Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Vicious malware

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
evo8
Junior Member


Joined: 27 Dec 2011
Last Visit: 11 Jan 2012
Posts: 12

PostPosted: Tue Dec 27, 2011 6:14 pm    Post subject: Vicious malware Reply with quote

Hello and thank you for any help I receive.

I would like to first state the I'm aware I DID NOT post the DDS logs, there is a reason for this

This infection has done strange things to the computer I'm trying to clean. During the beginning of the infection there were not many problems other then a slow operation, but it has seemed to "evolve". First, half the desktop icons disappeared, I then opened Malwarebytes and downloaded rkill. After running rkill the remaining icons were missing except for the recycle bin and one other icon. Malwarebytes then closed and couldn't be opened again.

I've tried downloading Malwarebytes in safe mode but receive an "access denied" error. rkill did stop a process that was called "YdIoPOstlLdDd.exe" or something very close to that. There was also a program called Kna.exe o Kan.exe that I denied internet access via Norton. There was a sequence after the Kna as well.

I tried downloading DDS but right before logging on to this site the computer "crashed", i received on error message telling me to scan the hdd or reboot Windows. There was also an error code that stated something along the lines of System32\\000049da.

Things seem to be getting worse in normal mode so I only boot in Safe mode now. I tried to download DDS again but it dose not work. I've tried every alternate link. It opens and flashes for a second then closes. So, is there another program to use or another first step to take to receive assistance from this site?

Thank you very much for your time.
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 24 Jul 2014
Posts: 4571
Location: Land Of The Leprechauns

PostPosted: Thu Dec 29, 2011 9:22 am    Post subject: Reply with quote

Hi evo8,
Can you give me some details about your computer.
Is it XP, Vista, or windows 7? I need to know so i can give you appropriate instructions.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
evo8
Junior Member


Joined: 27 Dec 2011
Last Visit: 11 Jan 2012
Posts: 12

PostPosted: Thu Dec 29, 2011 4:15 pm    Post subject: Reply with quote

Yes, sorry for the lack of details. It is Windows XP home edition.
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 24 Jul 2014
Posts: 4571
Location: Land Of The Leprechauns

PostPosted: Fri Dec 30, 2011 3:55 am    Post subject: Reply with quote

Hi evo8 and welcome to Spyware Warrior Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Note: If you haven't done so already, please read this topic Things to know before you post where the conditions for receiving help here are explained.
Quote:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Lets see if you can do the following.


Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.
    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
evo8
Junior Member


Joined: 27 Dec 2011
Last Visit: 11 Jan 2012
Posts: 12

PostPosted: Sun Jan 01, 2012 7:12 pm    Post subject: Reply with quote

Combofix seems to be working, although it's very slow. I'll post the log when it's done.
Back to top
View user's profile Send private message
evo8
Junior Member


Joined: 27 Dec 2011
Last Visit: 11 Jan 2012
Posts: 12

PostPosted: Sun Jan 01, 2012 8:27 pm    Post subject: Reply with quote

i ran combo fix in safe mode,if it matters. also my keyboard stopped working, im using the on screen keboard.


the log:


