Solved Need help with malware removal

Ran Combofix again as instructed. It listed Rootkit.ZeroAccess in the TCP/IP stack again.

Here's the log

ComboFix 12-01-15.01 - Tim 01/15/2012 21:22:28.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.496 [GMT -5:00]
Running from: c:\documents and settings\Tim\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tim\Desktop\CFScript.txt
* Resident AV is active
.
.
FILE ::
"c:\windows\system32\drivers\yfdwvm.sys"
"c:\windows\system32\mll_hp32.exe"
"c:\windows\system32\s3gnb32.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\mydnswatch
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_FASTUSERSWITCHINGCOMPATIBILITY32
-------\Legacy_SYSMONLOG32
-------\Service_FastUserSwitchingCompatibility32
-------\Service_skde
-------\Service_SysmonLog32
.
.
((((((((((((((((((((((((( Files Created from 2011-12-16 to 2012-01-16 )))))))))))))))))))))))))))))))
.
.
2012-01-15 19:02 . 2012-01-15 19:02 -------- d-----w- C:\found.000
2012-01-15 14:13 . 2011-07-15 13:29 456320 -c--a-w- c:\windows\system32\dllcache\mrxsmb.sys
2012-01-15 14:13 . 2011-07-15 13:29 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-01-12 03:33 . 2012-01-12 03:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-12 03:33 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-11 10:09 . 2011-11-22 23:20 574424 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2012-01-11 10:09 . 2011-11-22 23:20 35264 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2012-01-11 10:08 . 2011-11-22 23:20 54328 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2012-01-11 01:49 . 2012-01-11 01:49 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2012-01-02 16:18 . 2012-01-02 16:18 -------- d-sh--w- c:\documents and settings\Lisa\IECompatCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-06 01:52 . 2010-12-12 00:46 341656 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-11-23 13:25 . 2004-08-10 11:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 00:43 . 2010-12-12 00:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-11-23 00:42 . 2011-12-06 01:35 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-11-23 00:41 . 2011-12-06 01:35 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2011-11-23 00:38 . 2010-12-12 00:46 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-11-15 22:00 . 2011-05-17 20:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-14 21:07 . 2010-12-12 00:47 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-11-14 21:07 . 2010-12-12 00:47 2246608 ----a-w- c:\windows\PCTBDCore.dll
2011-11-14 21:07 . 2010-12-12 00:47 1681360 ----a-w- c:\windows\PCTBDRes.dll
2011-11-14 21:06 . 2010-12-12 00:47 767952 ----a-w- c:\windows\BDTSupport.dll
2011-11-14 20:12 . 2010-12-12 00:46 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-11-14 20:12 . 2010-12-12 00:46 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-11-04 19:20 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-10 11:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-10 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-10 11:00 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-10 11:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-10 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2005-03-30 01:21 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2005-03-30 01:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 18:03 . 2011-10-18 18:03 1409 ----a-w- c:\windows\QTFont.for
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2010-01-01 344064]
"SigmatelSysTrayApp"="c:\windows\stsystra.exe" [2005-03-23 339968]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2010-01-01 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2010-01-01 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2010-01-01 81920]
"WD Button Manager"="c:\windows\system32\WDBtnMgr.exe" [2007-04-06 339968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-09-13 72848]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-08-15 738944]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-01-01 160832]
.
c:\documents and settings\Tim\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Dogpile Bundle Toolbar\\TroubleShooter.exe"=
"c:\\Program Files\\Dogpile Bundle Toolbar\\ToolbarUpdate.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [12/11/2010 7:46 PM 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [12/11/2010 7:46 PM 341656]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [12/11/2010 7:46 PM 660992]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [1/11/2012 5:08 AM 54328]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [1/11/2012 5:09 AM 574424]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [10/14/2010 4:08 PM 11352]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [12/11/2010 7:46 PM 253096]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [12/5/2011 8:35 PM 185560]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [12/11/2010 7:47 PM 546768]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2/20/2009 3:46 PM 266240]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [8/15/2011 7:35 AM 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [8/15/2011 7:35 AM 493184]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [12/5/2011 8:36 PM 56840]
R3 RT80x86;Linksys WPC600N/WMP600N Wireless-N Card Driver;c:\windows\system32\drivers\rt2860.sys [5/2/2011 5:38 PM 712704]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/18/2010 9:05 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/18/2010 9:05 PM 136176]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 6:00 AM 14336]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [12/11/2010 7:46 PM 70536]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [12/11/2010 7:45 PM 402336]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [1/11/2012 5:09 AM 35264]
S3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 02:04]
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 02:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{CB82F72F-7DE0-47BA-AB11-598159CBE7D4}: NameServer = 91.211.64.182,192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-15 21:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(948)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(1004)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(3596)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\dlcccoms.exe
.
**************************************************************************
.
Completion time: 2012-01-15 22:03:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-16 03:03
ComboFix2.txt 2012-01-15 22:39
.
Pre-Run: 65,242,992,640 bytes free
Post-Run: 65,420,365,824 bytes free
.
- - End Of File - - 19BC3DCF5C24C68F02770FE9DB63C2F8
 
