A work in progress

Status
Not open for further replies.
Code: 
+ 2010-03-17 01:58 . 2010-03-17 01:58	2403328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\9c987fc21a6763c2bd5b1f7ec5b5b153\System.Web.Extensions.ni.dll
+ 2010-03-17 01:40 . 2010-03-17 01:40	1917440              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\8597f82ee0c148065f85f41f610d9419\System.Speech.ni.dll
+ 2010-03-17 01:58 . 2010-03-17 01:58	1706496              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\9195677eb52d4545a918a70636cacaac\System.ServiceModel.Web.ni.dll
+ 2010-03-17 01:56 . 2010-03-17 01:56	2344960              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0f1d3fc0f9bd72295c053a66090472e1\System.Runtime.Serialization.ni.dll
+ 2010-03-17 01:39 . 2010-03-17 01:39	1035776              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0a5cc73a26c3c1a105dfc9c7f1412857\System.Printing.ni.dll
+ 2010-03-17 01:56 . 2010-03-17 01:56	1056768              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\3b589e5c7262c5564668e893ed5fa347\System.IdentityModel.ni.dll
+ 2010-03-17 01:37 . 2010-03-17 01:37	1587200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b106b43c1a464a009a72930a81204b35\System.Drawing.ni.dll
+ 2010-03-17 01:39 . 2010-03-17 01:39	1116672              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\3102dd31a0e81701ab4c3e3627210885\System.DirectoryServices.ni.dll
+ 2010-03-17 01:37 . 2010-03-17 01:37	1801216              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\299b46ce8a9cd708aad0b34a6817c3c9\System.Deployment.ni.dll
+ 2010-03-17 01:39 . 2010-03-17 01:39	6616576              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\37ddef291179db404821628bdd037cf0\System.Data.ni.dll
+ 2010-03-17 01:36 . 2010-03-17 01:36	2510336              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0f4ca76e1a55a8b10a169e26fb5ae852\System.Data.SqlXml.ni.dll
+ 2010-03-17 01:58 . 2010-03-17 01:58	1328128              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\6d3af39f54f52966f62c89d88ea2d106\System.Data.Services.ni.dll
+ 2010-03-17 01:40 . 2010-03-17 01:40	1115136              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\d97e96e4d4075c86d51ff133fd0dbd1c\System.Data.OracleClient.ni.dll
+ 2010-03-17 01:40 . 2010-03-17 01:40	2516480              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\bd0088ae2ca9506a05b5c6fc5ed2580b\System.Data.Linq.ni.dll
+ 2010-03-17 01:57 . 2010-03-17 01:57	9924096              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\f0ffa7c1091f11d9b3442926e44f2756\System.Data.Entity.ni.dll
+ 2010-03-17 01:40 . 2010-03-17 01:40	2295296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\4ab24094be8e022a12520ca6cd010b7b\System.Core.ni.dll
+ 2010-03-17 01:39 . 2010-03-17 01:39	2128896              c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\9ba5ab0f501a0df0071be635e0a20432\ReachFramework.ni.dll
+ 2010-03-17 01:39 . 2010-03-17 01:39	1657856              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\3d20a75014a565b2ee352a8ceb1f6636\PresentationUI.ni.dll
+ 2010-03-17 01:36 . 2010-03-17 01:36	1451008              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\d2d645152f9892145d93d19da69cd716\PresentationBuildTasks.ni.dll
+ 2010-03-17 01:57 . 2010-03-17 01:57	1712128              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\16fc2faef3984a77e7ee02cafd94c5f4\Microsoft.VisualBasic.ni.dll
+ 2010-03-17 01:56 . 2010-03-17 01:56	1093120              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\01bf250452829c199bdc583e3e007685\Microsoft.Transactions.Bridge.ni.dll
+ 2010-03-17 01:58 . 2010-03-17 01:58	2332160              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\1d4ab5c6748b01243403b915fb76e068\Microsoft.JScript.ni.dll
+ 2010-03-17 01:57 . 2010-03-17 01:57	1966080              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\e5581e288bb26364dc6d4987251dfdf5\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-03-17 01:57 . 2010-03-17 01:57	1620992              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\19627bc5e3955d69e007b4c4f49489db\Microsoft.Build.Tasks.ni.dll
+ 2010-03-17 01:57 . 2010-03-17 01:57	1888768              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e25766aa55cbe4b36e3c6b1a498beb0d\Microsoft.Build.Engine.ni.dll