ComboFix 12-01-01.06 - Administrator 01/01/2012 19:09:00.1.1 - x86 NETWORK
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\jdiNQqhyasYS.exe
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\YdIOpOsTlLdDd.exe
c:\documents and settings\Andrew\WINDOWS
c:\documents and settings\NetworkService\Local Settings\Application Data\fin.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15.inf
c:\windows\Downloaded Program Files\Temp
c:\windows\SET49F.tmp
c:\windows\SET64A.tmp
c:\windows\system32\_004195_.tmp.dll
c:\windows\system32\_004196_.tmp.dll
c:\windows\system32\_004197_.tmp.dll
c:\windows\system32\_004198_.tmp.dll
c:\windows\system32\_004201_.tmp.dll
c:\windows\system32\_004202_.tmp.dll
c:\windows\system32\_004203_.tmp.dll
c:\windows\system32\_004204_.tmp.dll
c:\windows\system32\_004205_.tmp.dll
c:\windows\system32\_004206_.tmp.dll
c:\windows\system32\_004207_.tmp.dll
c:\windows\system32\_004208_.tmp.dll
c:\windows\system32\_004210_.tmp.dll
c:\windows\system32\_004211_.tmp.dll
c:\windows\system32\_004214_.tmp.dll
c:\windows\system32\_004215_.tmp.dll
c:\windows\system32\_004217_.tmp.dll
c:\windows\system32\_004218_.tmp.dll
c:\windows\system32\_004219_.tmp.dll
c:\windows\system32\_004221_.tmp.dll
c:\windows\system32\_004223_.tmp.dll
c:\windows\system32\_004224_.tmp.dll
c:\windows\system32\_004225_.tmp.dll
c:\windows\system32\_004226_.tmp.dll
c:\windows\system32\_004227_.tmp.dll
c:\windows\system32\_004229_.tmp.dll
c:\windows\system32\_004230_.tmp.dll
c:\windows\system32\_004231_.tmp.dll
c:\windows\system32\_004232_.tmp.dll
c:\windows\system32\_004233_.tmp.dll
c:\windows\system32\_004235_.tmp.dll
c:\windows\system32\_004237_.tmp.dll
c:\windows\system32\_004238_.tmp.dll
c:\windows\system32\_004239_.tmp.dll
c:\windows\system32\_004240_.tmp.dll
c:\windows\system32\_004241_.tmp.dll
c:\windows\system32\_004242_.tmp.dll
c:\windows\system32\_004243_.tmp.dll
c:\windows\system32\_004244_.tmp.dll
c:\windows\system32\_004245_.tmp.dll
c:\windows\system32\_004246_.tmp.dll
c:\windows\system32\_004247_.tmp.dll
c:\windows\system32\_004248_.tmp.dll
c:\windows\system32\_004250_.tmp.dll
c:\windows\system32\_004251_.tmp.dll
c:\windows\system32\_004252_.tmp.dll
c:\windows\system32\_004253_.tmp.dll
c:\windows\system32\_004255_.tmp.dll
c:\windows\system32\_004256_.tmp.dll
c:\windows\system32\_004257_.tmp.dll
c:\windows\system32\_004260_.tmp.dll
c:\windows\system32\_004261_.tmp.dll
c:\windows\system32\_004265_.tmp.dll
c:\windows\system32\_004266_.tmp.dll
c:\windows\system32\_004268_.tmp.dll
c:\windows\system32\_004271_.tmp.dll
c:\windows\system32\_004273_.tmp.dll
c:\windows\system32\_004274_.tmp.dll
c:\windows\system32\_004275_.tmp.dll
c:\windows\system32\_004276_.tmp.dll
c:\windows\system32\_004279_.tmp.dll
c:\windows\system32\_004280_.tmp.dll
c:\windows\system32\_004281_.tmp.dll
c:\windows\system32\_004282_.tmp.dll
c:\windows\system32\_004283_.tmp.dll
c:\windows\system32\_004288_.tmp.dll
c:\windows\system32\_004290_.tmp.dll
c:\windows\system32\SET105C.tmp
c:\windows\system32\SET1064.tmp
c:\windows\system32\SET1095.tmp
c:\windows\system32\SET1097.tmp
c:\windows\system32\SET1203.tmp
c:\windows\system32\SET1207.tmp
c:\windows\system32\SET120F.tmp
c:\windows\system32\SET1240.tmp
c:\windows\system32\SET1242.tmp
c:\windows\system32\SET1AB.tmp
c:\windows\system32\SET1AC.tmp
c:\windows\system32\SET1AD.tmp
c:\windows\system32\SET1AE.tmp
c:\windows\system32\SET1B0.tmp
c:\windows\system32\SET1B2.tmp
c:\windows\system32\SET1B9.tmp
c:\windows\system32\SET1BA.tmp
c:\windows\system32\SET1BD.tmp
c:\windows\system32\SET1C2.tmp
c:\windows\system32\SET1C3.tmp
c:\windows\system32\SET1C4.tmp
c:\windows\system32\SET1C6.tmp
c:\windows\system32\SET1C7.tmp
c:\windows\system32\SET1C8.tmp
c:\windows\system32\SET1C9.tmp
c:\windows\system32\SET1CA.tmp
c:\windows\system32\SET1CC.tmp
c:\windows\system32\SET1CD.tmp
c:\windows\system32\SET1CE.tmp
c:\windows\system32\SET1D1.tmp
c:\windows\system32\SET1D8.tmp
c:\windows\system32\SET1D9.tmp
c:\windows\system32\SET1DA.tmp
c:\windows\system32\SET1DD.tmp
c:\windows\system32\SET1DF.tmp
c:\windows\system32\SET1E0.tmp
c:\windows\system32\SET1E7.tmp
c:\windows\system32\SET1EA.tmp
c:\windows\system32\SET1EB.tmp
c:\windows\system32\SET1ED.tmp
c:\windows\system32\SET1F2.tmp
c:\windows\system32\SET1F3.tmp
c:\windows\system32\SET1F4.tmp
c:\windows\system32\SET1F5.tmp
c:\windows\system32\SET1F6.tmp
c:\windows\system32\SET1FC.tmp
c:\windows\system32\SET201.tmp
c:\windows\system32\SET202.tmp
c:\windows\system32\SET205.tmp
c:\windows\system32\SET208.tmp
c:\windows\system32\SET209.tmp
c:\windows\system32\SET210.tmp
c:\windows\system32\SET211.tmp
c:\windows\system32\SET213.tmp
c:\windows\system32\SET216.tmp
c:\windows\system32\SET217.tmp
c:\windows\system32\SET220.tmp
c:\windows\system32\SET221.tmp
c:\windows\system32\SET224.tmp
c:\windows\system32\SET226.tmp
c:\windows\system32\SET227.tmp
c:\windows\system32\SET228.tmp
c:\windows\system32\SET229.tmp
c:\windows\system32\SET22A.tmp
c:\windows\system32\SET22B.tmp
c:\windows\system32\SET22F.tmp
c:\windows\system32\SET23B.tmp
c:\windows\system32\SET240.tmp
c:\windows\system32\SET242.tmp
c:\windows\system32\SET244.tmp
c:\windows\system32\SET245.tmp
c:\windows\system32\SET246.tmp
c:\windows\system32\SET249.tmp
c:\windows\system32\SET24A.tmp
c:\windows\system32\SET24E.tmp
c:\windows\system32\SET24F.tmp
c:\windows\system32\SET253.tmp
c:\windows\system32\SET254.tmp
c:\windows\system32\SET25A.tmp
c:\windows\system32\SET25B.tmp
c:\windows\system32\SET25C.tmp
c:\windows\system32\SET264.tmp
c:\windows\system32\SET26A.tmp
c:\windows\system32\SET26B.tmp
c:\windows\system32\SET26C.tmp
c:\windows\system32\SET26D.tmp
c:\windows\system32\SET26F.tmp
c:\windows\system32\SET275.tmp
c:\windows\system32\SET281.tmp
c:\windows\system32\SET283.tmp
c:\windows\system32\SET285.tmp
c:\windows\system32\SET286.tmp
c:\windows\system32\SET287.tmp
c:\windows\system32\SET292.tmp
c:\windows\system32\SET294.tmp
c:\windows\system32\SET295.tmp
c:\windows\system32\SET298.tmp
c:\windows\system32\SET29A.tmp
c:\windows\system32\SET29D.tmp
c:\windows\system32\SET2AC.tmp
c:\windows\system32\SET2AF.tmp
c:\windows\system32\SET2B0.tmp
c:\windows\system32\SET2B7.tmp
c:\windows\system32\SET2B8.tmp
c:\windows\system32\SET2BB.tmp
c:\windows\system32\SET2BC.tmp
c:\windows\system32\SET2BD.tmp
c:\windows\system32\SET2BE.tmp
c:\windows\system32\SET2BF.tmp
c:\windows\system32\SET2C1.tmp
c:\windows\system32\SET2C2.tmp
c:\windows\system32\SET2C3.tmp
c:\windows\system32\SET2C5.tmp
c:\windows\system32\SET2C6.tmp
c:\windows\system32\SET2C7.tmp
c:\windows\system32\SET2C9.tmp
c:\windows\system32\SET2CC.tmp
c:\windows\system32\SET2D1.tmp
c:\windows\system32\SET2D2.tmp
c:\windows\system32\SET2D3.tmp
c:\windows\system32\SET2D8.tmp
c:\windows\system32\SET2D9.tmp
c:\windows\system32\SET2DA.tmp
c:\windows\system32\SET2DC.tmp
c:\windows\system32\SET2DF.tmp
c:\windows\system32\SET2E1.tmp
c:\windows\system32\SET2E2.tmp
c:\windows\system32\SET2E5.tmp
c:\windows\system32\SET2E6.tmp
c:\windows\system32\SET2E7.tmp
c:\windows\system32\SET2E8.tmp
c:\windows\system32\SET2E9.tmp
c:\windows\system32\SET2EB.tmp
c:\windows\system32\SET2EC.tmp
c:\windows\system32\SET2ED.tmp
c:\windows\system32\SET2EF.tmp
c:\windows\system32\SET2F0.tmp
c:\windows\system32\SET2F2.tmp
c:\windows\system32\SET2F4.tmp
c:\windows\system32\SET2F8.tmp
c:\windows\system32\SET2FB.tmp
c:\windows\system32\SET2FC.tmp
c:\windows\system32\SET2FD.tmp
c:\windows\system32\SET2FE.tmp
c:\windows\system32\SET2FF.tmp
c:\windows\system32\SET302.tmp
c:\windows\system32\SET303.tmp
c:\windows\system32\SET304.tmp
c:\windows\system32\SET309.tmp
c:\windows\system32\SET30A.tmp
c:\windows\system32\SET30B.tmp
c:\windows\system32\SET30C.tmp
c:\windows\system32\SET30D.tmp
c:\windows\system32\SET30E.tmp
c:\windows\system32\SET30F.tmp
c:\windows\system32\SET311.tmp
c:\windows\system32\SET312.tmp
c:\windows\system32\SET313.tmp
c:\windows\system32\SET314.tmp
c:\windows\system32\SET315.tmp
c:\windows\system32\SET316.tmp
c:\windows\system32\SET317.tmp
c:\windows\system32\SET318.tmp
c:\windows\system32\SET319.tmp
c:\windows\system32\SET31A.tmp
c:\windows\system32\SET31B.tmp
c:\windows\system32\SET31C.tmp
c:\windows\system32\SET31D.tmp
c:\windows\system32\SET31F.tmp
c:\windows\system32\SET320.tmp
c:\windows\system32\SET321.tmp
c:\windows\system32\SET322.tmp
c:\windows\system32\SET325.tmp
c:\windows\system32\SET327.tmp
c:\windows\system32\SET329.tmp
c:\windows\system32\SET32B.tmp
c:\windows\system32\SET32C.tmp
c:\windows\system32\SET32D.tmp
c:\windows\system32\SET32F.tmp
c:\windows\system32\SET331.tmp
c:\windows\system32\SET333.tmp
c:\windows\system32\SET334.tmp
c:\windows\system32\SET335.tmp
c:\windows\system32\SET336.tmp
c:\windows\system32\SET338.tmp
c:\windows\system32\SET339.tmp
c:\windows\system32\SET33B.tmp
c:\windows\system32\SET33D.tmp
c:\windows\system32\SET33E.tmp
c:\windows\system32\SET33F.tmp
c:\windows\system32\SET346.tmp
c:\windows\system32\SET348.tmp
c:\windows\system32\SET349.tmp
c:\windows\system32\SET34A.tmp
c:\windows\system32\SET34B.tmp
c:\windows\system32\SET34D.tmp
c:\windows\system32\SET34E.tmp
c:\windows\system32\SET34F.tmp
c:\windows\system32\SET350.tmp
c:\windows\system32\SET352.tmp
c:\windows\system32\SET356.tmp
c:\windows\system32\SET357.tmp
c:\windows\system32\SET358.tmp
c:\windows\system32\SET359.tmp
c:\windows\system32\SET35A.tmp
c:\windows\system32\SET35B.tmp
c:\windows\system32\SET361.tmp
c:\windows\system32\SET362.tmp
c:\windows\system32\SET363.tmp
c:\windows\system32\SET367.tmp
c:\windows\system32\SET369.tmp
c:\windows\system32\SET36A.tmp
c:\windows\system32\SET36B.tmp
c:\windows\system32\SET36C.tmp
c:\windows\system32\SET36F.tmp
c:\windows\system32\SET370.tmp
c:\windows\system32\SET373.tmp
c:\windows\system32\SET374.tmp
c:\windows\system32\SET37B.tmp
c:\windows\system32\SET37C.tmp
c:\windows\system32\SET37E.tmp
c:\windows\system32\SET37F.tmp
c:\windows\system32\SET382.tmp
c:\windows\system32\SET383.tmp
c:\windows\system32\SET384.tmp
c:\windows\system32\SET385.tmp
c:\windows\system32\SET386.tmp
c:\windows\system32\SET38C.tmp
c:\windows\system32\SET38D.tmp
c:\windows\system32\SET390.tmp
c:\windows\system32\SET392.tmp
c:\windows\system32\SET393.tmp
c:\windows\system32\SET396.tmp
c:\windows\system32\SET398.tmp
c:\windows\system32\SET399.tmp
c:\windows\system32\SET39A.tmp
c:\windows\system32\SET39B.tmp
c:\windows\system32\SET39C.tmp
c:\windows\system32\SET39D.tmp
c:\windows\system32\SET39E.tmp
c:\windows\system32\SET39F.tmp
c:\windows\system32\SET3A3.tmp
c:\windows\system32\SET3A4.tmp
c:\windows\system32\SET3A6.tmp
c:\windows\system32\SET3A7.tmp
c:\windows\system32\SET3AD.tmp
c:\windows\system32\SET3B1.tmp
c:\windows\system32\SET3B4.tmp
c:\windows\system32\SET3B9.tmp
c:\windows\system32\SET3BA.tmp
c:\windows\system32\SET3BB.tmp
c:\windows\system32\SET3BD.tmp
c:\windows\system32\SET3BF.tmp
c:\windows\system32\SET3C0.tmp
c:\windows\system32\SET3C1.tmp
c:\windows\system32\SET3C2.tmp
c:\windows\system32\SET3C3.tmp
c:\windows\system32\SET3C4.tmp
c:\windows\system32\SET3C5.tmp
c:\windows\system32\SET3C8.tmp
c:\windows\system32\SET3C9.tmp
c:\windows\system32\SET3CD.tmp
c:\windows\system32\SET3CE.tmp
c:\windows\system32\SET3CF.tmp
c:\windows\system32\SET3D3.tmp
c:\windows\system32\SET3D4.tmp
c:\windows\system32\SET3D5.tmp
c:\windows\system32\SET3DA.tmp
c:\windows\system32\SET3DB.tmp
c:\windows\system32\SET3DC.tmp
c:\windows\system32\SET3DD.tmp
c:\windows\system32\SET3DE.tmp
c:\windows\system32\SET3E6.tmp
c:\windows\system32\SET3EA.tmp
c:\windows\system32\SET3EB.tmp
c:\windows\system32\SET3EE.tmp
c:\windows\system32\SET3EF.tmp
c:\windows\system32\SET3F0.tmp
c:\windows\system32\SET3F1.tmp
c:\windows\system32\SET3F3.tmp
c:\windows\system32\SET3F9.tmp
c:\windows\system32\SET405.tmp
c:\windows\system32\SET407.tmp
c:\windows\system32\SET409.tmp
c:\windows\system32\SET40A.tmp
c:\windows\system32\SET40B.tmp
c:\windows\system32\SET40C.tmp
c:\windows\system32\SET40D.tmp
c:\windows\system32\SET40E.tmp
c:\windows\system32\SET410.tmp
c:\windows\system32\SET415.tmp
c:\windows\system32\SET417.tmp
c:\windows\system32\SET41C.tmp
c:\windows\system32\SET41E.tmp
c:\windows\system32\SET41F.tmp
c:\windows\system32\SET420.tmp
c:\windows\system32\SET421.tmp
c:\windows\system32\SET422.tmp
c:\windows\system32\SET423.tmp
c:\windows\system32\SET424.tmp
c:\windows\system32\SET425.tmp
c:\windows\system32\SET427.tmp
c:\windows\system32\SET429.tmp
c:\windows\system32\SET42A.tmp
c:\windows\system32\SET42B.tmp
c:\windows\system32\SET42C.tmp
c:\windows\system32\SET42E.tmp
c:\windows\system32\SET42F.tmp
c:\windows\system32\SET431.tmp
c:\windows\system32\SET433.tmp
c:\windows\system32\SET436.tmp
c:\windows\system32\SET437.tmp
c:\windows\system32\SET43F.tmp
c:\windows\system32\SET445.tmp
c:\windows\system32\SET446.tmp
c:\windows\system32\SET449.tmp
c:\windows\system32\SET44A.tmp
c:\windows\system32\SET44B.tmp
c:\windows\system32\SET44E.tmp
c:\windows\system32\SET451.tmp
c:\windows\system32\SET453.tmp
c:\windows\system32\SET455.tmp
c:\windows\system32\SET456.tmp
c:\windows\system32\SET457.tmp
c:\windows\system32\SET459.tmp
c:\windows\system32\SET45A.tmp
c:\windows\system32\SET45C.tmp
c:\windows\system32\SET45D.tmp
c:\windows\system32\SET45E.tmp
c:\windows\system32\SET45F.tmp
c:\windows\system32\SET460.tmp
c:\windows\system32\SET461.tmp
c:\windows\system32\SET462.tmp
c:\windows\system32\SET463.tmp
c:\windows\system32\SET464.tmp
c:\windows\system32\SET466.tmp
c:\windows\system32\SET467.tmp
c:\windows\system32\SET468.tmp
c:\windows\system32\SET469.tmp
c:\windows\system32\SET46B.tmp
c:\windows\system32\SET46C.tmp
c:\windows\system32\SET46D.tmp
c:\windows\system32\SET46E.tmp
c:\windows\system32\SET470.tmp
c:\windows\system32\SET471.tmp
c:\windows\system32\SET474.tmp
c:\windows\system32\SET475.tmp
c:\windows\system32\SET477.tmp
c:\windows\system32\SET479.tmp
c:\windows\system32\SET47C.tmp
c:\windows\system32\SET47D.tmp
c:\windows\system32\SET47E.tmp
c:\windows\system32\SET483.tmp
c:\windows\system32\SET484.tmp
c:\windows\system32\SET485.tmp
c:\windows\system32\SET487.tmp
c:\windows\system32\SET48A.tmp
c:\windows\system32\SET48C.tmp
c:\windows\system32\SET48D.tmp
c:\windows\system32\SET490.tmp
c:\windows\system32\SET491.tmp
c:\windows\system32\SET494.tmp
c:\windows\system32\SET497.tmp
c:\windows\system32\SET498.tmp
c:\windows\system32\SET49A.tmp
c:\windows\system32\SET49F.tmp
c:\windows\system32\SET4A3.tmp
c:\windows\system32\SET4A7.tmp
c:\windows\system32\SET4A9.tmp
c:\windows\system32\SET4AA.tmp
c:\windows\system32\SET4AD.tmp
c:\windows\system32\SET4AE.tmp
c:\windows\system32\SET4B4.tmp
c:\windows\system32\SET4B5.tmp
c:\windows\system32\SET4B7.tmp
c:\windows\system32\SET4B8.tmp
c:\windows\system32\SET4BE.tmp
c:\windows\system32\SET4BF.tmp
c:\windows\system32\SET4C0.tmp
c:\windows\system32\SET4C1.tmp
c:\windows\system32\SET4C2.tmp
c:\windows\system32\SET4C3.tmp
c:\windows\system32\SET4C5.tmp
c:\windows\system32\SET4C7.tmp
c:\windows\system32\SET4CA.tmp
c:\windows\system32\SET4D4.tmp
c:\windows\system32\SET4D6.tmp
c:\windows\system32\SET4D7.tmp
c:\windows\system32\SET4D8.tmp
c:\windows\system32\SET4DA.tmp
c:\windows\system32\SET4DC.tmp
c:\windows\system32\SET4E1.tmp
c:\windows\system32\SET4E3.tmp
c:\windows\system32\SET4E4.tmp
c:\windows\system32\SET4EA.tmp
c:\windows\system32\SET4F5.tmp
c:\windows\system32\SET4F8.tmp
c:\windows\system32\SET4F9.tmp
c:\windows\system32\SET4FA.tmp
c:\windows\system32\SET4FD.tmp
c:\windows\system32\SET505.tmp
c:\windows\system32\SET50C.tmp
c:\windows\system32\SET50E.tmp
c:\windows\system32\SET512.tmp
c:\windows\system32\SET514.tmp
c:\windows\system32\SET516.tmp
c:\windows\system32\SET51A.tmp
c:\windows\system32\SET529.tmp
c:\windows\system32\SET52D.tmp
c:\windows\system32\SET52F.tmp
c:\windows\system32\SET531.tmp
c:\windows\system32\SET537.tmp
c:\windows\system32\SET538.tmp
c:\windows\system32\SET53B.tmp
c:\windows\system32\SET546.tmp
c:\windows\system32\SET549.tmp
c:\windows\system32\SET54F.tmp
c:\windows\system32\SET551.tmp
c:\windows\system32\SET552.tmp
c:\windows\system32\SET558.tmp
c:\windows\system32\SET55C.tmp
c:\windows\system32\SET565.tmp
c:\windows\system32\SET566.tmp
c:\windows\system32\SET56A.tmp
c:\windows\system32\SET56C.tmp
c:\windows\system32\SET56D.tmp
c:\windows\system32\SET56E.tmp
c:\windows\system32\SET576.tmp
c:\windows\system32\SET57A.tmp
c:\windows\system32\SET57F.tmp
c:\windows\system32\SET585.tmp
c:\windows\system32\SET595.tmp
c:\windows\system32\SET596.tmp
c:\windows\system32\SET5B8.tmp
c:\windows\system32\SET5BB.tmp
c:\windows\system32\SET5C0.tmp
c:\windows\system32\SET5C2.tmp
c:\windows\system32\SET5C9.tmp
c:\windows\system32\SET5CA.tmp
c:\windows\system32\SET5CB.tmp
c:\windows\system32\SET5CD.tmp
c:\windows\system32\SET5CE.tmp
c:\windows\system32\SET5CF.tmp
c:\windows\system32\SET5D0.tmp
c:\windows\system32\SET5D2.tmp
c:\windows\system32\SET5D4.tmp
c:\windows\system32\SET5D5.tmp
c:\windows\system32\SET5D7.tmp
c:\windows\system32\SET5DA.tmp
c:\windows\system32\SET5DC.tmp
c:\windows\system32\SET5E1.tmp
c:\windows\system32\SET5E2.tmp
c:\windows\system32\SET5EA.tmp
c:\windows\system32\SET5F1.tmp
c:\windows\system32\SET5F6.tmp
c:\windows\system32\SET5F9.tmp
c:\windows\system32\SET5FC.tmp
c:\windows\system32\SET5FE.tmp
c:\windows\system32\SET602.tmp
c:\windows\system32\SET604.tmp
c:\windows\system32\SET605.tmp
c:\windows\system32\SET606.tmp
c:\windows\system32\SET609.tmp
c:\windows\system32\SET60A.tmp
c:\windows\system32\SET60E.tmp
c:\windows\system32\SET60F.tmp
c:\windows\system32\SET614.tmp
c:\windows\system32\SET619.tmp
c:\windows\system32\SET61C.tmp
c:\windows\system32\SET620.tmp
c:\windows\system32\SET622.tmp
c:\windows\system32\SET624.tmp
c:\windows\system32\setb0.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-12-02 to 2012-01-02 )))))))))))))))))))))))))))))))
.
.
2011-12-28 00:43 . 2011-12-28 00:44 -------- d-----w- c:\documents and settings\Administrator
2011-12-23 01:41 . 2004-08-04 08:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-12-23 01:31 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-12-23 01:30 . 2004-08-04 06:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-12-23 01:13 . 2001-08-17 22:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-12-21 00:49 . 2011-12-21 00:49 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-20 03:33 . 2011-12-21 00:28 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{BAFD9EAB-6AC2-44E0-927D-097D9BAF6C81}\offreg.dll
2011-12-16 22:00 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{BAFD9EAB-6AC2-44E0-927D-097D9BAF6C81}\mpengine.dll
2011-12-14 20:43 . 2011-12-14 20:43 -------- d-----w- c:\program files\Opera
2011-12-11 23:39 . 2012-01-02 01:26 715216 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2011-12-11 23:39 . 2012-01-02 01:25 19928 ----a-w- c:\program files\Mozilla Firefox\xpcom.dll
2011-12-11 23:39 . 2012-01-02 01:25 16096216 ----a-w- c:\program files\Mozilla Firefox\xul.dll
2011-12-11 23:39 . 2012-01-02 01:25 269272 ----a-w- c:\program files\Mozilla Firefox\updater.exe
2011-12-11 23:39 . 2012-01-02 01:26 154584 ----a-w- c:\program files\Mozilla Firefox\ssl3.dll
2011-12-11 23:39 . 2012-01-02 01:26 105432 ----a-w- c:\program files\Mozilla Firefox\smime3.dll
2011-12-11 23:39 . 2012-01-02 01:26 170968 ----a-w- c:\program files\Mozilla Firefox\softokn3.dll
2011-12-08 06:13 . 2011-12-08 06:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:47 . 2008-03-27 19:34 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-01-02 01:26 . 2012-01-02 01:26 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2003-12-12 70800]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-09-15 100056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-08-14 58488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 19:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
2006-08-01 22:35 67112 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2005-08-02 19:33 159832 ----a-w- c:\program files\Common Files\AOL\1124775366\ee\AOLHostManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 23:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 04:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 23:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 23:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
2007-08-04 06:33 582992 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
2006-04-16 03:46 190024 ----a-w- c:\program files\MessengerPlus! 3\MsgPlus.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 11:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-02-02 20:11 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 08:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
2005-03-29 01:24 28616 ----a-w- c:\program files\WildTangent\Apps\CDA\GameDrvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 02:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2005-08-20 02:34 3084288 ----a-w- c:\program files\Yahoo!\Messenger\YPager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"iPod Service"=3 (0x3)
"ccPwdSvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AOL ACS"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"16613:TCP"= 16613:TCP:BitComet 16613 TCP
"16613:UDP"= 16613:UDP:BitComet 16613 UDP
.
R1 anf0100.sys;anf0100.sys;c:\windows\system32\drivers\anf0100.sys [8/29/2008 7:21 PM 9728]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [1/24/2009 4:27 PM 266240]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/24/2011 3:45 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/24/2011 3:45 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [12/20/2011 4:49 PM 41272]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 3:22 PM 24652]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - DCFS2K
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:34]
.
2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-24 23:45]
.
2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-24 23:45]
.
2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-03-02 23:10]
.
2008-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-03-02 23:10]
.
2012-01-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
2011-12-28 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-08-08 19:24]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Richard\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} - hxxp://www.activeworlds.com/products/ActiveWorldsDownload.cab
DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} - hxxp://sc.scenecaster.com/release_3_10_41/View22RTEv4.cab
DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} - hxxps://secure.gopetslive.com/dev/gopets.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1t6r0mx.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Microsoft Works Update Detection - c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
HKLM-Run-YdIOpOsTlLdDd.exe - c:\documents and settings\All Users\Application Data\YdIOpOsTlLdDd.exe
HKLM-Run-jdiNQqhyasYS.exe - c:\documents and settings\All Users\Application Data\jdiNQqhyasYS.exe
Notify-dimsntfy - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Media Codec Update Service - c:\documents and settings\Richard\Desktop\\Essentials Codec Pack\update.exe
MSConfigStartUp-MoneyAgent - c:\program files\Microsoft Money\System\mnyexpr.exe
MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
MSConfigStartUp-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
MSConfigStartUp-YMailAdvisor - c:\program files\Yahoo!\Common\YMailAdvisor.exe
MSConfigStartUp-YSearchProtection - c:\program files\Yahoo!\Search Protection\YspService.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-01 20:01
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD800BB-75JHC0 rev.06.01C06 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x82E962C6
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\.mfp]
@DACL=(02 0000)
@="MacromediaFlashPaper.MacromediaFlashPaper"
"Content Type"="application/x-shockwave-flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\.sol]
@DACL=(02 0000)
"Content Type"="text/plain"
.
[HKEY_LOCAL_MACHINE\software\Classes\.sor]
@DACL=(02 0000)
"Content Type"="text/plain"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(624)
c:\windows\system32\WININET.dll
.
Completion time: 2012-01-01 20:16:35
ComboFix-quarantined-files.txt 2012-01-02 04:15
.
Pre-Run: 5,182,083,072 bytes free
Post-Run: 5,890,461,696 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - CA877614E9016F3E8475625D9C14524D
Back to top
View user's profile Send private message
evo8
Junior Member


