TechSpot

Started with PC Performance and Stability Report

By wimhof
Jun 1, 2011
  1. Good day. Received a call from the wife on 5/28 asking about some sort of pop-up regarding PC Performance and Stability report. Told her to close it out but apparently things got worse. A few days later I got home to see what this issue(s) were; we have 3 users on the same Windows XP (Dell E-510) - William (Has admin rights), Susan and Tracy (both did not have admin rights until I found Susan with them). The issues: Tracy - blank desktop (black backgruond only), same with Susan. William however was 'dulled' icons. Checked the properties and saw that all were hidden and read only. Corrected that for what I thought was all 3 users however, Susan's had a twist. Her entire Desktop was redirected (or hijacked?) resulting in the current working space not able to accept a file move to, right click mouse (does nothing), just a start Menu and a a few icons on the bottom. However, under My Documents, bingo, there is everything. So, I have run AVG, MalWare Bytes, Super Anti Spyware and each run seemed to get a few more 'flagged items'. Been through a while of 'start in safe mode' and run the differing Anti-Virus but her desktop remains the same. Tried to run Avast from a cd in which the system would just keep killing it (my guess, mr. virus hanging around). Attempted a couple of system restores over the past 2 days but to no avail. Just no apparent happenings after telling it 'Next' (done them before a long time ago and it seemed odd when the system was not progressing after 40 min or so). So I came here and have gone through the pre-post guide and am left with the confusion of, do I post my logs now or later? Thanks in advance for the assistance. One odd note when going through the guide, when I went to disable AVG I ran across the ID protection allowed list. It showed 2 items:
    c:\documents and settings\all users\application data\ITBAMGQSLSQQG.EXE and (same path) ..\22339356.exe. Haven't killed those yet in case something is needed to be seen.

    Perhaps I read too literally on the reply/post of logs; logs to follow.
     
  2. wimhof

    wimhof TS Rookie Topic Starter Posts: 35

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6736

    Windows 5.1.2600 Service Pack 3 (Safe Mode)
    Internet Explorer 7.0.5730.13

    5/31/2011 5:42:32 PM
    mbam-log-2011-05-31 (17-42-32).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 278368
    Time elapsed: 54 minute(s), 49 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 11

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\William\Desktop\current laptop-03-07\RECOVER\AofWftp\checkpoint\damn_cpf41.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
    c:\documents and settings\William\Desktop\current laptop-03-07\RECOVER\aow_Iris\damn_iris3603.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
    c:\documents and settings\William\Desktop\current laptop-03-07\RECOVER\organize_me\ntool\misc software\flashfxp v1.3 760\Crack\damn_flashfxp13750patch.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
    c:\documents and settings\William\Desktop\current laptop-03-07\RECOVER\organize_me\ntool\misc software\flashfxp v1.3 760\Crack\damn_flashfxp13760fkeymaker.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP333\A0081193.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP393\A0092981.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP398\A0095285.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP398\A0095286.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP398\A0095287.exe (Trojan.Alureon.Gen) -> Quarantined and deleted successfully.
    c:\documents and settings\William\application data\jsdfgs.bat (Malware.Trace) -> Quarantined and deleted successfully.
    c:\documents and settings\William\application data\jsfhjjsd.bat (Malware.Trace) -> Quarantined and deleted successfully.
     
  3. wimhof

    wimhof TS Rookie Topic Starter Posts: 35

    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit scan 2011-06-01 19:53:04
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 SAMSUNG_HD160JJ/P rev.ZM100-34
    Running: fbuqgtev.exe; Driver: C:\DOCUME~1\William\LOCALS~1\Temp\pxtdqpoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB49706C0]
    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB6EBD620]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB4970810]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB49708B0]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\Explorer.EXE[3408] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100013F0 C:\WINDOWS\system32\LnkProtect.dll (SurfRight LNK Exploit Protection Shell Extension/SurfRight B.V.)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\Explorer.EXE[3408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C33880] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\Explorer.EXE[3408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C33930] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\Explorer.EXE[3408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C33A60] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\Explorer.EXE[3408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C339D0] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3520] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AF3880] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3520] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AF3930] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3520] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AF3A60] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3520] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AF39D0] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Vid HD\Vid.exe[3988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [023A3880] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Vid HD\Vid.exe[3988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [023A3930] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Vid HD\Vid.exe[3988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [023A3A60] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Vid HD\Vid.exe[3988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [023A39D0] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\atapi \Device\Ide\IdePort0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
    Device \Driver\atapi \Device\Ide\IdePort1 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
    Device \Driver\atapi \Device\Ide\IdePort2 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)

    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \FileSystem\Fastfat \Fat B32BAD20

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@ Wireless
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@ProcessGroupPolicy ProcessWIRELESSPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@DllName gptext.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@NoUserPolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@NoGPOListChanges 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@ Folder Redirection
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@ProcessGroupPolicyEx ProcessGroupPolicyEx
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@DllName fdeploy.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoMachinePolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoSlowLink 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@PerUserLocalSettings 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoGPOListChanges 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoBackgroundPolicy 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@GenerateGroupPolicy GenerateGroupPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@EventSources (Folder Redirection,Application)?
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ Microsoft Disk Quota
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoMachinePolicy 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoUserPolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoSlowLink 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoBackgroundPolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoGPOListChanges 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@PerUserLocalSettings 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@RequiresSuccessfulRegistry 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@EnableAsynchronousProcessing 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@DllName dskquota.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ProcessGroupPolicy ProcessGroupPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@ QoS Packet Scheduler
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@ProcessGroupPolicy ProcessPSCHEDPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@DllName gptext.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@NoUserPolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@NoGPOListChanges 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@ Scripts
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@ProcessGroupPolicy ProcessScriptsGroupPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@ProcessGroupPolicyEx ProcessScriptsGroupPolicyEx
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@GenerateGroupPolicy GenerateScriptsGroupPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@DllName gptext.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@NoSlowLink 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@NoGPOListChanges 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@NotifyLinkTransition 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ Internet Explorer Zonemapping
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DllName iedkcs32.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ProcessGroupPolicy ProcessGroupPolicyForZoneMap
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@NoGPOListChanges 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@RequiresSucessfulRegistry 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DisplayName @iedkcs32.dll,-3051
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessSecurityPolicyGPO
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@GenerateGroupPolicy SceGenerateGroupPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionRsopPlanningDebugLevel 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicyEx SceProcessSecurityPolicyGPOEx
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionDebugLevel 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ Security
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@EnableAsynchronousProcessing 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@MaxNoGPOListChangesInterval 960
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicyEx ProcessGroupPolicyEx
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@GenerateGroupPolicy GenerateGroupPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicy ProcessGroupPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DllName iedkcs32.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ Internet Explorer Branding
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoSlowLink 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoBackgroundPolicy 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoGPOListChanges 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoMachinePolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DisplayName @iedkcs32.dll,-3014
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessEFSRecoveryGPO
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ EFS recovery
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@RequiresSuccessfulRegistry 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@ 802.3 Group Policy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@DisplayName @dot3gpclnt.dll,-100
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@ProcessGroupPolicyEx ProcessLANPolicyEx
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@GenerateGroupPolicy GenerateLANPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@DllName dot3gpclnt.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@NoUserPolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@NoGPOListChanges 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ Microsoft Offline Files
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@DllName %SystemRoot%\System32\cscui.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@EnableAsynchronousProcessing 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoBackgroundPolicy 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoGPOListChanges 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoMachinePolicy 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoSlowLink 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoUserPolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@PerUserLocalSettings 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ProcessGroupPolicy ProcessGroupPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@RequiresSuccessfulRegistry 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ Software Installation
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@DllName appmgmts.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ProcessGroupPolicyEx ProcessGroupPolicyObjectsEx
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@GenerateGroupPolicy GenerateGroupPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoBackgroundPolicy 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@RequiresSucessfulRegistry 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoSlowLink 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@PerUserLocalSettings 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@EventSources (Application Management,Application)?(MsiInstaller,Application)?
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@ IP Security
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@ProcessGroupPolicy ProcessIPSECPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@DllName gptext.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@NoUserPolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@NoGPOListChanges 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@DllName C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Logon SABWINLOLogon
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Logoff SABWINLOLogoff
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Startup SABWINLOStartup
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Shutdown SABWINLOShutdown
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Asynchronous 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Impersonate 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Asynchronous 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Impersonate 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@DllName crypt32.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Logoff ChainWlxLogoffEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Asynchronous 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Impersonate 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@DllName cryptnet.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Logoff CryptnetWlxLogoffEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@DLLName cscdll.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Logon WinlogonLogonEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Logoff WinlogonLogoffEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@ScreenSaver WinlogonScreenSaverEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Startup WinlogonStartupEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Shutdown WinlogonShutdownEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@StartShell WinlogonStartShellEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Impersonate 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Asynchronous 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Asynchronous 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@DllName %SystemRoot%\System32\dimsntfy.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Startup WlDimsStartup
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Shutdown WlDimsShutdown
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Logon WlDimsLogon
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Logoff WlDimsLogoff
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@StartShell WlDimsStartShell
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Lock WlDimsLock
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Unlock WlDimsUnlock
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon@StartShell NavStartShellEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon@DllName C:\WINDOWS\system32\NavLogon.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon@Logoff NavLogoffEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@DLLName wlnotify.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Logon SCardStartCertProp
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Logoff SCardStopCertProp
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Lock SCardSuspendCertProp
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Unlock SCardResumeCertProp
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Enabled 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Impersonate 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Asynchronous 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Asynchronous 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@DllName wlnotify.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Impersonate 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@StartShell SchedStartShell
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Logoff SchedEventLogOff
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Logoff WLEventLogoff
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Impersonate 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Asynchronous 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@DllName sclgntfy.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@DLLName WlNotify.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Lock SensLockEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Logon SensLogonEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Logoff SensLogoffEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Safe 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@MaxWait 600
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StartScreenSaver SensStartScreenSaverEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StopScreenSaver SensStopScreenSaverEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Startup SensStartupEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Shutdown SensShutdownEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StartShell SensStartShellEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@PostShell SensPostShellEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Disconnect SensDisconnectEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Reconnect SensReconnectEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Unlock SensUnlockEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Impersonate 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Asynchronous 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Asynchronous 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@DllName wlnotify.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Impersonate 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Logoff TSEventLogoff
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Logon TSEventLogon
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@PostShell TSEventPostShell
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Shutdown TSEventShutdown
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@StartShell TSEventStartShell
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Startup TSEventStartup
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@MaxWait 600
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Reconnect TSEventReconnect
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Disconnect TSEventDisconnect
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@DLLName wlnotify.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Logon RegisterTicketExpiredNotificationEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Logoff UnregisterTicketExpiredNotificationEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Impersonate 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Asynchronous 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@HelpAssistant 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@TsInternetUser 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@SQLAgentCmdExec 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@NetShowServices 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IWAM_ 65536
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IUSR_ 65536
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@VUSR_ 65536
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@ASPNET 0

