 |
Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
|
| View previous topic :: View next topic |
| Author |
Message |
LastRaven
Newbie
Joined: 11 Nov 2011
Last Visit: 15 Nov 2011
Posts: 5
|
 Posted: Fri Nov 11, 2011 6:02 pm Post subject: Malware Help |
 |
|
I have an issue where malware hijacked the PC desktop and a number of other functions. Basically, most of the icons are hidden and the desktop is a black screen. I cannot turn on the PC's wifi and am fairly lost on what to do next.
Here are the logs as were requested.
Thank you for your time and effort.
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/6/2005 6:55:36 PM
System Uptime: 11/5/2011 11:22:53 PM (141 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Pentium(R) M processor 2.00GHz | Microprocessor | 1995/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 13.957 GiB free.
D: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0001
Service: CVirtA
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.7
Adobe Reader 8.2.2
Adobe Shockwave Player 11.5
AIM 6
ALPS Touch Pad Driver
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft VideoImpression 2
Audacity 1.2.6
Autodesk Data Management Server 2009
Autodesk Design Review 2009
Autodesk Inventor Professional 2009
Autodesk Student Community Download Tool
Autodesk Vault 2009 (Client)
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
Bass Audio Decoder (remove only)
Bluetooth Stack for Windows by Toshiba
Bonjour
Broadcom Management Programs 2
BufferChm
Business Contact Manager for Outlook 2003
CamStudio
CCleaner
CD Audio Reader Filter (remove only)
Chinese Traditional Fonts Support For Adobe Reader 8
Cisco Systems VPN Client 5.0.00.0340
Compatibility Pack for the 2007 Office system
Conexant D110 MDC V.92 Modem
Consumer Complete Care Services Agreement
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.7
DCoder Image Source (remove only)
Dell Digital Jukebox Driver
Dell Media Experience
Dell Picture Studio v3.0
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Destinations
DeviceDiscovery
Digital Line Detect
DirectVobSub (remove only)
DocMgr
DocProc
DScaler 5 Mpeg Decoders
DWG TrueView 2009
EA Download Manager
Fax
Free Window Registry Repair
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GIMP 2.6.6
Google Earth
GoToAssist 8.0.0.514
GPBaseService2
GTK+ 2.6.9 runtime environment
GTK+ Runtime 2.14.7 rev a (remove only)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510n-z
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
IBM ViaVoice Personal 8.0 - US English
Imtec Imtec Battery Mark 1.1
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
Internet Explorer Default Page
iPhone Configuration Utility
iPod for Windows 2005-11-17
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment Standard Edition v1.2.2
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_08
Java(TM) 6 Update 17
Korean Fonts Support For Adobe Reader 8
LADSPA_plugins-win-0.4.15
Learn2 Player (Uninstall Only)
Linksys EasyLink Advisor 1.5 (1044)
LizardTech DjVu Control
Macromedia Flash Player
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
MATLAB Student 7.1
McAfee Agent
McAfee Shredder
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework SDK (English) 1.1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Encarta Encyclopedia Standard 2005
Microsoft FrontPage Client - English
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft MSDN 2005 Express Edition - ENU
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Picture It! Library 10
Microsoft Picture It! Premium 10
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Streets and Trips 2005
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Express Edition - ENU Service Pack 1 (KB926748)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ Toolkit 2003
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual Studio .NET Professional 2003 - English
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft WSE 3.0 Runtime
mIWA
mIWCA
mLogView
mMHouse
MobileMe Control Panel
Modem Helper
Mozilla Firefox 7.0.1 (x86 en-US)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
mToolkit
Musicmatch for Windows Media Player
Musicmatch® Jukebox
mWlsSafe
mXML
My Way Search Assistant
mZConfig
NetWaiting
Network
NVIDIA Drivers
OCR Software by I.R.I.S. 13.0
OGA Notifier 2.0.0048.0
OpenMG Secure Module 4.2.00
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only)
Pidgin
PLAYSTATION(R)Network Downloader
PowerDVD 5.9
Pure Networks Port Magic
Qualxserve Service Agreement
QuickSet
QuickTime
RealMedia (remove only)
RealPlayer
Safari
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Shockwave
Shop for HP Supplies
Skype™ 4.2
SmartWebPrinting
SolutionCenter
Sonic Audio module
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SonicStage 3.2
Sony Media Manager for PSP 2.5
SPORE™
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Status
Toolbox
TrayApp
Uninstall_ImageJ
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VBA (2627.01)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio .NET Professional 2003 - English
Visual Studio.NET Baseline - English
VST Bridge 1.1
Webcam 1200
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
Windows 7 USB/DVD Download Tool
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows Media Player 11
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
Works Upgrade
X-Win32 9.5
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/5/2011 9:21:23 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/5/2011 9:13:28 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
11/5/2011 9:13:26 PM, error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: The operation completed successfully.
11/5/2011 9:11:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/5/2011 9:10:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/5/2011 9:09:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/5/2011 6:45:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip Tosrfcom WS2IFSL
11/5/2011 6:45:11 PM, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
11/5/2011 6:45:11 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
11/5/2011 6:45:11 PM, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
11/5/2011 6:45:11 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/5/2011 6:45:11 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/5/2011 6:45:11 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/5/2011 6:45:11 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/5/2011 6:45:11 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/5/2011 11:12:33 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
.
==== End Of File ===========================
.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Run by Administrator at 20:54:15 on 2011-11-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1654 [GMT -5:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell4me.com/myway
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No File
BHO: {A7327C09-B521-4EDB-8509-7D2660C9EC98} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ViewMgr] c:\program files\viewpoint\viewpoint manager\ViewMgr.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [iiovsVgraP.exe] c:\documents and settings\all users\application data\iiovsVgraP.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - hxxp://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120692167375
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129856913093
DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} - hxxp://us-download.mcafee.com/products/protected/mvt/mvt.cab
DPF: {7B19E477-0FF8-11d4-9914-005004D3B3DB} - hxxp://java.sun.com/products/plugin/1.2/jinstall-122_017-win.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 24.233.95.10 24.233.95.168 24.233.95.169
TCP: Interfaces\{EC25D4BD-EAE4-44CE-A9AB-369A5798FCD2} : DhcpNameServer = 24.233.95.10 24.233.95.168 24.233.95.169
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-11 11608]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-11 108289]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-11-11 185089]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-11 56816]
S2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2008-11-2 72672]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-5 366152]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-24 24652]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2005-11-25 69692]
S3 iMSPCLOj;iMSPCLOj;\??\c:\docume~1\samuel~1\locals~1\temp\imspcloj.sys --> c:\docume~1\samuel~1\locals~1\temp\iMSPCLOj.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-5 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 PAC207;Webcam 1200;c:\windows\system32\drivers\PFC027.SYS [2009-4-4 611584]
S3 RCopySys;RCopySys;c:\documents and settings\samuel polio\application data\officeguardian\RCopySys.sys [2008-10-18 6656]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S4 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
.