Looks good.

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Extras

OTL Extras logfile created on: 1/16/2012 7:17:13 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 475.22 Mb Available Physical Memory | 46.50% Memory free
2.40 Gb Paging File | 1.51 Gb Available in Paging File | 63.17% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 60.94 Gb Free Space | 40.90% Space Free | Partition Type: NTFS

Computer Name: HL88V91 | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\PROGRA~1\MICROS~2\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\PROGRA~1\MICROS~2\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mll_hp32.exe" = C:\WINDOWS\system32\mll_hp32.exe:*:Enabled:Windows Update Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Dogpile Bundle Toolbar\TroubleShooter.exe" = C:\Program Files\Dogpile Bundle Toolbar\TroubleShooter.exe:*:Enabled:Dogpile Bundle Toolbar (Helper) -- (FreeCause Inc.)
"C:\Program Files\Dogpile Bundle Toolbar\ToolbarUpdate.exe" = C:\Program Files\Dogpile Bundle Toolbar\ToolbarUpdate.exe:*:Enabled:Dogpile Bundle Toolbar (Update) -- (FreeCause Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00120409-78E1-11D2-B60F-006097C998E7}" = Microsoft FrontPage 2000
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{055C7B5D-B655-495D-BC4B-787994519AAA}" = Creative Memories Memory Manager 3
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0F1A3568-7419-4115-A207-512B9F688267}" = Creative Memories Memory Manager 2
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{2B59AB31-EBD0-45E4-A725-7112904DA605}" = Family Tree Maker Version 16
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C5EA394-1033-11D2-A2CB-00C04F72F31D}" = Microsoft PhotoDraw 2000 V2
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{43B0D334-9A1B-4257-9E51-D3813BD8B9D0}" = GoGear ARIA Device Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54F6C98F-94A0-421C-B90E-0B6A2A96A9CF}" = Pure Networks Platform
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{59C51217-BD7E-40C5-B495-F806D5B6F4CF}" = NRA High Power Competition
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7C352632-F7C7-403B-A78D-992C74DDB91D}" = ZoneAlarm Antivirus
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCC282B-274A-45D5-8B35-20580CC88EE3}" = ClickForms for Students
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A351224F-533A-4EED-89F4-0BF3417FD31D}" = WD Backup
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C96D14EF-FB93-419E-969E-D792C4EB40AF}" = ZoneAlarm Firewall
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D5C99B8C-95AD-4AA5-94FB-621D681BCD65}" = ZoneAlarm Security
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}" = WD Firewire HID Driver
"00BD1CD47675C125126C80095FCC12CFA4D311DB" = Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"A622B79B943ECA1F0AECF1FF5BE13D458F345EBB" = Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AI RoboForm" = AI RoboForm (All Users)
"All ATI Software" = ATI - Software Uninstall Utility
"A-PDF Restrictions Remover_is1" = A-PDF Restrictions Remover 1.6
"ArtistScope Plugin IE 424.2.0.0" = ArtistScope Plugin IE 42
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Browser Defender_is1" = Browser Defender 4.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creative PC-CAM Center" = Creative PC-CAM Center
"Creative PD1131" = Creative WebCam NX Pro Driver (1.02.03.0218)
"Creative WebCam Monitor" = Creative WebCam Monitor
"Creative WebCam NX Pro User's Guide English" = Creative WebCam NX Pro User's Guide (English)
"Cricut DesignStudio" = Cricut DesignStudio
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Lexia Reading 8.0.3" = Lexia Reading
"Linksys Wireless Manager" = Linksys Wireless Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.SingleImage" = Microsoft Office Professional 2010
"PROSet" = Intel(R) PRO Network Connections Drivers
"Spyware Doctor" = PC Tools Spyware Doctor 9.0
"Super Collapse!" = Super Collapse!
"WebSTAR DPC2100 Uninstall" = Scientific-Atlanta WebSTAR 2000 series Cable Modem
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"ZoneAlarm Internet Security Suite" = ZoneAlarm Internet Security Suite
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1935655697-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Term_Services" = Juniper Terminal Services Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/11/2012 8:57:09 PM | Computer Name = HL88V91 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041D from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/11/2012 8:58:09 PM | Computer Name = HL88V91 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041D from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/11/2012 8:58:09 PM | Computer Name = HL88V91 | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\events\lcedisp.cpp(131),
hr = 80040206: Failed to CoCreate EventSystem objec