Joined: 27 Dec 2011
Last Visit: 11 Jan 2012
Posts: 12

PostPosted: Sun Jan 01, 2012 8:28 pm    Post subject: Reply with quote

i ran combo fix in safe mode,if it matters. also my keyboard stopped working, im using the on screen keboard.


the log:


ComboFix 12-01-01.06 - Administrator 01/01/2012 19:09:00.1.1 - x86 NETWORK
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\jdiNQqhyasYS.exe
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\YdIOpOsTlLdDd.exe
c:\documents and settings\Andrew\WINDOWS
c:\documents and settings\NetworkService\Local Settings\Application Data\fin.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15.inf
c:\windows\Downloaded Program Files\Temp
c:\windows\SET49F.tmp
c:\windows\SET64A.tmp
c:\windows\system32\_004195_.tmp.dll
c:\windows\system32\_004196_.tmp.dll
c:\windows\system32\_004197_.tmp.dll
c:\windows\system32\_004198_.tmp.dll
c:\windows\system32\_004201_.tmp.dll
c:\windows\system32\_004202_.tmp.dll
c:\windows\system32\_004203_.tmp.dll
c:\windows\system32\_004204_.tmp.dll
c:\windows\system32\_004205_.tmp.dll
c:\windows\system32\_004206_.tmp.dll
c:\windows\system32\_004207_.tmp.dll
c:\windows\system32\_004208_.tmp.dll
c:\windows\system32\_004210_.tmp.dll
c:\windows\system32\_004211_.tmp.dll
c:\windows\system32\_004214_.tmp.dll
c:\windows\system32\_004215_.tmp.dll
c:\windows\system32\_004217_.tmp.dll
c:\windows\system32\_004218_.tmp.dll
c:\windows\system32\_004219_.tmp.dll
c:\windows\system32\_004221_.tmp.dll
c:\windows\system32\_004223_.tmp.dll
c:\windows\system32\_004224_.tmp.dll
c:\windows\system32\_004225_.tmp.dll
c:\windows\system32\_004226_.tmp.dll
c:\windows\system32\_004227_.tmp.dll
c:\windows\system32\_004229_.tmp.dll
c:\windows\system32\_004230_.tmp.dll
c:\windows\system32\_004231_.tmp.dll
c:\windows\system32\_004232_.tmp.dll
c:\windows\system32\_004233_.tmp.dll
c:\windows\system32\_004235_.tmp.dll
c:\windows\system32\_004237_.tmp.dll
c:\windows\system32\_004238_.tmp.dll
c:\windows\system32\_004239_.tmp.dll
c:\windows\system32\_004240_.tmp.dll
c:\windows\system32\_004241_.tmp.dll
c:\windows\system32\_004242_.tmp.dll
c:\windows\system32\_004243_.tmp.dll
c:\windows\system32\_004244_.tmp.dll
c:\windows\system32\_004245_.tmp.dll
c:\windows\system32\_004246_.tmp.dll
c:\windows\system32\_004247_.tmp.dll
c:\windows\system32\_004248_.tmp.dll
c:\windows\system32\_004250_.tmp.dll
c:\windows\system32\_004251_.tmp.dll
c:\windows\system32\_004252_.tmp.dll
c:\windows\system32\_004253_.tmp.dll
c:\windows\system32\_004255_.tmp.dll
c:\windows\system32\_004256_.tmp.dll
c:\windows\system32\_004257_.tmp.dll
c:\windows\system32\_004260_.tmp.dll
c:\windows\system32\_004261_.tmp.dll
c:\windows\system32\_004265_.tmp.dll
c:\windows\system32\_004266_.tmp.dll
c:\windows\system32\_004268_.tmp.dll
c:\windows\system32\_004271_.tmp.dll
c:\windows\system32\_004273_.tmp.dll
c:\windows\system32\_004274_.tmp.dll
c:\windows\system32\_004275_.tmp.dll
c:\windows\system32\_004276_.tmp.dll
c:\windows\system32\_004279_.tmp.dll
c:\windows\system32\_004280_.tmp.dll
c:\windows\system32\_004281_.tmp.dll
c:\windows\system32\_004282_.tmp.dll
c:\windows\system32\_004283_.tmp.dll
c:\windows\system32\_004288_.tmp.dll
c:\windows\system32\_004290_.tmp.dll
c:\windows\system32\SET105C.tmp
c:\windows\system32\SET1064.tmp
c:\windows\system32\SET1095.tmp
c:\windows\system32\SET1097.tmp
c:\windows\system32\SET1203.tmp
c:\windows\system32\SET1207.tmp
c:\windows\system32\SET120F.tmp
c:\windows\system32\SET1240.tmp
c:\windows\system32\SET1242.tmp
c:\windows\system32\SET1AB.tmp
c:\windows\system32\SET1AC.tmp
c:\windows\system32\SET1AD.tmp
c:\windows\system32\SET1AE.tmp
c:\windows\system32\SET1B0.tmp
c:\windows\system32\SET1B2.tmp
c:\windows\system32\SET1B9.tmp
c:\windows\system32\SET1BA.tmp
c:\windows\system32\SET1BD.tmp
c:\windows\system32\SET1C2.tmp
c:\windows\system32\SET1C3.tmp
c:\windows\system32\SET1C4.tmp
c:\windows\system32\SET1C6.tmp
c:\windows\system32\SET1C7.tmp
c:\windows\system32\SET1C8.tmp
c:\windows\system32\SET1C9.tmp
c:\windows\system32\SET1CA.tmp
c:\windows\system32\SET1CC.tmp
c:\windows\system32\SET1CD.tmp
c:\windows\system32\SET1CE.tmp
c:\windows\system32\SET1D1.tmp
c:\windows\system32\SET1D8.tmp
c:\windows\system32\SET1D9.tmp
c:\windows\system32\SET1DA.tmp
c:\windows\system32\SET1DD.tmp
c:\windows\system32\SET1DF.tmp
c:\windows\system32\SET1E0.tmp
c:\windows\system32\SET1E7.tmp
c:\windows\system32\SET1EA.tmp
c:\windows\system32\SET1EB.tmp
c:\windows\system32\SET1ED.tmp
c:\windows\system32\SET1F2.tmp
c:\windows\system32\SET1F3.tmp
c:\windows\system32\SET1F4.tmp
c:\windows\system32\SET1F5.tmp
c:\windows\system32\SET1F6.tmp
c:\windows\system32\SET1FC.tmp
c:\windows\system32\SET201.tmp
c:\windows\system32\SET202.tmp
c:\windows\system32\SET205.tmp
c:\windows\system32\SET208.tmp
c:\windows\system32\SET209.tmp
c:\windows\system32\SET210.tmp
c:\windows\system32\SET211.tmp
c:\windows\system32\SET213.tmp
c:\windows\system32\SET216.tmp
c:\windows\system32\SET217.tmp
c:\windows\system32\SET220.tmp
c:\windows\system32\SET221.tmp
c:\windows\system32\SET224.tmp
c:\windows\system32\SET226.tmp
c:\windows\system32\SET227.tmp
c:\windows\system32\SET228.tmp
c:\windows\system32\SET229.tmp
c:\windows\system32\SET22A.tmp
c:\windows\system32\SET22B.tmp
c:\windows\system32\SET22F.tmp
c:\windows\system32\SET23B.tmp
c:\windows\system32\SET240.tmp
c:\windows\system32\SET242.tmp
c:\windows\system32\SET244.tmp
c:\windows\system32\SET245.tmp
c:\windows\system32\SET246.tmp
c:\windows\system32\SET249.tmp
c:\windows\system32\SET24A.tmp
c:\windows\system32\SET24E.tmp
c:\windows\system32\SET24F.tmp
c:\windows\system32\SET253.tmp
c:\windows\system32\SET254.tmp
c:\windows\system32\SET25A.tmp
c:\windows\system32\SET25B.tmp
c:\windows\system32\SET25C.tmp
c:\windows\system32\SET264.tmp
c:\windows\system32\SET26A.tmp
c:\windows\system32\SET26B.tmp
c:\windows\system32\SET26C.tmp
c:\windows\system32\SET26D.tmp
c:\windows\system32\SET26F.tmp
c:\windows\system32\SET275.tmp
c:\windows\system32\SET281.tmp
c:\windows\system32\SET283.tmp
c:\windows\system32\SET285.tmp
c:\windows\system32\SET286.tmp
c:\windows\system32\SET287.tmp
c:\windows\system32\SET292.tmp
c:\windows\system32\SET294.tmp
c:\windows\system32\SET295.tmp
c:\windows\system32\SET298.tmp
c:\windows\system32\SET29A.tmp
c:\windows\system32\SET29D.tmp
c:\windows\system32\SET2AC.tmp
c:\windows\system32\SET2AF.tmp
c:\windows\system32\SET2B0.tmp
c:\windows\system32\SET2B7.tmp
c:\windows\system32\SET2B8.tmp
c:\windows\system32\SET2BB.tmp
c:\windows\system32\SET2BC.tmp
c:\windows\system32\SET2BD.tmp
c:\windows\system32\SET2BE.tmp
c:\windows\system32\SET2BF.tmp
c:\windows\system32\SET2C1.tmp
c:\windows\system32\SET2C2.tmp
c:\windows\system32\SET2C3.tmp
c:\windows\system32\SET2C5.tmp
c:\windows\system32\SET2C6.tmp
c:\windows\system32\SET2C7.tmp
c:\windows\system32\SET2C9.tmp
c:\windows\system32\SET2CC.tmp
c:\windows\system32\SET2D1.tmp
c:\windows\system32\SET2D2.tmp
c:\windows\system32\SET2D3.tmp
c:\windows\system32\SET2D8.tmp
c:\windows\system32\SET2D9.tmp
c:\windows\system32\SET2DA.tmp
c:\windows\system32\SET2DC.tmp
c:\windows\system32\SET2DF.tmp
c:\windows\system32\SET2E1.tmp
c:\windows\system32\SET2E2.tmp
c:\windows\system32\SET2E5.tmp
c:\windows\system32\SET2E6.tmp
c:\windows\system32\SET2E7.tmp
c:\windows\system32\SET2E8.tmp
c:\windows\system32\SET2E9.tmp
c:\windows\system32\SET2EB.tmp
c:\windows\system32\SET2EC.tmp
c:\windows\system32\SET2ED.tmp
c:\windows\system32\SET2EF.tmp
c:\windows\system32\SET2F0.tmp
c:\windows\system32\SET2F2.tmp
c:\windows\system32\SET2F4.tmp
c:\windows\system32\SET2F8.tmp
c:\windows\system32\SET2FB.tmp
c:\windows\system32\SET2FC.tmp
c:\windows\system32\SET2FD.tmp
c:\windows\system32\SET2FE.tmp
c:\windows\system32\SET2FF.tmp
c:\windows\system32\SET302.tmp
c:\windows\system32\SET303.tmp
c:\windows\system32\SET304.tmp
c:\windows\system32\SET309.tmp
c:\windows\system32\SET30A.tmp
c:\windows\system32\SET30B.tmp
c:\windows\system32\SET30C.tmp
c:\windows\system32\SET30D.tmp
c:\windows\system32\SET30E.tmp
c:\windows\system32\SET30F.tmp
c:\windows\system32\SET311.tmp
c:\windows\system32\SET312.tmp
c:\windows\system32\SET313.tmp
c:\windows\system32\SET314.tmp
c:\windows\system32\SET315.tmp
c:\windows\system32\SET316.tmp
c:\windows\system32\SET317.tmp
c:\windows\system32\SET318.tmp
c:\windows\system32\SET319.tmp
c:\windows\system32\SET31A.tmp
c:\windows\system32\SET31B.tmp
c:\windows\system32\SET31C.tmp
c:\windows\system32\SET31D.tmp
c:\windows\system32\SET31F.tmp
c:\windows\system32\SET320.tmp
c:\windows\system32\SET321.tmp
c:\windows\system32\SET322.tmp
c:\windows\system32\SET325.tmp
c:\windows\system32\SET327.tmp
c:\windows\system32\SET329.tmp
c:\windows\system32\SET32B.tmp
c:\windows\system32\SET32C.tmp
c:\windows\system32\SET32D.tmp
c:\windows\system32\SET32F.tmp
c:\windows\system32\SET331.tmp
c:\windows\system32\SET333.tmp
c:\windows\system32\SET334.tmp
c:\windows\system32\SET335.tmp
c:\windows\system32\SET336.tmp
c:\windows\system32\SET338.tmp
c:\windows\system32\SET339.tmp
c:\windows\system32\SET33B.tmp
c:\windows\system32\SET33D.tmp
c:\windows\system32\SET33E.tmp
c:\windows\system32\SET33F.tmp
c:\windows\system32\SET346.tmp
c:\windows\system32\SET348.tmp
c:\windows\system32\SET349.tmp
c:\windows\system32\SET34A.tmp
c:\windows\system32\SET34B.tmp
c:\windows\system32\SET34D.tmp
c:\windows\system32\SET34E.tmp
c:\windows\system32\SET34F.tmp
c:\windows\system32\SET350.tmp
c:\windows\system32\SET352.tmp
c:\windows\system32\SET356.tmp
c:\windows\system32\SET357.tmp
c:\windows\system32\SET358.tmp
c:\windows\system32\SET359.tmp
c:\windows\system32\SET35A.tmp
c:\windows\system32\SET35B.tmp
c:\windows\system32\SET361.tmp
c:\windows\system32\SET362.tmp
c:\windows\system32\SET363.tmp
c:\windows\system32\SET367.tmp
c:\windows\system32\SET369.tmp
c:\windows\system32\SET36A.tmp
c:\windows\system32\SET36B.tmp
c:\windows\system32\SET36C.tmp
c:\windows\system32\SET36F.tmp
c:\windows\system32\SET370.tmp
c:\windows\system32\SET373.tmp
c:\windows\system32\SET374.tmp
c:\windows\system32\SET37B.tmp
c:\windows\system32\SET37C.tmp
c:\windows\system32\SET37E.tmp
c:\windows\system32\SET37F.tmp
c:\windows\system32\SET382.tmp
c:\windows\system32\SET383.tmp
c:\windows\system32\SET384.tmp
c:\windows\system32\SET385.tmp
c:\windows\system32\SET386.tmp
c:\windows\system32\SET38C.tmp
c:\windows\system32\SET38D.tmp
c:\windows\system32\SET390.tmp
c:\windows\system32\SET392.tmp
c:\windows\system32\SET393.tmp
c:\windows\system32\SET396.tmp
c:\windows\system32\SET398.tmp
c:\windows\system32\SET399.tmp
c:\windows\system32\SET39A.tmp
c:\windows\system32\SET39B.tmp
c:\windows\system32\SET39C.tmp
c:\windows\system32\SET39D.tmp
c:\windows\system32\SET39E.tmp
c:\windows\system32\SET39F.tmp
c:\windows\system32\SET3A3.tmp
c:\windows\system32\SET3A4.tmp
c:\windows\system32\SET3A6.tmp
c:\windows\system32\SET3A7.tmp
c:\windows\system32\SET3AD.tmp
c:\windows\system32\SET3B1.tmp
c:\windows\system32\SET3B4.tmp
c:\windows\system32\SET3B9.tmp
c:\windows\system32\SET3BA.tmp
c:\windows\system32\SET3BB.tmp
c:\windows\system32\SET3BD.tmp
c:\windows\system32\SET3BF.tmp
c:\windows\system32\SET3C0.tmp
c:\windows\system32\SET3C1.tmp
c:\windows\system32\SET3C2.tmp
c:\windows\system32\SET3C3.tmp
c:\windows\system32\SET3C4.tmp
c:\windows\system32\SET3C5.tmp
c:\windows\system32\SET3C8.tmp
c:\windows\system32\SET3C9.tmp
c:\windows\system32\SET3CD.tmp
c:\windows\system32\SET3CE.tmp
c:\windows\system32\SET3CF.tmp
c:\windows\system32\SET3D3.tmp
c:\windows\system32\SET3D4.tmp
c:\windows\system32\SET3D5.tmp
c:\windows\system32\SET3DA.tmp
c:\windows\system32\SET3DB.tmp
c:\windows\system32\SET3DC.tmp
c:\windows\system32\SET3DD.tmp
c:\windows\system32\SET3DE.tmp
c:\windows\system32\SET3E6.tmp
c:\windows\system32\SET3EA.tmp
c:\windows\system32\SET3EB.tmp
c:\windows\system32\SET3EE.tmp
c:\windows\system32\SET3EF.tmp
c:\windows\system32\SET3F0.tmp
c:\windows\system32\SET3F1.tmp
c:\windows\system32\SET3F3.tmp
c:\windows\system32\SET3F9.tmp
c:\windows\system32\SET405.tmp
c:\windows\system32\SET407.tmp
c:\windows\system32\SET409.tmp
c:\windows\system32\SET40A.tmp
c:\windows\system32\SET40B.tmp
c:\windows\system32\SET40C.tmp
c:\windows\system32\SET40D.tmp
c:\windows\system32\SET40E.tmp
c:\windows\system32\SET410.tmp
c:\windows\system32\SET415.tmp
c:\windows\system32\SET417.tmp
c:\windows\system32\SET41C.tmp
c:\windows\system32\SET41E.tmp