    ---- EOF - GMER 1.0.15 ----
     
  4. wimhof

    wimhof TS Rookie Topic Starter Posts: 35

    .
    DDS (Ver_2011-06-01.06) - NTFSx86
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_24
    Run by William at 19:59:19 on 2011-06-01
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1224 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    C:\Program Files\Freecorder\FLVSrvc.exe
    C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
    C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Logitech\Vid HD\Vid.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\System32\mshta.exe
    C:\WINDOWS\System32\mshta.exe
    C:\WINDOWS\System32\mshta.exe
    C:\WINDOWS\System32\mshta.exe
    C:\WINDOWS\system32\wuauclt.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/advanced_search?hl=en
    uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061003
    mSearch Page = hxxp://www.google.com
    mStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    uURLSearchHooks: H - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
    mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [vptray] c:\progra~1\symant~1\symant~1\vptray.exe
    mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
    mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
    mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
    mRun: [eFax 4.3] "c:\program files\efax messenger 4.3\J2GDllCmd.exe" /R
    mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
    dRun: [autochk] rundll32.exe c:\docume~1\locals~1\protect.dll,_IWMPEvents@16
    mPolicies-system: EnableLUA = 0 (0x0)
    IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
    IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160243635703
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_03-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\william\application data\mozilla\firefox\profiles\nxeo0ufa.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
    FF - plugin: c:\documents and settings\susan\application data\move networks\plugins\npqmp071505000011.dll
    FF - plugin: c:\documents and settings\susan\application data\move networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    FF - Ext: XUL Cache: {C89A684E-80C5-4D26-836C-866E33C5B9C3} - c:\documents and settings\william\local settings\application data\{C89A684E-80C5-4D26-836C-866E33C5B9C3}
    FF - Ext: XUL Cache: {21201D69-1BE3-4161-A1EC-D41CC09914B6} - c:\documents and settings\susan\local settings\application data\{21201D69-1BE3-4161-A1EC-D41CC09914B6}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-3-23 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 67656]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
    R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2002-6-19 29184]
    R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\program files\symantec_client_security\symantec antivirus\Rtvscan.exe [2002-7-30 573440]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
    S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2010-11-9 20704]
    S3 NAVAP;NAVAP;c:\program files\symantec_client_security\symantec antivirus\Navap.sys [2002-6-19 218112]
    S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101018.002\NAVENG.sys [2010-10-22 86064]
    S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101018.002\NAVEX15.sys [2010-10-22 1371184]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 12872]
    .
    =============== Created Last 30 ================
    .
    2011-06-01 16:59:24 -------- d-----w- c:\program files\AVAST Software
    2011-06-01 16:59:24 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
    2011-06-01 01:05:09 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
    2011-06-01 01:05:05 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
    2011-06-01 01:05:04 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
    2011-06-01 01:05:00 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
    2011-06-01 01:04:56 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
    2011-06-01 01:04:26 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
    2011-06-01 01:04:21 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
    2011-06-01 01:04:19 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
    2011-06-01 01:04:13 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
    2011-06-01 01:04:11 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
    2011-06-01 01:02:59 11775 ----a-w- c:\windows\system32\dllcache\wadv05nt.sys
    2011-06-01 01:01:56 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
    2011-06-01 01:00:57 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll
    2011-06-01 00:59:56 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys
    2011-06-01 00:58:57 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
    2011-06-01 00:57:57 114688 ----a-w- c:\windows\system32\dllcache\sonypi.dll
    2011-06-01 00:56:59 30208 ----a-w- c:\windows\system32\dllcache\sm87w.dll
    2011-06-01 00:55:59 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
    2011-06-01 00:54:57 179264 ----a-w- c:\windows\system32\dllcache\s3sav3d.dll
    2011-06-01 00:53:57 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll
    2011-06-01 00:52:56 17664 ----a-w- c:\windows\system32\dllcache\ppa3.sys
    2011-06-01 00:51:57 26153 ----a-w- c:\windows\system32\dllcache\pcmlm56.sys
    2011-06-01 00:50:57 61696 ----a-w- c:\windows\system32\dllcache\ohci1394.sys
    2011-06-01 00:49:58 15872 ----a-w- c:\windows\system32\dllcache\ne2000.sys
    2011-06-01 00:48:57 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
    2011-06-01 00:48:51 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
    2011-06-01 00:48:42 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
    2011-06-01 00:48:40 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
    2011-06-01 00:48:39 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
    2011-06-01 00:48:30 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
    2011-06-01 00:48:26 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
    2011-06-01 00:48:25 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
    2011-06-01 00:48:11 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
    2011-06-01 00:48:01 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
    2011-06-01 00:46:58 70730 ----a-w- c:\windows\system32\dllcache\lne100tx.sys
    2011-06-01 00:45:57 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
    2011-06-01 00:44:57 100992 ----a-w- c:\windows\system32\dllcache\icam5usb.sys
    2011-06-01 00:43:57 57471 ----a-w- c:\windows\system32\dllcache\hsf_samp.sys
    2011-06-01 00:42:58 83968 ----a-w- c:\windows\system32\dllcache\hpgt21.dll
    2011-06-01 00:23:18 119296 ----a-w- c:\windows\system32\dllcache\hpdigwia.dll
    2011-06-01 00:23:14 2688 ----a-w- c:\windows\system32\dllcache\hidswvd.sys
    2011-06-01 00:23:12 8576 ----a-w- c:\windows\system32\dllcache\hidgame.sys
    2011-06-01 00:23:11 20352 ----a-w- c:\windows\system32\dllcache\hidbatt.sys
    2011-06-01 00:23:07 907456 ----a-w- c:\windows\system32\dllcache\hcf_msft.sys
    2011-06-01 00:23:06 36864 ----a-w- c:\windows\system32\dllcache\hanjadic.dll
    2011-06-01 00:23:04 28288 ----a-w- c:\windows\system32\dllcache\grserial.sys
    2011-06-01 00:23:02 82304 ----a-w- c:\windows\system32\dllcache\grclass.sys
    2011-06-01 00:23:00 17408 ----a-w- c:\windows\system32\dllcache\gpr400.sys
    2011-06-01 00:21:59 7040 ----a-w- c:\windows\system32\dllcache\exabyte2.sys
    2011-06-01 00:20:59 153631 ----a-w- c:\windows\system32\dllcache\el90xnd5.sys
    2011-06-01 00:19:59 21606 ----a-w- c:\windows\system32\dllcache\digiisdn.sys
    2011-06-01 00:18:59 6912 ----a-w- c:\windows\system32\dllcache\ctlfacem.sys
    2011-06-01 00:17:38 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
    2011-06-01 00:16:59 9472 ----a-w- c:\windows\system32\dllcache\ativmdcd.sys
    2011-06-01 00:15:48 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
    2011-06-01 00:15:36 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
    2011-06-01 00:15:23 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
    2011-06-01 00:15:22 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
    2011-06-01 00:15:21 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
    2011-06-01 00:15:20 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
    2011-06-01 00:15:20 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
    2011-06-01 00:15:19 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
    2011-05-31 20:35:54 -------- d-----w- c:\program files\section
    2011-05-28 19:19:29 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
    2011-05-21 16:32:19 -------- d-----w- c:\documents and settings\all users\application data\Skype Extras
    2011-05-19 09:35:32 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-09 17:01:07 -------- d--h--w- c:\program files\iPod
    2011-05-09 17:01:01 -------- d--h--w- c:\program files\iTunes
    2011-05-09 16:54:26 -------- d--h--w- c:\program files\Bonjour
    .
    ==================== Find3M ====================
    .
    2011-04-06 20:20:16 91424 ---ha-w- c:\windows\system32\dnssd.dll
    2011-04-06 20:20:16 107808 ---ha-w- c:\windows\system32\dns-sd.exe
    2011-03-25 13:54:31 117752 ---ha-w- c:\windows\system32\drivers\AnyDVD.sys
    2011-03-15 13:46:40 97648 ---ha-w- c:\windows\system32\ElbyCDIO.dll
    2011-03-07 05:33:50 692736 ---ha-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:45:07 434176 ---ha-w- c:\windows\system32\vbscript.dll
    .
    ============= FINISH: 20:00:00.81 ===============
     
  5. wimhof

    wimhof TS Rookie Topic Starter Posts: 35

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-01.06)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/6/2006 2:52:36 PM
    System Uptime: 6/1/2011 3:50:53 PM (5 hours ago)
    .
    Motherboard: Dell Inc. | | 0HJ054
    Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 146 GiB total, 35.606 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
    Description: Officejet 4500 G510n-z
    Device ID: ROOT\IMAGE\0000
    Manufacturer: HP
    Name: 4500 G510n-z,192.168.1.103
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: Officejet 4500 G510n-z
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Officejet 4500 G510n-z
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP334: 3/16/2011 4:19:57 PM - System Checkpoint
    RP335: 3/18/2011 8:25:37 AM - System Checkpoint
    RP336: 3/19/2011 9:16:44 AM - System Checkpoint
    RP337: 3/20/2011 1:36:51 PM - System Checkpoint
    RP338: 3/21/2011 1:52:56 PM - System Checkpoint
    RP339: 3/22/2011 2:33:38 PM - System Checkpoint
    RP340: 3/23/2011 3:21:36 PM - System Checkpoint
    RP341: 3/24/2011 3:56:36 PM - System Checkpoint
    RP342: 3/25/2011 5:16:46 PM - System Checkpoint
    RP343: 3/28/2011 7:24:30 AM - System Checkpoint
    RP344: 3/29/2011 12:58:41 PM - System Checkpoint
    RP345: 3/30/2011 3:10:55 PM - System Checkpoint
    RP346: 3/31/2011 5:19:10 PM - System Checkpoint
    RP347: 4/1/2011 6:46:53 PM - System Checkpoint
    RP348: 4/2/2011 9:03:31 PM - System Checkpoint
    RP349: 4/3/2011 9:31:59 PM - System Checkpoint
    RP350: 4/4/2011 10:29:58 PM - System Checkpoint
    RP351: 4/5/2011 11:01:23 PM - System Checkpoint
    RP352: 4/7/2011 5:59:46 AM - System Checkpoint
    RP353: 4/8/2011 6:10:40 AM - System Checkpoint
    RP354: 4/9/2011 11:52:44 AM - System Checkpoint
    RP355: 4/10/2011 1:36:42 PM - System Checkpoint
    RP356: 4/11/2011 3:09:18 PM - System Checkpoint
    RP357: 4/12/2011 6:05:59 PM - System Checkpoint
    RP358: 4/13/2011 7:30:44 PM - System Checkpoint
    RP359: 4/14/2011 9:21:02 PM - System Checkpoint
    RP360: 4/15/2011 10:05:13 PM - System Checkpoint
    RP361: 4/16/2011 3:21:35 AM - Software Distribution Service 3.0
    RP362: 4/17/2011 7:18:27 AM - System Checkpoint
    RP363: 4/18/2011 10:37:56 AM - System Checkpoint
    RP364: 4/19/2011 12:43:43 PM - System Checkpoint
    RP365: 4/20/2011 5:59:42 PM - System Checkpoint
    RP366: 4/26/2011 4:15:17 PM - System Checkpoint
    RP367: 4/27/2011 5:06:24 PM - System Checkpoint
    RP368: 4/28/2011 1:05:54 AM - Software Distribution Service 3.0
    RP369: 4/29/2011 4:43:30 AM - System Checkpoint
    RP370: 4/30/2011 11:59:45 PM - System Checkpoint
    RP371: 5/2/2011 12:14:13 AM - System Checkpoint
    RP372: 5/3/2011 6:23:05 AM - System Checkpoint
    RP373: 5/4/2011 8:11:28 AM - System Checkpoint
    RP374: 5/5/2011 8:30:41 AM - System Checkpoint
    RP375: 5/6/2011 10:13:49 AM - System Checkpoint
    RP376: 5/7/2011 7:51:50 PM - System Checkpoint
    RP377: 5/8/2011 8:04:03 PM - System Checkpoint
    RP378: 5/9/2011 8:33:53 PM - System Checkpoint
    RP379: 5/10/2011 10:10:43 PM - System Checkpoint
    RP380: 5/12/2011 5:54:47 AM - System Checkpoint
    RP381: 5/13/2011 7:01:01 AM - System Checkpoint
    RP382: 5/14/2011 7:47:30 AM - System Checkpoint
    RP383: 5/16/2011 7:35:10 AM - System Checkpoint
    RP384: 5/17/2011 7:46:26 AM - System Checkpoint
    RP385: 5/18/2011 9:28:43 AM - System Checkpoint
    RP386: 5/19/2011 10:35:18 AM - System Checkpoint
    RP387: 5/20/2011 11:42:21 AM - System Checkpoint
    RP388: 5/21/2011 11:50:50 AM - System Checkpoint
    RP389: 5/22/2011 9:55:28 PM - System Checkpoint
    RP390: 5/23/2011 10:26:04 PM - System Checkpoint
    RP391: 5/25/2011 1:05:14 AM - System Checkpoint
    RP392: 5/26/2011 9:05:29 AM - System Checkpoint
    RP393: 5/27/2011 9:27:42 AM - System Checkpoint
    RP394: 5/28/2011 9:48:18 AM - System Checkpoint
    RP395: 5/28/2011 1:54:25 PM - Restore Operation
    RP396: 5/28/2011 2:14:34 PM - Restore Operation
    RP397: 5/29/2011 2:48:49 PM - System Checkpoint
    RP398: 5/30/2011 6:09:33 PM - System Checkpoint
    RP399: 5/31/2011 5:52:56 PM - Restore Operation
    RP400: 5/31/2011 6:00:10 PM - Restore Operation
    RP401: 5/31/2011 6:14:37 PM - Restore Operation
    RP402: 6/1/2011 1:16:23 PM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    4200
    4200_Help
    4200Tour
    4200Trb
    4500_G510nz_Help
    4500G510nz
    4500G510nz_Software_Min
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.6
    Adobe Shockwave Player
    AiO_Scan
    AIOMinimal
    AiOSoftware
    AnyDVD
    AOLIcon
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft MediaConverter 2
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Control Panel
    ATI Display Driver
    AutoStreamer
    AVG 2011
    BlackBerry Desktop Software 5.0.1
    BlackBerry® Media Sync
    Bonjour
    BufferChm
    CameraHelperMsi
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center HydraVision Full
    Catalyst Control Center Localization All
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    CinepPlayer 30 Update
    Compatibility Pack for the 2007 Office system
    Conexant D850 56K V.9x DFVc Modem
    Copy
    CreativeProjects
    Dell CinePlayer
    Dell Driver Reset Tool
    Dell Media Experience
    Dell Support 3.2
    Dell System Restore
    Destinations
    DeviceDiscovery
    Digital Content Portal
    Digital Line Detect
    DocMgr
    DocProc
    Documentation & Support Launcher
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    DVDFab Decrypter 3.0.8.6
    EducateU
    eFax Messenger 4.3
    ELIcon
    erLT
    Fax
    Free Games Offer, Desktop Shortcut
    Freecorder
    Freecorder 4.02B Application
    Games, Music, & Photos Launcher
    GPBaseService2
    High Definition Audio Driver Package - KB835221
    HijackThis 2.0.2
    Hitman Pro 3.5
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    HouseCall 6.6
    HP Customer Participation Program 13.0
    HP Document Manager 2.0
    HP Image Zone 3.5
    HP Imaging Device Functions 13.0
    HP Officejet 4500 G510n-z
    HP PSC & OfficeJet 3.5
    HP Smart Web Printing 4.5
    HP Solution Center 13.0
    HP Unload DLL Patch
    HP Update
    HPDiagnosticAlert
    HPProductAssistant
    HPSSupply
    HPSystemDiagnostics
    InstantShare
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet for Wired Connections
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Java 2 Runtime Environment, SE v1.4.1_03
    Java 3D 1.3.1 (OpenGL) SDK
    Java Auto Updater
    Java(TM) 6 Update 24
    Learn2 Player (Uninstall Only)
    LiveUpdate 1.7 (Symantec Corporation)
    Logitech Vid HD
    Logitech Webcam Software
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS VideoEffects
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Malwarebytes' Anti-Malware
    MarketResearch
    MCU
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Standard Edition 2003
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Modem Helper
    Mozilla Firefox (3.6.17)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    Nero 7 Demo
    NetWaiting
    Network
    OCR Software by I.R.I.S. 13.0
    OGA Notifier 2.0.0048.0
    overland
    PC Inspector File Recovery
    PhotoGallery
    PrintScreen
    QFolder
    Qualxserve Service Agreement
    QuickProjects
    QuickTime
    Readme
    RealPlayer Basic
    Roxio DLA
    Roxio MyDVD LE
    Roxio RecordNow Audio
    Roxio RecordNow Copy
    Roxio RecordNow Data
    Safari
    Scan
    SearchAssist
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Shop for HP Supplies
    Skins
    SkinsHP1
    SkinsHP2
    Skype™ 5.3
    SmartWebPrinting
    SolutionCenter
    Sonic Activation Module
    Sonic Update Manager
    Status
    SUPERAntiSpyware Free Edition
    Symantec AntiVirus Client
    Toolbox
    TrayApp
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    URL Assistant
    Viewpoint Media Player
    WebFldrs XP
    WebReg
    Winamp (remove only)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Media Format Runtime
    Windows Media Player 10
    Windows Presentation Foundation
    Windows XP Service Pack 3
    World of Logs Client
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/1/2011 4:23:09 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
    6/1/2011 2:22:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    6/1/2011 2:00:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Avgldx86 Avgmfx86 Avgtdix ElbyCDIO Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
    6/1/2011 1:30:46 PM, error: Service Control Manager [7023] - The Process Monitor service terminated with the following error: The system cannot open the device or file specified.
    6/1/2011 1:30:22 PM, error: Service Control Manager [7000] - The Logitech LVPr2Mon Driver service failed to start due to the following error: The parameter is incorrect.
    6/1/2011 1:16:13 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSP aswTdi Avgldx86 Avgmfx86 Avgtdix ElbyCDIO Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
    6/1/2011 1:11:57 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi Avgldx86 Avgmfx86 ElbyCDIO Fips intelppm SASDIFSV SASKUTIL
    5/31/2011 5:59:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix ElbyCDIO Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
    5/31/2011 4:33:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    5/28/2011 3:37:43 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PC Tools Security Service service to connect.
    5/28/2011 3:37:43 PM, error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/28/2011 3:23:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    5/28/2011 3:12:01 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 ElbyCDIO Fips intelppm SASDIFSV SASKUTIL
    5/28/2011 1:40:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    5/28/2011 1:40:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    5/28/2011 1:40:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    5/28/2011 1:39:57 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix ElbyCDIO Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip WS2IFSL
    5/28/2011 1:39:57 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    5/28/2011 1:39:57 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/28/2011 1:39:57 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/28/2011 1:39:57 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    5/28/2011 1:39:57 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/28/2011 1:39:57 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/25/2011 9:49:05 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} to the user CCIM\Tracy SID (S-1-5-21-4143634262-2900202759-2067161063-1008). This security permission can be modified using the Component Services administrative tool.
    .
    ==== End Of File ===========================
     