Error - 1/11/2012 8:59:09 PM | Computer Name = HL88V91 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041D from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/15/2012 6:20:00 PM | Computer Name = HL88V91 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 1/15/2012 6:20:09 PM | Computer Name = HL88V91 | Source = Media Center Extender Services | ID = 36865
Description = ERROR: Device Service Listener - UDP networking failed. Error code
0x8007277A.

Error - 1/15/2012 6:50:49 PM | Computer Name = HL88V91 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 1/15/2012 6:51:11 PM | Computer Name = HL88V91 | Source = Media Center Extender Services | ID = 36865
Description = ERROR: Device Service Listener - UDP networking failed. Error code
0x8007277A.

Error - 1/16/2012 2:19:44 PM | Computer Name = HL88V91 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80080005 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/16/2012 2:19:44 PM | Computer Name = HL88V91 | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {0DD90106-B93B-4C84-81C7-D4A0148FEA9D} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.702 s

[ Media Center Events ]
Error - 4/23/2011 5:15:26 PM | Computer Name = HL88V91 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 4/23/2011 5:15:26 PM. You may need to reschedule your recordings.

Error - 4/24/2011 3:16:39 PM | Computer Name = HL88V91 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 4/24/2011 3:16:39 PM. You may need to reschedule your recordings.

Error - 4/27/2011 6:46:49 PM | Computer Name = HL88V91 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 4/27/2011 6:46:49 PM. You may need to reschedule your recordings.

Error - 4/28/2011 5:10:09 PM | Computer Name = HL88V91 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 4/28/2011 5:10:09 PM. You may need to reschedule your recordings.

Error - 5/1/2011 10:00:17 AM | Computer Name = HL88V91 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 5/1/2011 10:00:17 AM. You may need to reschedule your recordings.

Error - 5/20/2011 6:51:31 PM | Computer Name = HL88V91 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 5/20/2011 6:51:31 PM. You may need to reschedule your recordings.

Error - 6/17/2011 8:01:42 AM | Computer Name = HL88V91 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 6/17/2011 8:01:42 AM. You may need to reschedule your recordings.

Error - 6/21/2011 6:48:06 AM | Computer Name = HL88V91 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 6/21/2011 6:48:06 AM. You may need to reschedule your recordings.

Error - 7/19/2011 9:01:32 AM | Computer Name = HL88V91 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 7/19/2011 9:01:32 AM. You may need to reschedule your recordings.

Error - 11/21/2011 9:22:08 AM | Computer Name = HL88V91 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 11/21/2011 8:22:08 AM. You may need to reschedule your recordings.

[ System Events ]
Error - 1/16/2012 2:19:48 PM | Computer Name = HL88V91 | Source = DCOM | ID = 10010
Description = The server {BA126AD1-2166-11D1-B1D0-00805FC1270E} did not register
with DCOM within the required timeout.

Error - 1/16/2012 2:20:25 PM | Computer Name = HL88V91 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 1/16/2012 4:37:21 PM | Computer Name = HL88V91 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 1/16/2012 4:37:21 PM | Computer Name = HL88V91 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 1/16/2012 4:37:21 PM | Computer Name = HL88V91 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 1/16/2012 7:01:06 PM | Computer Name = HL88V91 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 1/16/2012 7:01:08 PM | Computer Name = HL88V91 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 1/16/2012 7:01:10 PM | Computer Name = HL88V91 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 1/16/2012 7:01:12 PM | Computer Name = HL88V91 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 1/16/2012 7:01:14 PM | Computer Name = HL88V91 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.


