:41 | 00,000,228 | ---- | C] () -- C:\Documents and Settings\Rick\Application Data\varicad-work.ini
[2006/07/27 13:41:36 | 00,007,714 | ---- | C] () -- C:\WINDOWS\System32\SignLab6R.ini
[2006/07/26 13:15:01 | 00,000,086 | RHS- | C] () -- C:\WINDOWS\System32\SignLab71.ini
[2006/06/14 02:29:09 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Rick\Local Settings\Application Data\fusioncache.dat
[2006/06/07 12:44:50 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/07 12:36:27 | 00,000,239 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/07 12:30:12 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/06/07 12:30:12 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/06/07 12:30:12 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/06/07 12:30:12 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/06/07 12:30:12 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/06/07 12:30:12 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/06/07 12:19:55 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2006/06/07 12:16:09 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2006/06/07 12:04:20 | 00,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/03/24 09:47:45 | 00,000,196 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2006/01/23 21:13:26 | 00,070,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\M9205.sys
[2006/01/23 21:13:12 | 00,037,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\M9207BDA.sys
[2005/12/16 07:52:05 | 00,032,096 | ---- | C] () -- C:\WINDOWS\unvpeye.ini
[2005/12/06 12:23:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/10/16 19:16:58 | 00,099,672 | ---- | C] () -- C:\WINDOWS\dibapi32.dll
[2005/10/16 19:16:56 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\cresvfw.dll
[2005/10/16 19:16:56 | 00,036,352 | ---- | C] () -- C:\WINDOWS\System32\Preview.dll
[2005/09/03 06:02:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/10 12:10:16 | 00,596,992 | ---- | C] () -- C:\WINDOWS\System32\msodbc32i.dll
[2005/08/09 17:24:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\3ddesign.INI
[2005/06/22 11:46:52 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2005/05/05 07:32:42 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2005/05/05 07:32:42 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2005/04/18 14:22:30 | 00,000,239 | ---- | C] () -- C:\WINDOWS\ActiveAct.INI
[2005/04/18 10:31:20 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\EmailShared.dll
[2005/02/28 10:42:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/02/17 12:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/12/10 14:46:12 | 00,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2004/12/10 14:44:42 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\DYMOINST.DLL
[2004/12/10 14:44:42 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL
[2004/11/15 10:11:14 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2004/11/15 10:11:12 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\u25total.dll
[2004/11/15 10:11:09 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[2004/08/10 04:03:43 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/07/15 16:04:48 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\msn27200.dll
[2004/07/10 18:55:38 | 00,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2004/05/24 15:16:54 | 00,000,045 | ---- | C] () -- C:\WINDOWS\eps.ini
[2004/05/24 15:16:52 | 00,000,250 | ---- | C] () -- C:\WINDOWS\AMCProgrammer.ini
[2004/02/03 09:57:47 | 00,089,088 | ---- | C] () -- C:\WINDOWS\System32\hpgt33.dll
[2004/01/20 16:56:31 | 00,000,057 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2004/01/20 16:56:27 | 00,028,518 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2004/01/20 16:56:27 | 00,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2003/12/09 16:06:19 | 00,000,040 | ---- | C] () -- C:\WINDOWS\CASSCAN.INI