=============== Created Last 30 ================
.
2011-11-06 02:32:35 -------- d-----w- c:\program files\Free Window Registry Repair
2011-11-05 23:04:50 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2011-11-05 23:04:35 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-11-05 23:04:31 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-05 23:04:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-05 22:52:11 -------- d-----w- c:\documents and settings\administrator\PrivacIE
2011-11-05 22:51:48 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2011-11-05 22:42:25 -------- d-----w- C:\7dd5a465ee099c16381b20788ddd
2011-11-05 22:41:02 -------- d-----w- C:\f54bddf08dc70aaa2bb8d9968a7b
2011-10-31 19:12:40 330624 ----a-w- c:\documents and settings\all users\application data\6DSS92c31Apgjk.exe
2011-10-31 19:10:09 407424 ----a-w- c:\documents and settings\all users\application data\iiovsVgraP.exe
.
==================== Find3M ====================
.
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 03:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2005-11-27 20:45:03 76 -c--a-w- c:\program files\image.bat
2005-11-27 20:45:03 76 -c--a-w- c:\program files\buttons.bat
2003-04-29 12:33:00 588120576 -c--a-w- c:\program files\en_vs.net_2003_pro_full.exe
2004-08-04 10:00:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
2011-02-08 13:33:55 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12:01 57344 --sha-w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12:01 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12:01 343040 --sha-w- c:\windows\system32\msvcrt.dll
2010-12-20 17:32:15 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12:02 84992 --sha-w- c:\windows\system32\olepro32.dll
2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
============= FINISH: 20:54:54.18 =============== |
|
| Back to top |
|
 |
Gary R
Moderator
Joined: 03 May 2005
Last Visit: 22 May 2013
Posts: 9700
Location: Yorkshire
|
| Posted: Fri Nov 11, 2011 10:26 pm Post subject: |
|
|
Hi LastRaven,
Fancy seeing you over here. 
| Quote: |
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the "Help with spyware removal" forum and wait for help.
Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed. |
Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
Please observe these rules while we work:
- Perform all actions in the order given.
- If you don't know, stop and ask! Don't keep going on.
- Please reply to this thread. Do not start a new topic.
- Stick with it till you're given the all clear.
- Remember, absence of symptoms does not mean the infection is all gone.
- Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
- Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
- As you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
| Quote: |
| It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them. |
Download ComboFix from one of these locations and save it to your Desktop: (if you already have a copy of Combofix, delete it and use this version)
Link 1
Link 2
IMPORTANT !!! ComboFix.exe must be run from your Desktop
- Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix. There are details for disabling many programmes here.
- Double click on ComboFix.exe and follow the prompts.
- As part of it's process, ComboFix will check to see if Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install Microsoft Windows Recovery Console.
**Please note: If Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it will produce a log for you.
Please include this log in your next reply. ......... (it can also be found at C:\ComboFix.txt)
IMPORTANT
- Do not use your computer while Combofix is running.
- Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
- If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it.
If you have any problems with these instructions, a detailed Tutorial for how to use Combofix is available here.
_________________
Gary R Administrator at Malware Removal University
If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations |
|
| Back to top |
|
|
LastRaven
Newbie
Joined: 11 Nov 2011
Last Visit: 15 Nov 2011
Posts: 5
|
| Posted: Sat Nov 12, 2011 9:17 am Post subject: Questions! |
|
|
So I've started to work on it, however there are some issues I'm encountering and I wanted to ask before I went on.
Right now, some of the icons and functionality has come back; however, I still can't see a lot of them. So I had to uninstall AntiVira to get it to stop the scan. There's no icon and under the "All Programs" list it's listed but the folder is empty.
Secondly, I tried to run ComboFix, but it says that the Windows Recovery console is not available or out of date. It can't install the new one because the computer still cannot go online since the wifi is somehow disabled and I can't turn it on.
I (probably foolishly) kept going and during the steps, a program called PEV.exe stopped running according to the Windows pop-up. After about step 10 of ComboFix, the computer gave me the blue screen of death.
Given that, should I just retry ComboFix or should I do something else? |
|
| Back to top |
|
|
Gary R
Moderator
Joined: 03 May 2005
Last Visit: 22 May 2013
Posts: 9700
Location: Yorkshire
|
| Posted: Sat Nov 12, 2011 9:47 am Post subject: |
|
|
If recovery console won't install, please do the following ....
- Download ERUNT to your desktop
- Double-click on the file to install the program
- Untick the NTREGOPT desktop shortcut option
- Click No when you get the option to run Erunt at Windows startup.
- During the installation, tick Launch Erunt
- Accept the defaults for running a backup
- Erunt will then backup your registry
Any problems let me know.
Next
Reboot your computer into Safe Mode then try running Combofix again.
To boot into Safe Mode do the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, the Advanced Options Menu should appear;
- Select the first option, to run Windows in Safe Mode, then press Enter.
- Choose your usual account.
Note: if you cannot boot into safe mode using this method, DO NOT attempt to do so by using MSConfig, this could result in your computer becoming unbootable. Just let me know.
Any problems running Combofix let me know, otherwise post me the log when it has finished.
_________________
Gary R Administrator at Malware Removal University
If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations |
|
| Back to top |
|
|
LastRaven
Newbie
Joined: 11 Nov 2011
Last Visit: 15 Nov 2011
Posts: 5
|
| Posted: Sat Nov 12, 2011 10:45 am Post subject: ComboFix |
|
|
ComboFix 11-11-12.04 - Administrator 11/12/2011 13:06:47.2.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1621 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\6DSS92c31Apgjk.exe
c:\documents and settings\All Users\Application Data\iiovsVgraP.exe
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Samuel Polio\Error.log
c:\documents and settings\Samuel Polio\GoToAssistDownloadHelper.exe
c:\documents and settings\Samuel Polio\Start Menu\Programs\System Restore
c:\documents and settings\Samuel Polio\Start Menu\Programs\System Restore\System Restore.lnk
c:\documents and settings\Samuel Polio\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\documents and settings\Samuel Polio\WINDOWS
c:\program files\en_vs.net_2003_pro_full.exe
C:\Thumbs.db
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\iun6002.exe
c:\windows\server.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-12 to 2011-11-12 )))))))))))))))))))))))))))))))
.
.