< End of report >
 
Otl - 1

OTL logfile created on: 1/16/2012 7:17:13 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 475.22 Mb Available Physical Memory | 46.50% Memory free
2.40 Gb Paging File | 1.51 Gb Available in Paging File | 63.17% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 60.94 Gb Free Space | 40.90% Space Free | Partition Type: NTFS

Computer Name: HL88V91 | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/16 18:47:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
PRC - [2011/11/22 19:41:50 | 002,659,256 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2011/11/22 19:41:50 | 001,117,624 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2011/11/22 18:20:06 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2011/11/22 18:20:02 | 000,071,008 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe
PRC - [2011/11/14 16:06:56 | 000,546,768 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2011/09/13 14:43:02 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/09/13 14:37:10 | 000,072,848 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/08/15 07:35:30 | 000,493,184 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/08/15 07:35:26 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009/12/31 23:08:35 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2009/09/15 17:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2009/02/20 15:46:05 | 000,266,240 | ---- | M] () -- C:\WINDOWS\system32\CSHelper.exe
PRC - [2009/02/16 04:35:38 | 001,358,384 | R--- | M] (Linksys, LLC) -- C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
PRC - [2008/12/12 17:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 17:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/06 17:46:27 | 000,339,968 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
PRC - [2005/07/22 14:03:00 | 000,425,984 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
PRC - [2005/06/21 15:19:38 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcccoms.exe
PRC - [2005/03/22 19:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/22 19:41:44 | 000,157,624 | ---- | M] () -- C:\Program Files\PC Tools Security\NetworkLayer\PCTCFHook.dll
MOD - [2011/11/22 19:41:22 | 000,091,576 | ---- | M] () -- C:\Program Files\PC Tools Security\avengine\sdkBSCtrl.dll
MOD - [2011/11/14 16:06:56 | 000,108,496 | ---- | M] () -- C:\Program Files\PC Tools Security\BDT\BSPatch.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/02/20 15:46:05 | 000,266,240 | ---- | M] () -- C:\WINDOWS\system32\CSHelper.exe
MOD - [2008/12/12 17:11:26 | 000,148,480 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2008/12/12 17:11:26 | 000,097,280 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/06/21 15:27:02 | 001,183,744 | ---- | M] () -- C:\WINDOWS\system32\dlccserv.dll
MOD - [2005/06/21 15:22:06 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\dlcclmpm.dll
MOD - [2005/06/21 15:19:48 | 000,114,688 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 924\dlccpplc.dll
MOD - [2005/06/21 15:19:38 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcccoms.exe
MOD - [2005/06/21 15:18:58 | 000,704,512 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 924\dlcccomc.dll
MOD - [2005/06/21 15:18:24 | 000,155,648 | ---- | M] () -- C:\WINDOWS\system32\dlccprox.dll
MOD - [2005/06/21 15:12:48 | 001,134,592 | ---- | M] () -- C:\WINDOWS\system32\dlccusb1.dll
MOD - [2005/06/06 10:58:38 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\dlcccfg.dll
MOD - [2005/06/06 10:58:38 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 924\dlcccfg.dll
MOD - [2005/04/27 16:30:44 | 000,118,784 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 924\dlccdrec.dll
MOD - [2005/04/01 11:44:16 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 924\dlcccnv4.dll
MOD - [2001/10/28 15:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2011/11/22 19:41:50 | 001,117,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2011/11/22 18:20:06 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2011/11/22 18:20:02 | 000,071,008 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2011/11/14 16:06:56 | 000,546,768 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011/09/13 14:43:02 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/08/15 07:35:30 | 000,493,184 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/03/01 08:56:36 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2009/02/20 15:46:05 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper)
SRV - [2008/12/12 17:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2005/06/21 15:19:38 | 000,491,520 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)