- 2009-10-15 12:43 . 2009-10-15 12:43	3149824              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-03-17 01:35 . 2010-03-17 01:35	3149824              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-03-17 01:35 . 2010-03-17 01:35	2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-10-15 12:43 . 2009-10-15 12:43	2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-10-15 12:43 . 2009-10-15 12:43	5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-03-17 01:34 . 2010-03-17 01:34	5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-08-08 13:41 . 2009-08-08 13:41	5931008              c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2010-03-17 01:35 . 2010-03-17 01:35	5931008              c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2009-10-15 12:43 . 2009-10-15 12:43	5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-03-17 01:34 . 2010-03-17 01:34	5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-03-17 01:34 . 2010-03-17 01:34	5242880              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-15 12:43 . 2009-10-15 12:43	5242880              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-03-17 01:35 . 2010-03-17 01:35	2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-10-15 12:43 . 2009-10-15 12:43	2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-03-17 01:35 . 2010-03-17 01:35	4550656              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-03-17 01:24 . 2010-03-17 01:24	1279848              c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2006-11-08 05:03 . 2009-12-21 19:14	11070464              c:\windows\system32\ieframe.dll
+ 2008-04-01 02:29 . 2009-12-21 19:14	11070464              c:\windows\system32\dllcache\ieframe.dll
+ 2009-08-18 17:19 . 2009-08-18 17:19	10098688              c:\windows\Installer\b5479.msp
+ 2009-10-27 18:57 . 2009-10-27 18:57	14009856              c:\windows\Installer\4f2308.msp
+ 2009-10-27 21:11 . 2009-10-27 21:11	11146240              c:\windows\Installer\4f22f8.msp
+ 2010-03-17 01:33 . 2010-03-17 01:33	15710720              c:\windows\Installer\4f22ea.msp
+ 2009-04-04 15:36 . 2009-04-04 15:36	21390848              c:\windows\Installer\4f21d1.msp
+ 2009-04-04 21:09 . 2009-04-04 21:09	15190016              c:\windows\Installer\4f21be.msp
+ 2009-04-04 11:35 . 2009-04-04 11:35	36977152              c:\windows\Installer\4f21a0.msp
+ 2009-04-04 11:35 . 2009-04-04 11:35	38325760              c:\windows\Installer\4f2195.msp
+ 2009-04-14 07:46 . 2009-04-14 07:46	15438848              c:\windows\Installer\4f2176.msp
+ 2009-04-14 08:21 . 2009-04-14 08:21	15303168              c:\windows\Installer\4f216d.msp
+ 2009-04-14 08:56 . 2009-04-14 08:56	20498944              c:\windows\Installer\4f2164.msp
+ 2006-10-27 22:14 . 2006-10-27 22:14	14151456              c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.4518\OART.DLL
+ 2009-04-03 22:01 . 2009-04-03 22:01	15108448              c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\XL12CNV.EXE
+ 2009-04-03 22:11 . 2009-04-03 22:11	17740136              c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\WWLIB.DLL
+ 2009-04-03 22:21 . 2009-04-03 22:21	16037736              c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\OART.DLL
+ 2009-04-03 22:46 . 2009-04-03 22:46	17314688              c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSO.DLL
+ 2009-04-03 22:11 . 2009-04-03 22:11	18330984              c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\EXCEL.EXE
+ 2006-10-27 22:23 . 2006-10-27 22:23	17483560              c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-27 22:07 . 2006-10-27 22:07	17891112              c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2009-04-03 22:01 . 2009-04-03 22:01	15108448              c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\XL12CNV.EXE
+ 2006-10-27 04:13 . 2006-10-27 04:13	14674216              c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-27 22:26 . 2006-10-27 22:26	16870712              c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.4518\MSO.DLL
+ 2010-03-17 01:32 . 2009-10-29 07:45	11069952              c:\windows\ie8updates\KB978207-IE8\ieframe.dll
+ 2010-03-17 01:31 . 2009-03-08 08:39	11063808              c:\windows\ie8updates\KB976325-IE8\ieframe.dll
+ 2010-03-17 01:37 . 2010-03-17 01:37	12430848              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f0c753f83940b5de037a16ba162ebdce\System.Windows.Forms.ni.dll
+ 2010-03-17 01:39 . 2010-03-17 01:39	11796992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\3d959bc1e5bef926783107fd981701b6\System.Web.ni.dll
+ 2010-03-17 01:56 . 2010-03-17 01:56	17317888              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\737db428238916034602919cb948166c\System.ServiceModel.ni.dll
+ 2010-03-17 01:40 . 2010-03-17 01:40	10683392              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\75dc107fbe5daac68eaf32c5050d7108\System.Design.ni.dll
+ 2010-03-17 01:37 . 2010-03-17 01:37	14327808              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\45ec5da8d65c84a6eaba0d6ef6da964c\PresentationFramework.ni.dll
+ 2010-03-17 01:37 . 2010-03-17 01:37	12216320              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\663d2717d42068c8f6913ea56c4b8ff4\PresentationCore.ni.dll
+ 2010-03-17 01:35 . 2010-03-17 01:35	11490816              c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\4e82a0b51b82ffb8127c48c7d13485d7\mscorlib.ni.dll
+ 2009-04-04 21:08 . 2009-04-04 21:08	343058432              c:\windows\Installer\4f22ab.msp
.
-- Snapshot reset to current date --