  6. wimhof

    wimhof TS Rookie Topic Starter Posts: 35

    first malware byte log

    duplicate entry
     
  7. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    ===================================================================

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
     
  8. wimhof

    wimhof TS Rookie Topic Starter Posts: 35

    aswMBR

    Thanks for the assistance Broni. This scan also created an MBR.dat file.



    aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
    Run date: 2011-06-02 05:47:06
    -----------------------------
    05:47:06.437 OS Version: Windows 5.1.2600 Service Pack 3
    05:47:06.437 Number of processors: 2 586 0x407
    05:47:06.437 ComputerName: CCIM UserName:
    05:47:24.921 Initialize success
    05:47:44.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
    05:47:44.578 Disk 0 Vendor: SAMSUNG_HD160JJ/P ZM100-34 Size: 152587MB BusType: 3
    05:47:44.750 Disk 0 MBR read successfully
    05:47:44.750 Disk 0 MBR scan
    05:47:44.750 Disk 0 unknown MBR code
    05:47:46.765 Disk 0 scanning sectors +312496380
    05:47:46.781 Disk 0 scanning C:\WINDOWS\system32\drivers
    05:47:59.406 Service scanning
    05:48:00.421 Disk 0 trace - called modules:
    05:48:00.437 ntkrnlpa.exe CLASSPNP.SYS disk.sys AnyDVD.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
    05:48:00.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa0cab8]
    05:48:00.437 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8a9bad98]
    05:48:00.437 \Driver\atapi[0x8aa00510] -> IRP_MJ_DEVICE_CONTROL -> AnyDVD.sys[0xb92d9f14]
    05:48:00.437 \Driver\atapi[0x8aa00510] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> AnyDVD.sys[0xb92daa5e]
    05:48:00.437 Scan finished successfully
    05:48:48.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\William\Desktop\MBR.dat"
    05:48:48.296 The log file has been saved successfully to "C:\Documents and Settings\William\Desktop\aswMBR.txt"
     
  9. wimhof

    wimhof TS Rookie Topic Starter Posts: 35

    Rootkit unhooker

    And here's the other report. When I ran it, AVG Identity Protection came up declaring this file as Malware; I selected Allow and leave file as it is and then ran.


    RkU Version: 3.8.389.593, Type LE (SR2)
    ==============================================
    OS Name: Windows XP
    Version 5.1.2600 (Service Pack 3)
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0xBF0B2000 C:\WINDOWS\System32\ati3duag.dll 2367488 bytes (ATI Technologies Inc. , ati3duag.dll)
    0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
    0x804D7000 PnpManager 2154496 bytes
    0x804D7000 RAW 2154496 bytes
    0x804D7000 WMIxWDM 2154496 bytes
    0xBF800000 Win32k 1859584 bytes
    0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0xB3E82000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101018.002\NAVEX15.sys 1368064 bytes (Symantec Corporation, AV Engine)
    0xB9579000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1331200 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
    0xB70FC000 C:\WINDOWS\system32\drivers\sthda.sys 1069056 bytes (SigmaTel, Inc., NDRC)
    0xB93C3000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
    0xB931C000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 684032 bytes (Conexant Systems, Inc., HSF_CNXT driver)
    0xBF2F4000 C:\WINDOWS\System32\ativvaxx.dll 643072 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
    0xB9E1F000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
    0xB6E27000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0xB9223000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
    0xB6F9C000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
    0xB46B8000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
    0xB6F54000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
    0xBF391000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
    0xB3972000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0xB3FD0000 C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys 249856 bytes (Symantec Corporation, AutoProtect)
    0xB6DEB000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
    0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 225280 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
    0xBF07D000 C:\WINDOWS\System32\atikvmag.dll 217088 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
    0xBF049000 C:\WINDOWS\System32\ati2cqag.dll 212992 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
    0xB94E5000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 212992 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
    0xB9281000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
    0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
    0xB48A0000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0xB9DF2000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
    0xB332F000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
    0xB6E97000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0xB42EE000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
    0xB92F4000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 163840 bytes (Intel Corporation, Intel(R) PRO/100 Adapter NDIS 5.1 driver)
    0xB953D000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
    0xB6F06000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
    0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
    0xB6F2E000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
    0xB70D8000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0xB9519000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0xB94C2000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
    0xB6EE4000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0xB6EC2000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
    0xB4546000 C:\WINDOWS\system32\drivers\tmcomm.sys 135168 bytes (Trend Micro Inc., TrendMicro Common Module)
    0x806E5000 ACPI_HAL 134400 bytes
    0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0xB9EEB000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
    0xB92D9000 C:\WINDOWS\System32\Drivers\AnyDVD.sys 110592 bytes (SlySoft, Inc., AnyDVD Filter Driver)
    0xB9DD8000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0xB7030000 C:\WINDOWS\system32\drivers\InCDFs.sys 102400 bytes (Nero AG, InCD File System Driver)
    0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
    0xB6D33000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
    0xB9EAC000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0xB92C2000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0xB9EC3000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
    0xB3CF1000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
    0xB3E6E000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101018.002\NAVENG.sys 81920 bytes (Symantec Corporation, AV Engine)
    0xB9565000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
    0xB6FF5000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
    0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
    0xB9ED9000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
    0xB4657000 C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS 69632 bytes (Symantec Corporation, NAVAPEL)
    0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0xB92B1000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
    0xB400D000 C:\Program Files\Symantec\SYMEVENT.SYS 69632 bytes (Symantec Corporation, Symantec Event Library)
    0xB9771000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0xBA198000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0xBA248000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0xBA1A8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
    0xB45D7000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
    0xBA268000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
    0xBA1C8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0xBA298000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
    0xBA1E8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0xB337A000 C:\DOCUME~1\William\LOCALS~1\Temp\aswMBR.sys 45056 bytes
    0xBA2E8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
    0xBA1B8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
    0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
    0xBA1D8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0xB45B7000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
    0xB496D000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
    0xB9791000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
    0xBA2F8000 C:\WINDOWS\System32\Drivers\ElbyCDIO.sys 40960 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
    0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
    0xBA218000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
    0xBA208000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
    0xBA108000 AVGIDSEH.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
    0xB40DE000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
    0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
    0xBA288000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
    0xBA188000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
    0xBA1F8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
    0xBA2C8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
    0xBA0F8000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
    0xBA2B8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0xBA458000 C:\WINDOWS\system32\drivers\InCDPass.sys 32768 bytes (Nero AG, Ahead RW Filter Driver)
    0xBA450000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
    0xBA380000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
    0xBA4B0000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
    0xBA448000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0xBA4A8000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0xBA490000 C:\WINDOWS\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
    0xBA398000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
    0xBA368000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
    0xBA468000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0xBA460000 C:\WINDOWS\system32\drivers\InCDRm.sys 24576 bytes (Nero AG, Nero MRW Filter Driver)
    0xBA498000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
    0xBA4A0000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
    0xBA390000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
    0xBA440000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
    0xBA370000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0xBA338000 avgrkx86.sys 20480 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
    0xBA420000 C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
    0xBA378000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
    0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
    0xBA480000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
    0xBA488000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
    0xBA478000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
    0xBA428000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
    0xBA570000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0xB96DA000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
    0xB9D8F000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
    0xB4B01000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
    0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
    0xB6D97000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
    0xBA540000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
    0xB96BE000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
    0xBA54C000 C:\WINDOWS\System32\Drivers\InCDrec.SYS 12288 bytes (Nero AG, InCD File System Recognizer)
    0xB4884000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
    0xBA57C000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0xBA5A0000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0xBA550000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0xBA61A000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows (R) 2000 DDK provider, TR Manager)
    0xBA5EA000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
    0xBA5D2000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
    0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
    0xBA62E000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
    0xBA5E8000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
    0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0xBA5EC000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
    0xBA5EE000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
    0xBA5D6000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
    0xBA5D4000 C:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
    0xBA5DA000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0xBA5DE000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0xBA736000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
    0xBA682000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
    0xBA7B1000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
    0xBA70C000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
    0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    ==============================================
    >Stealth
    ==============================================
     
  10. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Unfortunately, AVG is known to be oversensitive and for producing a lot of false positives.
    You did well :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  11. wimhof

    wimhof TS Rookie Topic Starter Posts: 35

    Combofix log

    When it ended, it opened up a log.txt but I am posting the combofix.txt as the instructions say. One other note, when I opened up FireFox to get to this web site to post, I noticed at the bottom it was 'connecting to zfsearch.com'; until I hit the 'X" of course.