c:\windows\system32\SET41F.tmp
c:\windows\system32\SET420.tmp
c:\windows\system32\SET421.tmp
c:\windows\system32\SET422.tmp
c:\windows\system32\SET423.tmp
c:\windows\system32\SET424.tmp
c:\windows\system32\SET425.tmp
c:\windows\system32\SET427.tmp
c:\windows\system32\SET429.tmp
c:\windows\system32\SET42A.tmp
c:\windows\system32\SET42B.tmp
c:\windows\system32\SET42C.tmp
c:\windows\system32\SET42E.tmp
c:\windows\system32\SET42F.tmp
c:\windows\system32\SET431.tmp
c:\windows\system32\SET433.tmp
c:\windows\system32\SET436.tmp
c:\windows\system32\SET437.tmp
c:\windows\system32\SET43F.tmp
c:\windows\system32\SET445.tmp
c:\windows\system32\SET446.tmp
c:\windows\system32\SET449.tmp
c:\windows\system32\SET44A.tmp
c:\windows\system32\SET44B.tmp
c:\windows\system32\SET44E.tmp
c:\windows\system32\SET451.tmp
c:\windows\system32\SET453.tmp
c:\windows\system32\SET455.tmp
c:\windows\system32\SET456.tmp
c:\windows\system32\SET457.tmp
c:\windows\system32\SET459.tmp
c:\windows\system32\SET45A.tmp
c:\windows\system32\SET45C.tmp
c:\windows\system32\SET45D.tmp
c:\windows\system32\SET45E.tmp
c:\windows\system32\SET45F.tmp
c:\windows\system32\SET460.tmp
c:\windows\system32\SET461.tmp
c:\windows\system32\SET462.tmp
c:\windows\system32\SET463.tmp
c:\windows\system32\SET464.tmp
c:\windows\system32\SET466.tmp
c:\windows\system32\SET467.tmp
c:\windows\system32\SET468.tmp
c:\windows\system32\SET469.tmp
c:\windows\system32\SET46B.tmp
c:\windows\system32\SET46C.tmp
c:\windows\system32\SET46D.tmp
c:\windows\system32\SET46E.tmp
c:\windows\system32\SET470.tmp
c:\windows\system32\SET471.tmp
c:\windows\system32\SET474.tmp
c:\windows\system32\SET475.tmp
c:\windows\system32\SET477.tmp
c:\windows\system32\SET479.tmp
c:\windows\system32\SET47C.tmp
c:\windows\system32\SET47D.tmp
c:\windows\system32\SET47E.tmp
c:\windows\system32\SET483.tmp
c:\windows\system32\SET484.tmp
c:\windows\system32\SET485.tmp
c:\windows\system32\SET487.tmp
c:\windows\system32\SET48A.tmp
c:\windows\system32\SET48C.tmp
c:\windows\system32\SET48D.tmp
c:\windows\system32\SET490.tmp
c:\windows\system32\SET491.tmp
c:\windows\system32\SET494.tmp
c:\windows\system32\SET497.tmp
c:\windows\system32\SET498.tmp
c:\windows\system32\SET49A.tmp
c:\windows\system32\SET49F.tmp
c:\windows\system32\SET4A3.tmp
c:\windows\system32\SET4A7.tmp
c:\windows\system32\SET4A9.tmp
c:\windows\system32\SET4AA.tmp
c:\windows\system32\SET4AD.tmp
c:\windows\system32\SET4AE.tmp
c:\windows\system32\SET4B4.tmp
c:\windows\system32\SET4B5.tmp
c:\windows\system32\SET4B7.tmp
c:\windows\system32\SET4B8.tmp
c:\windows\system32\SET4BE.tmp
c:\windows\system32\SET4BF.tmp
c:\windows\system32\SET4C0.tmp
c:\windows\system32\SET4C1.tmp
c:\windows\system32\SET4C2.tmp
c:\windows\system32\SET4C3.tmp
c:\windows\system32\SET4C5.tmp
c:\windows\system32\SET4C7.tmp
c:\windows\system32\SET4CA.tmp
c:\windows\system32\SET4D4.tmp
c:\windows\system32\SET4D6.tmp
c:\windows\system32\SET4D7.tmp
c:\windows\system32\SET4D8.tmp
c:\windows\system32\SET4DA.tmp
c:\windows\system32\SET4DC.tmp
c:\windows\system32\SET4E1.tmp
c:\windows\system32\SET4E3.tmp
c:\windows\system32\SET4E4.tmp
c:\windows\system32\SET4EA.tmp
c:\windows\system32\SET4F5.tmp
c:\windows\system32\SET4F8.tmp
c:\windows\system32\SET4F9.tmp
c:\windows\system32\SET4FA.tmp
c:\windows\system32\SET4FD.tmp
c:\windows\system32\SET505.tmp
c:\windows\system32\SET50C.tmp
c:\windows\system32\SET50E.tmp
c:\windows\system32\SET512.tmp
c:\windows\system32\SET514.tmp
c:\windows\system32\SET516.tmp
c:\windows\system32\SET51A.tmp
c:\windows\system32\SET529.tmp
c:\windows\system32\SET52D.tmp
c:\windows\system32\SET52F.tmp
c:\windows\system32\SET531.tmp
c:\windows\system32\SET537.tmp
c:\windows\system32\SET538.tmp
c:\windows\system32\SET53B.tmp
c:\windows\system32\SET546.tmp
c:\windows\system32\SET549.tmp
c:\windows\system32\SET54F.tmp
c:\windows\system32\SET551.tmp
c:\windows\system32\SET552.tmp
c:\windows\system32\SET558.tmp
c:\windows\system32\SET55C.tmp
c:\windows\system32\SET565.tmp
c:\windows\system32\SET566.tmp
c:\windows\system32\SET56A.tmp
c:\windows\system32\SET56C.tmp
c:\windows\system32\SET56D.tmp
c:\windows\system32\SET56E.tmp
c:\windows\system32\SET576.tmp
c:\windows\system32\SET57A.tmp
c:\windows\system32\SET57F.tmp
c:\windows\system32\SET585.tmp
c:\windows\system32\SET595.tmp
c:\windows\system32\SET596.tmp
c:\windows\system32\SET5B8.tmp
c:\windows\system32\SET5BB.tmp
c:\windows\system32\SET5C0.tmp
c:\windows\system32\SET5C2.tmp
c:\windows\system32\SET5C9.tmp
c:\windows\system32\SET5CA.tmp
c:\windows\system32\SET5CB.tmp
c:\windows\system32\SET5CD.tmp
c:\windows\system32\SET5CE.tmp
c:\windows\system32\SET5CF.tmp
c:\windows\system32\SET5D0.tmp
c:\windows\system32\SET5D2.tmp
c:\windows\system32\SET5D4.tmp
c:\windows\system32\SET5D5.tmp
c:\windows\system32\SET5D7.tmp
c:\windows\system32\SET5DA.tmp
c:\windows\system32\SET5DC.tmp
c:\windows\system32\SET5E1.tmp
c:\windows\system32\SET5E2.tmp
c:\windows\system32\SET5EA.tmp
c:\windows\system32\SET5F1.tmp
c:\windows\system32\SET5F6.tmp
c:\windows\system32\SET5F9.tmp
c:\windows\system32\SET5FC.tmp
c:\windows\system32\SET5FE.tmp
c:\windows\system32\SET602.tmp
c:\windows\system32\SET604.tmp
c:\windows\system32\SET605.tmp
c:\windows\system32\SET606.tmp
c:\windows\system32\SET609.tmp
c:\windows\system32\SET60A.tmp
c:\windows\system32\SET60E.tmp
c:\windows\system32\SET60F.tmp
c:\windows\system32\SET614.tmp
c:\windows\system32\SET619.tmp
c:\windows\system32\SET61C.tmp
c:\windows\system32\SET620.tmp
c:\windows\system32\SET622.tmp
c:\windows\system32\SET624.tmp
c:\windows\system32\setb0.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-12-02 to 2012-01-02 )))))))))))))))))))))))))))))))
.
.
2011-12-28 00:43 . 2011-12-28 00:44 -------- d-----w- c:\documents and settings\Administrator
2011-12-23 01:41 . 2004-08-04 08:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-12-23 01:31 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-12-23 01:30 . 2004-08-04 06:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-12-23 01:13 . 2001-08-17 22:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-12-21 00:49 . 2011-12-21 00:49 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-20 03:33 . 2011-12-21 00:28 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{BAFD9EAB-6AC2-44E0-927D-097D9BAF6C81}\offreg.dll
2011-12-16 22:00 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{BAFD9EAB-6AC2-44E0-927D-097D9BAF6C81}\mpengine.dll
2011-12-14 20:43 . 2011-12-14 20:43 -------- d-----w- c:\program files\Opera
2011-12-11 23:39 . 2012-01-02 01:26 715216 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2011-12-11 23:39 . 2012-01-02 01:25 19928 ----a-w- c:\program files\Mozilla Firefox\xpcom.dll
2011-12-11 23:39 . 2012-01-02 01:25 16096216 ----a-w- c:\program files\Mozilla Firefox\xul.dll
2011-12-11 23:39 . 2012-01-02 01:25 269272 ----a-w- c:\program files\Mozilla Firefox\updater.exe
2011-12-11 23:39 . 2012-01-02 01:26 154584 ----a-w- c:\program files\Mozilla Firefox\ssl3.dll
2011-12-11 23:39 . 2012-01-02 01:26 105432 ----a-w- c:\program files\Mozilla Firefox\smime3.dll
2011-12-11 23:39 . 2012-01-02 01:26 170968 ----a-w- c:\program files\Mozilla Firefox\softokn3.dll
2011-12-08 06:13 . 2011-12-08 06:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:47 . 2008-03-27 19:34 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-01-02 01:26 . 2012-01-02 01:26 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2003-12-12 70800]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-09-15 100056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-08-14 58488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 19:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
2006-08-01 22:35 67112 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2005-08-02 19:33 159832 ----a-w- c:\program files\Common Files\AOL\1124775366\ee\AOLHostManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 23:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 04:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 23:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 23:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
2007-08-04 06:33 582992 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
2006-04-16 03:46 190024 ----a-w- c:\program files\MessengerPlus! 3\MsgPlus.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 11:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-02-02 20:11 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 08:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
2005-03-29 01:24 28616 ----a-w- c:\program files\WildTangent\Apps\CDA\GameDrvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 02:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2005-08-20 02:34 3084288 ----a-w- c:\program files\Yahoo!\Messenger\YPager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"iPod Service"=3 (0x3)
"ccPwdSvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AOL ACS"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"16613:TCP"= 16613:TCP:BitComet 16613 TCP
"16613:UDP"= 16613:UDP:BitComet 16613 UDP
.
R1 anf0100.sys;anf0100.sys;c:\windows\system32\drivers\anf0100.sys [8/29/2008 7:21 PM 9728]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [1/24/2009 4:27 PM 266240]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/24/2011 3:45 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/24/2011 3:45 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [12/20/2011 4:49 PM 41272]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 3:22 PM 24652]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - DCFS2K
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:34]
.
2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-24 23:45]
.
2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-24 23:45]
.
2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-03-02 23:10]
.
2008-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-03-02 23:10]
.
2012-01-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
2011-12-28 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-08-08 19:24]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Richard\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} - hxxp://www.activeworlds.com/products/ActiveWorldsDownload.cab
DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} - hxxp://sc.scenecaster.com/release_3_10_41/View22RTEv4.cab
DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} - hxxps://secure.gopetslive.com/dev/gopets.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b1t6r0mx.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Microsoft Works Update Detection - c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
HKLM-Run-YdIOpOsTlLdDd.exe - c:\documents and settings\All Users\Application Data\YdIOpOsTlLdDd.exe
HKLM-Run-jdiNQqhyasYS.exe - c:\documents and settings\All Users\Application Data\jdiNQqhyasYS.exe
Notify-dimsntfy - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Media Codec Update Service - c:\documents and settings\Richard\Desktop\\Essentials Codec Pack\update.exe
MSConfigStartUp-MoneyAgent - c:\program files\Microsoft Money\System\mnyexpr.exe
MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
MSConfigStartUp-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
MSConfigStartUp-YMailAdvisor - c:\program files\Yahoo!\Common\YMailAdvisor.exe
MSConfigStartUp-YSearchProtection - c:\program files\Yahoo!\Search Protection\YspService.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-01 20:01
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD800BB-75JHC0 rev.06.01C06 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x82E962C6
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\.mfp]
@DACL=(02 0000)
@="MacromediaFlashPaper.MacromediaFlashPaper"
"Content Type"="application/x-shockwave-flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\.sol]
@DACL=(02 0000)
"Content Type"="text/plain"
.
[HKEY_LOCAL_MACHINE\software\Classes\.sor]
@DACL=(02 0000)
"Content Type"="text/plain"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(624)
c:\windows\system32\WININET.dll
.
Completion time: 2012-01-01 20:16:35
ComboFix-quarantined-files.txt 2012-01-02 04:15
.
Pre-Run: 5,182,083,072 bytes free
Post-Run: 5,890,461,696 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - CA877614E9016F3E8475625D9C14524D
Back to top
View user's profile Send private message
evo8
Junior Member