2011-11-06 02:32 . 2011-11-06 02:32 -------- d-----w- c:\program files\Free Window Registry Repair
2011-11-06 02:13 . 2011-11-06 02:13 -------- d-----w- c:\documents and settings\Samuel Polio\Application Data\Malwarebytes
2011-11-05 23:04 . 2011-11-05 23:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-11-05 23:04 . 2011-11-05 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-05 23:04 . 2011-11-05 23:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-05 23:04 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-05 22:52 . 2011-11-05 22:52 -------- d-----w- c:\documents and settings\Administrator\PrivacIE
2011-11-05 22:51 . 2011-11-05 22:51 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-11-05 22:42 . 2011-11-05 22:42 -------- d-----w- C:\7dd5a465ee099c16381b20788ddd
2011-11-05 22:41 . 2011-11-05 22:41 -------- d-----w- C:\f54bddf08dc70aaa2bb8d9968a7b
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-09 00:40 . 2011-10-09 00:40 98304 ----a-r- c:\documents and settings\Samuel Polio\Application Data\Microsoft\Installer\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}\icons.exe
2011-10-08 18:51 . 2011-10-08 18:51 119808 ----a-r- c:\documents and settings\Samuel Polio\Application Data\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-11 22:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-11 22:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-11 22:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-11 22:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-22 23:48 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-11 22:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-11 22:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-11 22:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-11 22:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2005-11-27 20:45 . 2000-05-19 23:15 76 -c--a-w- c:\program files\buttons.bat
2005-11-27 20:45 . 2000-05-19 23:15 76 -c--a-w- c:\program files\image.bat
2011-09-29 06:53 . 2011-10-06 00:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2004-08-04 10:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12 50688 --sh--w- c:\windows\twain_32.dll
2011-02-08 13:33 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12 57344 --sha-w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12 343040 --sha-w- c:\windows\system32\msvcrt.dll
2010-12-20 17:32 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 84992 --sha-w- c:\windows\system32\olepro32.dll
2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 392832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-03-23 1519616]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"ViewMgr"="c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [2004-11-12 106557]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-23 7561216]
"NvMediaCenter"="NvMCTray.dll" [2006-03-23 86016]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-13 02:46 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=c:\windows\pss\Google Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Samuel Polio^Start Menu^Programs^Startup^Folding@Home 5.03.lnk]
backup=c:\windows\pss\Folding@Home 5.03.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-02 18:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-03-04 16:26 606208 -c--a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2006-04-06 14:51 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-09-03 21:17 3342336 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
2006-10-30 15:01 392832 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-10 03:41 133104 ----atw- c:\documents and settings\Samuel Polio\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2007-04-12 21:23 42032 ----a-w- c:\program files\Common Files\AOL\1127518498\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LxrAutorun]
2007-03-07 14:51 24576 ----a-w- c:\documents and settings\Samuel Polio\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
2008-03-14 09:00 136512 ----a-w- c:\program files\McAfee\Common Framework\UdaterUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2006-01-17 18:03 53248 -c--a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-12 01:15 290816 ------w- c:\program files\Dell\Media Experience\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2001-07-03 13:11 57344 -c----w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 20:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2005-06-03 11:16 81920 ----a-w- c:\progra~1\Sony\SONICS~1\SSAAD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor"=2 (0x2)
"MSSQL$AUTODESKVAULT"=2 (0x2)
"McAfeeFramework"=2 (0x2)
"LxrSII1s"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AOL ACS"=2 (0x2)
"SSScsiSV"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtPCS.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1127518498\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1127518498\\ee\\aim6.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1127518498\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\MATLAB_SV71\\bin\\win32\\MATLAB.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Sony\\Media Manager for PSP 2.5\\MediaManager.exe"=
"c:\\WebC_ActiveX4.22\\ptermX.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\MBF_ImageJ\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\StarNet\\X-Win32 9.5\\esd.exe"=
"c:\\Program Files\\StarNet\\X-Win32 9.5\\xwin32.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
S2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [11/2/2008 1:07 PM 72672]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/5/2011 6:04 PM 366152]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/24/2007 5:02 PM 24652]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [11/25/2005 8:14 PM 69692]
S3 iMSPCLOj;iMSPCLOj;\??\c:\docume~1\SAMUEL~1\LOCALS~1\Temp\iMSPCLOj.sys --> c:\docume~1\SAMUEL~1\LOCALS~1\Temp\iMSPCLOj.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/5/2011 6:04 PM 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 PAC207;Webcam 1200;c:\windows\system32\drivers\PFC027.SYS [4/4/2009 11:03 PM 611584]
S3 RCopySys;RCopySys;c:\documents and settings\Samuel Polio\Application Data\OfficeGuardian\RCopySys.sys [10/18/2008 12:09 PM 6656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2415567970-887536657-40222469-1005Core.job
- c:\documents and settings\Samuel Polio\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-07 03:41]
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2415567970-887536657-40222469-1005UA.job
- c:\documents and settings\Samuel Polio\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-07 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/myway
TCP: DhcpNameServer = 24.233.95.10 24.233.95.168 24.233.95.169
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-iiovsVgraP.exe - c:\documents and settings\All Users\Application Data\iiovsVgraP.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-12 13:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(232)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2011-11-12 13:42:15
ComboFix-quarantined-files.txt 2011-11-12 18:42
ComboFix2.txt 2008-06-10 02:29
.
Pre-Run: 14,893,879,296 bytes free
Post-Run: 21,656,666,112 bytes free
.
- - End Of File - - 2035D70185C824DF2BE7839D7FBF4F14 |
|
| Back to top |
|
|
Gary R
Moderator
Joined: 03 May 2005
Last Visit: 22 May 2013
Posts: 9700
Location: Yorkshire
|
| Posted: Sun Nov 13, 2011 7:18 am Post subject: |
|
|
Sorry I'm late getting back to you, I didn't get the usual e-mail notification that you'd replied.
Looking better, but there's still things I'd like to check out .....
First
I'd like you to check a files for Viruses.
| Quote: |
| c:\documents and settings\Samuel Polio\Local Settings\Temp\iMSPCLOj.sys |
- Browse to the file in the quote box above.
- Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
- After a while, a window will open, with details of what the scans found.
- Note details of any viruses found.
- Post me the details please.
Next
Download OTL by OldTimer to your Desktop.
If you already have a copy of OTL delete it and use this version.
- Double click OTL.exe to launch the programme.
- Check the following.
- Scan all users.
- Standard Output.
- Lop check.
- Purity check.
- Under Extra Registry section, select Use SafeList
- Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
- When finished it will produce two logs.
- OTL.txt (open on your desktop).
- Extras.txt (minimised in your taskbar)
- Please post me both logs.
Next
Please run a scan with ESET Online Scanner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
- Please go HERE then click on:
| Quote: |
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. |
- Select the option YES, I accept the Terms of Use then click on:
- When prompted allow the Add-On/Active X to install.
- Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Now click on:
- The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
- Copy and paste that log in your next reply please.
- Now click on:
 (Selecting Uninstall application on close if you so wish)
Finally
Let me know how your computer is behaving now.