========== Driver Services (SafeList) ==========

DRV - [2011/12/05 20:52:01 | 000,341,656 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2011/11/22 19:43:02 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2011/11/22 19:42:40 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2011/11/22 19:38:04 | 000,253,096 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2011/11/22 18:20:06 | 000,574,424 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2011/11/22 18:20:06 | 000,035,264 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2011/11/22 18:20:04 | 000,054,328 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2011/11/14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/10/07 17:52:12 | 000,660,992 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2011/09/28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2011/09/13 14:37:10 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2011/08/15 07:35:22 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/10/14 16:08:38 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/10/14 16:08:38 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/09/21 15:51:58 | 000,327,256 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/01/13 18:32:02 | 000,712,704 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2008/12/12 17:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 17:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2006/02/09 22:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/16 17:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/08 07:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 07:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 07:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 07:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 07:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 07:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 07:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 14:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 14:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/02/23 16:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/06/10 19:42:38 | 000,015,429 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sacm2A.sys -- (USBCM)
DRV - [2004/02/18 03:16:14 | 000,091,177 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P1131Vid.sys -- (P1131VID) Creative WebCam NX Pro (WDM)
DRV - [2003/11/17 17:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 17:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 17:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========
 
Otl - 2

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1A 49 AF 01 0E 4C DF 42 AC 96 17 C9 20 22 7F 93 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1A 49 AF 01 0E 4C DF 42 AC 96 17 C9 20 22 7F 93 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1A 49 AF 01 0E 4C DF 42 AC 96 17 C9 20 22 7F 93 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1A 49 AF 01 0E 4C DF 42 AC 96 17 C9 20 22 7F 93 [binary data]