[2003/12/09 14:20:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\HINSTALL.INI
[2003/12/09 14:20:11 | 00,010,234 | ---- | C] () -- C:\WINDOWS\ColorPro.ini
[2003/12/09 14:20:10 | 00,143,760 | ---- | C] () -- C:\WINDOWS\System32\BC30RTL.DLL
[2003/12/09 14:20:10 | 00,012,749 | ---- | C] () -- C:\WINDOWS\CASMATE.INI
[2003/12/09 14:20:10 | 00,005,745 | ---- | C] () -- C:\WINDOWS\DOOR.INI
[2003/11/19 09:03:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\GraphEdt.INI
[2003/10/31 15:44:31 | 00,000,084 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2003/10/31 10:53:49 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\NSSearch.dll
[2003/10/31 10:53:49 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2003/10/31 10:42:24 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\BntRC.dll
[2003/10/31 10:32:48 | 00,001,371 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2003/10/31 10:31:30 | 00,000,060 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2003/10/31 10:31:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mf03awmk.ini
[2003/10/31 10:31:30 | 00,000,000 | ---- | C] () -- C:\Program Files\error.dat
[2003/10/31 10:31:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\BROWNIE.INI
[2003/10/31 10:31:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\brom8820.ini
[2003/10/31 10:30:28 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\PTRCENG.DLL
[2003/10/27 15:05:40 | 00,000,040 | ---- | C] () -- C:\WINDOWS\opt_8820.ini
[2003/10/27 15:03:27 | 00,000,448 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2003/10/27 15:03:27 | 00,000,104 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2003/10/27 15:03:27 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2003/09/22 15:55:38 | 00,000,102 | ---- | C] () -- C:\WINDOWS\bmwetksa.ini
[2003/08/18 15:13:16 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/11 14:52:35 | 00,166,400 | ---- | C] () -- C:\Documents and Settings\Rick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/07/15 08:02:06 | 00,001,416 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/07/09 15:42:47 | 00,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2003/07/09 15:41:58 | 00,171,520 | ---- | C] () -- C:\WINDOWS\System32\PATCHW32.DLL
[2003/07/09 15:41:58 | 00,031,390 | ---- | C] () -- C:\WINDOWS\System32\APU86.DRV
[2003/07/09 15:41:56 | 00,084,448 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB.DLL
[2003/07/09 15:41:55 | 00,052,474 | ---- | C] () -- C:\WINDOWS\System32\CDLDIB.DRV
[2003/07/09 15:41:55 | 00,004,849 | ---- | C] () -- C:\WINDOWS\FontMgr.ini
[2003/07/09 15:41:53 | 00,001,436 | ---- | C] () -- C:\WINDOWS\FBOARD.INI
[2003/07/09 10:29:38 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Rick\Application Data\sversion.ini
[2003/07/05 12:31:05 | 00,001,831 | ---- | C] () -- C:\WINDOWS\ACT_CFG.INI
[2003/07/05 12:30:56 | 00,000,958 | ---- | C] () -- C:\WINDOWS\Cpqdiag.ini
[2003/04/11 09:04:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/03/04 21:46:39 | 00,000,042 | ---- | C] () -- C:\WINDOWS\cpqhsc.ini
[2003/03/04 21:42:19 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2002/11/06 19:52:04 | 00,102,400 | ---- | C] () -- C:\WINDOWS\japi.dll
[2002/08/20 19:37:50 | 00,093,696 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2002/02/27 09:41:28 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 09:41:26 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 09:41:26 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2002/01/08 16:57:34 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/07/31 03:17:12 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[1999/01/23 12:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1980/01/01 17:00:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[1980/01/01 17:00:00 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1
< End of report >