Summary of the logs I need from you in your next post:
- Results from VirusTotal or Jotti's
- OTL.txt
- Extras.txt
- Let me know how your computer is behaving.
Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
PS
I will not be available for the rest of today, so it will be tomorrow morning (my time) before I get to see your return logs.
_________________
Gary R Administrator at Malware Removal University
If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations |
|
| Back to top |
|
|
LastRaven
Newbie
Joined: 11 Nov 2011
Last Visit: 15 Nov 2011
Posts: 5
|
| Posted: Tue Nov 15, 2011 4:42 pm Post subject: |
|
|
I unhid the the files and folders through the explore menu, but I am unable to find
c:\documents and settings\Samuel Polio\Local Settings\Temp\iMSPCLOj.sys |
|
| Back to top |
|
|
LastRaven
Newbie
Joined: 11 Nov 2011
Last Visit: 15 Nov 2011
Posts: 5
|
| Posted: Tue Nov 15, 2011 4:43 pm Post subject: |
|
|
OTL logfile created on: 11/13/2011 2:12:09 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 84.89% Memory free
4.60 Gb Paging File | 4.53 Gb Available in Paging File | 98.49% Paging File free
Paging file location(s): C:\pagefile.sys 2808 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73.71 Gb Total Space | 20.06 Gb Free Space | 27.22% Space Free | Partition Type: NTFS
Drive F: | 3.72 Gb Total Space | 0.64 Gb Free Space | 17.08% Space Free | Partition Type: NTFS
Computer Name: INSPIRON | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/11/13 14:07:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/09/07 16:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/01/15 00:56:45 | 000,079,360 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/12 21:46:58 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/03/14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008/02/18 14:07:48 | 000,032,768 | ---- | M] (Autodesk) [Auto | Stopped] -- C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe -- (Autodesk Data Management Job Dispatch)
SRV - [2007/04/03 15:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/03/07 09:51:52 | 000,049,152 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\System32\LxrSII1s.exe -- (LxrSII1s)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2005/08/30 17:36:00 | 000,188,416 | ---- | M] (Cambridge Silicon Radio) [Disabled | Stopped] -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe -- (Bluetooth Hid Switch Service)
SRV - [2005/06/07 00:32:54 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/06/07 00:28:04 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/06/07 00:22:34 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/06/03 04:21:00 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/09/07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2003/08/27 10:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
========== Driver Services (SafeList) ==========
DRV - [2011/08/31 16:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008/03/10 23:16:23 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/07/31 17:33:44 | 000,028,672 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\goprot51.sys -- (GoProto)
DRV - [2007/06/29 15:32:08 | 000,611,584 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/05/16 16:46:02 | 000,006,656 | R--- | M] (Storage Appliance Corporation) [Kernel | On_Demand | Stopped] -- c:\Documents and Settings\Samuel Polio\Application Data\OfficeGuardian\RCopySys.sys -- (RCopySys)
DRV - [2007/04/03 15:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/03/07 09:51:52 | 000,072,672 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LxrSII1d.sys -- (LxrSII1d)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/01/31 12:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/10/03 12:57:00 | 000,086,867 | R--- | M] (CSR) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCOREUSB.sys -- (BCOREUSB)
DRV - [2005/09/15 18:06:08 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/09/15 10:53:00 | 000,108,672 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2005/09/03 18:06:54 | 000,062,592 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/08/30 17:49:40 | 000,036,608 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005/08/01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/06/20 20:30:46 | 000,044,288 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/04/06 09:54:44 | 000,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/03/10 22:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/26 07:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2005/01/06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/11/16 16:03:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/10/21 20:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2004/08/31 08:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/18 14:53:54 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/12 08:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/06/17 20:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/26 20:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/02/13 16:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2004/02/04 09:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 12:10:58 | 000,069,692 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el575ND5.sys -- (el575nd5)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=
IE - HKU\S-1-5-21-2415567970-887536657-40222469-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-2415567970-887536657-40222469-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2910: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/09 13:14:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/12 20:12:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/12 20:12:25 | 000,000,000 | ---D | M]
[2011/10/05 17:40:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/29 01:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/07/31 13:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2006/10/12 11:08:53 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/11/12 13:36:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No CLSID value found.
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
O4 - HKU\S-1-5-21-2415567970-887536657-40222469-500..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-2415567970-887536657-40222469-500..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2415567970-887536657-40222469-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2415567970-887536657-40222469-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2415567970-887536657-40222469-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2415567970-887536657-40222469-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120692167375 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129856913093 (MUWebControl Class)
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} http://us-download.mcafee.com/products/protected/mvt/mvt.cab (McAfee Virtual Technician Control Class)
O16 - DPF: {7B19E477-0FF8-11d4-9914-005004D3B3DB} http://java.sun.com/products/plugin/1.2/jinstall-122_017-win.cab (JavaPlugin.Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.233.95.10 24.233.95.168 24.233.95.169
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC25D4BD-EAE4-44CE-A9AB-369A5798FCD2}: DhcpNameServer = 24.233.95.10 24.233.95.168 24.233.95.169
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\IntelWireless: DllName - (C:\Program Files\Intel\Wireless\Bin\LgNotify.dll) - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/10/09 11:17:50 | 000,000,122 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/11/13 14:08:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/11/13 13:56:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/11/12 13:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/11/12 13:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/11/12 13:42:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/11/12 11:30:24 | 004,291,878 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/06 09:58:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/11/05 21:32:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Free Window Registry Repair
[2011/11/05 21:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2011/11/05 18:04:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/11/05 18:04:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/05 18:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/05 18:04:31 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/05 18:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/05 17:52:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2011/11/05 17:51:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2011/11/05 17:42:25 | 000,000,000 | ---D | C] -- C:\7dd5a465ee099c16381b20788ddd
[2011/11/05 17:41:02 | 000,000,000 | ---D | C] -- C:\f54bddf08dc70aaa2bb8d9968a7b
[2011/11/03 16:17:36 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/11/13 14:07:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/11/13 14:06:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/13 14:05:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/13 14:04:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011/11/13 13:54:30 | 000,607,646 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/13 13:54:30 | 000,134,664 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/13 13:54:28 | 000,757,092 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011/11/13 13:50:32 | 000,044,657 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/11/13 13:50:31 | 000,050,547 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/11/13 13:48:37 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2011/11/13 13:48:36 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2011/11/13 13:48:34 | 009,192,336 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2011/11/12 13:46:55 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/12 13:46:47 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2011/11/12 13:46:47 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2011/11/12 13:36:54 | 000,000,327 | ---- | M] () -- C:\WINDOWS\system.ini
[2011/11/12 13:36:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/12 11:28:01 | 004,291,878 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/05 22:29:48 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2011/11/05 21:32:44 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Free Window Registry Repair.lnk
[2011/11/05 18:04:40 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/31 14:15:08 | 000,000,448 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2011/10/31 14:13:21 | 000,000,304 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