    ComboFix 11-06-02.02 - William 06/02/2011 21:00:52.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1369 [GMT -4:00]
    Running from: c:\documents and settings\William\Desktop\ComboFix.exe
    FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    ADS - WINDOWS: deleted 0 bytes in 1 streams.
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\William\Application Data\Nase
    c:\documents and settings\William\Application Data\Nase\ibka.tmp
    c:\documents and settings\William\Application Data\Nase\ibka.tyd
    c:\documents and settings\William\Application Data\Yhim
    c:\documents and settings\William\Application Data\Yhim\guotd.mez
    c:\documents and settings\William\Application Data\Yhim\guotd.tmp
    c:\documents and settings\William\Local Settings\Application Data\{C89A684E-80C5-4D26-836C-866E33C5B9C3}
    c:\documents and settings\William\Local Settings\Application Data\{C89A684E-80C5-4D26-836C-866E33C5B9C3}\chrome.manifest
    c:\documents and settings\William\Local Settings\Application Data\{C89A684E-80C5-4D26-836C-866E33C5B9C3}\chrome\content\_cfg.js
    c:\documents and settings\William\Local Settings\Application Data\{C89A684E-80C5-4D26-836C-866E33C5B9C3}\chrome\content\c.js
    c:\documents and settings\William\Local Settings\Application Data\{C89A684E-80C5-4D26-836C-866E33C5B9C3}\chrome\content\overlay.xul
    c:\documents and settings\William\Local Settings\Application Data\{C89A684E-80C5-4D26-836C-866E33C5B9C3}\install.rdf
    c:\documents and settings\William\WINDOWS
    C:\s
    c:\windows\Tasks\At1.job
    c:\windows\Tasks\At10.job
    c:\windows\Tasks\At11.job
    c:\windows\Tasks\At12.job
    c:\windows\Tasks\At13.job
    c:\windows\Tasks\At14.job
    c:\windows\Tasks\At15.job
    c:\windows\Tasks\At16.job
    c:\windows\Tasks\At17.job
    c:\windows\Tasks\At18.job
    c:\windows\Tasks\At19.job
    c:\windows\Tasks\At2.job
    c:\windows\Tasks\At20.job
    c:\windows\Tasks\At21.job
    c:\windows\Tasks\At22.job
    c:\windows\Tasks\At23.job
    c:\windows\Tasks\At24.job
    c:\windows\Tasks\At3.job
    c:\windows\Tasks\At4.job
    c:\windows\Tasks\At5.job
    c:\windows\Tasks\At6.job
    c:\windows\Tasks\At7.job
    c:\windows\Tasks\At8.job
    c:\windows\Tasks\At9.job
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-03 to 2011-06-03 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-01 16:59 . 2011-06-01 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2011-06-01 16:59 . 2011-06-01 16:59 -------- d-----w- c:\program files\AVAST Software
    2011-06-01 01:05 . 2008-04-13 23:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
    2011-06-01 01:05 . 2001-08-18 02:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
    2011-06-01 01:05 . 2008-04-13 23:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
    2011-06-01 01:05 . 2001-08-18 02:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
    2011-06-01 01:04 . 2001-08-18 02:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
    2011-06-01 01:04 . 2001-08-18 02:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
    2011-06-01 01:04 . 2001-08-17 16:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
    2011-06-01 01:04 . 2004-08-04 02:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
    2011-06-01 01:04 . 2004-08-04 02:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
    2011-06-01 01:04 . 2008-04-13 23:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
    2011-06-01 01:02 . 2004-08-04 02:29 11775 ----a-w- c:\windows\system32\dllcache\wadv05nt.sys
    2011-06-01 01:01 . 2001-08-17 17:28 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
    2011-06-01 01:00 . 2001-08-18 02:36 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll
    2011-06-01 00:59 . 2001-08-17 16:14 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys
    2011-06-01 00:58 . 2001-08-18 02:36 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
    2011-06-01 00:57 . 2001-08-18 02:36 114688 ----a-w- c:\windows\system32\dllcache\sonypi.dll
    2011-06-01 00:56 . 2004-08-04 09:00 30208 ----a-w- c:\windows\system32\dllcache\sm87w.dll
    2011-06-01 00:55 . 2001-08-18 02:36 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
    2011-06-01 00:54 . 2001-08-17 18:56 179264 ----a-w- c:\windows\system32\dllcache\s3sav3d.dll
    2011-06-01 00:53 . 2001-08-18 02:36 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll
    2011-06-01 00:52 . 2008-04-13 17:41 17664 ----a-w- c:\windows\system32\dllcache\ppa3.sys
    2011-06-01 00:51 . 2001-08-17 16:12 26153 ----a-w- c:\windows\system32\dllcache\pcmlm56.sys
    2011-06-01 00:50 . 2008-04-13 17:46 61696 ----a-w- c:\windows\system32\dllcache\ohci1394.sys
    2011-06-01 00:49 . 2001-08-17 17:49 15872 ----a-w- c:\windows\system32\dllcache\ne2000.sys
    2011-06-01 00:48 . 2008-04-13 17:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
    2011-06-01 00:48 . 2001-08-17 17:48 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
    2011-06-01 00:48 . 2001-08-17 18:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
    2011-06-01 00:48 . 2008-04-13 17:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
    2011-06-01 00:48 . 2004-08-04 09:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
    2011-06-01 00:48 . 2001-08-17 18:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
    2011-06-01 00:48 . 2001-08-17 17:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
    2011-06-01 00:48 . 2008-04-13 17:46 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
    2011-06-01 00:48 . 2008-04-13 17:46 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
    2011-06-01 00:48 . 2001-08-17 17:52 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
    2011-06-01 00:46 . 2001-08-17 16:12 70730 ----a-w- c:\windows\system32\dllcache\lne100tx.sys
    2011-06-01 00:45 . 2004-08-04 09:00 6144 ----a-w- c:\windows\system32\dllcache\kbd101a.dll
    2011-06-01 00:44 . 2001-08-17 18:06 100992 ----a-w- c:\windows\system32\dllcache\icam5usb.sys
    2011-06-01 00:43 . 2001-08-17 17:28 57471 ----a-w- c:\windows\system32\dllcache\hsf_samp.sys
    2011-06-01 00:42 . 2001-08-18 02:36 83968 ----a-w- c:\windows\system32\dllcache\hpgt21.dll
    2011-06-01 00:23 . 2001-08-18 02:36 119296 ----a-w- c:\windows\system32\dllcache\hpdigwia.dll
    2011-06-01 00:23 . 2001-08-17 18:02 2688 ----a-w- c:\windows\system32\dllcache\hidswvd.sys
    2011-06-01 00:23 . 2001-08-17 18:02 8576 ----a-w- c:\windows\system32\dllcache\hidgame.sys
    2011-06-01 00:23 . 2008-04-13 17:36 20352 ----a-w- c:\windows\system32\dllcache\hidbatt.sys
    2011-06-01 00:23 . 2001-08-17 17:28 907456 ----a-w- c:\windows\system32\dllcache\hcf_msft.sys
    2011-06-01 00:23 . 2004-08-04 09:00 36864 ----a-w- c:\windows\system32\dllcache\hanjadic.dll
    2011-06-01 00:23 . 2008-04-13 17:40 28288 ----a-w- c:\windows\system32\dllcache\grserial.sys
    2011-06-01 00:23 . 2001-08-17 17:51 82304 ----a-w- c:\windows\system32\dllcache\grclass.sys
    2011-06-01 00:23 . 2001-08-17 17:51 17408 ----a-w- c:\windows\system32\dllcache\gpr400.sys
    2011-06-01 00:21 . 2001-08-17 17:52 7040 ----a-w- c:\windows\system32\dllcache\exabyte2.sys
    2011-06-01 00:20 . 2001-08-17 16:11 153631 ----a-w- c:\windows\system32\dllcache\el90xnd5.sys
    2011-06-01 00:19 . 2001-08-17 16:14 21606 ----a-w- c:\windows\system32\dllcache\digiisdn.sys
    2011-06-01 00:18 . 2001-08-17 16:19 6912 ----a-w- c:\windows\system32\dllcache\ctlfacem.sys
    2011-06-01 00:17 . 2001-08-17 17:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
    2011-06-01 00:16 . 2001-08-17 16:49 19456 ----a-w- c:\windows\system32\dllcache\ativttxx.sys
    2011-06-01 00:15 . 2004-08-04 09:00 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
    2011-06-01 00:15 . 2001-08-17 18:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
    2011-06-01 00:15 . 2004-08-04 09:00 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
    2011-06-01 00:15 . 2004-08-04 09:00 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
    2011-06-01 00:15 . 2004-08-04 09:00 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
    2011-06-01 00:15 . 2004-08-04 09:00 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
    2011-06-01 00:15 . 2004-08-04 09:00 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
    2011-06-01 00:15 . 2004-08-04 09:00 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
    2011-05-31 20:35 . 2011-05-31 20:35 -------- d-----w- c:\program files\section
    2011-05-28 19:23 . 2011-05-31 17:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2011-05-28 19:19 . 2011-05-31 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2011-05-21 16:32 . 2011-05-29 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras
    2011-05-21 16:31 . 2011-05-21 16:31 371272 ----a-w- c:\documents and settings\Tracy\Application Data\Microsoft\Installer\{5335DADB-34BA-4AE8-A519-648D78498846}\SkypeIcon.exe
    2011-05-19 09:35 . 2011-05-19 09:35 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-09 17:01 . 2011-05-09 17:01 -------- d--h--w- c:\program files\iPod
    2011-05-09 17:01 . 2011-05-09 17:02 -------- d--h--w- c:\program files\iTunes
    2011-05-09 16:54 . 2011-05-09 16:54 -------- d--h--w- c:\program files\Bonjour
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-06 20:20 . 2011-04-06 20:20 91424 ---ha-w- c:\windows\system32\dnssd.dll
    2011-04-06 20:20 . 2011-04-06 20:20 107808 ---ha-w- c:\windows\system32\dns-sd.exe
    2011-03-25 13:54 . 2011-03-25 13:54 117752 ---ha-w- c:\windows\system32\drivers\AnyDVD.sys
    2011-03-15 13:46 . 2011-03-15 13:46 97648 ---ha-w- c:\windows\system32\ElbyCDIO.dll
    2011-03-07 05:33 . 2004-08-11 21:12 692736 ---ha-w- c:\windows\system32\inetcomm.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-05-04 4980344]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-24 2424192]
    "Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 282624]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
    "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 77824]
    "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-30 61440]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
    "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2005-10-20 871936]
    "Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
    "eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
    "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35]
    2010-10-26 17:45 6238016 ---ha-w- c:\program files\Hitman Pro 3.5\HitmanPro35.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
    .
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [3/23/2009 2:07 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 67656]
    S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [11/9/2010 10:46 PM 20704]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 12872]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/advanced_search?hl=en
    mStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
    IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
    IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
    IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    FF - ProfilePath - c:\documents and settings\William\Application Data\Mozilla\Firefox\Profiles\nxeo0ufa.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    FF - Ext: XUL Cache: {21201D69-1BE3-4161-A1EC-D41CC09914B6} - c:\documents and settings\Susan\Local Settings\Application Data\{21201D69-1BE3-4161-A1EC-D41CC09914B6}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKU-Default-Run-autochk - c:\docume~1\LOCALS~1\protect.dll
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-02 21:05
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
    @DACL=(02 0000)
    @="Wireless"
    "ProcessGroupPolicy"="ProcessWIRELESSPolicy"
    "DllName"=expand:"gptext.dll"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
    @DACL=(02 0000)
    @="Folder Redirection"
    "ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
    "DllName"=expand:"fdeploy.dll"
    "NoMachinePolicy"=dword:00000001
    "NoSlowLink"=dword:00000001
    "PerUserLocalSettings"=dword:00000001
    "NoGPOListChanges"=dword:00000000
    "NoBackgroundPolicy"=dword:00000000
    "GenerateGroupPolicy"="GenerateGroupPolicy"
    "EventSources"=multi:"(Folder Redirection,Application)\00\00"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
    @DACL=(02 0000)
    @="Microsoft Disk Quota"
    "NoMachinePolicy"=dword:00000000
    "NoUserPolicy"=dword:00000001
    "NoSlowLink"=dword:00000001
    "NoBackgroundPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    "PerUserLocalSettings"=dword:00000000
    "RequiresSuccessfulRegistry"=dword:00000001
    "EnableAsynchronousProcessing"=dword:00000000
    "DllName"=expand:"dskquota.dll"
    "ProcessGroupPolicy"="ProcessGroupPolicy"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
    @DACL=(02 0000)
    @="QoS Packet Scheduler"
    "ProcessGroupPolicy"="ProcessPSCHEDPolicy"
    "DllName"=expand:"gptext.dll"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
    @DACL=(02 0000)
    @="Scripts"
    "ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
    "ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
    "GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
    "DllName"=expand:"gptext.dll"
    "NoSlowLink"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    "NotifyLinkTransition"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
    @DACL=(02 0000)
    @="Internet Explorer Zonemapping"
    "DllName"=expand:"iedkcs32.dll"
    "ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
    "NoGPOListChanges"=dword:00000001
    "RequiresSucessfulRegistry"=dword:00000001
    "DisplayName"=expand:"@iedkcs32.dll,-3051"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
    @DACL=(02 0000)
    "ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
    "GenerateGroupPolicy"="SceGenerateGroupPolicy"
    "ExtensionRsopPlanningDebugLevel"=dword:00000001
    "ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
    "ExtensionDebugLevel"=dword:00000001
    "DllName"=expand:"scecli.dll"
    @="Security"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    "EnableAsynchronousProcessing"=dword:00000001
    "MaxNoGPOListChangesInterval"=dword:000003c0
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
    @DACL=(02 0000)
    "ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
    "GenerateGroupPolicy"="GenerateGroupPolicy"
    "ProcessGroupPolicy"="ProcessGroupPolicy"
    "DllName"="iedkcs32.dll"
    @="Internet Explorer Branding"
    "NoSlowLink"=dword:00000001
    "NoBackgroundPolicy"=dword:00000000
    "NoGPOListChanges"=dword:00000001
    "NoMachinePolicy"=dword:00000001
    "DisplayName"=expand:"@iedkcs32.dll,-3014"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
    @DACL=(02 0000)
    "ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
    "DllName"=expand:"scecli.dll"
    @="EFS recovery"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    "RequiresSuccessfulRegistry"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
    @DACL=(02 0000)
    @="802.3 Group Policy"
    "DisplayName"=expand:"@dot3gpclnt.dll,-100"
    "ProcessGroupPolicyEx"="ProcessLANPolicyEx"
    "GenerateGroupPolicy"="GenerateLANPolicy"
    "DllName"=expand:"dot3gpclnt.dll"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
    @DACL=(02 0000)
    @="Microsoft Offline Files"
    "DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
    "EnableAsynchronousProcessing"=dword:00000000
    "NoBackgroundPolicy"=dword:00000000
    "NoGPOListChanges"=dword:00000000
    "NoMachinePolicy"=dword:00000000
    "NoSlowLink"=dword:00000000
    "NoUserPolicy"=dword:00000001
    "PerUserLocalSettings"=dword:00000000
    "ProcessGroupPolicy"="ProcessGroupPolicy"
    "RequiresSuccessfulRegistry"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
    @DACL=(02 0000)
    @="Software Installation"
    "DllName"=expand:"appmgmts.dll"
    "ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
    "GenerateGroupPolicy"="GenerateGroupPolicy"
    "NoBackgroundPolicy"=dword:00000000
    "RequiresSucessfulRegistry"=dword:00000000
    "NoSlowLink"=dword:00000001
    "PerUserLocalSettings"=dword:00000001
    "EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
    @DACL=(02 0000)
    @="IP Security"
    "ProcessGroupPolicy"="ProcessIPSECPolicy"
    "DllName"=expand:"gptext.dll"
    "NoUserPolicy"=dword:00000001
    "NoGPOListChanges"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
    @DACL=(02 0000)
    "DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.DLL"
    "Logon"="SABWINLOLogon"
    "Logoff"="SABWINLOLogoff"
    "Startup"="SABWINLOStartup"
    "Shutdown"="SABWINLOShutdown"
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=expand:"crypt32.dll"
    "Logoff"="ChainWlxLogoffEvent"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=expand:"cryptnet.dll"
    "Logoff"="CryptnetWlxLogoffEvent"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    @DACL=(02 0000)
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000001
    "DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
    "Startup"="WlDimsStartup"
    "Shutdown"="WlDimsShutdown"
    "Logon"="WlDimsLogon"
    "Logoff"="WlDimsLogoff"
    "StartShell"="WlDimsStartShell"
    "Lock"="WlDimsLock"
    "Unlock"="WlDimsUnlock"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    @DACL=(02 0000)
    "StartShell"="NavStartShellEvent"
    "DllName"="c:\\WINDOWS\\system32\\NavLogon.dll"
    "Logoff"="NavLogoffEvent"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    @DACL=(02 0000)
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000000
    "DllName"=expand:"wlnotify.dll"
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    @DACL=(02 0000)
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=expand:"sclgntfy.dll"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    @DACL=(02 0000)
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    @DACL=(02 0000)
    "Asynchronous"=dword:00000000
    "DllName"=expand:"wlnotify.dll"
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    @DACL=(02 0000)
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
    @DACL=(02 0000)
    "HelpAssistant"=dword:00000000
    "TsInternetUser"=dword:00000000
    "SQLAgentCmdExec"=dword:00000000
    "NetShowServices"=dword:00000000
    "IWAM_"=dword:00010000
    "IUSR_"=dword:00010000
    "VUSR_"=dword:00010000
    "ASPNET"=dword:00000000
    .
    Completion time: 2011-06-02 21:07:54
    ComboFix-quarantined-files.txt 2011-06-03 01:07
    .
    Pre-Run: 38,925,287,424 bytes free
    Post-Run: 38,994,518,016 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - AB99C36BA7FFB4C5124CEF61AA1DCE45
     