Joined: 27 Dec 2011
Last Visit: 11 Jan 2012
Posts: 12

PostPosted: Sun Jan 01, 2012 8:31 pm    Post subject: Reply with quote

I apologize, I didn't mean to double post.
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 24 Jul 2014
Posts: 4571
Location: Land Of The Leprechauns

PostPosted: Mon Jan 02, 2012 3:24 am    Post subject: Reply with quote

Hi evo8,
Quote:
I apologize, I didn't mean to double post.

No problem, it happens sometimes when the forum software is running slow.

Lets see if you can run Malwarebytes Anti-Malware now.
  • Launch the application, Check for Updates >> Perform Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

Please download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

  • Please post the contents of these 2 Notepad files in your next reply.


Logs/Information to Post in your Next Reply
  • Malwarebytes log.
  • OTL.txt and Extra.txt contents.
  • Please give me an update on your computers performance.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
evo8
Junior Member


Joined: 27 Dec 2011
Last Visit: 11 Jan 2012
Posts: 12

PostPosted: Mon Jan 02, 2012 6:57 pm    Post subject: Reply with quote

I am typing this from another computer. Malwarebytes ran and detected 6 items. I then selected "yes" to restart the computer but upon restart I believe I received the "blue screen of death" I receved the following codes:


Stop:0x0000007E(OxC00000005, 0xF8A4915E,0xF8A87864,0xF8A87560)

kdccom.dll - Address F8A4915E

base at F8A48000, Datestamp 4ed8a0bd.



I also had to manually unplug the computer, It seems to be working in safe mode, I'll attempt to post the malwarebytes log.
Back to top
View user's profile Send private message
evo8
Junior Member


Joined: 27 Dec 2011
Last Visit: 11 Jan 2012
Posts: 12

PostPosted: Mon Jan 02, 2012 7:05 pm    Post subject: Reply with quote

ok, it seems to work in safe mode but my keyboard has stopped working once again. it will randomly sop working after certain fixes. i will post the mbma log and then try to run otl.

mbma log:


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.02.06

Windows XP Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 7.0.5730.13
Administrator :: ELIZABET-6F623A [administrator]

1/2/2012 5:22:25 PM
mbam-log-2012-01-02 (17-22-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 312249
Time elapsed: 1 hour(s), 12 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCR\ah|Content Type (Rogue.MultipleAV) -> Data: application/x-msdownload -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\fin.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\WINDOWS\temp\X3G46bXHKgIURi.exe.tmp (Rogue.FakeHDD) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\wera0.8803632924377938.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\oiu0.17529447135873122.exe (Exploit.Drop.7) -> Delete on reboot.

(end)
Back to top
View user's profile Send private message
evo8
Junior Member


Joined: 27 Dec 2011
Last Visit: 11 Jan 2012
Posts: 12

PostPosted: Mon Jan 02, 2012 7:07 pm    Post subject: Reply with quote

ok, it seems to work in safe mode but my keyboard has stopped working once again. it will randomly sop working after certain fixes. i will post the mbma log and then try to run otl.

mbma log:


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.02.06

Windows XP Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 7.0.5730.13
Administrator :: ELIZABET-6F623A [administrator]

1/2/2012 5:22:25 PM
mbam-log-2012-01-02 (17-22-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 312249
Time elapsed: 1 hour(s), 12 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCR\ah|Content Type (Rogue.MultipleAV) -> Data: application/x-msdownload -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\fin.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\WINDOWS\temp\X3G46bXHKgIURi.exe.tmp (Rogue.FakeHDD) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\wera0.8803632924377938.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\oiu0.17529447135873122.exe (Exploit.Drop.7) -> Delete on reboot.

(end)
Back to top
View user's profile Send private message
evo8
Junior Member


Joined: 27 Dec 2011
Last Visit: 11 Jan 2012
Posts: 12

PostPosted: Mon Jan 02, 2012 7:17 pm    Post subject: Reply with quote

the otl.txt log:


OTL logfile created on: 1/2/2012 7:08:48 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 262.63 Mb Available Physical Memory | 51.50% Memory free
1.22 Gb Paging File | 1.01 Gb Available in Paging File | 82.84% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 5.40 Gb Free Space | 7.24% Space Free | Partition Type: NTFS

Computer Name: ELIZABET-6F623A | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/02 19:07:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2012/01/01 17:26:10 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/01 17:26:08 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (gusvc)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2009/01/24 16:27:33 | 000,266,240 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/08/04 03:08:06 | 000,749,904 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/07/22 20:15:18 | 002,376,992 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/04/05 10:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/30 15:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2005/02/28 15:56:32 | 000,218,736 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2004/08/13 20:17:48 | 000,164,984 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/08/13 20:17:46 | 000,078,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/08/13 20:17:40 | 000,197,752 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2003/10/30 17:48:46 | 001,392,744 | ---- | M] (America Online, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2003/01/10 16:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2012/01/02 17:21:29 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2008/09/18 18:15:14 | 000,148,496 | ---- | M] (Kaspersky Lab) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2008/06/10 16:07:16 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/06/10 16:07:16 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/10/03 17:21:12 | 000,009,728 | ---- | M] (Netmarketing Pawel Wisniewski) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\anf0100.sys -- (anf0100.sys)
DRV - [2005/07/28 13:52:18 | 000,123,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/06/16 13:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005/04/05 10:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/05 10:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/04/05 10:16:58 | 000,036,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2005/04/05 10:16:56 | 000,047,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2005/04/05 10:16:54 | 000,173,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2005/04/05 10:16:52 | 000,011,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2005/03/31 07:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 06:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 06:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005/03/31 06:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 06:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/06/30 17:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1202660629-2000478354-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files\Mozilla Firefox\plugins
pArtistScope42.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Documents and Settings\Richard\Desktop\\DivX\DivX Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Documents and Settings\Richard\Desktop\\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@ei.TVvie_4g.com/Plugin: C:\Program Files\TVvie_4gEI\Installr\2.bin\NP4gEISB.dll (TVvie)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll ( )
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/02/02 12:15:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/11 18:06:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/01 17:26:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/11 15:11:15 | 000,000,000 | ---D | M]