[2011/10/31 14:13:21 | 000,000,200 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
[2011/10/31 14:09:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2415567970-887536657-40222469-1005UA.job
[2011/10/30 07:09:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2415567970-887536657-40222469-1005Core.job
[2011/10/29 16:29:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/11/12 13:46:55 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/12 13:46:47 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2011/11/12 13:46:47 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2011/11/12 11:38:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/12 11:38:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/05 21:32:44 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Free Window Registry Repair.lnk
[2011/11/05 18:04:40 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/31 14:13:21 | 000,000,304 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
[2011/10/31 14:13:21 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
[2011/10/31 14:12:57 | 000,000,448 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2011/10/09 13:03:05 | 000,207,226 | ---- | C] () -- C:\WINDOWS\hpwins28.dat
[2011/10/09 13:03:05 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpwmdl28.dat
[2010/05/23 00:00:13 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/18 11:54:27 | 000,000,801 | ---- | C] () -- C:\WINDOWS\ScanSpyware.INI
[2009/04/04 23:03:28 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.INI
[2008/11/02 13:07:28 | 000,072,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSII1d.sys
[2008/11/02 13:07:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\LxrSII1s.exe
[2008/09/10 18:23:38 | 000,000,107 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2008/08/18 19:46:27 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/07/23 20:46:08 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/06/11 18:31:00 | 000,000,011 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2008/06/09 21:15:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/06/09 21:15:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/06/09 21:15:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/03/10 17:57:35 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/03/10 17:57:35 | 000,002,550 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2007/10/23 00:41:12 | 000,001,054 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2007/07/13 16:59:53 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\GkSui18.EXE
[2007/07/13 16:59:53 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Copy of GkSui18.EXE
[2007/07/08 09:59:49 | 000,270,848 | ---- | C] () -- C:\WINDOWS\UNWISE32.EXE
[2007/06/19 22:56:30 | 000,095,908 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2007/04/03 15:18:26 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/04/03 15:18:06 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/02/04 19:53:08 | 000,003,497 | ---- | C] () -- C:\WINDOWS\PSPICEEV.INI
[2007/02/04 19:53:06 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\ltfil60n.dll
[2007/02/04 19:53:06 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwpg60n.dll
[2007/02/04 19:53:06 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwmf60n.dll
[2007/02/04 19:53:05 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\lffax60n.dll
[2007/02/04 19:53:05 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\lfcmp60n.dll
[2007/02/04 19:53:05 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\lfpng60n.dll
[2007/02/04 19:53:05 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\lftif60n.dll
[2007/02/04 19:53:05 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\lfpcx60n.dll
[2007/02/04 19:53:05 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfpct60n.dll
[2007/02/04 19:53:05 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfeps60n.dll
[2007/02/04 19:53:05 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\lfbmp60n.dll
[2007/02/04 19:53:05 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lfpsd60n.dll
[2007/02/04 19:53:05 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\lftga60n.dll
[2007/02/04 19:53:05 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\lfmsp60n.dll
[2007/02/04 19:53:05 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\lfmac60n.dll
[2007/02/04 19:53:05 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[2007/01/18 06:18:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/11/14 00:09:55 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/11/02 17:32:05 | 000,000,157 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2006/07/24 18:02:36 | 000,000,101 | ---- | C] () -- C:\WINDOWS\upst.ini
[2006/05/29 10:30:15 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2006/05/22 15:28:57 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/04/26 23:41:03 | 000,001,104 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2006/01/25 19:54:09 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2006/01/25 19:54:09 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2006/01/25 19:52:50 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2006/01/25 19:52:49 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2006/01/25 19:52:46 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2005/12/07 20:43:31 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/11/27 15:43:28 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2005/11/13 23:45:59 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2005/10/28 19:49:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/10/17 00:03:12 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/08/18 17:45:25 | 000,302,080 | ---- | C] () -- C:\WINDOWS\hpiqmr00.dll
[2005/08/18 17:44:47 | 000,122,880 | ---- | C] () -- C:\WINDOWS\traces.dll
[2005/08/18 17:44:09 | 000,008,255 | ---- | C] () -- C:\WINDOWS\sidfile.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/07/10 12:08:32 | 000,000,503 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/07/08 18:54:57 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/07/08 10:33:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2005/07/07 21:23:07 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/07/07 21:22:57 | 000,006,825 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/07/06 22:08:59 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/07/06 19:54:47 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2005/06/27 23:41:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/27 23:35:36 | 000,002,538 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/06/27 23:32:13 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/06/27 23:30:36 | 000,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/27 23:25:12 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/06/27 23:11:21 | 000,044,657 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2005/06/27 22:56:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/06/27 22:56:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/06/27 22:56:18 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/06/27 22:56:18 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2005/06/27 22:56:18 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/06/27 22:56:18 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2005/06/27 22:56:18 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/06/27 22:56:18 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/06/27 22:56:16 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2005/06/27 22:56:16 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2005/06/27 22:55:22 | 000,000,372 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/06/22 16:11:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/06/22 13:37:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/12 08:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:20:48 | 009,192,336 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:14:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2004/08/11 17:13:32 | 000,000,488 | R--- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2004/08/11 17:13:25 | 000,000,749 | R--- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:12:00 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2004/08/11 17:12:00 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2004/08/11 17:11:31 | 000,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2004/08/11 17:11:31 | 000,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:25 | 000,757,092 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,452,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:52 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2004/08/11 17:00:52 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2004/08/11 17:00:42 | 000,069,886 | ---- | C] () -- C:\WINDOWS\System32\edit.com
[2004/08/11 17:00:37 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2004/08/11 17:00:37 | 000,002,280 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 17:00:36 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\vwipxspx.exe
[2004/08/11 17:00:35 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2004/08/11 17:00:35 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2004/08/11 17:00:35 | 000,000,327 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/11 17:00:30 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2004/08/11 17:00:30 | 000,011,753 | ---- | C] () -- C:\WINDOWS\System32\setver.exe
[2004/08/11 17:00:30 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:30 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe
[2004/08/11 17:00:29 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2004/08/11 17:00:29 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2004/08/11 17:00:29 | 000,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2004/08/11 17:00:29 | 000,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2004/08/11 17:00:29 | 000,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2004/08/11 17:00:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2004/08/11 17:00:29 | 000,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2004/08/11 17:00:29 | 000,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2004/08/11 17:00:29 | 000,003,338 | ---- | C] () -- C:\WINDOWS\System32\redir.exe