 

[milesinfront]

OTL Extras logfile created on: 13/01/2010 7:44:50 AM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\Rick\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.86 Gb Total Space | 16.00 Gb Free Space | 28.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
Drive I: | 14.92 Gb Total Space | 6.04 Gb Free Space | 40.53% Space Free | Partition Type: FAT32

Computer Name: RICKMOVIN
Current User Name: Rick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1513153548-3119829742-721034989-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"80:TCP" = 80:TCP:*:Enabledxpsp2res.dll,-22009
"53049:TCP" = 53049:TCP:*:Enabledxpsp2res.dll,-22009
"37955:TCP" = 37955:TCP:*:Enabledxpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800
"53049:TCP" = 53049:TCP:*:Enabledxpsp2res.dll,-22009
"37955:TCP" = 37955:TCP:*:Enabledxpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe" = C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Laplink\PCmover\PCmover.exe" = C:\Program Files\Laplink\PCmover\PCmover.exe:*:EnabledCmover -- (Laplink Software Inc.)
"C:\Program Files\Internet Camera\util\util.exe" = C:\Program Files\Internet Camera\util\util.exe:*:Enabled:util -- ()
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" = C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*isabled:Sentinel Keys Server -- (SafeNet, Inc.)
"C:\Program Files\Internet Camera\admin\admin.exe" = C:\Program Files\Internet Camera\admin\admin.exe:*:Enabled:calldll -- ()
"C:\Program Files\UltraVNC\winvnc.exe" = C:\Program Files\UltraVNC\winvnc.exe:*:Enabled:VNC server for Win32 -- (UltraVNC)
"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\Program Files\Virtual Mechanics\SiteSpinner Pro V2\bin\SiteSpinnerProV2.exe" = C:\Program Files\Virtual Mechanics\SiteSpinner Pro V2\bin\SiteSpinnerProV2.exe:*:Enabled:SiteSpinner Pro V2 Application -- (Virtual Mechanics Inc.)
"C:\Program Files\UltraVNC\vncviewer.exe" = C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\Program Files\UltraVNC\vncviewer_tab.exe" = C:\Program Files\UltraVNC\vncviewer_tab.exe:*:Enabled:UltraVNC Viewer Directx -- (UltraVNC)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Shareaza\Shareaza.exe" = C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza -- (Shareaza Development Team)
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{0139DE0C-96E3-41BB-A512-C864A05FDE94}" = USB 2.0 Image
"{01BDFB08-EE88-4E5E-94A6-AE9EDCFA40C5}" = Microsoft IntelliPoint 4.0
"{0369E93A-46CE-4417-BFC2-4841F2C847F2}" = Compaq Help and Support Center
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{10A44541-D4D5-11D3-9154-0008C73B3EB1}" = Costar Client
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = DLA
"{12D6D0E0-5C9A-40F5-8E0D-8631ED92FD2D}" = Xerox PrinterMap
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1881AE03-2BD4-11D4-86BF-00508B10AA88}" = Diagnostics for Windows
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{29116D94-77CB-4907-AC3D-6A851F392C74}" = LaserType4000
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver
"{6AF90EF6-F7F9-466C-99F4-1774826FBB40}" = Symantec Network Driver Update
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = XP Themes
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad UltraNav Wizard
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{868043DC-E02F-44EC-9901-AFD9AFCDCD98}" = SiteSpinner Pro V2
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8D890CED-4E48-11D7-9472-00E029591716}" = Brother PC-FAX
"{8F55B163-7B42-42A3-9307-C7FCB9655225}" = PC-Doctor for Windows
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9232446D-2BBD-11D7-946C-00E029591716}" = Brother MFL-Pro Suite
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{937197B2-7308-4F43-90CF-8B62E61D350C}" = LimeWire
"{95BE40AA-D511-42B5-B060-704B5C0A945D}" = Crystal XI Installer
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = RTLSetup
"{9A1E6130-8F5E-4076-899A-D51FF01EDA6C}" = System Migration Assistant 5.0
"{9b07b5f1-b7b6-43c4-b85b-276c038751f9}" = Nero 9
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{9DE006A5-B384-4EDE-A760-0F217136B9EA}" = Microsoft IntelliType Pro 2.2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B0255743-165B-4BD5-8DA8-37DFB9930014}" = Norton Ghost
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B214C3C8-FC16-42EC-B7BB-703A1BB9C790}" = Lenovo Battery Program