continued
 
Code: 
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2009-06-25 08:53	311808	----a-w-	c:\progra~1\SITERA~1\SiteRank.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-02-28 1165192]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10	35696	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 00:43	69632	----a-w-	c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2006-11-07 21:08	547840	----a-w-	c:\windows\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanUp Antivirus]
2010-03-15 18:10	2697216	----a-w-	c:\documents and settings\All Users\Application Data\a183887\CUa183.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12	15360	------w-	c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-10-06 03:13	114688	----a-w-	c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24	54840	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-10-06 03:11	98304	----a-w-	c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-11-29 19:22	58928	----a-w-	c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModPS2]
2006-11-07 21:34	53248	----a-w-	c:\windows\ModPS2Key.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12	1695232	------w-	c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-10-06 03:10	94208	----a-w-	c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 06:42	212992	----a-w-	c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 22:10	56928	----a-w-	c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-04-12 23:33	16132608	----a-w-	c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd]
2005-01-27 16:13	36864	----a-w-	c:\windows\ShowWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteRanker]
2009-06-25 08:53	273920	----a-w-	c:\program files\SiteRanker\SiteRankTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 08:17	149280	----a-w-	c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2008-12-09 10:12	234856	----a-w-	c:\program files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 00:20	866584	----a-w-	c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

continued
 
Code: 
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [7/1/2006 1:44 AM 69692]
.
Contents of the 'Scheduled Tasks' folder

2010-03-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.att.net/
uInternet Settings,ProxyOverride = <local>
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{9302E698-7E00-43AB-B867-C6E759BC2ADA} - (no file)
AddRemove-LSI Soft Modem - c:\windows\agrsmdel



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-17 13:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1140)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-03-17  13:49:23
ComboFix-quarantined-files.txt  2010-03-17 17:49
ComboFix2.txt  2010-03-16 23:15

Pre-Run: 141,868,208,128 bytes free
Post-Run: 141,904,564,224 bytes free

- - End Of File - - 214E078A105E90CCCFA87A80D1B7601E

Malwarebytes log file (said it came out clean)
Code: 
Malwarebytes' Anti-Malware 1.44
Database version: 3874
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