[2004/08/11 17:00:28 | 000,607,646 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,134,664 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:28 | 000,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2004/08/11 17:00:28 | 000,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2004/08/11 17:00:28 | 000,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2004/08/11 17:00:28 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2004/08/11 17:00:28 | 000,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:25 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2004/08/11 17:00:25 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2004/08/11 17:00:25 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2004/08/11 17:00:25 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2004/08/11 17:00:25 | 000,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2004/08/11 17:00:25 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2004/08/11 17:00:25 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2004/08/11 17:00:25 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2004/08/11 17:00:25 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2004/08/11 17:00:25 | 000,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2004/08/11 17:00:25 | 000,003,252 | ---- | C] () -- C:\WINDOWS\System32\nw16.exe
[2004/08/11 17:00:24 | 000,007,052 | ---- | C] () -- C:\WINDOWS\System32\nlsfunc.exe
[2004/08/11 17:00:24 | 000,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:21 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2004/08/11 17:00:21 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2004/08/11 17:00:21 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2004/08/11 17:00:21 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\mscdexnt.exe
[2004/08/11 17:00:20 | 000,010,110 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:19 | 000,039,274 | ---- | C] () -- C:\WINDOWS\System32\mem.exe
[2004/08/11 17:00:18 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2004/08/11 17:00:18 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2004/08/11 17:00:18 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2004/08/11 17:00:18 | 000,001,131 | ---- | C] () -- C:\WINDOWS\System32\loadfix.com
[2004/08/11 17:00:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\vo8h5mp.dll
[2004/08/11 17:00:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2004/08/11 17:00:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2004/08/11 17:00:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2004/08/11 17:00:18 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2004/08/11 17:00:18 | 000,000,340 | ---- | C] () -- C:\WINDOWS\System32\la9t68l.dll
[2004/08/11 17:00:18 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2004/08/11 17:00:18 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2004/08/11 17:00:18 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\v2m2xrd.dll
[2004/08/11 17:00:17 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2004/08/11 17:00:17 | 000,014,710 | ---- | C] () -- C:\WINDOWS\System32\kb16.com
[2004/08/11 17:00:15 | 000,019,694 | ---- | C] () -- C:\WINDOWS\System32\graphics.com
[2004/08/11 17:00:15 | 000,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2004/08/11 17:00:14 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\fastopen.exe
[2004/08/11 17:00:13 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2004/08/11 17:00:13 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2004/08/11 17:00:13 | 000,012,642 | ---- | C] () -- C:\WINDOWS\System32\edlin.exe
[2004/08/11 17:00:13 | 000,008,424 | ---- | C] () -- C:\WINDOWS\System32\exe2bin.exe
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:05 | 000,053,840 | ---- | C] () -- C:\WINDOWS\System32\dosx.exe
[2004/08/11 17:00:04 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2004/08/11 17:00:04 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2004/08/11 17:00:04 | 000,020,634 | ---- | C] () -- C:\WINDOWS\System32\debug.exe
[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/11 17:00:03 | 000,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2004/08/11 17:00:03 | 000,050,620 | ---- | C] () -- C:\WINDOWS\System32\command.com
[2004/08/11 17:00:02 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2004/08/11 17:00:01 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2004/08/11 17:00:01 | 000,012,498 | ---- | C] () -- C:\WINDOWS\System32\append.exe
[2004/08/11 17:00:01 | 000,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/07/31 18:21:52 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\hllapi32.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/17 22:36:42 | 000,055,296 | ---- | C] () -- C:\WINDOWS\System32\dvdplay.exe
[2001/08/17 22:36:28 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[2000/05/19 18:15:28 | 000,000,076 | ---- | C] () -- C:\Program Files\buttons.bat
[2000/05/19 18:15:18 | 000,000,076 | ---- | C] () -- C:\Program Files\image.bat
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2008/11/16 11:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2006/07/30 18:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Advanced Chemistry Development
[2009/01/15 01:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/01/15 00:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk, Inc
[2008/09/26 23:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\buvs
[2008/07/12 21:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/01/14 21:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2006/01/20 20:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA4D9.tmp
[2006/01/21 19:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA520.tmp
[2006/06/01 20:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/08/24 17:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2007/12/18 01:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2007/12/01 12:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/06/14 18:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/16 18:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/06/30 23:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/14 18:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/06 18:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/05/24 20:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/04/04 19:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel Polio\Application Data\.purple
[2005/12/07 21:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel Polio\Application Data\acccore
[2009/01/15 23:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel Polio\Application Data\Ansys
[2009/04/21 10:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel Polio\Application Data\Autodesk
[2007/10/23 00:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel Polio\Application Data\BitZipper
[2007/05/03 11:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel Polio\Application Data\CLC bio
[2007/02/28 19:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel Polio\Application Data\Command & Conquer 3 Tiberium Wars Demo
[2008/01/13 20:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel Polio\Application Data\Ericom
[2010/02/13 14:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel Polio\Application Data\gtk-2.0
[2008/03/27 22:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel Polio\Application Data\Hide IP NG
[2007/10/28 20:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel Polio\Application Data\iLike
[2005/07/07 09:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel Polio\Application Data\Leadertech
[2007/07/07 23:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel Polio\Application Data\LEGO Company
[2008/04/26 21:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel Polio\Application Data\MSNInstaller
[2005/07/06 22:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel Polio\Application Data\Musicmatch
[2008/11/01 12:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel Polio\Application Data\OfficeGuardian
[2006/09/14 22:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel Polio\Application Data\Opera
[2009/10/06 14:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel Polio\Application Data\ScanSpyware
[2007/12/18 01:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel Polio\Application Data\Sony
[2009/01/12 22:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel Polio\Application Data\SPORE
[2009/12/06 20:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel Polio\Application Data\StarNet
[2005/11/09 20:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel Polio\Application Data\Sync App Settings
[2005/07/08 10:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel Polio\Application Data\Toshiba
[2009/12/01 01:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel Polio\Application Data\Uniblue
[2007/03/15 21:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel Polio\Application Data\Video DVD Maker PRO
[2005/11/17 20:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samuel Polio\Application Data\Viewpoint
========== Purity Check ==========
< End of report > |
|
| Back to top |
|
|
LastRaven
Newbie
Joined: 11 Nov 2011
Last Visit: 15 Nov 2011
Posts: 5
|
| Posted: Tue Nov 15, 2011 4:45 pm Post subject: |
|
|
OTL Extras logfile created on: 11/13/2011 2:12:09 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 84.89% Memory free
4.60 Gb Paging File | 4.53 Gb Available in Paging File | 98.49% Paging File free
Paging file location(s): C:\pagefile.sys 2808 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73.71 Gb Total Space | 20.06 Gb Free Space | 27.22% Space Free | Partition Type: NTFS
Drive F: | 3.72 Gb Total Space | 0.64 Gb Free Space | 17.08% Space Free | Partition Type: NTFS
Computer Name: INSPIRON | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtPCS.exe" = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtPCS.exe:*:Enabled:Bluetooth PAN Client -- (TOSHIBA CORPORATION)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1127518498\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1127518498\ee\aolsoftware.exe:*:Enabled:AOL Services -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1127518498\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1127518498\ee\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\1127518498\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1127518498\ee\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\MATLAB_SV71\bin\win32\MATLAB.exe" = C:\Program Files\MATLAB_SV71\bin\win32\MATLAB.exe:*:Enabled:MATLAB -- (The MathWorks Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Sony\Media Manager for PSP 2.5\MediaManager.exe" = C:\Program Files\Sony\Media Manager for PSP 2.5\MediaManager.exe:*:Enabled:Media Manager for PSP 2.5 -- (Sony Creative Software Inc.)