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B2FFFA64-FF77-44DB-97DA-5EA1239049EA}" = Xerox CentreWare® DP
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B781AB6B-FB96-4764-9D61-01AA095A9AC8}" = FCS-1020 IP Network Camera
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB04DEA7-ED6E-4F4C-B18F-804D6A70AFCF}" = EngraveLab Expert
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}" = MSN Messenger 7.5
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DA7113AA-E3D0-48C6-BE31-E1F11BB9D18E}" = U232 P9/P25
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector
"{E025271C-EB41-4587-9864-1239DF5682AE}" = Picture Tools v3.03
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"{EA664480-3844-11D5-8C25-444553540000}" = TrackPoint Accessibility Features
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EF1989B2-F482-49D3-BB19-7C81E3EAAB39}" = PCmover
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}" = Nokia Software Updater
"{F9F33778-C720-475B-9483-6B0EDF2B50EB}" = Sentinel Keys Protection Installer 1.0.2 (English)
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"ACT!" = ACT!
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnalogX NetStat Live" = AnalogX NetStat Live
"ATI Display Driver" = ATI Display Driver
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Brother MFC8820D" = Brother MFC8820D
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"CorelDRAW 10" = CorelDRAW 10
"Dr.Engrave" = Dr.Engrave
"Dr.METAZA2" = Dr.METAZA2
"Dr.PICZA" = Dr.PICZA
"Dr.STIKA PLUS" = Dr.STIKA PLUS
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 4.0 Home Edition
"ESET Online Scanner" = ESET Online Scanner v3
"eTrust Suite Personal" = CA Internet Security Suite
"FLV Player" = FLV Player 2.0 (build 25)
"FLVPlayer" = FLV Player 1.3.3
"FTDICOMM" = FTDI USB Serial Converter Drivers
"GSpot" = GSpot Codec Information Appliance
"Handymailer_is1" = Handymailer V3.1.1
"HASP4 Device Drivers" = HASP4 Device Drivers
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{8F55B163-7B42-42A3-9307-C7FCB9655225}" = PC-Doctor for Windows
"InstallShield_{937197B2-7308-4F43-90CF-8B62E61D350C}" = LimeWire
"InstallShield_{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"InstallShield_{EF1989B2-F482-49D3-BB19-7C81E3EAAB39}" = PCmover
"InterActual Player" = InterActual Player
"Internode Monthly Usage Meter_is1" = Internode Monthly Usage Meter 6.5e
"JSDK2.0" = Java Servlet Development Kit 2.0
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LogWorks" = LogWorks
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MedalEditor" = Roland Medal Editor
"MegaTune 2.25_is1" = MegaTune 2.25
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network Print Monitor" = Network Print Monitor for Windows 2000/XP/2003
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Peer to Peer Print NetBIOS" = Brother Peer to Peer Print (NetBIOS) 1.15
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel(R) PROSet/Wireless Software
"QuickTime" = QuickTime
"Rainbow Sentinel Driver" = Sentinel System Driver
"RealAlt_is1" = Real Alternative 1.7.5 Lite
"Registry Mechanic_is1" = Registry Mechanic 6.0
"Remove Multimedia Center" = Remove Multimedia Center
"Rgistry Fixer_is1" = Registry Fixer v4.0
"Roland CAMM2 PNC-2300A" = Roland CAMM2 PNC-2300A
"Roland EngraveStudio" = Roland EngraveStudio 1.0
"Roland MODELA" = Roland MODELA
"Roland MODELA MDX-15" = Roland MODELA MDX-15
"Roland MPX-60" = Roland MPX-60
"SereneScreen Marine Aquarium 2_is1" = SereneScreen Marine Aquarium 2
"Setup Compaq Software" = Setup Compaq Software
"Shareaza_is1" = Shareaza 2.4.0.0
"Shockwave" = Shockwave
"Spell Checker For OE 2.1" = Spell Checker For OE 2.1
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPadSoftwareInstaller" = Software Installer
"ULS Engraver" = Remove ULS Engraver Application
"ULS Software" = Remove Universal Laser Systems UCP Application
"Ultravnc2_is1" = UltraVNC 1.0.5.6
"VETWIN32Vp5" = CA Anti-Virus
"Virtual MODELA" = Virtual MODELA
"VLC media player" = VLC media player 1.0.3
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"Wireless Keyboard and Optical Mouse" = Wireless Keyboard and Optical Mouse
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XnView_is1" = XnView 1.50.1
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/12/2009 6:43:08 PM | Computer Name = RICKMOVIN | Source = Application Error | ID = 1004
Description = Faulting application winlogon.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x0a56a1d4.