3/17/2010 1:55:39 PM
mbam-log-2010-03-17 (13-55-39).txt

Scan type: Quick Scan
Objects scanned: 124652
Time elapsed: 4 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix in normal Windows mode (still can't access HOSTS and CleanUp still running)
Code: 
ComboFix 10-03-16.03 - Owner 03/17/2010  14:15:25.3.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1015.692 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Tech\ComboFix.exe
AV: CleanUp Antivirus *On-access scanning enabled* (Updated) {A9480CD1-A5AC-473C-ABDB-AA329B9E6678}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: CleanUp Antivirus *enabled* {5004F310-AD5A-4A7B-BA4E-9BFBD7F5645F}
.

(((((((((((((((((((((((((   Files Created from 2010-02-17 to 2010-03-17  )))))))))))))))))))))))))))))))
.

2010-03-17 18:04 . 2010-02-28 00:46	3691384	----a-w-	c:\documents and settings\Owner\Application Data\Simply Super Software\Trojan Remover\dwv1.exe
2010-03-17 17:59 . 2010-03-17 17:59	--------	d-----w-	c:\documents and settings\Owner\Application Data\Simply Super Software
2010-03-17 17:37 . 2010-03-17 17:37	--------	d-----w-	c:\documents and settings\Administrator.CLARKCOMPUTER\Application Data\Windows Search
2010-03-17 17:35 . 2010-03-17 18:07	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2010-03-17 17:35 . 2010-02-28 00:46	3691384	----a-w-	c:\documents and settings\Administrator.CLARKCOMPUTER\Application Data\Simply Super Software\Trojan Remover\gsk1.exe
2010-03-17 17:34 . 2006-06-19 16:01	69632	----a-w-	c:\windows\system32\ztvcabinet.dll
2010-03-17 17:34 . 2006-05-25 18:52	162304	----a-w-	c:\windows\system32\ztvunrar36.dll
2010-03-17 17:34 . 2005-08-26 04:50	77312	----a-w-	c:\windows\system32\ztvunace26.dll
2010-03-17 17:34 . 2002-03-06 04:00	75264	----a-w-	c:\windows\system32\unacev2.dll
2010-03-17 17:34 . 2003-02-02 23:06	153088	----a-w-	c:\windows\system32\UNRAR3.dll
2010-03-17 17:34 . 2010-03-17 17:34	--------	d-----w-	c:\program files\Trojan Remover
2010-03-17 17:34 . 2010-03-17 17:34	--------	d-----w-	c:\documents and settings\All Users\Application Data\Simply Super Software
2010-03-17 17:34 . 2010-03-17 17:34	--------	d-----w-	c:\documents and settings\Administrator.CLARKCOMPUTER\Application Data\Simply Super Software
2010-03-17 17:33 . 2010-03-17 17:33	--------	d-sh--w-	c:\documents and settings\Administrator.CLARKCOMPUTER\IETldCache
2010-03-17 12:32 . 2009-08-06 23:23	274288	----a-w-	c:\windows\system32\mucltui.dll
2010-03-17 02:52 . 2010-03-17 02:53	--------	d-----w-	c:\program files\CleanUp!
2010-03-17 02:14 . 2010-03-17 02:14	--------	d-----w-	c:\program files\Microsoft Security Essentials
2010-03-17 02:11 . 2010-03-17 02:11	--------	d-----w-	c:\program files\LSI SoftModem
2010-03-17 01:43 . 2010-03-17 01:43	--------	d-sh--w-	c:\documents and settings\Owner\IECompatCache
2010-03-17 01:43 . 2010-03-17 01:43	--------	d-sh--w-	c:\documents and settings\Owner\PrivacIE