  12. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Combofix log looks good now.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. wimhof

    wimhof TS Rookie Topic Starter Posts: 35

    otl log - part 1 (50k limit)

    OTL logfile created on: 6/2/2011 9:28:51 PM - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\William\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 61.63% Memory free
    4.85 Gb Paging File | 3.77 Gb Available in Paging File | 77.80% Paging File free
    Paging file location(s): C:\pagefile.sys 3069 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 145.85 Gb Total Space | 36.36 Gb Free Space | 24.93% Space Free | Partition Type: NTFS

    Computer Name: CCIM | User Name: William | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/06/02 21:26:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\William\Desktop\OTL.exe
    PRC - [2011/05/04 03:40:15 | 004,980,344 | -H-- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    PRC - [2010/10/29 16:06:08 | 005,915,480 | -H-- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
    PRC - [2010/06/26 13:09:18 | 000,167,936 | -H-- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
    PRC - [2010/05/07 19:35:22 | 000,165,208 | -H-- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    PRC - [2010/03/10 22:32:26 | 000,648,536 | -H-- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/03/06 13:21:31 | 000,116,224 | -H-- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
    PRC - [2006/02/10 18:17:04 | 000,282,624 | -H-- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
    PRC - [2005/10/20 14:45:10 | 000,871,936 | -H-- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    PRC - [2005/10/14 12:02:02 | 000,670,208 | -H-- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    PRC - [2002/07/30 11:40:44 | 000,573,440 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    PRC - [2002/07/30 11:36:00 | 000,032,768 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/06/02 21:26:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\William\Desktop\OTL.exe
    MOD - [2011/06/02 20:45:37 | 000,018,432 | ---- | M] (Applian Technologies, Inc.) -- C:\Documents and Settings\William\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
    MOD - [2011/04/18 12:10:29 | 000,130,680 | -H-- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll
    MOD - [2010/08/23 12:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2009/07/12 00:02:02 | 000,653,120 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/05/07 19:47:32 | 000,162,648 | -H-- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2005/10/14 12:02:02 | 000,670,208 | -H-- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
    SRV - [2002/07/30 11:40:44 | 000,573,440 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server)
    SRV - [2002/07/30 11:36:00 | 000,032,768 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/03/25 09:54:31 | 000,117,752 | -H-- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
    DRV - [2010/11/09 22:49:50 | 004,323,040 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C510(UVC)
    DRV - [2010/11/09 22:48:12 | 000,283,744 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
    DRV - [2010/11/09 22:46:28 | 000,020,704 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvbusflt.sys -- (CompFilter)
    DRV - [2010/10/18 04:00:00 | 001,371,184 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101018.002\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/10/18 04:00:00 | 000,086,064 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101018.002\NAVENG.SYS -- (NAVENG)
    DRV - [2010/05/26 05:19:17 | 000,067,656 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/05/07 19:43:30 | 000,025,824 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2010/02/19 22:38:10 | 000,012,872 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2010/02/19 22:38:10 | 000,012,872 | -H-- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2007/12/24 17:37:00 | 000,138,384 | -H-- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
    DRV - [2006/10/06 16:28:01 | 000,073,224 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
    DRV - [2006/10/03 11:37:52 | 000,008,552 | -H-- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
    DRV - [2006/02/10 18:19:12 | 001,107,224 | -H-- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2006/01/10 12:07:58 | 000,004,864 | -H-- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2005/10/14 12:01:56 | 000,029,440 | -H-- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
    DRV - [2005/10/14 12:00:36 | 000,101,760 | -H-- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
    DRV - [2005/10/14 12:00:26 | 000,022,016 | -H-- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
    DRV - [2005/09/08 05:20:00 | 000,094,332 | -H-- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2005/09/08 05:20:00 | 000,087,036 | -H-- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2005/09/08 05:20:00 | 000,025,628 | -H-- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2005/09/08 05:20:00 | 000,014,684 | -H-- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2005/09/08 05:20:00 | 000,006,364 | -H-- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2005/09/08 05:20:00 | 000,002,496 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
    DRV - [2005/08/25 12:16:52 | 000,005,628 | -H-- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2005/08/25 12:16:16 | 000,022,684 | -H-- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
    DRV - [2005/08/04 04:10:18 | 001,273,344 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2003/11/17 21:59:20 | 000,212,224 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2003/11/17 21:58:02 | 000,680,704 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2003/11/17 21:56:26 | 001,042,432 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2002/06/19 20:57:14 | 000,029,184 | -H-- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -- (NAVAPEL)
    DRV - [2002/06/19 20:57:12 | 000,218,112 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061003
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061003


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061003
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061003
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-4143634262-2900202759-2067161063-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/advanced_search?hl=en
    IE - HKU\S-1-5-21-4143634262-2900202759-2067161063-1007\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-4143634262-2900202759-2067161063-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-4143634262-2900202759-2067161063-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {21201D69-1BE3-4161-A1EC-D41CC09914B6}:1.0
    FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\software\mozilla\Firefox\Extensions\\{21201D69-1BE3-4161-A1EC-D41CC09914B6}: C:\Documents and Settings\Susan\Local Settings\Application Data\{21201D69-1BE3-4161-A1EC-D41CC09914B6} [2009/02/05 19:02:33 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/01 15:31:02 | 000,000,000 | -H-D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/03 17:48:19 | 000,000,000 | -H-D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 18:41:18 | 000,000,000 | -H-D | M]

    [2008/09/13 18:19:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\William\Application Data\Mozilla\Extensions
    [2011/06/02 09:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\nxeo0ufa.default\extensions
    [2011/03/12 06:47:49 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\nxeo0ufa.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    [2011/06/01 09:00:24 | 000,001,575 | ---- | M] () -- C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\nxeo0ufa.default\searchplugins\ixquick.xml
    [2011/06/02 09:01:08 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/01/11 09:11:25 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/03/10 07:09:27 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2009/02/05 19:02:33 | 000,000,000 | ---D | M] (XUL Cache) -- C:\DOCUMENTS AND SETTINGS\SUSAN\LOCAL SETTINGS\APPLICATION DATA\{21201D69-1BE3-4161-A1EC-D41CC09914B6}
    [2010/10/01 15:31:02 | 000,000,000 | -H-D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
    [2010/01/19 11:26:23 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/02/02 22:40:24 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2011/06/02 21:05:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
    O3 - HKU\S-1-5-21-4143634262-2900202759-2067161063-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
    O4 - HKLM..\Run: [eFax 4.3] C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe (j2 Global Communications, Inc.)
    O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
    O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
    O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
    O4 - HKU\S-1-5-21-4143634262-2900202759-2067161063-1007..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
    O4 - HKU\S-1-5-21-4143634262-2900202759-2067161063-1007..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
    O4 - HKU\S-1-5-21-4143634262-2900202759-2067161063-1007..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-4143634262-2900202759-2067161063-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4143634262-2900202759-2067161063-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-4143634262-2900202759-2067161063-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-4143634262-2900202759-2067161063-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160243635703 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - Reg Error: Key error. File not found
    O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - Reg Error: Key error. File not found
    O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - Reg Error: Key error. File not found
    O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - Reg Error: Key error. File not found
    O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - Reg Error: Key error. File not found
    O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - Reg Error: Key error. File not found
    O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - Reg Error: Key error. File not found
    O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - Reg Error: Key error. File not found
    O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - Reg Error: Key error. File not found
    O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - Reg Error: Key error. File not found
    O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - Reg Error: Key error. File not found
    O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
    Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902053519425536)
     