IE - HKU\S-1-5-21-1935655697-963894560-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1935655697-963894560-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1935655697-963894560-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1A 49 AF 01 0E 4C DF 42 AC 96 17 C9 20 22 7F 93 [binary data]
IE - HKU\S-1-5-21-1935655697-963894560-725345543-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-1935655697-963894560-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.100: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2011/12/05 20:36:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/09/24 22:41:04 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/01/15 21:48:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-1935655697-963894560-725345543-1003\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1935655697-963894560-725345543-1003\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-18..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Tim\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1935655697-963894560-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1935655697-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1935655697-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - C:\Program Files\Microsoft Office\Office\1033\PHDINTL.DLL (Microsoft Corporation)
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKU\S-1-5-21-1935655697-963894560-725345543-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1935655697-963894560-725345543-1003\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0B195D55-0AB4-48C7-828F-34BE10BA4266} http://www.worldwinner.com/games/v53/dealornodeal/dealornodeal.cab (DealOrNoDeal Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab (Bejeweled Control)
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinner.com/games/v41/freecell/freecell.cab (FreeCell Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175895999125 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://gianteagle.lifepics.com/net/Uploader/LPUploader57.cab (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://vralimuscingh15.connectge.com/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupControlXP Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{856C4C1C-146E-4134-B168-7891DBB1BC3B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB82F72F-7DE0-47BA-AB11-598159CBE7D4}: NameServer = 91.211.64.182,192.168.1.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/06 06:39:49 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 18:47:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
[2012/01/15 14:35:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/15 14:02:21 | 000,000,000 | ---D | C] -- C:\found.000
[2012/01/15 09:05:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/15 09:05:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/15 09:05:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/15 09:05:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/15 09:05:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/15 09:05:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/15 08:20:42 | 004,384,281 | R--- | C] (Swearware) -- C:\Documents and Settings\Tim\Desktop\ComboFix.exe
[2012/01/14 23:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Desktop\bootkit_remover
[2012/01/14 23:25:07 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Tim\Desktop\aswMBR.exe
[2012/01/14 23:01:26 | 001,972,528 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tim\Desktop\tdsskiller.exe
[2012/01/14 19:16:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Tim\Desktop\dds.scr
[2012/01/11 22:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/11 22:33:08 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/11 22:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/11 22:27:44 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tim\Desktop\mbam-setup.exe
[2012/01/11 20:02:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012/01/11 05:09:44 | 000,574,424 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2012/01/11 05:09:04 | 000,035,264 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2012/01/11 05:08:24 | 000,054,328 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2012/01/10 20:49:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/01/10 20:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/31 14:22:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\014
[2011/12/19 14:48:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\055
[2011/12/18 14:56:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\054
[2004/06/10 19:42:38 | 000,015,429 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/16 19:12:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/01/16 19:09:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/16 18:48:49 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/16 18:47:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
[2012/01/16 18:42:37 | 000,984,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/01/16 18:38:53 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/16 18:38:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/15 21:48:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/15 20:16:36 | 000,334,201 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\FSS.exe
[2012/01/15 19:03:18 | 000,475,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/15 19:03:18 | 000,084,822 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/15 14:35:11 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2012/01/15 08:20:54 | 004,384,281 | R--- | M] (Swearware) -- C:\Documents and Settings\Tim\Desktop\ComboFix.exe
[2012/01/14 23:28:39 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\bootkit_remover.zip
[2012/01/14 23:25:56 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Tim\Desktop\aswMBR.exe
[2012/01/14 23:01:44 | 001,972,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tim\Desktop\tdsskiller.exe
[2012/01/14 19:16:35 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Tim\Desktop\dds.scr
[2012/01/14 14:48:43 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\evmrhg7w.exe
[2012/01/11 22:35:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/11 22:31:47 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\rkill.com
[2012/01/11 22:28:17 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tim\Desktop\mbam-setup.exe
[2012/01/10 23:33:49 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/10 17:20:31 | 000,010,262 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\el568bb703jwls21282tw45562d81wy144m4hv4w6ik520
[2012/01/06 20:40:10 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2011/12/31 16:36:06 | 073,248,768 | ---- | M] () -- C:\Documents and Settings\Tim\My Documents\Arsenal.mdb
[2011/12/31 14:28:44 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/12/31 14:21:51 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/15 20:16:30 | 000,334,201 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\FSS.exe
[2012/01/15 17:17:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/01/15 14:35:10 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2012/01/15 14:35:06 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/15 09:05:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/15 09:05:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/15 09:05:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/15 09:05:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/15 09:05:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/14 23:28:38 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\bootkit_remover.zip
[2012/01/14 14:48:40 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\evmrhg7w.exe
[2012/01/11 22:35:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/11 22:31:44 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\rkill.com
[2012/01/10 14:55:36 | 000,010,262 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\el568bb703jwls21282tw45562d81wy144m4hv4w6ik520
[2011/12/15 17:57:00 | 000,001,544 | -HS- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\786687y7c168q428n153s8xbl4s1
[2011/12/15 17:57:00 | 000,001,544 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\786687y7c168q428n153s8xbl4s1
[2011/08/08 11:24:15 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll
[2011/08/08 11:24:14 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2011/08/08 11:24:14 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2011/08/08 11:24:13 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\dlccih.exe
[2011/08/08 11:24:13 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2011/08/08 11:24:12 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll
[2011/08/08 11:24:12 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.exe
[2011/08/08 11:24:12 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll
[2011/08/08 11:24:11 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll
[2011/08/08 11:24:10 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll
[2011/08/08 11:24:10 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll
[2011/08/08 11:24:09 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll
[2011/08/08 11:24:09 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcccoms.exe
[2011/08/08 11:24:09 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll
[2011/08/08 11:24:08 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll
[2011/08/08 11:24:05 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2011/08/08 11:24:05 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2011/08/08 11:24:05 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2011/08/08 11:24:00 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2011/08/08 11:24:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2011/08/08 11:23:58 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2011/08/08 11:23:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2011/07/29 20:08:52 | 000,012,378 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\kv1h3spw143o20xyju4u0o2s80x3o83i717
[2011/07/29 20:08:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rxj.exe
[2011/07/29 20:08:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ovw.exe
[2011/07/29 20:08:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\guo.exe
[2011/07/29 20:08:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\glf.exe
[2011/07/29 20:08:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ctf.exe
[2011/05/02 17:38:47 | 000,015,312 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/03/30 19:15:23 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/03/27 21:42:36 | 001,443,408 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/03/27 13:17:39 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2010/12/11 19:47:56 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll1205.old
[2010/12/11 19:47:56 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/11/24 18:58:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MIDI Configurations
[2010/10/23 08:59:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2010/10/23 08:49:30 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\PPD Plugins
[2010/10/23 08:49:30 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\PageLibraries
[2010/10/23 08:49:30 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Tim\Application Data\Organs
[2010/10/23 08:49:30 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Tim\Application Data\Organic
[2010/10/23 08:49:30 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2010/10/23 08:49:30 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2010/10/23 08:49:30 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Plug-Ins
[2010/10/23 08:49:30 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Plants
[2010/10/23 08:49:29 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\PDEs
[2010/10/23 08:49:29 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Tim\Application Data\Noise Gate
[2010/10/23 08:49:29 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2010/10/23 08:49:29 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Pipe Organ
[2010/09/03 16:00:01 | 000,000,019 | ---- | C] () -- C:\WINDOWS\MSMAIL32.INI
[2010/07/11 12:21:34 | 000,000,070 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2010/05/29 15:18:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010/05/29 14:50:11 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/05/29 14:50:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tim\Application Data\Metadata Importer
[2010/05/29 14:45:20 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Nature
[2010/05/29 14:45:20 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/05/29 14:45:20 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Overdrive
[2010/04/04 13:36:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/31 22:58:08 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2009/10/26 18:02:17 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/14 05:46:54 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/07/27 20:47:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\YAHELITE_cookie.INI
[2009/02/20 15:46:05 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\CSHelper.exe
[2009/01/08 14:20:24 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\koli.dat
[2009/01/08 14:20:17 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\indata.dat
[2008/07/11 22:33:51 | 000,000,023 | ---- | C] () -- C:\WINDOWS\YAHELITE_BUDDY.INI
[2008/07/08 21:54:55 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/07/02 21:42:51 | 000,000,020 | ---- | C] () -- C:\WINDOWS\YahSho.ini
[2008/06/02 22:10:49 | 000,001,818 | ---- | C] () -- C:\WINDOWS\YAHELITE_IGNORE.INI
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/04/06 19:09:54 | 000,000,306 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2007/04/06 19:09:51 | 000,004,661 | ---- | C] () -- C:\WINDOWS\ORG2.INI
[2007/04/06 17:42:05 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\qttask.exe
[2007/04/06 17:32:39 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2007/04/06 16:21:49 | 000,000,508 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/06 12:10:09 | 000,000,170 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/04/06 11:46:00 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2007/04/06 11:45:30 | 000,114,630 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/04/06 06:49:16 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\fusioncache.dat
[2007/04/06 06:43:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/04/06 06:36:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/04/05 19:52:16 | 000,004,637 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/04/05 19:51:16 | 000,329,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/11/18 12:25:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 16:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/22 17:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 17:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 06:00:00 | 000,475,070 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 06:00:00 | 000,084,822 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/11 10:34:28 | 000,053,693 | ---- | C] () -- C:\WINDOWS\UNDPX2A.sys
[2004/06/11 10:31:20 | 000,135,168 | ---- | C] () -- C:\WINDOWS\UNDPX2A.exe
[1998/04/06 23:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
[1998/04/06 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1998/04/06 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2011/07/16 14:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2010/10/23 08:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/01/28 11:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2009/04/24 23:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2009/11/08 16:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2007/11/28 22:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/10/23 09:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2011/11/26 13:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2007/05/06 19:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/10/23 08:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2011/07/18 07:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben and Erin\Application Data\CheckPoint
[2011/09/24 08:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben and Erin\Application Data\ElevatedDiagnostics
[2010/11/22 20:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben and Erin\Application Data\MailFrontier
[2011/11/26 08:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben and Erin\Application Data\Nikon
[2011/11/26 13:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben and Erin\Application Data\Otto
[2011/01/21 19:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ben and Erin\Application Data\Unity
[2009/05/15 15:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Caspedia
[2011/07/17 15:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\CheckPoint
[2011/09/24 14:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\ElevatedDiagnostics
[2011/03/08 18:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Leadertech
[2009/11/09 08:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\MailFrontier
[2007/04/09 10:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\MyFamily.com
[2010/06/11 14:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Nikon
[2011/10/12 11:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\OpenOffice.org
[2007/04/13 16:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Snapfish
[2010/07/26 08:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Unity
[2009/05/21 20:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Caspedia
[2011/07/16 14:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\CheckPoint
[2011/09/23 21:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\ElevatedDiagnostics
[2007/04/25 22:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\ISE Games
[2010/02/03 17:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Juniper Networks
[2007/08/24 18:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Leadertech
[2010/11/22 18:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\MailFrontier
[2007/04/06 17:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\MyFamily.com
[2010/05/29 15:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Nikon
[2008/02/24 09:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\OfficeUpdate12
[2010/04/18 12:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\OpenOffice.org
[2007/05/04 21:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Snapfish
[2011/12/05 20:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\TestApp