2010-03-17 01:40 . 2010-03-17 01:40	--------	d-sh--w-	c:\documents and settings\LocalService\IETldCache
2010-03-17 01:38 . 2010-03-17 01:38	--------	d-sh--w-	c:\documents and settings\Owner\IETldCache
2010-03-17 01:33 . 2010-03-17 01:33	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-03-17 01:32 . 2009-12-11 08:38	69120	-c----w-	c:\windows\system32\dllcache\iecompat.dll
2010-03-17 01:31 . 2010-03-17 01:54	--------	d-----w-	c:\windows\ie8updates
2010-03-17 01:30 . 2009-12-21 19:14	12800	-c----w-	c:\windows\system32\dllcache\xpshims.dll
2010-03-17 01:30 . 2009-12-21 19:14	246272	-c----w-	c:\windows\system32\dllcache\ieproxy.dll
2010-03-17 01:29 . 2010-03-17 01:30	--------	dc-h--w-	c:\windows\ie8
2010-03-17 00:26 . 2010-03-17 00:26	--------	d-----w-	c:\documents and settings\Owner\Application Data\Auslogics
2010-03-17 00:26 . 2010-03-17 00:26	--------	d-----w-	c:\program files\Auslogics
2010-03-17 00:08 . 2010-03-17 00:08	--------	d-----w-	c:\program files\CCleaner
2010-03-17 00:03 . 2010-03-17 00:03	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2010-03-16 22:04 . 2010-03-16 22:04	--------	d-----w-	c:\documents and settings\Owner\Application Data\TeamViewer
2010-03-16 22:04 . 2010-03-16 22:04	--------	d-----w-	c:\program files\TeamViewer
2010-03-16 19:36 . 2010-03-17 00:17	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-16 19:36 . 2010-03-16 19:36	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-03-16 18:24 . 2010-03-16 18:24	152576	----a-w-	c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-16 18:21 . 2010-03-16 18:21	--------	d-----w-	c:\program files\VS Revo Group
2010-03-16 18:17 . 2010-03-16 18:17	--------	d-----w-	c:\documents and settings\Owner\Application Data\Malwarebytes
2010-03-16 17:23 . 2010-03-16 17:23	39544	----a-w-	c:\documents and settings\Administrator.CLARKCOMPUTER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-16 17:18 . 2010-03-16 17:18	--------	d-----w-	c:\documents and settings\Administrator.CLARKCOMPUTER\Application Data\Malwarebytes
2010-03-16 17:18 . 2010-01-07 20:07	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-16 17:18 . 2010-03-16 17:18	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-03-16 17:18 . 2010-03-16 17:18	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-16 17:18 . 2010-01-07 20:07	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-03-15 18:10 . 2010-03-15 18:10	--------	d-sh--w-	c:\documents and settings\All Users\Application Data\CUFBHIRGUPA
2010-03-15 18:10 . 2010-03-15 18:10	2697216	----a-w-	c:\documents and settings\All Users\Application Data\a183887\CUa183.exe
2010-03-15 18:10 . 2010-03-15 18:10	--------	d-sh--w-	c:\documents and settings\All Users\Application Data\a183887
2010-03-10 13:28 . 2009-10-23 15:28	3558912	-c----w-	c:\windows\system32\dllcache\moviemk.exe