[2011/12/27 17:12:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/12/14 12:49:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/01 17:26:12 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/01/07 09:16:58 | 000,609,280 | ---- | M] (ArtistScope) -- C:\Program Files\mozilla firefox\plugins\npArtistScope42.dll
[2008/06/17 22:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/09/17 01:31:18 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/06/25 13:12:48 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll
[2012/01/01 17:26:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/01 17:26:01 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/01 20:00:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll File not found
O3 - HKLM\..\Toolbar: (Web assistant) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
O4 - HKLM..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\URLLSTCK.EXE (Symantec Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-2000478354-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1202660629-2000478354-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1202660629-2000478354-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1202660629-2000478354-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe File not found
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Richard\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (StagingUI Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} http://musicmix.messenger.msn.com/Medialogic.CAB (CMediaMix Object)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab (Minesweeper Flags Class)
O16 - DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} http://www.activeworlds.com/products/ActiveWorldsDownload.cab (ActiveWorldsDownload Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab (WildTangent Active Launcher)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (MSN Games Buddy Invite)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://moneycentral.msn.com/cabs/pmupd806.exe (MSN Money Charting)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab (ZonePAChat Object)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} http://verizon.exent.com/vzunlimited/classes/ExentCtl.ocx (ExentInf Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123645261203 (MUWebControl Class)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://ercwebcam.engin.umich.edu/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79344.cab (MSN Games Texas Holdem Poker)
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab (InetDownload Class)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} http://sc.scenecaster.com/release_3_10_41/View22RTEv4.cab (View22RTEv4 Class)
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} http://www.systemrequirementslab.com/sysreqlab.cab (System Requirements Lab Class)
O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_18)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} http://online.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab (Reg Error: Key error.)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (MSN Games Game Communicator)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave.com/content/zuma/sis/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab (Quantum Streaming IE Player Class)
O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} https://secure.gopetslive.com/dev/gopets.cab (GoPets Control)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx (Persits Software XUpload)
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://chat.msn.com/controls/msnchat45.cab (MSN Chat Control 4.5)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6AD90568-C989-4C81-8263-6CA293A1DC04}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/08 12:23:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = ] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-18\...exe [@ = ] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/02 18:40:22 | 000,000,000 | ---D | C] -- C:\Avenger
[2012/01/02 17:21:29 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/02 17:14:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/01/01 20:17:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/01/01 18:29:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/01 17:51:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/01 17:51:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/01 17:51:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/01 17:51:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/01 17:41:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/01 17:31:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/01 17:29:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/27 17:16:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2011/12/27 17:11:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2011/12/27 17:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2011/12/27 16:59:53 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\My Documents\dds.pif
[2011/12/27 16:58:09 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\My Documents\dds.com
[2011/12/27 16:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/12/27 16:51:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2011/12/27 16:51:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2011/12/27 16:51:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2011/12/27 16:51:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/12/27 16:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Opera
[2011/12/27 16:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2011/12/27 16:47:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Wildtangent
[2011/12/27 16:43:58 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2011/12/27 16:43:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\SendTo
[2011/12/27 16:43:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Application Data
[2011/12/27 16:43:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2011/12/27 16:43:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2011/12/27 16:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/12/27 16:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2011/12/27 16:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\NetHood
[2011/12/27 16:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2011/12/27 16:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2011/12/27 16:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2011/12/27 16:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2011/12/27 16:43:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2011/12/27 16:43:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2011/12/27 16:43:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2011/12/27 16:43:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Templates
[2011/12/19 21:39:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/14 12:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/12/07 22:13:06 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/02 18:58:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/02 18:50:32 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/02 18:47:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/02 17:21:29 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/02 17:17:27 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/02 17:17:27 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/02 17:17:10 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/02 16:11:20 | 040,478,780 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2012/01/02 16:11:13 | 3459,012,640 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2012/01/01 20:00:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/01 18:38:14 | 000,012,810 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\aaocluau6m6s
[2012/01/01 18:30:09 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/01 17:15:15 | 000,012,786 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\aaocluau6m6s
[2011/12/27 17:11:00 | 000,012,688 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2221133288
[2011/12/27 16:59:54 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\My Documents\dds.pif
[2011/12/27 16:58:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\My Documents\dds.com
[2011/12/27 16:32:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/27 16:28:51 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2011/12/27 16:25:38 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/14 12:56:30 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/14 12:56:30 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/14 12:49:36 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/12/14 12:43:47 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/07 22:13:06 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/12/06 23:31:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/02 17:17:27 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/02 17:17:27 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/01 18:30:08 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/01 18:29:44 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/01 17:51:20 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/01 17:51:19 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/01 17:51:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/01 17:51:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/01 17:51:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/30 16:40:48 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\aaocluau6m6s
[2011/12/27 17:10:56 | 000,012,786 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\aaocluau6m6s
[2011/12/27 17:10:56 | 000,012,688 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2221133288
[2011/12/27 16:43:58 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2011/12/27 16:39:20 | 000,012,810 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\aaocluau6m6s
[2011/12/27 16:39:20 | 000,012,810 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\aaocluau6m6s
[2011/12/22 17:23:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/14 12:58:07 | 000,000,366 | ---- | C] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2011/12/14 12:43:47 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2011/12/14 12:43:47 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/12/11 15:11:19 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/13 10:55:44 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/09/13 08:06:06 | 000,000,048 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/08/23 14:52:04 | 000,167,096 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/02 15:57:10 | 000,058,452 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/11 18:05:39 | 000,023,085 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2009/11/06 01:00:09 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/14 12:56:01 | 000,157,269 | ---- | C] () -- C:\WINDOWS\hphins25.dat
[2009/10/14 12:56:01 | 000,000,879 | ---- | C] () -- C:\WINDOWS\hphmdl25.dat
[2009/07/13 10:59:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/20 14:49:48 | 000,104,646 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2009/02/20 14:49:48 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2009/01/24 16:27:34 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\CSHelper.exe
[2008/11/17 13:26:06 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/07/20 16:01:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/06/23 17:41:14 | 004,755,968 | ---- | C] () -- C:\WINDOWS\System32\apexconverter.exe
[2008/06/22 23:06:24 | 000,000,893 | ---- | C] () -- C:\WINDOWS\System32\apexconverter.exe.stackdump
[2008/06/18 12:51:34 | 3459,012,640 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/06/18 12:34:34 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/06/13 22:22:56 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\AddiTunes.exe
[2008/06/13 22:22:55 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2008/06/13 22:22:55 | 000,003,045 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_iPod.ini
[2008/06/13 22:22:53 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/06/13 19:58:45 | 000,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008/06/13 19:58:32 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2008/06/13 19:58:31 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/06/13 19:58:30 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2008/06/13 19:58:30 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2008/06/13 19:58:29 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2008/06/10 16:07:20 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/22 14:18:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/04/28 16:08:38 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/04/28 16:08:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/04/28 16:08:38 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/04/11 21:52:16 | 000,888,832 | ---- | C] () -- C:\WINDOWS\System32\securenet.dll
[2007/08/13 19:59:37 | 000,000,031 | ---- | C] () -- C:\WINDOWS\warhead.ini
[2007/07/16 13:38:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\PControl.ini
[2007/03/31 11:54:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/03/04 12:30:28 | 000,039,060 | ---- | C] () -- C:\Program Files\Buffering2.jpg
[2007/03/04 12:30:28 | 000,039,047 | ---- | C] () -- C:\Program Files\Buffering5.jpg
[2007/03/04 12:30:28 | 000,039,040 | ---- | C] () -- C:\Program Files\Buffering1.jpg
[2007/03/04 12:30:28 | 000,039,038 | ---- | C] () -- C:\Program Files\Buffering6.jpg
[2007/03/04 12:30:28 | 000,039,035 | ---- | C] () -- C:\Program Files\Buffering4.jpg
[2007/03/04 12:30:28 | 000,039,033 | ---- | C] () -- C:\Program Files\Buffering3.jpg
[2007/03/04 12:30:28 | 000,039,020 | ---- | C] () -- C:\Program Files\Buffering7.jpg
[2007/02/18 18:22:27 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/15 20:14:40 | 000,000,067 | ---- | C] () -- C:\WINDOWS\IDMan.INI
[2006/10/15 19:40:47 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2006/10/15 19:02:55 | 000,002,937 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/10/09 20:51:12 | 000,000,146 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/06/17 12:17:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2005/10/12 13:48:32 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/10/10 12:43:34 | 000,100,724 | ---- | C] () -- C:\WINDOWS\cpeins04.dat
[2005/09/26 15:19:52 | 000,000,060 | ---- | C] () -- C:\WINDOWS\asr.INI
[2005/09/25 17:38:51 | 000,001,712 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2005/08/31 20:23:58 | 000,000,784 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/08/23 06:50:01 | 000,000,416 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2005/08/18 21:01:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/09 21:01:17 | 000,104,646 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2005/08/09 21:01:17 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2005/08/08 16:03:03 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/08/08 15:26:18 | 000,000,299 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/08 15:11:39 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/08/08 12:25:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/08 12:20:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/08 03:58:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/08 03:57:40 | 000,289,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/22 12:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 12:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/09/22 10:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 04:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 04:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 04:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/12/22 13:40:06 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2003/01/21 12:08:36 | 000,147,515 | ---- | C] () -- C:\WINDOWS\System32\playsound.dll
[2000/09/08 16:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

< End of report >



the extras log:


OTL Extras logfile created on: 1/2/2012 7:08:48 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 262.63 Mb Available Physical Memory | 51.50% Memory free
1.22 Gb Paging File | 1.01 Gb Available in Paging File | 82.84% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 5.40 Gb Free Space | 7.24% Space Free | Partition Type: NTFS

Computer Name: ELIZABET-6F623A | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = ] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = ] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1202660629-2000478354-725345543-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"16613:TCP" = 16613:TCP:*:Enabled:BitComet 16613 TCP
"16613:UDP" = 16613:UDP:*:Enabled:BitComet 16613 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\1124775366\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1124775366\ee\AOLServiceHost.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- ()
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- (Veoh Networks)
"C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- ()
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12E2B9E9-05B1-407D-B0FD-B5F350535125}" = Norton Internet Security
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3581a349-e9e0-474b-92c4-5d887eb9d5f4}" = DJ_SF_03_D2500_Software
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5680dfaf-b87b-455b-a0b1-0c77eb0b03ca}" = DJ_SF_03_D2500_Software_Min
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6BD4B0B5-3359-4932-BF94-C805EE83E710}" = 2350_Help
"{6CD27A25-D4A5-4e25-86B1-36EBBA2BA279}" = 2350Trb
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7F2AC7B5-3DA8-45d3-B5E5-F36DCD9FDC6A}" = 2350
"{89998BCF-F415-468a-8282-CB042765A26F}" = HP Deskjet D2500 Printer Driver Software 10.0 Rel .3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ac55e361-642f-46af-81f5-1c69fedb6706}" = DJ_SF_03_D2500_ProductContext
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Cucusoft iPod Movie/Video Converter_is1" = Cucusoft iPod Movie/Video Converter 2.00
"Cucusoft YouTube Mate (Downloader+Player+Converter)_is1" = Cucusoft YouTube Mate 7.18
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Free YouTube to iPod Converter_is1" = Free YouTub
Back to top
View user's profile Send private message
evo8
Junior Member


Joined: 27 Dec 2011
Last Visit: 11 Jan 2012
Posts: 12

PostPosted: Mon Jan 02, 2012 7:18 pm    Post subject: Reply with quote

the otl.txt log:


OTL logfile created on: 1/2/2012 7:08:48 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 262.63 Mb Available Physical Memory | 51.50% Memory free
1.22 Gb Paging File | 1.01 Gb Available in Paging File | 82.84% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 5.40 Gb Free Space | 7.24% Space Free | Partition Type: NTFS

Computer Name: ELIZABET-6F623A | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/02 19:07:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2012/01/01 17:26:10 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/01 17:26:08 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (gusvc)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2009/01/24 16:27:33 | 000,266,240 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/08/04 03:08:06 | 000,749,904 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/07/22 20:15:18 | 002,376,992 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/04/05 10:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/30 15:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2005/02/28 15:56:32 | 000,218,736 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2004/08/13 20:17:48 | 000,164,984 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/08/13 20:17:46 | 000,078,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/08/13 20:17:40 | 000,197,752 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2003/10/30 17:48:46 | 001,392,744 | ---- | M] (America Online, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2003/01/10 16:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2012/01/02 17:21:29 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2008/09/18 18:15:14 | 000,148,496 | ---- | M] (Kaspersky Lab) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2008/06/10 16:07:16 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/06/10 16:07:16 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/10/03 17:21:12 | 000,009,728 | ---- | M] (Netmarketing Pawel Wisniewski) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\anf0100.sys -- (anf0100.sys)
DRV - [2005/07/28 13:52:18 | 000,123,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/06/16 13:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005/04/05 10:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/05 10:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/04/05 10:16:58 | 000,036,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2005/04/05 10:16:56 | 000,047,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2005/04/05 10:16:54 | 000,173,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2005/04/05 10:16:52 | 000,011,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2005/03/31 07:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 06:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 06:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005/03/31 06:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 06:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/06/30 17:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1202660629-2000478354-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files\Mozilla Firefox\plugins
pArtistScope42.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Documents and Settings\Richard\Desktop\\DivX\DivX Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Documents and Settings\Richard\Desktop\\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@ei.TVvie_4g.com/Plugin: C:\Program Files\TVvie_4gEI\Installr\2.bin\NP4gEISB.dll (TVvie)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll ( )
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/02/02 12:15:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/11 18:06:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/01 17:26:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/11 15:11:15 | 000,000,000 | ---D | M]