  14. wimhof

    wimhof TS Rookie Topic Starter Posts: 35

    otl.log part 2

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/06/02 21:26:41 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\William\Desktop\OTL.exe
    [2011/06/02 20:59:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/06/02 20:50:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/06/02 20:50:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/06/02 20:50:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/06/02 20:50:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/06/02 20:49:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/06/02 20:49:58 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011/06/02 20:49:55 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/06/02 19:48:13 | 006,389,088 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\William\Desktop\AppRemover.exe
    [2011/06/02 19:46:37 | 004,111,594 | R--- | C] (Swearware) -- C:\Documents and Settings\William\Desktop\ComboFix.exe
    [2011/06/02 05:44:08 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\William\Desktop\aswMBR.exe
    [2011/06/01 19:57:19 | 000,607,294 | R--- | C] (Swearware) -- C:\Documents and Settings\William\Desktop\dds.scr
    [2011/06/01 15:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William\Desktop\tech-submit
    [2011/06/01 12:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/06/01 12:59:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/05/31 21:05:09 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
    [2011/05/31 21:05:05 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
    [2011/05/31 21:04:26 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
    [2011/05/31 21:04:21 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
    [2011/05/31 21:03:44 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
    [2011/05/31 21:03:40 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
    [2011/05/31 21:03:29 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
    [2011/05/31 21:03:07 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
    [2011/05/31 21:02:51 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
    [2011/05/31 21:02:48 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
    [2011/05/31 21:02:44 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
    [2011/05/31 21:02:37 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
    [2011/05/31 21:02:33 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
    [2011/05/31 21:02:28 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
    [2011/05/31 21:02:24 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
    [2011/05/31 21:02:09 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
    [2011/05/31 21:01:52 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
    [2011/05/31 21:01:49 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
    [2011/05/31 21:01:45 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
    [2011/05/31 21:01:37 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
    [2011/05/31 21:01:16 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
    [2011/05/31 21:01:01 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
    [2011/05/31 21:00:57 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
    [2011/05/31 21:00:44 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
    [2011/05/31 21:00:41 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
    [2011/05/31 21:00:37 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
    [2011/05/31 21:00:33 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
    [2011/05/31 21:00:30 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
    [2011/05/31 21:00:26 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
    [2011/05/31 20:59:56 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
    [2011/05/31 20:59:50 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
    [2011/05/31 20:59:46 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
    [2011/05/31 20:59:45 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
    [2011/05/31 20:59:40 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
    [2011/05/31 20:59:37 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
    [2011/05/31 20:59:22 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
    [2011/05/31 20:59:18 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
    [2011/05/31 20:58:45 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
    [2011/05/31 20:58:42 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
    [2011/05/31 20:58:38 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
    [2011/05/31 20:58:34 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
    [2011/05/31 20:58:27 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
    [2011/05/31 20:57:36 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
    [2011/05/31 20:57:32 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
    [2011/05/31 20:57:29 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
    [2011/05/31 20:57:25 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
    [2011/05/31 20:57:22 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
    [2011/05/31 20:56:55 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
    [2011/05/31 20:56:51 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
    [2011/05/31 20:56:48 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
    [2011/05/31 20:56:40 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
    [2011/05/31 20:56:09 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
    [2011/05/31 20:56:06 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
    [2011/05/31 20:56:02 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
    [2011/05/31 20:55:59 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
    [2011/05/31 20:55:34 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
    [2011/05/31 20:55:27 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
    [2011/05/31 20:55:23 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
    [2011/05/31 20:55:06 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
    [2011/05/31 20:55:03 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
    [2011/05/31 20:55:00 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
    [2011/05/31 20:54:57 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
    [2011/05/31 20:54:53 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
    [2011/05/31 20:54:50 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
    [2011/05/31 20:54:47 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
    [2011/05/31 20:54:44 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
    [2011/05/31 20:54:40 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
    [2011/05/31 20:54:33 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
    [2011/05/31 20:54:30 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
    [2011/05/31 20:54:30 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
    [2011/05/31 20:54:29 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
    [2011/05/31 20:54:28 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
    [2011/05/31 20:54:27 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
    [2011/05/31 20:54:12 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
    [2011/05/31 20:54:05 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
    [2011/05/31 20:54:01 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
    [2011/05/31 20:53:57 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
    [2011/05/31 20:53:40 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
    [2011/05/31 20:53:37 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
    [2011/05/31 20:53:20 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
    [2011/05/31 20:53:17 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
    [2011/05/31 20:53:13 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
    [2011/05/31 20:53:00 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
    [2011/05/31 20:52:10 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
    [2011/05/31 20:51:57 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
    [2011/05/31 20:51:55 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
    [2011/05/31 20:51:52 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
    [2011/05/31 20:51:11 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
    [2011/05/31 20:51:08 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
    [2011/05/31 20:51:05 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
    [2011/05/31 20:51:01 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
    [2011/05/31 20:50:37 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
    [2011/05/31 20:50:23 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
    [2011/05/31 20:50:20 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
    [2011/05/31 20:50:14 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
    [2011/05/31 20:50:04 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
    [2011/05/31 20:50:01 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
    [2011/05/31 20:49:52 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
    [2011/05/31 20:49:49 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
    [2011/05/31 20:49:46 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
    [2011/05/31 20:49:43 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
    [2011/05/31 20:49:40 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
    [2011/05/31 20:49:37 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
    [2011/05/31 20:49:27 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
    [2011/05/31 20:49:24 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
    [2011/05/31 20:49:21 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
    [2011/05/31 20:49:18 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
    [2011/05/31 20:49:15 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
    [2011/05/31 20:47:40 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
    [2011/05/31 20:47:18 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
    [2011/05/31 20:47:15 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
    [2011/05/31 20:47:14 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
    [2011/05/31 20:47:11 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
    [2011/05/31 20:47:10 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
    [2011/05/31 20:47:07 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
    [2011/05/31 20:46:58 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
    [2011/05/31 20:46:55 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
    [2011/05/31 20:46:52 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
    [2011/05/31 20:46:49 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
    [2011/05/31 20:46:43 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
    [2011/05/31 20:46:40 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
    [2011/05/31 20:45:45 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
    [2011/05/31 20:45:00 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
    [2011/05/31 20:43:21 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
    [2011/05/31 20:43:12 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
    [2011/05/31 20:23:04 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
    [2011/05/31 20:23:02 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
    [2011/05/31 20:23:00 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
    [2011/05/31 20:22:46 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
    [2011/05/31 20:22:39 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
    [2011/05/31 20:22:36 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
    [2011/05/31 20:22:32 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
    [2011/05/31 20:22:29 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
    [2011/05/31 20:22:27 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
    [2011/05/31 20:22:26 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
    [2011/05/31 20:22:09 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
    [2011/05/31 20:22:04 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
    [2011/05/31 20:22:02 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
    [2011/05/31 20:20:34 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
    [2011/05/31 20:20:29 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
    [2011/05/31 20:20:19 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
    [2011/05/31 20:20:17 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
    [2011/05/31 20:20:16 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
    [2011/05/31 20:20:10 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
    [2011/05/31 20:20:09 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
    [2011/05/31 20:20:08 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
    [2011/05/31 20:20:06 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
    [2011/05/31 20:20:04 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
    [2011/05/31 20:19:41 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
    [2011/05/31 20:19:40 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
    [2011/05/31 20:19:35 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
    [2011/05/31 20:19:12 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
    [2011/05/31 20:19:11 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
    [2011/05/31 20:19:09 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
    [2011/05/31 20:19:08 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
    [2011/05/31 20:19:07 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
    [2011/05/31 20:19:06 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
    [2011/05/31 20:19:05 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
    [2011/05/31 20:19:03 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
    [2011/05/31 20:18:54 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
    [2011/05/31 20:18:39 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
    [2011/05/31 20:18:29 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
    [2011/05/31 20:18:22 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
    [2011/05/31 20:18:21 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
    [2011/05/31 20:18:20 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
    [2011/05/31 20:18:19 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
    [2011/05/31 20:18:18 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
    [2011/05/31 20:18:16 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
    [2011/05/31 20:18:15 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
    [2011/05/31 20:18:14 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
    [2011/05/31 20:18:13 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
    [2011/05/31 20:18:12 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
    [2011/05/31 20:18:10 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
    [2011/05/31 20:18:10 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
    [2011/05/31 20:17:36 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
    [2011/05/31 20:17:35 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
    [2011/05/31 20:17:34 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
    [2011/05/31 20:17:33 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
    [2011/05/31 20:17:33 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
    [2011/05/31 20:17:32 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
    [2011/05/31 20:17:31 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
    [2011/05/31 20:17:30 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
    [2011/05/31 20:17:28 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
    [2011/05/31 20:17:28 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
    [2011/05/31 20:17:27 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
    [2011/05/31 20:17:25 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
    [2011/05/31 20:17:25 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
    [2011/05/31 20:17:24 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
    [2011/05/31 20:17:23 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
    [2011/05/31 20:17:23 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
    [2011/05/31 20:17:22 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
    [2011/05/31 20:17:21 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
    [2011/05/31 20:17:17 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
    [2011/05/31 20:17:13 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
    [2011/05/31 20:17:12 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
    [2011/05/31 20:17:11 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
    [2011/05/31 20:17:11 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
    [2011/05/31 20:17:10 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
    [2011/05/31 20:17:09 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
    [2011/05/31 20:17:08 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
    [2011/05/31 20:16:41 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
    [2011/05/31 20:16:35 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
    [2011/05/31 20:16:23 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
    [2011/05/31 20:16:22 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
    [2011/05/31 20:16:22 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
    [2011/05/31 20:16:21 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
    [2011/05/31 20:16:20 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
    [2011/05/31 20:16:18 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
    [2011/05/31 20:16:15 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
    [2011/05/31 20:16:14 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
    [2011/05/31 20:16:12 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
    [2011/05/31 20:16:12 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
    [2011/05/31 20:16:11 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
    [2011/05/31 16:35:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/05/31 16:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\section
    [2011/05/31 16:35:06 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\William\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/05/31 13:36:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\William\Recent
    [2011/05/31 13:25:27 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/05/28 15:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2011/05/28 15:19:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
    [2011/05/23 12:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William\Desktop\blizz change
    [2011/05/21 12:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
    [2011/05/09 13:02:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2011/05/09 13:01:07 | 000,000,000 | -H-D | C] -- C:\Program Files\iPod
    [2011/05/09 13:01:01 | 000,000,000 | -H-D | C] -- C:\Program Files\iTunes
    [2011/05/09 12:54:26 | 000,000,000 | -H-D | C] -- C:\Program Files\Bonjour
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/06/02 21:26:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\William\Desktop\OTL.exe
    [2011/06/02 21:05:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/06/02 20:59:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/06/02 20:45:17 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/06/02 20:44:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/06/02 20:44:45 | 2145,538,048 | -HS- | M] () -- C:\hiberfil.sys
    [2011/06/02 19:48:19 | 006,389,088 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\William\Desktop\AppRemover.exe
    [2011/06/02 19:46:40 | 004,111,594 | R--- | M] (Swearware) -- C:\Documents and Settings\William\Desktop\ComboFix.exe
    [2011/06/02 05:54:04 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\William\Desktop\RKUnhookerLE.EXE
    [2011/06/02 05:49:38 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\William\default.pls
    [2011/06/02 05:49:34 | 000,000,116 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2011/06/02 05:48:48 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\William\Desktop\MBR.dat
    [2011/06/02 05:44:11 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\William\Desktop\aswMBR.exe
    [2011/06/01 19:57:19 | 000,607,294 | R--- | M] (Swearware) -- C:\Documents and Settings\William\Desktop\dds.scr
    [2011/06/01 16:00:26 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\William\Desktop\fbuqgtev.exe
    [2011/06/01 10:45:23 | 000,000,644 | RHS- | M] () -- C:\Documents and Settings\William\ntuser.pol
    [2011/05/31 21:46:38 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\William\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/31 16:35:07 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\William\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/05/31 15:29:52 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\William\Desktop\Shortcut to firefox.exe.lnk
    [2011/05/31 13:42:18 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/05/31 11:13:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/05/30 12:48:02 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/05/28 00:01:50 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\22339364
    [2011/05/26 11:39:16 | 000,052,560 | ---- | M] () -- C:\Documents and Settings\William\Desktop\2011052609584429.pdf
    [2011/05/12 12:25:08 | 000,800,007 | ---- | M] () -- C:\Documents and Settings\William\Desktop\Raid Preparation.pdf
    [2011/05/06 16:49:18 | 009,164,138 | ---- | M] () -- C:\Documents and Settings\William\Desktop\02 Rock That Body.m4a
    [2011/05/06 14:39:16 | 000,060,452 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
    [2011/05/05 08:00:39 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\William\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/06/02 20:59:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/06/02 20:59:22 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/06/02 20:50:08 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/06/02 20:50:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/06/02 20:50:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/06/02 20:50:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/06/02 20:50:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/06/02 05:54:03 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\William\Desktop\RKUnhookerLE.EXE
    [2011/06/02 05:48:48 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\William\Desktop\MBR.dat
    [2011/06/01 16:00:26 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\William\Desktop\fbuqgtev.exe
    [2011/06/01 14:29:44 | 2145,538,048 | -HS- | C] () -- C:\hiberfil.sys
    [2011/06/01 10:44:15 | 000,000,644 | RHS- | C] () -- C:\Documents and Settings\William\ntuser.pol
    [2011/05/31 21:05:04 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
    [2011/05/31 21:05:00 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
    [2011/05/31 20:53:08 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
    [2011/05/31 20:53:03 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
    [2011/05/31 20:48:25 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
    [2011/05/31 20:46:34 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
    [2011/05/31 20:45:14 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
    [2011/05/31 20:43:19 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
    [2011/05/31 20:43:14 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
    [2011/05/31 20:43:09 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
    [2011/05/31 20:43:05 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
    [2011/05/31 20:42:58 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
    [2011/05/31 20:23:06 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
    [2011/05/31 20:20:15 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
    [2011/05/31 20:20:14 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
    [2011/05/31 20:20:12 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
    [2011/05/31 20:17:01 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
    [2011/05/31 20:17:00 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
    [2011/05/31 20:16:59 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
    [2011/05/31 20:16:59 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
    [2011/05/31 20:16:58 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
    [2011/05/31 20:16:57 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
    [2011/05/31 20:16:57 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
    [2011/05/31 20:16:56 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
    [2011/05/31 20:16:54 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
    [2011/05/31 20:16:48 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
    [2011/05/31 15:29:52 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\William\Desktop\Shortcut to firefox.exe.lnk
    [2011/05/28 00:01:50 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\22339364
    [2011/05/26 11:39:16 | 000,052,560 | ---- | C] () -- C:\Documents and Settings\William\Desktop\2011052609584429.pdf
    [2011/05/12 12:25:07 | 000,800,007 | ---- | C] () -- C:\Documents and Settings\William\Desktop\Raid Preparation.pdf
    [2011/05/06 20:06:04 | 009,164,138 | ---- | C] () -- C:\Documents and Settings\William\Desktop\02 Rock That Body.m4a
    [2011/04/27 10:05:21 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\William\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/11/09 22:45:32 | 000,102,744 | -H-- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
    [2010/11/09 22:45:30 | 010,871,128 | -H-- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
    [2010/11/09 22:45:20 | 000,316,248 | -H-- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
    [2010/11/09 22:31:42 | 000,026,286 | -H-- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2010/10/16 17:31:27 | 000,000,032 | -H-- | C] () -- C:\WINDOWS\CD_Start.INI
    [2010/10/01 15:18:08 | 000,207,226 | -H-- | C] () -- C:\WINDOWS\hpwins28.dat
    [2010/10/01 15:18:08 | 000,000,418 | -H-- | C] () -- C:\WINDOWS\hpwmdl28.dat
    [2010/06/07 17:44:06 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\System32\pool.bin
    [2010/05/07 19:46:36 | 000,014,168 | -H-- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
    [2010/05/07 19:43:30 | 000,025,824 | -H-- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
    [2010/01/19 12:26:21 | 000,016,968 | -H-- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2009/10/12 20:56:40 | 000,060,452 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2009/09/19 22:40:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2009/08/03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/08/03 15:07:42 | 000,230,768 | -H-- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
    [2008/05/16 20:18:43 | 000,000,118 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2008/01/29 21:09:54 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\William\Application Data\dvd.bmk
    [2008/01/22 10:32:35 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\ativpsrm.bin
    [2008/01/22 10:29:53 | 000,593,920 | -H-- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
    [2007/12/20 22:35:44 | 003,107,788 | -H-- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
    [2007/12/20 22:35:44 | 003,107,788 | -H-- | C] () -- C:\WINDOWS\System32\ativva5x.dat
    [2007/12/20 22:35:44 | 000,887,724 | -H-- | C] () -- C:\WINDOWS\System32\ativva6x.dat
    [2007/11/17 14:49:26 | 000,001,156 | -H-- | C] () -- C:\WINDOWS\mozver.dat
    [2007/09/17 08:33:58 | 000,043,520 | -H-- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
    [2007/08/21 17:59:24 | 000,001,087 | -H-- | C] () -- C:\WINDOWS\checkip.dat
    [2007/08/21 17:49:09 | 000,001,213 | -H-- | C] () -- C:\WINDOWS\ipconfig.dat
    [2007/03/18 11:01:59 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\William\Application Data\FixVTS.ini
    [2006/12/23 22:36:32 | 000,000,214 | -H-- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
    [2006/11/24 20:36:08 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\William\Application Data\.zreglib
    [2006/11/22 09:55:50 | 000,000,116 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2006/10/19 12:26:34 | 000,038,867 | -H-- | C] () -- C:\WINDOWS\hpomdl03.dat
    [2006/10/19 12:26:34 | 000,029,133 | -H-- | C] () -- C:\WINDOWS\hpoins03.dat
    [2006/10/06 16:44:44 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\VPC32.INI
    [2006/10/06 15:28:25 | 000,000,002 | -H-- | C] () -- C:\WINDOWS\msoffice.ini
    [2006/10/03 11:52:39 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/10/03 11:47:41 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/10/03 11:42:19 | 000,000,126 | -H-- | C] () -- C:\WINDOWS\wininit.ini
    [2006/10/03 11:37:00 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
    [2006/10/03 11:11:14 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\setpwrcg.exe
    [2006/10/03 11:11:12 | 000,095,617 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2006/10/03 11:10:48 | 000,000,392 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/11/10 08:56:34 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/08/11 17:24:19 | 000,000,791 | -H-- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2004/08/11 17:12:14 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/08/11 17:11:31 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/08/11 17:07:24 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/08/11 17:06:43 | 000,288,496 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/08/11 17:00:30 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/11 17:00:28 | 000,445,836 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/11 17:00:28 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/11 17:00:28 | 000,073,042 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/11 17:00:28 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/11 17:00:27 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/11 17:00:26 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/11 17:00:24 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/08/11 17:00:19 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/11 17:00:19 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/11 17:00:12 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/11 17:00:04 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/01/05 03:30:18 | 000,565,248 | -H-- | C] () -- C:\WINDOWS\System32\hpotscl.dll
    [2003/01/07 15:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/07/30 11:33:00 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\NavLogon.dll
     