continued
 
Code: 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-17 02:46 . 2009-07-23 20:51	--------	d-----w-	c:\program files\Inbox Toolbar
2010-03-17 02:46 . 2009-06-20 12:36	--------	d-----w-	c:\program files\MapQuest Toolbar
2010-03-17 01:55 . 2008-04-01 02:15	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-17 01:39 . 2008-11-04 23:39	39544	----a-w-	c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-17 01:33 . 2008-04-01 02:12	--------	d-----w-	c:\program files\Microsoft Works
2010-03-16 18:30 . 2008-11-04 23:47	--------	d-----w-	c:\documents and settings\All Users\Application Data\ESET
2010-03-16 18:24 . 2008-04-01 02:18	--------	d-----w-	c:\program files\Java
2010-03-16 18:24 . 2009-11-12 13:46	79488	----a-w-	c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-15 13:41 . 2008-11-08 16:28	--------	d-----w-	c:\documents and settings\Owner\Application Data\Image Zone Express
2010-03-05 15:50 . 2008-11-07 17:04	--------	d-----w-	c:\program files\Auction Client
2010-02-24 14:16 . 2009-10-02 19:19	181632	------w-	c:\windows\system32\MpSigStub.exe
2009-12-31 16:50 . 2006-05-07 01:24	353792	----a-w-	c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2006-05-07 01:24	916480	------w-	c:\windows\system32\wininet.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2009-06-25 08:53	311808	----a-w-	c:\progra~1\SITERA~1\SiteRank.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10	35696	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 00:43	69632	----a-w-	c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2006-11-07 21:08	547840	----a-w-	c:\windows\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanUp Antivirus]
2010-03-15 18:10	2697216	----a-w-	c:\documents and settings\All Users\Application Data\a183887\CUa183.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12	15360	------w-	c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-10-06 03:13	114688	----a-w-	c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24	54840	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-10-06 03:11	98304	----a-w-	c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-11-29 19:22	58928	----a-w-	c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModPS2]
2006-11-07 21:34	53248	----a-w-	c:\windows\ModPS2Key.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12	1695232	------w-	c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-10-06 03:10	94208	----a-w-	c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 06:42	212992	----a-w-	c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 22:10	56928	----a-w-	c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-04-12 23:33	16132608	----a-w-	c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd]
2005-01-27 16:13	36864	----a-w-	c:\windows\ShowWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteRanker]
2009-06-25 08:53	273920	----a-w-	c:\program files\SiteRanker\SiteRankTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 08:17	149280	----a-w-	c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2008-12-09 10:12	234856	----a-w-	c:\program files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2010-02-28 00:17	1165192	----a-w-	c:\program files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 00:20	866584	----a-w-	c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

continued
 
Code: 
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2/11/2010 7:42 AM 172328]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [7/1/2006 1:44 AM 69692]
.
Contents of the 'Scheduled Tasks' folder

2010-03-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-17 14:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2276)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-03-17  14:20:00
ComboFix-quarantined-files.txt  2010-03-17 18:19
ComboFix2.txt  2010-03-17 17:49
ComboFix3.txt  2010-03-16 23:15

Pre-Run: 140,813,258,752 bytes free
Post-Run: 140,768,440,320 bytes free

- - End Of File - - 0733B68F484EA4D5A94B668311A86191

Malwarebytes in regular mode (again, said it was clean)
Code: 
Malwarebytes' Anti-Malware 1.44
Database version: 3874
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/17/2010 2:23:22 PM
mbam-log-2010-03-17 (14-23-22).txt

Scan type: Quick Scan
Objects scanned: 125158
Time elapsed: 2 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

And, finally, the HJT log (could not access the HOSTS file, either)
Code: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:24:04 PM, on 3/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Owner\Desktop\Tech\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~1\SITERA~1\SiteRank.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268787201390
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 3740 bytes

Tell me what you see, Osiris. And do you have any instructions on rooting out this CleanUp Antivirus? Oh, Google no longer redirects, so that's a little progress. ;)
 
That's all of it (finally).

Going through the link you posted now.
 
rkill didn't find anything to stop. Weird.

Doing a full Malwarebytes scan now...
 
OK. I am home now.

As I said, rkill didn't find anything to stop. Malwarebytes found some things in the full scan in the recovery drive and cleaned them. I used the hostsperm.bet file to allow the opening of the HOSTS file, which I deleted and replaced with the one on the page you linked to earlier.

I then rebooted and fired up ComboFix to see if it said CleanUp was still there... which it did. :mad:

Soooooooo... I set up the ability to remote into the computer at any time before I left (unless they shut it down... which it appears they did. Crap). Now I need some instructions on how to manually remove CleanUp.
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
A
Can't Install Windows 10 Updates - Tried Everything
Replies
3
Views
2K
Rohit
Rohit
J
Freezing up
Replies
5
Views
3K
jetsmell
J
Back
Top Bottom