"C:\WebC_ActiveX4.22\ptermX.exe" = C:\WebC_ActiveX4.22\ptermX.exe:*:Enabled:PowerTerm® WebConnect ActiveX -- (Ericom Software)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\MBF_ImageJ\jre\bin\javaw.exe" = C:\MBF_ImageJ\jre\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Pidgin\pidgin.exe" = C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin -- (The Pidgin developer community)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\StarNet\X-Win32 9.5\esd.exe" = C:\Program Files\StarNet\X-Win32 9.5\esd.exe:*:Enabled:esd -- ()
"C:\Program Files\StarNet\X-Win32 9.5\xwin32.exe" = C:\Program Files\StarNet\X-Win32 9.5\xwin32.exe:*:Enabled:X-Win32 PC X Server -- (StarNet Communications Corp)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{05410044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Encyclopedia Standard 2005
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0D6AACB5-9663-472D-8D29-1DC8F4D3E6FF}" = Sony Media Manager for PSP 2.5
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{20610409-CA18-41A6-9E21-A93AE82EE7C5}" = Visual Studio .NET Professional 2003 - English
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{23E5C72C-CC08-4EE0-9CC2-D925B232B331}" = Microsoft MSDN 2005 Express Edition - ENU
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{3502E451-CBBA-4DD0-924D-BDD816761AA5}" = X-Win32 9.5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}" = Windows 7 USB/DVD Download Tool
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{362882AE-E40A-4435-B214-6420634C401F}" = Microsoft Visual C++ Toolkit 2003
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{450063AA-643B-417C-8CF5-405BA3F4EF40}" = Autodesk Design Review 2009
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D6-7028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2009
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{625BD732-ACDF-4552-BF22-98EBB413B6F3}" = McAfee Shredder
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{66D475AE-F18B-43A0-8BAF-61AF4403E339}" = Webcam 1200
"{6774F0CF-C7DD-4CB4-BCB2-11C3E08BBA03}" = McAfee Shredder
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.9
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7148F0A8-6813-11D6-A77B-00B0D0142080}" = Java 2 Runtime Environment, SE v1.4.2_08
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F4DD591-1300-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2009
"{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"{849ABF1A-6AE3-45E1-B260-D5447B2F29F5}" = OpenMG Secure Module 4.2.00
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A638557B-1F13-40A0-9627-C892FBCA6960}" = McAfee Agent
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5670-0000-800000000003}" = Korean Fonts Support For Adobe Reader 8
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4013E5D-C833-4C8D-A942-AD7BBDFD9389}" = Autodesk Vault 2009 (Client)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB9FF67B-1A16-491B-81C5-272B145FEAB7}" = Autodesk Data Management Server 2009
"{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}" = PLAYSTATION(R)Network Downloader
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}" = Microsoft .NET Framework SDK (English) 1.1
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_6" = AIM 6
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Audacity_is1" = Audacity 1.2.6
"Autodesk Data Management Server 2009" = Autodesk Data Management Server 2009
"Autodesk Design Review 2009" = Autodesk Design Review 2009
"Autodesk Inventor Professional 2009" = Autodesk Inventor Professional 2009
"Autodesk Student Community Download Tool_is1" = Autodesk Student Community Download Tool
"Autodesk Vault 2009 (Client)" = Autodesk Vault 2009 (Client)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DCoder Image Source" = DCoder Image Source (remove only)
"DeleteProdVVFW80Low_US" = IBM ViaVoice Personal 8.0 - US English
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DirectVobSub" = DirectVobSub (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"DWG TrueView 2009" = DWG TrueView 2009
"EADM" = EA Download Manager
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.5 (1044)
"ERUNT_is1" = ERUNT 1.1j
"Free Window Registry Repair" = Free Window Registry Repair
"GoToAssist" = GoToAssist 8.0.0.514
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Imtec Imtec Battery Mark 1.1" = Imtec Imtec Battery Mark 1.1
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"InstallShield_{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"InstallShield_{849ABF1A-6AE3-45E1-B260-D5447B2F29F5}" = OpenMG Secure Module 4.2.00
"JRE 1.2.2" = Java 2 Runtime Environment Standard Edition v1.2.2
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"MacBiophotonics ImageJ_is1" = Uninstall_ImageJ
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MatlabR14SP3" = MATLAB Student 7.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft MSDN 2005 Express Edition - ENU" = Microsoft MSDN 2005 Express Edition - ENU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"PictureItPrem_v10" = Microsoft Picture It! Premium 10
"Pidgin" = Pidgin
"Port Magic" = Pure Networks Port Magic
"ProInst" = Intel(R) PROSet/Wireless Software
"RealMedia" = RealMedia (remove only)
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"Shop for HP Supplies" = Shop for HP Supplies
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visual Studio .NET Professional 2003 - English" = Microsoft Visual Studio .NET Professional 2003 - English
"VST Bridge_is1" = VST Bridge 1.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinGTK-2_is1" = GTK+ 2.6.9 runtime environment
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2005Setup" = Microsoft Works 2005 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11/5/2011 10:30:15 PM | Computer Name = INSPIRON | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 11/5/2011 10:30:15 PM | Computer Name = INSPIRON | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 11/5/2011 10:30:15 PM | Computer Name = INSPIRON | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 11/5/2011 11:05:51 PM | Computer Name = INSPIRON | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved
Error - 11/5/2011 11:05:51 PM | Computer Name = INSPIRON | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 11/5/2011 11:29:51 PM | Computer Name = INSPIRON | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved
Error - 11/5/2011 11:29:51 PM | Computer Name = INSPIRON | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 11/12/2011 12:47:00 PM | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,
version 0.0.0.0, fault address 0x0008d1c0.