  15. wimhof

    wimhof TS Rookie Topic Starter Posts: 35

    otl.log part 3- of 3

    ========== LOP Check ==========

    [2011/06/01 14:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2010/10/26 10:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/10/26 10:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2007/12/11 09:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Output
    [2007/12/11 09:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Setup
    [2010/01/19 12:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2011/05/31 12:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iFaAaFc08200
    [2010/06/07 17:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
    [2007/02/24 16:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
    [2011/05/31 13:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2006/10/03 11:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2009/03/23 13:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2010/04/06 10:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/10/09 15:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/05/07 12:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2010/10/26 14:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\AVG10
    [2010/06/09 13:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\Research In Motion
    [2007/01/31 22:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\Viewpoint
    [2006/12/23 21:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Susan\Application Data\Walgreens
    [2010/10/27 22:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tracy\Application Data\AVG10
    [2010/06/08 07:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\William\Application Data\Blackberry Desktop
    [2010/12/20 12:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\William\Application Data\Dyuv
    [2007/12/11 09:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\William\Application Data\eFax Messenger
    [2009/03/29 10:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\William\Application Data\HouseCall 6.6
    [2006/10/27 13:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\William\Application Data\Leadertech
    [2008/02/27 21:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\William\Application Data\LimeWire
    [2007/10/15 12:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\William\Application Data\Lost Marble
    [2010/12/20 12:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\William\Application Data\Ohbato
    [2010/06/07 17:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\William\Application Data\Research In Motion
    [2006/11/24 20:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\William\Application Data\SlySoft
    [2008/05/08 07:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\William\Application Data\Thunderbird
    [2011/01/02 09:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\William\Application Data\Walgreens

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
    [2011/05/31 13:42:18 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/06/02 20:59:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/06/02 21:07:55 | 000,029,532 | ---- | M] () -- C:\ComboFix.txt
    [2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
    [2006/10/03 11:14:46 | 000,006,754 | RH-- | M] () -- C:\dell.sdr
    [2001/09/05 22:00:58 | 001,700,352 | -H-- | M] (Microsoft Corporation) -- C:\gdiplus.dll
    [2011/06/02 20:44:45 | 2145,538,048 | -HS- | M] () -- C:\hiberfil.sys
    [2006/10/19 12:31:24 | 000,004,128 | -H-- | M] () -- C:\INFCACHE.1
    [2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2006/10/03 11:38:07 | 000,000,838 | -H-- | M] () -- C:\IPH.PH
    [2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/11/14 09:10:21 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/06/02 20:44:41 | 3218,079,744 | -HS- | M] () -- C:\pagefile.sys
    [2006/10/06 16:28:02 | 000,017,404 | -H-- | M] () -- C:\PkgClnup.log
    [2006/10/03 11:38:15 | 000,000,087 | -H-- | M] () -- C:\SystemInfo.ini
    [2009/01/27 05:48:38 | 000,000,419 | -H-- | M] () -- C:\updatedatfix.log
    [2007/02/01 23:20:28 | 000,938,582 | -H-- | M] () -- C:\winzip70.zip
    [2006/10/06 16:39:51 | 000,023,692 | -H-- | M] () -- C:\_NavCClt.Log

    < %systemroot%\Fonts\*.com >
    [2006/04/18 16:39:28 | 000,026,040 | -H-- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 15:53:56 | 000,026,489 | -H-- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 16:39:28 | 000,029,779 | -H-- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 15:58:52 | 000,030,808 | -H-- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/08/11 17:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 08:06:10 | 000,089,088 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2009/06/09 01:43:12 | 000,316,928 | -H-- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp092.dll
    [2007/04/09 14:23:54 | 000,028,552 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 06:50:03 | 000,597,504 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/08/11 17:06:14 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2004/08/11 17:06:14 | 000,659,456 | -H-- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2004/08/11 17:06:14 | 000,876,544 | -H-- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2006/10/06 15:39:55 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\William\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/06/02 19:48:19 | 006,389,088 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\William\Desktop\AppRemover.exe
    [2011/06/02 05:44:11 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\William\Desktop\aswMBR.exe
    [2010/10/14 08:55:13 | 060,866,552 | ---- | M] (Online Media Technologies Ltd. ) -- C:\Documents and Settings\William\Desktop\AVSVideoConverter.exe
    [2011/06/02 19:46:40 | 004,111,594 | R--- | M] (Swearware) -- C:\Documents and Settings\William\Desktop\ComboFix.exe
    [2011/06/01 16:00:26 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\William\Desktop\fbuqgtev.exe
    [2010/11/09 10:45:31 | 010,980,832 | ---- | M] () -- C:\Documents and Settings\William\Desktop\FCTBSetup.exe
    [2010/01/16 10:16:59 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\William\Desktop\HijackThis.exe
    [2010/10/26 13:45:13 | 006,238,016 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\William\Desktop\HitmanPro35.exe
    [2011/05/31 16:35:07 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\William\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/06/02 21:26:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\William\Desktop\OTL.exe
    [2011/06/02 05:54:04 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\William\Desktop\RKUnhookerLE.EXE

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2004/08/04 05:00:00 | 000,000,791 | -H-- | M] () -- C:\WINDOWS\addins\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2006/10/06 15:39:54 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\William\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2007/11/10 09:56:01 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\William\Cookies\desktop.ini
    [2011/06/02 21:10:32 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\William\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2005/01/28 13:44:28 | 000,192,512 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 20:11:51 | 000,033,792 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 01:06:34 | 000,004,821 | -H-- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 01:06:34 | 000,007,047 | -H-- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 10:01:49 | 000,083,968 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 13:30:28 | 000,180,224 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 20:12:28 | 001,695,232 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 01:06:36 | 000,002,882 | -H-- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 01:06:36 | 000,006,156 | -H-- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 01:06:36 | 000,006,160 | -H-- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 01:06:36 | 000,004,454 | -H-- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 01:06:36 | 000,115,981 | -H-- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

    < End of report >
     
  16. wimhof

    wimhof TS Rookie Topic Starter Posts: 35

    otl-extras

    OTL Extras logfile created on: 6/2/2011 9:28:52 PM - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\William\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 61.63% Memory free
    4.85 Gb Paging File | 3.77 Gb Available in Paging File | 77.80% Paging File free
    Paging file location(s): C:\pagefile.sys 3069 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 145.85 Gb Total Space | 36.36 Gb Free Space | 24.93% Space Free | Partition Type: NTFS