[2011/12/27 17:12:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/12/14 12:49:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/01 17:26:12 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/01/07 09:16:58 | 000,609,280 | ---- | M] (ArtistScope) -- C:\Program Files\mozilla firefox\plugins\npArtistScope42.dll
[2008/06/17 22:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/09/17 01:31:18 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/06/25 13:12:48 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll
[2012/01/01 17:26:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/01 17:26:01 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/01 20:00:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll File not found
O3 - HKLM\..\Toolbar: (Web assistant) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
O4 - HKLM..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\URLLSTCK.EXE (Symantec Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-2000478354-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1202660629-2000478354-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1202660629-2000478354-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1202660629-2000478354-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe File not found
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Richard\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (StagingUI Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} http://musicmix.messenger.msn.com/Medialogic.CAB (CMediaMix Object)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab (Minesweeper Flags Class)
O16 - DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} http://www.activeworlds.com/products/ActiveWorldsDownload.cab (ActiveWorldsDownload Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab (WildTangent Active Launcher)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (MSN Games Buddy Invite)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://moneycentral.msn.com/cabs/pmupd806.exe (MSN Money Charting)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab (ZonePAChat Object)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} http://verizon.exent.com/vzunlimited/classes/ExentCtl.ocx (ExentInf Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123645261203 (MUWebControl Class)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://ercwebcam.engin.umich.edu/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79344.cab (MSN Games Texas Holdem Poker)
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab (InetDownload Class)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} http://sc.scenecaster.com/release_3_10_41/View22RTEv4.cab (View22RTEv4 Class)
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} http://www.systemrequirementslab.com/sysreqlab.cab (System Requirements Lab Class)
O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_18)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} http://online.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab (Reg Error: Key error.)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (MSN Games Game Communicator)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave.com/content/zuma/sis/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab (Quantum Streaming IE Player Class)
O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} https://secure.gopetslive.com/dev/gopets.cab (GoPets Control)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx (Persits Software XUpload)
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://chat.msn.com/controls/msnchat45.cab (MSN Chat Control 4.5)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6AD90568-C989-4C81-8263-6CA293A1DC04}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/08 12:23:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = ] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-18\...exe [@ = ] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/02 18:40:22 | 000,000,000 | ---D | C] -- C:\Avenger
[2012/01/02 17:21:29 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/02 17:14:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/01/01 20:17:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/01/01 18:29:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/01 17:51:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/01 17:51:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/01 17:51:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/01 17:51:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/01 17:41:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/01 17:31:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/01 17:29:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/27 17:16:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2011/12/27 17:11:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2011/12/27 17:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2011/12/27 16:59:53 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\My Documents\dds.pif
[2011/12/27 16:58:09 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\My Documents\dds.com
[2011/12/27 16:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/12/27 16:51:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2011/12/27 16:51:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2011/12/27 16:51:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2011/12/27 16:51:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/12/27 16:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Opera
[2011/12/27 16:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2011/12/27 16:47:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Wildtangent
[2011/12/27 16:43:58 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2011/12/27 16:43:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\SendTo
[2011/12/27 16:43:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Application Data
[2011/12/27 16:43:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2011/12/27 16:43:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2011/12/27 16:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/12/27 16:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2011/12/27 16:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\NetHood
[2011/12/27 16:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2011/12/27 16:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2011/12/27 16:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2011/12/27 16:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2011/12/27 16:43:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2011/12/27 16:43:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2011/12/27 16:43:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2011/12/27 16:43:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Templates
[2011/12/19 21:39:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/14 12:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/12/07 22:13:06 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/02 18:58:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/02 18:50:32 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/02 18:47:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/02 17:21:29 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/02 17:17:27 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/02 17:17:27 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/02 17:17:10 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/02 16:11:20 | 040,478,780 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2012/01/02 16:11:13 | 3459,012,640 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2012/01/01 20:00:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/01 18:38:14 | 000,012,810 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\aaocluau6m6s
[2012/01/01 18:30:09 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/01 17:15:15 | 000,012,786 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\aaocluau6m6s
[2011/12/27 17:11:00 | 000,012,688 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2221133288
[2011/12/27 16:59:54 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\My Documents\dds.pif
[2011/12/27 16:58:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\My Documents\dds.com
[2011/12/27 16:32:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/27 16:28:51 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2011/12/27 16:25:38 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/14 12:56:30 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/14 12:56:30 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/14 12:49:36 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/12/14 12:43:47 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/07 22:13:06 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/12/06 23:31:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/02 17:17:27 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/02 17:17:27 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/01 18:30:08 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/01 18:29:44 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/01 17:51:20 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/01 17:51:19 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/01 17:51:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/01 17:51:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/01 17:51:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/30 16:40:48 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\aaocluau6m6s
[2011/12/27 17:10:56 | 000,012,786 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\aaocluau6m6s
[2011/12/27 17:10:56 | 000,012,688 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2221133288
[2011/12/27 16:43:58 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2011/12/27 16:39:20 | 000,012,810 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\aaocluau6m6s
[2011/12/27 16:39:20 | 000,012,810 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\aaocluau6m6s
[2011/12/22 17:23:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/14 12:58:07 | 000,000,366 | ---- | C] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2011/12/14 12:43:47 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2011/12/14 12:43:47 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/12/11 15:11:19 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/13 10:55:44 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/09/13 08:06:06 | 000,000,048 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/08/23 14:52:04 | 000,167,096 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/02 15:57:10 | 000,058,452 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/11 18:05:39 | 000,023,085 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2009/11/06 01:00:09 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/14 12:56:01 | 000,157,269 | ---- | C] () -- C:\WINDOWS\hphins25.dat
[2009/10/14 12:56:01 | 000,000,879 | ---- | C] () -- C:\WINDOWS\hphmdl25.dat
[2009/07/13 10:59:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/20 14:49:48 | 000,104,646 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2009/02/20 14:49:48 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2009/01/24 16:27:34 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\CSHelper.exe
[2008/11/17 13:26:06 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/07/20 16:01:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/06/23 17:41:14 | 004,755,968 | ---- | C] () -- C:\WINDOWS\System32\apexconverter.exe
[2008/06/22 23:06:24 | 000,000,893 | ---- | C] () -- C:\WINDOWS\System32\apexconverter.exe.stackdump
[2008/06/18 12:51:34 | 3459,012,640 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/06/18 12:34:34 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/06/13 22:22:56 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\AddiTunes.exe
[2008/06/13 22:22:55 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2008/06/13 22:22:55 | 000,003,045 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_iPod.ini
[2008/06/13 22:22:53 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/06/13 19:58:45 | 000,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008/06/13 19:58:32 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2008/06/13 19:58:31 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/06/13 19:58:30 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2008/06/13 19:58:30 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2008/06/13 19:58:29 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2008/06/10 16:07:20 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/22 14:18:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/04/28 16:08:38 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/04/28 16:08:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/04/28 16:08:38 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/04/11 21:52:16 | 000,888,832 | ---- | C] () -- C:\WINDOWS\System32\securenet.dll
[2007/08/13 19:59:37 | 000,000,031 | ---- | C] () -- C:\WINDOWS\warhead.ini
[2007/07/16 13:38:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\PControl.ini
[2007/03/31 11:54:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/03/04 12:30:28 | 000,039,060 | ---- | C] () -- C:\Program Files\Buffering2.jpg
[2007/03/04 12:30:28 | 000,039,047 | ---- | C] () -- C:\Program Files\Buffering5.jpg
[2007/03/04 12:30:28 | 000,039,040 | ---- | C] () -- C:\Program Files\Buffering1.jpg
[2007/03/04 12:30:28 | 000,039,038 | ---- | C] () -- C:\Program Files\Buffering6.jpg
[2007/03/04 12:30:28 | 000,039,035 | ---- | C] () -- C:\Program Files\Buffering4.jpg
[2007/03/04 12:30:28 | 000,039,033 | ---- | C] () -- C:\Program Files\Buffering3.jpg
[2007/03/04 12:30:28 | 000,039,020 | ---- | C] () -- C:\Program Files\Buffering7.jpg
[2007/02/18 18:22:27 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/15 20:14:40 | 000,000,067 | ---- | C] () -- C:\WINDOWS\IDMan.INI
[2006/10/15 19:40:47 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2006/10/15 19:02:55 | 000,002,937 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/10/09 20:51:12 | 000,000,146 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/06/17 12:17:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2005/10/12 13:48:32 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/10/10 12:43:34 | 000,100,724 | ---- | C] () -- C:\WINDOWS\cpeins04.dat
[2005/09/26 15:19:52 | 000,000,060 | ---- | C] () -- C:\WINDOWS\asr.INI
[2005/09/25 17:38:51 | 000,001,712 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2005/08/31 20:23:58 | 000,000,784 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/08/23 06:50:01 | 000,000,416 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2005/08/18 21:01:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/09 21:01:17 | 000,104,646 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2005/08/09 21:01:17 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2005/08/08 16:03:03 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/08/08 15:26:18 | 000,000,299 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/08 15:11:39 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/08/08 12:25:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/08 12:20:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/08 03:58:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/08 03:57:40 | 000,289,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/22 12:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 12:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/09/22 10:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 04:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 04:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 04:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/12/22 13:40:06 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2003/01/21 12:08:36 | 000,147,515 | ---- | C] () -- C:\WINDOWS\System32\playsound.dll
[2000/09/08 16:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

< End of report >



the extras log:


OTL Extras logfile created on: 1/2/2012 7:08:48 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 262.63 Mb Available Physical Memory | 51.50% Memory free
1.22 Gb Paging File | 1.01 Gb Available in Paging File | 82.84% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 5.40 Gb Free Space | 7.24% Space Free | Partition Type: NTFS

Computer Name: ELIZABET-6F623A | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = ] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = ] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1202660629-2000478354-725345543-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"16613:TCP" = 16613:TCP:*:Enabled:BitComet 16613 TCP
"16613:UDP" = 16613:UDP:*:Enabled:BitComet 16613 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\1124775366\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1124775366\ee\AOLServiceHost.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- ()
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- (Veoh Networks)
"C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- ()
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12E2B9E9-05B1-407D-B0FD-B5F350535125}" = Norton Internet Security
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3581a349-e9e0-474b-92c4-5d887eb9d5f4}" = DJ_SF_03_D2500_Software
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5680dfaf-b87b-455b-a0b1-0c77eb0b03ca}" = DJ_SF_03_D2500_Software_Min
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6BD4B0B5-3359-4932-BF94-C805EE83E710}" = 2350_Help
"{6CD27A25-D4A5-4e25-86B1-36EBBA2BA279}" = 2350Trb
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7F2AC7B5-3DA8-45d3-B5E5-F36DCD9FDC6A}" = 2350
"{89998BCF-F415-468a-8282-CB042765A26F}" = HP Deskjet D2500 Printer Driver Software 10.0 Rel .3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ac55e361-642f-46af-81f5-1c69fedb6706}" = DJ_SF_03_D2500_ProductContext
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Cucusoft iPod Movie/Video Converter_is1" = Cucusoft iPod Movie/Video Converter 2.00
"Cucusoft YouTube Mate (Downloader+Player+Converter)_is1" = Cucusoft YouTube Mate 7.18
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Free YouTube to iPod Converter_is1" = Free YouTub
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 24 Jul 2014
Posts: 4571
Location: Land Of The Leprechauns

PostPosted: Tue Jan 03, 2012 3:18 am    Post subject: Reply with quote

Hi evo8,
We still have some work to do.

Add/Remove programs
  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the following if present.
Quote:
Java(TM) 6 Update 26

Next.

Create a new System Restore point
  • Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

Next.

We need to run an OTL Fix
  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the textbox. Do not include the word Code
    Code:

    :processes
    killallprocesses

    :otl
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    pArtistScope42.dll File not found
    FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe File not found
    O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab (WildTangent Active Launcher)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O37 - HKU\.DEFAULT\...exe [@ = ] -- Reg Error: Key error. File not found
    O37 - HKU\S-1-5-18\...exe [@ = ] -- Reg Error: Key error. File not found
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
    [2012/01/01 18:38:14 | 000,012,810 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\aaocluau6m6s
    [2012/01/01 17:15:15 | 000,012,786 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\aaocluau6m6s
    [2011/12/27 17:11:00 | 000,012,688 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2221133288
    [2011/12/30 16:40:48 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\aaocluau6m6s
    [2011/12/27 17:10:56 | 000,012,786 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\aaocluau6m6s
    [2011/12/27 16:39:20 | 000,012,810 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\aaocluau6m6s

    :reg
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
    [-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\LimeWire\LimeWire.exe" =-

    :files
    c:\program files\ConduitEngine
    C:\Program Files\LimeWire
    C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    ipconfig /flushdns /c

    :commands
    [emptyflash]
    [emptytemp]
    [emptyjava]
    [REBOOT]

  • Then click the Run Fix button at the top.
  • Click .
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Logs/Information to Post in your Next Reply
  • OTL log.
  • Please give me an update on your computers performance.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
evo8
Junior Member


Joined: 27 Dec 2011
Last Visit: 11 Jan 2012
Posts: 12

PostPosted: Thu Jan 05, 2012 7:49 pm    Post subject: Reply with quote

I'm having some issues. I deleted the the requested program and created a restore point, I did both these steps in normal mode because they could not be done in safe mode.

I then ran the otl fix in safe mode because the computer was running very slow in normal mode. After the fix I rebooted and once again started it in safe mode. The problem is no log was produced. I then shut down the computer and let it start up in normal mode, this time the log appeared. Did I do any steps incorrectly?

The computer does seem to be operating a bit faster although programs are slow to open. The privious issues of very slow operation and icons being hidden appear to be gone.\

I will post the log next.
Back to top
View user's profile Send private message
evo8
Junior Member


Joined: 27 Dec 2011
Last Visit: 11 Jan 2012
Posts: 12

PostPosted: Thu Jan 05, 2012 7:54 pm    Post subject: Reply with quote

The OTL log:

All processes killed
========== PROCESSES ==========
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{E0E899AB-F487-11D5-8D29-0050BA6940E3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0E899AB-F487-11D5-8D29-0050BA6940E3}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}\ not found.
Starting removal of ActiveX control {3A7FE611-1994-4EF1-A09F-99456752289D}
C:\WINDOWS\Downloaded Program Files\ActiveLauncherCabSetup.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3A7FE611-1994-4EF1-A09F-99456752289D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3A7FE611-1994-4EF1-A09F-99456752289D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Classes\.exe\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Classes\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\WINDOWS\002736_.tmp deleted successfully.
C:\WINDOWS\002743_.tmp deleted successfully.
C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240B5.TMP\WiseData.ini deleted successfully.
C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240B5.TMP folder deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\ConduitEngine.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\Fonts\SET4A9.tmp deleted successfully.
C:\WINDOWS\Fonts\SET4AA.tmp deleted successfully.
C:\WINDOWS\Fonts\SET4AB.tmp deleted successfully.
C:\WINDOWS\Fonts\SET4AC.tmp deleted successfully.
C:\WINDOWS\Fonts\SET4AD.tmp deleted successfully.
C:\WINDOWS\Fonts\SET4AE.tmp deleted successfully.
C:\WINDOWS\Fonts\SET654.tmp deleted successfully.
C:\WINDOWS\Fonts\SET655.tmp deleted successfully.
C:\WINDOWS\Fonts\SET656.tmp deleted successfully.
C:\WINDOWS\Fonts\SET657.tmp deleted successfully.
C:\WINDOWS\Fonts\SET658.tmp deleted successfully.
C:\WINDOWS\Fonts\SET659.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\aaocluau6m6s moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\aaocluau6m6s moved successfully.
C:\Documents and Settings\All Users\Application Data\2221133288 moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\aaocluau6m6s moved successfully.
File C:\Documents and Settings\Administrator\Local Settings\Application Data\aaocluau6m6s not found.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\aaocluau6m6s moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30f9b915-b755-4826-820b-08fba6bd249d}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
========== FILES ==========
c:\program files\ConduitEngine folder moved successfully.
C:\Program Files\LimeWire\root\magnet10 folder moved successfully.
C:\Program Files\LimeWire\root folder moved successfully.
C:\Program Files\LimeWire\lib folder moved successfully.
C:\Program Files\LimeWire\.NetworkShare folder moved successfully.
C:\Program Files\LimeWire folder moved successfully.
C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Administrator\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users

User: Andrew
->Flash cache emptied: 509 bytes

User: Application Data

User: Default User

User: itunes Back-up
->Flash cache emptied: 84809 bytes

User: itunes Back-up (NEW)
->Flash cache emptied: 405 bytes

User: LocalService

User: NetworkService

User: Owner
->Flash cache emptied: 52485 bytes

User: Richard

User: Stephanie
->Flash cache emptied: 105688 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 180224 bytes
->Temporary Internet Files folder emptied: 85468 bytes
->FireFox cache emptied: 34682119 bytes
->Opera cache emptied: 2378119 bytes

User: All Users

User: Andrew
->Temp folder emptied: 15190985 bytes
->Temporary Internet Files folder emptied: 334568111 bytes
->Java cache emptied: 14864053 bytes
->FireFox cache emptied: 51858458 bytes
->Google Chrome cache emptied: 25042446 bytes
->Opera cache emptied: 9856894 bytes
->Flash cache emptied: 0 bytes

User: Application Data

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: itunes Back-up
->Temp folder emptied: 375640 bytes
->Temporary Internet Files folder emptied: 9863080 bytes
->Java cache emptied: 260640 bytes
->FireFox cache emptied: 43882471 bytes
->Flash cache emptied: 0 bytes

User: itunes Back-up (NEW)
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 14540403 bytes
->Java cache emptied: 25564 bytes

User: NetworkService
->Temp folder emptied: 3806 bytes
->Temporary Internet Files folder emptied: 87460463 bytes
->Java cache emptied: 51295 bytes

User: Owner
->Temp folder emptied: 200879071 bytes
->Temporary Internet Files folder emptied: 64893384 bytes
->Java cache emptied: 2086005 bytes
->FireFox cache emptied: 63082855 bytes
->Opera cache emptied: 517 bytes
->Flash cache emptied: 0 bytes

User: Richard

User: Stephanie
->Temp folder emptied: 1971915 bytes
->Temporary Internet Files folder emptied: 22642587 bytes
->Java cache emptied: 93607560 bytes
->FireFox cache emptied: 86887722 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 176701 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,127.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Andrew
->Java cache emptied: 0 bytes

User: Application Data

User: Default User

User: itunes Back-up
->Java cache emptied: 0 bytes

User: itunes Back-up (NEW)

User: LocalService
->Java cache emptied: 0 bytes

User: NetworkService
->Java cache emptied: 0 bytes

User: Owner
->Java cache emptied: 0 bytes

User: Richard

User: Stephanie
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01052012_192323

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\;ord=3709027[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\;ord=4613232[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\about[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\beacon[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\cached_iframe[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\cached_iframe[4].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\ddc[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\ddc[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\ddc[3].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\ddc[4].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\ddc[5].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\emily[1].htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\gpa[1].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\house-home-designs[1].htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\iframe_v94_cim_11_19_0[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\p-01-0VIaSjnOLg[2].gif moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\p-01-0VIaSjnOLg[3].gif moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\sandbox[1].htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JXSBN1G5\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9STIKTLK\redir[3].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8LZTPOE3\beacon[4].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8LZTPOE3\ddc[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8LZTPOE3\fpi[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8LZTPOE3\fpi[3].htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8LZTPOE3\searchTrack[1].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8LZTPOE3\searchTrack[2].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8LZTPOE3\searchTrack[3].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8LZTPOE3\search[1].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7SWD9RT1\0RPPScGilC_2125352920[1].htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7SWD9RT1\beacon[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7SWD9RT1\ddc[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7SWD9RT1\fpi[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7SWD9RT1\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7SWD9RT1\p-01-0VIaSjnOLg[2].gif moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7SWD9RT1\redirect_v94_cim_11_19_0[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7SWD9RT1\sandbox[1].htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7JLTOKXY\86b0ab12-4514-4ed1-ae5e-126f3594e82f__Lijit.[1].htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7JLTOKXY\BebasNeue-webfont[1].eot moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7JLTOKXY\cms-2c[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7JLTOKXY\ddc[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7JLTOKXY\ddc[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7JLTOKXY\fpi[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7JLTOKXY\fpi[2].htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7JLTOKXY\getjs[3].aspx not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7JLTOKXY\like[1].htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7JLTOKXY\redesignrevolution_btf[7] moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7JLTOKXY\showbanner[1].htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7JLTOKXY\survivingcollege_atf[1] moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7JLTOKXY\white-mountain-hom-by-studio-velocity[1].htm not found!