Error - 1/12/2009 7:09:12 PM | Computer Name = RICKMOVIN | Source = Application Error | ID = 1001
Description = Fault bucket 1587830939.

Error - 1/12/2009 8:17:37 PM | Computer Name = RICKMOVIN | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/12/2009 8:41:00 PM | Computer Name = RICKMOVIN | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x0b09a1d4.

Error - 1/12/2009 9:00:06 PM | Computer Name = RICKMOVIN | Source = Application Error | ID = 1004
Description = Faulting application winlogon.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x0b09a1d4.

Error - 2/12/2009 9:53:41 PM | Computer Name = RICKMOVIN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 2/12/2009 9:53:41 PM | Computer Name = RICKMOVIN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/12/2009 9:53:41 PM | Computer Name = RICKMOVIN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/12/2009 12:42:40 AM | Computer Name = RICKMOVIN | Source = Application Error | ID = 1000
Description = Faulting application isafe.exe, version 9.0.0.0, faulting module isafserv.dll,
version 9.0.0.0, fault address 0x00011790.

Error - 3/12/2009 7:00:56 PM | Computer Name = RICKMOVIN | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x8007041d].

[ System Events ]
Error - 11/01/2010 5:09:19 PM | Computer Name = RICKMOVIN | Source = Print | ID = 23
Description = Printer Roland SX-15 failed to initialize because a suitable Roland
SX-15 driver could not be found.

Error - 12/01/2010 5:39:05 PM | Computer Name = RICKMOVIN | Source = Service Control Manager | ID = 7000
Description = The ULS PLSLT Series Laser Engraver Firmware Loader service failed
to start due to the following error: %%1058

Error - 12/01/2010 5:39:05 PM | Computer Name = RICKMOVIN | Source = Service Control Manager | ID = 7000
Description = The ULS VersaLaser Series Laser Engraver Firmware Loader service failed
to start due to the following error: %%1058

Error - 12/01/2010 5:39:05 PM | Computer Name = RICKMOVIN | Source = Service Control Manager | ID = 7000
Description = The ULS VersaLaser Engraver Firmware LoaderUSB\VID_10C3&PID_012C.DeviceDesc=ULS
VersaLaser Air Compressor Firmware Loader service failed to start due to the following
error: %%1058

Error - 12/01/2010 5:39:05 PM | Computer Name = RICKMOVIN | Source = Service Control Manager | ID = 7000
Description = The Par1284 service failed to start due to the following error: %%3

Error - 12/01/2010 5:39:07 PM | Computer Name = RICKMOVIN | Source = Service Control Manager | ID = 7034
Description = The TIS 2000 Apache Web Server service terminated unexpectedly. It
has done this 1 time(s).

Error - 12/01/2010 5:40:08 PM | Computer Name = RICKMOVIN | Source = Print | ID = 23
Description = Printer DYMO LabelWriter 330 Turbo failed to initialize because a
suitable DYMO LabelWriter 330 Turbo driver could not be found.

Error - 12/01/2010 5:40:08 PM | Computer Name = RICKMOVIN | Source = Print | ID = 23
Description = Printer Roland MODELA MDX-15 failed to initialize because a suitable
Roland MODELA MDX-15 driver could not be found.

Error - 12/01/2010 5:40:08 PM | Computer Name = RICKMOVIN | Source = Print | ID = 23
Description = Printer Roland MPX-60 failed to initialize because a suitable Roland
MPX-60 driver could not be found.

Error - 12/01/2010 5:40:08 PM | Computer Name = RICKMOVIN | Source = Print | ID = 23
Description = Printer Roland SX-15 failed to initialize because a suitable Roland
SX-15 driver could not be found.


< End of report >

 

[peku006]

Hi milesinfront

Close Firefox.
On your keyboard hit the Windows key and R simultaneously.

In the Run box type in this command and hit enter.

"%PROGRAMFILES%\Mozilla Firefox\firefox.exe" -safe-mode

Don't make any changes.
Click on Continue in Safe Mode

Firefox should start up. It may look unusual but it will work.
Let me know if your issue happens with Firefox in this mode.

Thanks peku006

 

[milesinfront]

Success! In safe mode, google links were released! Once reopened normally, links were hi-jacked again...

 

[peku006]

Hi milesinfront

If starting in Safe-mode works, then disable your extensions (Tools > Add-ons > Extensions or use the option in the Safe-mode window) and re-enable them one by one until you find which one is causing it.
Close and restart Firefox after each change.

peku006

 

[milesinfront]

Seems to be fixed now! It was an add-on called 'XUL Cache 1.0' that made the difference...

Thanks for all your help!