    Computer Name: CCIM | User Name: William | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-4143634262-2900202759-2067161063-1007\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 1
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
    "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
    "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
    "D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{06053AB3-B607-B752-3252-4A2EA9E9761E}" = CCC Help Dutch
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
    "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
    "{0B4A8658-43F1-50CA-AF30-C67E3AE2C9ED}" = CCC Help Greek
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{0CC61470-D776-2353-D5CB-C7BC20204863}" = CCC Help Finnish
    "{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
    "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
    "{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
    "{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
    "{12655AB3-9285-A2F0-5BBC-C5C45E4D718C}" = CCC Help Czech
    "{133CD5EF-A4A1-442a-8D50-910B5DEF76BD}" = 4200_Help
    "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
    "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
    "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
    "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{1B15D991-5619-4BC1-B71E-3DE793B792FC}" = ArcSoft MediaConverter 2
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
    "{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
    "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
    "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
    "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
    "{24700C01-3A72-29D4-001B-6EE6BF71EB5E}" = CCC Help Korean
    "{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
    "{26262388-95BF-58B0-CD46-A8F957BB67BF}" = Catalyst Control Center Graphics Full Existing
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 24
    "{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{31DABA20-10A1-4746-9D9F-57955B8DFF66}" = Free Games Offer, Desktop Shortcut
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{329376FB-FB6C-C587-F483-07E3418456F5}" = ccc-utility
    "{33A38A8B-9E1E-BCBB-EA87-CE797EC75080}" = CCC Help Chinese Traditional
    "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
    "{34611BCF-3157-405b-A34E-879C7DC79142}" = 4200
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{369EEB32-64D1-F22A-1B2C-A3E81582E767}" = CCC Help Japanese
    "{3846E811-639D-4DE1-844B-30491C0A6C0C}" = Dell Support 3.2
    "{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
    "{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{3FCD8F30-057D-C96F-AEF4-B0D77DE9730C}" = CCC Help Portuguese
    "{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
    "{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
    "{4218F0E1-CBAF-4D68-B6FE-B3504770829F}" = AutoStreamer
    "{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
    "{46605BDE-7F82-DB0F-7906-3279A7E639BE}" = Catalyst Control Center Localization All
    "{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
    "{480A8E00-D808-7D79-977B-CEBBB3BEB409}" = CCC Help French
    "{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
    "{48C7FD10-D6AD-8EE0-2E8E-0480C4EEB1BD}" = Catalyst Control Center HydraVision Full
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
    "{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
    "{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
    "{5CA7ABC3-5F89-3A1D-A113-046EA4C7FCEB}" = ccc-core-static
    "{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
    "{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
    "{68A2A8FC-2CA0-4b6c-BE09-CC7ABE2A8DDC}" = 4200Trb
    "{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
    "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
    "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
    "{6F77AD48-BA04-F868-2D04-FC1BFF5E00BA}" = Catalyst Control Center Graphics Light
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
    "{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{788907C5-C83B-9785-A1F0-67050017324E}" = CCC Help Spanish
    "{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{7F5F1767-88C6-CBFC-5DD3-D853343FD5AE}" = CCC Help German
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
    "{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{84B2CF01-194D-2284-B313-F2E0D78D1033}" = Nero 7 Demo
    "{84DE3702-3262-BE38-27E8-5ED423D803C6}" = CCC Help Chinese Standard
    "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
    "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
    "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
    "{95053B5A-42E0-830E-85BD-733FAFC28BA7}" = ccc-core-preinstall
    "{9A0DCD97-9648-45ed-A52C-133C728AB2FF}" = 4200Tour
    "{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9B40D533-4F38-893D-EE5A-17226104BBC2}" = Skins
    "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
    "{A08CB73B-5DEA-185D-5D98-2230004D75ED}" = CCC Help Danish
    "{A22D91C3-E7BD-CBEE-7CDC-DE4C42FA27B7}" = CCC Help Hungarian
    "{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
    "{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
    "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
    "{AD0DD974-ADC2-8C10-DFA6-C1203A6E5106}" = CCC Help Polish
    "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
    "{B014F739-B305-5319-D996-6612BD60ED74}" = CCC Help Swedish
    "{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
    "{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B3076A28-345A-4d89-90A3-B68866C0DFB8}" = eFax Messenger 4.3
    "{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
    "{C41F4616-44B6-4E8D-BFC7-4267862A2CE1}" = CinepPlayer 30 Update
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C4B03AEB-33D3-11D7-9D37-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_03
    "{C570CAF4-D734-5412-C842-9AB150803074}" = Catalyst Control Center Core Implementation
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
    "{D01F5B2C-2776-6C46-441C-E819C08DF4FF}" = CCC Help Turkish
    "{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
    "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
    "{D2FCA53F-F568-D08A-458F-F7C9769A30ED}" = CCC Help Norwegian
    "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
    "{D49D681E-A4FC-4FD8-BC6F-C9EF2C832B49}" = Java 3D 1.3.1 (OpenGL) SDK
    "{D89B70AB-CF91-36A4-8658-FACA3AF6A654}" = Catalyst Control Center Graphics Previews Common
    "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
    "{DF1274DC-02D4-B2D7-6197-5D24E1EF84B1}" = CCC Help Thai
    "{E000D42E-5842-20A6-EEB1-6DED8C2746C5}" = CCC Help Italian
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E7679B31-21F5-4AAE-1620-0DFACF702325}" = Catalyst Control Center Graphics Full New
    "{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
    "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
    "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
    "{F83491F9-7CDF-46A7-9994-9E002CE5CE75}" = CCC Help Russian
    "{FDE409B1-1FF3-DC39-083E-C0F4ED496D5E}" = CCC Help English
    "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "All ATI Software" = ATI - Software Uninstall Utility
    "AnyDVD" = AnyDVD
    "ATI Display Driver" = ATI Display Driver
    "BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
    "CCleaner" = CCleaner
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVD Shrink_is1" = DVD Shrink 3.2
    "DVDFab Decrypter_is1" = DVDFab Decrypter 3.0.8.6
    "Freecorder4.02B" = Freecorder 4.02B Application
    "Freecorder4.1" = Freecorder
    "HijackThis" = HijackThis 2.0.2
    "HitmanPro35" = Hitman Pro 3.5
    "HP Document Manager" = HP Document Manager 2.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Photo & Imaging" = HP Image Zone 3.5
    "HP Smart Web Printing" = HP Smart Web Printing 4.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "LiveUpdate1.7" = LiveUpdate 1.7 (Symantec Corporation)
    "Logitech Vid" = Logitech Vid HD
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "RealPlayer 6.0" = RealPlayer Basic
    "SearchAssist" = SearchAssist
    "Shop for HP Supplies" = Shop for HP Supplies
    "StreetPlugin" = Learn2 Player (Uninstall Only)
    "Trend Micro HouseCall 6.6" = HouseCall 6.6
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "WIC" = Windows Imaging Component
    "Winamp" = Winamp (remove only)
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows Media Player" = Windows Media Player 10
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-4143634262-2900202759-2067161063-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "World of Logs Client" = World of Logs Client

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 5/31/2011 4:25:33 PM | Computer Name = CCIM | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
    Description = EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 494a943f, P4 mscorlib,
    P5 2.0.0.0, P6 4d352e63, P7 f4f, P8 7, P9 n3ctrye2kn3c34sgl4zqyrbfte4m13nb, P10
    NIL.

    Error - 5/31/2011 4:25:52 PM | Computer Name = CCIM | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
    Description = EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 494a943f, P4 mscorlib,
    P5 2.0.0.0, P6 4d352e63, P7 f4f, P8 7, P9 n3ctrye2kn3c34sgl4zqyrbfte4m13nb, P10
    NIL.

    Error - 5/31/2011 5:47:03 PM | Computer Name = CCIM | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
    Description = EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 494a943f, P4 mscorlib,
    P5 2.0.0.0, P6 4d352e63, P7 f4f, P8 7, P9 n3ctrye2kn3c34sgl4zqyrbfte4m13nb, P10
    NIL.

    Error - 5/31/2011 5:47:27 PM | Computer Name = CCIM | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
    Description = EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 494a943f, P4 mscorlib,
    P5 2.0.0.0, P6 4d352e63, P7 f4f, P8 7, P9 n3ctrye2kn3c34sgl4zqyrbfte4m13nb, P10
    NIL.

    Error - 5/31/2011 7:41:44 PM | Computer Name = CCIM | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
    Description = EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 494a943f, P4 mscorlib,
    P5 2.0.0.0, P6 4d352e63, P7 f4f, P8 7, P9 n3ctrye2kn3c34sgl4zqyrbfte4m13nb, P10
    NIL.

    Error - 5/31/2011 7:47:06 PM | Computer Name = CCIM | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module msvcr80.dll, version 8.0.50727.4053, fault address 0x0001500a.

    Error - 6/1/2011 9:29:30 AM | Computer Name = CCIM | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x100014ab.

    Error - 6/1/2011 9:34:35 AM | Computer Name = CCIM | Source = Application Error | ID = 1001
    Description = Fault bucket 1297274852.

    Error - 6/1/2011 9:34:37 AM | Computer Name = CCIM | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module ntdll.dll, version 5.1.2600.6055, fault address 0x0004487f.

    Error - 6/1/2011 9:34:41 AM | Computer Name = CCIM | Source = Application Error | ID = 1001
    Description = Fault bucket -1992118171.

    [ System Events ]
    Error - 6/1/2011 4:23:09 PM | Computer Name = CCIM | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
    period.

    Error - 6/1/2011 4:39:50 PM | Computer Name = CCIM | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
    period.

    Error - 6/2/2011 7:11:08 AM | Computer Name = CCIM | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.

    Error - 6/2/2011 5:29:07 PM | Computer Name = CCIM | Source = DCOM | ID = 10000
    Description = Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}.
    The
    error: "%2" Happened while starting this command: "C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe"
    -Embedding

    Error - 6/2/2011 5:30:13 PM | Computer Name = CCIM | Source = DCOM | ID = 10000
    Description = Unable to start a DCOM Server: {641B9FB0-C2B1-41BD-8563-5F484E3BE84A}.
    The
    error: "%2" Happened while starting this command: "C:\Program Files\HP\Digital Imaging\Smart
    Web Printing\hpswp_clipbook.exe" -Embedding

    Error - 6/2/2011 5:44:20 PM | Computer Name = CCIM | Source = DCOM | ID = 10000
    Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
    The
    error: "%2" Happened while starting this command: "C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe"
    /PDFShell -Embedding

    Error - 6/2/2011 5:44:20 PM | Computer Name = CCIM | Source = DCOM | ID = 10000
    Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
    The
    error: "%2" Happened while starting this command: "C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe"
    /PDFShell -Embedding

    Error - 6/2/2011 5:44:20 PM | Computer Name = CCIM | Source = DCOM | ID = 10000
    Description = Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
    The
    error: "%2" Happened while starting this command: "C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe"
    /PDFShell -Embedding

    Error - 6/2/2011 5:44:27 PM | Computer Name = CCIM | Source = DCOM | ID = 10000
    Description = Unable to start a DCOM Server: {641B9FB0-C2B1-41BD-8563-5F484E3BE84A}.
    The
    error: "%2" Happened while starting this command: "C:\Program Files\HP\Digital Imaging\Smart
    Web Printing\hpswp_clipbook.exe" -Embedding

    Error - 6/2/2011 8:49:53 PM | Computer Name = CCIM | Source = Service Control Manager | ID = 7034
    Description = The Process Monitor service terminated unexpectedly. It has done
    this 1 time(s).


    < End of report >
     
  17. wimhof

    wimhof TS Rookie Topic Starter Posts: 35

    Let me know if I should close/end OTL, thanks
     
  18. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ====================================================================

    What's the story with your AV program?
    I can see some Norton running, some Avast and some AVG leftovers.
     
  19. wimhof

    wimhof TS Rookie Topic Starter Posts: 35

    update java, remove older versions

    Ok, performed the update to Java - good. then went and ran the JavaRa. When it looked like it ended, a window opened ' JavaRa has encountered a problem and needs to close. We are sorry for the inconvenience.' blah-blah- please tell Microsoft about this problem. Choices are debug, send, don't send (I have a hunch you'll say don't send).

    As for your question on the AV stuff; i don't know. The previous instruction said to run the appremover tool for AVG and I did. There were more choices (norton, etc) but wasn't sure to do anything about them. As for Avast, I tried to load that during one of the 'safe mode' attempts before sending anything to this board. At the time it said it failed but apparently made a mark.

    Let me know if I should go back to AppRemover and get rid of all of it.

    and of course, the removal of older java error i just wrote about.

    as a side note, hopefully I can stay up until at least the next suggestion.
     
  20. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    What about Norton?
    Is it paid for, up to date and running fine?
     
  21. wimhof

    wimhof TS Rookie Topic Starter Posts: 35

    Corporate license version from my company from 9 years ago. That company has been acquired several times and now yet I remained. I thought about getting rid of it due to hearing about it not being too good to have multi-AV's on but never did.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Yes, you can run only one AV program.
    Is your Norton still updating?
    9 years sounds like a very old version.
     
  23. wimhof

    wimhof TS Rookie Topic Starter Posts: 35

    Ever since I had AVG and Super Anti spyware I haven't paid attention to it. But now that I try to use the live update... it fails. 6002: LiveUpdate was not able to extract that update files...
     
  24. Broni

    Broni Malware Annihilator Posts: 52,897   +344

  25. wimhof

    wimhof TS Rookie Topic Starter Posts: 35

    Hmm... Did the Norton uninstall utility (although it did say i had to remove Symantec AV8 from control panel add/remove programs first, reboot, and back to Symantec removal. Now for Avast, this is my first real time using/installing this program and it is currently failing. I had the set-up program on a cd, copied to the desktop and ran for installation. It had asked about if I wanted a google toolbar (nope) and then went to install. Windows Installer came up with an error. Path c:\documents and settings\All users\application data\MFAData\pack\vc_red.msi cannot be found.

    Should I go to their web site and download straight from it?

    after note: after writing the above I said cancel to the windows installer, and now the program appears to have loaded and is now doing a 'quick scan'
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...