Registry entries deleted on Reboot...
Back to top
View user's profile Send private message
evo8
Junior Member


Joined: 27 Dec 2011
Last Visit: 11 Jan 2012
Posts: 12

PostPosted: Thu Jan 05, 2012 7:56 pm    Post subject: Reply with quote

The OTL log:

All processes killed
========== PROCESSES ==========
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{E0E899AB-F487-11D5-8D29-0050BA6940E3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0E899AB-F487-11D5-8D29-0050BA6940E3}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}\ not found.
Starting removal of ActiveX control {3A7FE611-1994-4EF1-A09F-99456752289D}
C:\WINDOWS\Downloaded Program Files\ActiveLauncherCabSetup.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3A7FE611-1994-4EF1-A09F-99456752289D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3A7FE611-1994-4EF1-A09F-99456752289D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A7FE611-1994-4EF1-A09F-99456752289D}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Classes\.exe\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Classes\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\WINDOWS\002736_.tmp deleted successfully.
C:\WINDOWS\002743_.tmp deleted successfully.
C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240B5.TMP\WiseData.ini deleted successfully.
C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240B5.TMP folder deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\ConduitEngine.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\Fonts\SET4A9.tmp deleted successfully.
C:\WINDOWS\Fonts\SET4AA.tmp deleted successfully.
C:\WINDOWS\Fonts\SET4AB.tmp deleted successfully.
C:\WINDOWS\Fonts\SET4AC.tmp deleted successfully.
C:\WINDOWS\Fonts\SET4AD.tmp deleted successfully.
C:\WINDOWS\Fonts\SET4AE.tmp deleted successfully.
C:\WINDOWS\Fonts\SET654.tmp deleted successfully.
C:\WINDOWS\Fonts\SET655.tmp deleted successfully.
C:\WINDOWS\Fonts\SET656.tmp deleted successfully.
C:\WINDOWS\Fonts\SET657.tmp deleted successfully.
C:\WINDOWS\Fonts\SET658.tmp deleted successfully.
C:\WINDOWS\Fonts\SET659.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\aaocluau6m6s moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\aaocluau6m6s moved successfully.
C:\Documents and Settings\All Users\Application Data\2221133288 moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\aaocluau6m6s moved successfully.
File C:\Documents and Settings\Administrator\Local Settings\Application Data\aaocluau6m6s not found.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\aaocluau6m6s moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30f9b915-b755-4826-820b-08fba6bd249d}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
========== FILES ==========
c:\program files\ConduitEngine folder moved successfully.
C:\Program Files\LimeWire\root\magnet10 folder moved successfully.
C:\Program Files\LimeWire\root folder moved successfully.
C:\Program Files\LimeWire\lib folder moved successfully.
C:\Program Files\LimeWire\.NetworkShare folder moved successfully.
C:\Program Files\LimeWire folder moved successfully.
C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Administrator\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users

User: Andrew
->Flash cache emptied: 509 bytes

User: Application Data

User: Default User

User: itunes Back-up
->Flash cache emptied: 84809 bytes

User: itunes Back-up (NEW)
->Flash cache emptied: 405 bytes

User: LocalService

User: NetworkService

User: Owner
->Flash cache emptied: 52485 bytes

User: Richard

User: Stephanie
->Flash cache emptied: 105688 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 180224 bytes
->Temporary Internet Files folder emptied: 85468 bytes
->FireFox cache emptied: 34682119 bytes
->Opera cache emptied: 2378119 bytes

User: All Users

User: Andrew
->Temp folder emptied: 15190985 bytes
->Temporary Internet Files folder emptied: 334568111 bytes
->Java cache emptied: 14864053 bytes
->FireFox cache emptied: 51858458 bytes
->Google Chrome cache emptied: 25042446 bytes
->Opera cache emptied: 9856894 bytes
->Flash cache emptied: 0 bytes

User: Application Data

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: itunes Back-up
->Temp folder emptied: 375640 bytes
->Temporary Internet Files folder emptied: 9863080 bytes
->Java cache emptied: 260640 bytes
->FireFox cache emptied: 43882471 bytes
->Flash cache emptied: 0 bytes

User: itunes Back-up (NEW)
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 14540403 bytes
->Java cache emptied: 25564 bytes

User: NetworkService
->Temp folder emptied: 3806 bytes
->Temporary Internet Files folder emptied: 87460463 bytes
->Java cache emptied: 51295 bytes

User: Owner
->Temp folder emptied: 200879071 bytes
->Temporary Internet Files folder emptied: 64893384 bytes
->Java cache emptied: 2086005 bytes
->FireFox cache emptied: 63082855 bytes
->Opera cache emptied: 517 bytes
->Flash cache emptied: 0 bytes

User: Richard

User: Stephanie
->Temp folder emptied: 1971915 bytes
->Temporary Internet Files folder emptied: 22642587 bytes
->Java cache emptied: 93607560 bytes
->FireFox cache emptied: 86887722 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 176701 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,127.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Andrew
->Java cache emptied: 0 bytes

User: Application Data

User: Default User

User: itunes Back-up
->Java cache emptied: 0 bytes

User: itunes Back-up (NEW)

User: LocalService
->Java cache emptied: 0 bytes

User: NetworkService
->Java cache emptied: 0 bytes

User: Owner
->Java cache emptied: 0 bytes

User: Richard

User: Stephanie
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01052012_192323

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\;ord=3709027[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\;ord=4613232[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\about[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\beacon[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\cached_iframe[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\cached_iframe[4].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\ddc[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\ddc[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\ddc[3].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\ddc[4].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\ddc[5].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\emily[1].htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\gpa[1].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\house-home-designs[1].htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\iframe_v94_cim_11_19_0[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\p-01-0VIaSjnOLg[2].gif moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\p-01-0VIaSjnOLg[3].gif moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VB82TA9J\sandbox[1].htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JXSBN1G5\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9STIKTLK\redir[3].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8LZTPOE3\beacon[4].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8LZTPOE3\ddc[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8LZTPOE3\fpi[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8LZTPOE3\fpi[3].htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8LZTPOE3\searchTrack[1].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8LZTPOE3\searchTrack[2].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8LZTPOE3\searchTrack[3].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8LZTPOE3\search[1].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7SWD9RT1\0RPPScGilC_2125352920[1].htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7SWD9RT1\beacon[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7SWD9RT1\ddc[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7SWD9RT1\fpi[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7SWD9RT1\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7SWD9RT1\p-01-0VIaSjnOLg[2].gif moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7SWD9RT1\redirect_v94_cim_11_19_0[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7SWD9RT1\sandbox[1].htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7JLTOKXY\86b0ab12-4514-4ed1-ae5e-126f3594e82f__Lijit.[1].htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7JLTOKXY\BebasNeue-webfont[1].eot moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7JLTOKXY\cms-2c[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7JLTOKXY\ddc[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7JLTOKXY\ddc[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7JLTOKXY\fpi[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7JLTOKXY\fpi[2].htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7JLTOKXY\getjs[3].aspx not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7JLTOKXY\like[1].htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7JLTOKXY\redesignrevolution_btf[7] moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7JLTOKXY\showbanner[1].htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7JLTOKXY\survivingcollege_atf[1] moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7JLTOKXY\white-mountain-hom-by-studio-velocity[1].htm not found!

Registry entries deleted on Reboot...
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 24 Jul 2014
Posts: 4571
Location: Land Of The Leprechauns

PostPosted: Fri Jan 06, 2012 3:13 am    Post subject: Reply with quote

Hi evo8,
If possible keep your computer booted in normal mode as the tools we use work best that way.
Quote:
The computer does seem to be operating a bit faster although programs are slow to open. The privious issues of very slow operation and icons being hidden appear to be gone.

Good to hear your computer seems to be running better, but i need you to run another scan for me.

Java SE Runtime Environment (JRE).

Please download from HERE
  • Find Java SE 7u2.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Quote:
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply
  • ESET log.
  • Please give me an update on your computers performance.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
evo8
Junior Member


Joined: 27 Dec 2011
Last Visit: 11 Jan 2012
Posts: 12

PostPosted: Sun Jan 08, 2012 6:00 pm    Post subject: Reply with quote

I apologize for my late responses. I am still here and will attempt the next steps within 24 hours.
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 24 Jul 2014
Posts: 4571
Location: Land Of The Leprechauns

PostPosted: Mon Jan 09, 2012 2:18 am    Post subject: Reply with quote

No problem, post the results of the ESET scan when ready.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
evo8
Junior Member


Joined: 27 Dec 2011
Last Visit: 11 Jan 2012
Posts: 12

PostPosted: Tue Jan 10, 2012 6:31 pm    Post subject: Reply with quote

I have a question about the java installation. When I click the download button I'm immediately taken to the license agreement and download screen, they are on the same screen. I'm not prompted to choose a language or platform. The platforms are already listed and the only offline option is windows x86. Do I choose that option?
Back to top
View user's profile Send private message
evo8
Junior Member


Joined: 27 Dec 2011
Last Visit: 11 Jan 2012
Posts: 12

PostPosted: Tue Jan 10, 2012 6:42 pm    Post subject: Reply with quote

I discovered it is the x86 offline option. I just answered my own question.
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 24 Jul 2014
Posts: 4571
Location: Land Of The Leprechauns

PostPosted: Wed Jan 11, 2012 3:05 am    Post subject: Reply with quote

Hi evo8,
I still need to see the results of the ESET scan, please post the log when ready.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
evo8
Junior Member


Joined: 27 Dec 2011
Last Visit: 11 Jan 2012
Posts: 12

PostPosted: Wed Jan 11, 2012 5:09 pm    Post subject: Reply with quote

I hope I saved the correct log. I'll run another scan is necessary.

Here is the log:


C:\Documents and Settings\Andrew\Incomplete\T-3877629-disco heat calvin harris .mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\Andrew\My Documents\Downloads\registryboosterplb.exe Win32/RegistryBooster application
C:\Documents and Settings\Andrew\My Documents\My Downloads\arw3.exe probably a variant of Win32/Agent.EONYWFM trojan
C:\Documents and Settings\Stephanie\Incomplete\T-3545425-my turn luke & q [160k quality].mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\Stephanie\Incomplete\T-3545427-when it hurts avant.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\Stephanie\Incomplete\T-4545425-cops up luke & q [new single].au a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\Stephanie\Incomplete\T-5973609-my lips like sugar (hot new track).au a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\Stephanie\Incomplete\T-6472385-skin r kelly - bonus track.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\TVvie_4gEI\Installr\2.bin\4gEIPlug.dll Win32/Toolbar.MyWebSearch application
C:\Program Files\TVvie_4gEI\Installr\2.bin\NP4gEISb.dll Win32/Toolbar.MyWebSearch application
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\jdiNQqhyasYS.exe.vir a variant of Win32/Kryptik.YCM trojan
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\YdIOpOsTlLdDd.exe.vir a variant of Win32/Kryptik.XTG trojan
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\fin.exe.vir a variant of Win32/Kryptik.YCK trojan
C:\System Volume Information\_restore{AB80CB56-3102-42DC-B99E-0EA0C18E62EC}\RP2386\A0272273.dll probably a variant of Win32/FunWeb.AA application
C:\System Volume Information\_restore{AB80CB56-3102-42DC-B99E-0EA0C18E62EC}\RP2391\A0275913.exe a variant of Win32/Kryptik.YCM trojan
C:\System Volume Information\_restore{AB80CB56-3102-42DC-B99E-0EA0C18E62EC}\RP2391\A0275914.exe a variant of Win32/Kryptik.XTG trojan
C:\System Volume Information\_restore{AB80CB56-3102-42DC-B99E-0EA0C18E62EC}\RP2391\A0275915.exe a variant of Win32/Kryptik.YCK trojan
Operating memory a variant of Win32/Olmarik.AWO trojan
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 24 Jul 2014
Posts: 4571
Location: Land Of The Leprechauns

PostPosted: Thu Jan 12, 2012 4:20 am    Post subject: Reply with quote

Hi evo8,
Do the following then give me an update on how your computer is running.

We need to run an OTL Fix
  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the textbox. Do not include the word Code
    Code:

    :files
    C:\Documents and Settings\Andrew\My Documents\Downloads\registryboosterplb.exe
    C:\Program Files\TVvie_4gEI\Installr\2.bin\4gEIPlug.dll
    C:\Program Files\TVvie_4gEI\Installr\2.bin\NP4gEISb.dll
    C:\Program Files\Uniblue\RegistryBooster
    ipconfig /flushdns /c

    :commands
    [emptyflash]
    [emptytemp]
    [emptyjava]
    [clearallrestorepoints]
    [REBOOT]

  • Then click the Run Fix button at the top.
  • Click .
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 24 Jul 2014
Posts: 4571
Location: Land Of The Leprechauns

PostPosted: Sun Jan 15, 2012 9:22 am    Post subject: Reply with quote

Quote:
Due to a lack of response this topic is now closed.

If you still need help you must open a new thread in the Help with spyware removal forum, post a new set of DDS logs, and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group