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/04/08 12:16:57 | 000,000,020 | -HS- | M] () -- C:\ArcDeviceInfo
[2007/04/06 06:39:49 | 000,000,000 | -HS- | M] () -- C:\AUTOEXEC.BAT
[2012/01/14 00:28:27 | 000,011,154 | ---- | M] () -- C:\avenger.txt
[2007/04/06 06:33:13 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2012/01/15 14:35:11 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/01/15 22:03:43 | 000,013,691 | ---- | M] () -- C:\ComboFix.txt
[2007/04/06 06:39:49 | 000,000,000 | -HS- | M] () -- C:\CONFIG.SYS
[2009/01/18 15:05:39 | 000,215,358 | ---- | M] () -- C:\coreuninstall.log
[2007/04/07 10:21:04 | 000,000,097 | ---- | M] () -- C:\CtDrvIns.log
[2007/04/07 10:21:04 | 000,013,490 | ---- | M] () -- C:\CtDrvStp.log
[2012/01/15 20:33:03 | 000,026,559 | ---- | M] () -- C:\dlcc.log
[2012/01/05 09:53:37 | 000,135,929 | ---- | M] () -- C:\dlccscan.log
[2011/12/04 13:13:55 | 000,012,936 | ---- | M] () -- C:\drwtsn32.log
[2009/01/18 13:30:05 | 000,000,164 | ---- | M] () -- C:\install.dat
[2008/12/07 23:21:46 | 000,001,546 | ---- | M] () -- C:\InstallHelper.log
[2007/04/06 06:39:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/04/06 06:39:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/29 22:11:35 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/01/16 18:38:27 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2012/01/15 09:04:13 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2009/11/08 16:10:59 | 000,000,959 | ---- | M] () -- C:\rollback.ini
[2007/11/23 13:33:15 | 000,000,512 | ---- | M] () -- C:\ScanSectorLog.dat
[2012/01/16 18:39:15 | 000,000,627 | ---- | M] () -- C:\sti.log
[2012/01/14 23:04:13 | 000,054,604 | ---- | M] () -- C:\TDSSKiller.2.7.1.0_14.01.2012_23.02.15_log.txt
[2009/10/15 07:59:44 | 000,000,011 | ---- | M] () -- C:\trace.ini
[2008/06/01 22:01:02 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\Fonts\*.com >
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2007/04/06 06:39:17 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2005/06/12 23:48:22 | 000,073,728 | ---- | M] (Dell, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlccPP5C.DLL
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2011/06/08 18:57:05 | 056,229,376 | ---- | M] () -- C:\Program Files\Scout powerpoint fun.ppt