Error - 11/13/2011 2:52:23 PM | Computer Name = INSPIRON | Source = Autodesk Data Management Job Dispatch | ID = 0
Description = JobService.GetAllJobs() failure The operation has timed out
Error - 11/13/2011 2:56:23 PM | Computer Name = INSPIRON | Source = Autodesk Data Management Job Dispatch | ID = 0
Description = JobService.ExecuteJob() failure. JobTimer Id: a485faab-c53e-4d4e-bfaf-a1556c675d50
System.Web.Services.Protocols.SoapException:
109
[ System Events ]
Error - 11/13/2011 3:06:56 PM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31
Error - 11/13/2011 3:06:56 PM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31
Error - 11/13/2011 3:06:56 PM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31
Error - 11/13/2011 3:06:56 PM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7001
Description = The Simple Mail Transfer Protocol (SMTP) service depends on the IIS
Admin service which failed to start because of the following error: %%1068
Error - 11/13/2011 3:06:56 PM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7001
Description = The World Wide Web Publishing service depends on the IIS Admin service
which failed to start because of the following error: %%1068
Error - 11/13/2011 3:06:56 PM | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD APPDRV Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Tosrfcom WS2IFSL
Error - 11/13/2011 3:06:56 PM | Computer Name = INSPIRON | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 11/13/2011 3:06:57 PM | Computer Name = INSPIRON | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 11/13/2011 3:06:58 PM | Computer Name = INSPIRON | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 11/13/2011 3:07:56 PM | Computer Name = INSPIRON | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
< End of report > |
|
| Back to top |
|
|
LastRaven
Newbie
Joined: 11 Nov 2011
Last Visit: 15 Nov 2011
Posts: 5
|
| Posted: Tue Nov 15, 2011 4:47 pm Post subject: |
|
|
This is the ESET report
C:\Documents and Settings\Samuel Polio\Application Data\Sun\Java\Deployment\cache\6.0\33\67a0c221-2c1021c0 a variant of Win32/Kryptik.USY trojan
C:\Documents and Settings\Samuel Polio\Application Data\Sun\Java\Deployment\cache\6.0\50\356b932-321e4ba5 Java/Agent.DW trojan
C:\Program Files\Common Files\AOL\Backup\ACS\Current\Suite\comps\acslang.exe probably a variant of Win32/StartPage.HSZAKFT trojan
C:\Program Files\Common Files\AOL\Backup\ACS\Current\US\acslang.exe probably a variant of Win32/StartPage.HSZAKFT trojan
C:\Program Files\Common Files\AOL\Backup\ACS\Current\US\acssetup.exe probably a variant of Win32/StartPage.HSZAKFT trojan
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe.vir a variant of Win32/Kryptik.USY trojan
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\iiovsVgraP.exe.vir a variant of Win32/Kryptik.USY trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP0\A0000049.exe a variant of Win32/Kryptik.USY trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP0\A0000050.exe a variant of Win32/Kryptik.USY trojan |
|
| Back to top |
|
|
LastRaven
Newbie
Joined: 11 Nov 2011
Last Visit: 15 Nov 2011
Posts: 5
|
| Posted: Tue Nov 15, 2011 4:50 pm Post subject: |
|
|
| The computer seems to be running well, but a lot of the programs are empty when I go to Start and go to Programs and try to run them |
|
| Back to top |
|
|
Gary R
Moderator
Joined: 03 May 2005
Last Visit: 22 May 2013
Posts: 9700
Location: Yorkshire
|
| Posted: Tue Nov 15, 2011 10:58 pm Post subject: |
|
|
- Double click OTL.exe to launch the programme.
- Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
| Code: |
:OTL
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No CLSID value found.
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - No CLSID value found.
O16 - DPF: {7B19E477-0FF8-11d4-9914-005004D3B3DB} http://java.sun.com/products/plugin/1.2/jinstall-122_017-win.cab (JavaPlugin.Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
:files
c:\documents and settings\Samuel Polio\Local Settings\Temp\iMSPCLOj.sys
C:\Documents and Settings\Administrator\PrivacIE
C:\Documents and Settings\Administrator\IETldCache
C:\7dd5a465ee099c16381b20788ddd
C:\f54bddf08dc70aaa2bb8d9968a7b
C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
C:\Documents and Settings\Samuel Polio\Application Data\Sun\Java\Deployment\cache\6.0\33\67a0c221-2c1021c0
C:\Documents and Settings\Samuel Polio\Application Data\Sun\Java\Deployment\cache\6.0\50\356b932-321e4ba5
C:\Program Files\Common Files\AOL\Backup\ACS\Current\Suite\comps\acslang.exe
C:\Program Files\Common Files\AOL\Backup\ACS\Current\US\acslang.exe
C:\Program Files\Common Files\AOL\Backup\ACS\Current\US\acssetup.exe
:Commands
[CreateRestorePoint]
[EmptyTemp]
[ResetHosts]
[Reboot]
|
- Click the Run Fix button.
- OTL will now process the instructions.
- When finished a box will open asking you to open the fix log, click OK.
- The fix log will open.
- Copy/Paste the log in your next reply please.
Note:OTL will re-boot your computer. A log will be produced upon re-boot.
Next
You can restore the defaults for the Start Menu, Accessories and Administrative Tools as follows:
Next
To manually recreate "All Programs" entries, follow these steps...
- Download App Paths
- Double click on AppPaths.exe to run the program.
- Keep the program open.
In this example I'll recreate an entry for Avast antivirus program.
- Go Start>All Programs.
- Right click on Avast entry, click "Properties".
NOTE. Make sure, you right click on Avast program, NOT on Avast folder.
Due to the damage caused by the infection, you'll find "Target" box empty.
- Go back to AppPaths window and find Avast entry.
- Right click on Avast line, click "Edit".
- A pop-up window will open:
- Highlight everything in "Path" box, right click on it, click "Copy"
- Go back to Avast "Properties" window, right click inside "Target" box, click "Paste".
- IMPORTANT! Add quotation marks at the beginning of the path and at the end
- Click OK and you're done.
In case, program's link shows as (empty):
- Open Windows Explorer, navigate to Avast folder in Program Files
- Right click on Avast ".exe" file, click "Create shortcut":
- Copy that shortcut, go back to Start menu.
- Right click on avast!Free Antivirus, click "Paste".
- You'll see Avast shortcut recreated replacing (empty) entry.
Alternatively....
...you paste that shortcut in:
(XP) - C:\Documents and Settings\All Users\Start Menu\Programs\Avast
(Vista/7) - C:\Program Data\Start Menu\Programs\Avast
Summary of the logs I need from you in your next post:
- OTL fix log
- Let me know if you can run your programs now.
_________________
Gary R Administrator at Malware Removal University
If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations |
|
| Back to top |
|
|
Gary R
Moderator
Joined: 03 May 2005
Last Visit: 22 May 2013
Posts: 9700
Location: Yorkshire
|
| Posted: Fri Nov 18, 2011 10:23 pm Post subject: |
|
|
| Quote: |
Due to lack of response this topic is now closed.
If you still need help you must open a new thread in the Help with Spyware Removal forum, post a new log, and wait for a new helper.
If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations
Gary R |
_________________
Gary R Administrator at Malware Removal University
If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations |
|
| Back to top |
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
|