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2007/04/05 19:50:27 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2007/04/05 19:50:27 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2007/04/05 19:50:27 | 000,905,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/08/29 22:22:27 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/04/06 11:27:58 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2007/04/06 11:27:57 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/01/14 23:25:56 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Tim\Desktop\aswMBR.exe
[2011/09/24 21:44:31 | 002,004,432 | ---- | M] (Check Point Software Technologies LTD) -- C:\Documents and Settings\Tim\Desktop\clean.exe
[2012/01/15 08:20:54 | 004,384,281 | R--- | M] (Swearware) -- C:\Documents and Settings\Tim\Desktop\ComboFix.exe
[2012/01/14 14:48:43 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\evmrhg7w.exe
[2012/01/15 20:16:36 | 000,334,201 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\FSS.exe
[2012/01/11 22:28:17 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tim\Desktop\mbam-setup.exe
[2012/01/16 18:47:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
[2012/01/14 23:01:44 | 001,972,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tim\Desktop\tdsskiller.exe
 
Otl - 3

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2007/02/28 10:51:14 | 000,589,824 | ---- | M] (Fred's Software Company) -- C:\Documents and Settings\Tim\My Documents\PRINTKEY.EXE

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/04/06 11:27:57 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Tim\Favorites\Desktop.ini
[2010/09/03 16:01:12 | 000,000,450 | ---- | M] () -- C:\Documents and Settings\Tim\Favorites\My Documents.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/11/09 20:02:44 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Tim\Cookies\desktop.ini
[2012/01/16 19:16:10 | 000,327,680 | ---- | M] () -- C:\Documents and Settings\Tim\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 03:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 03:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 13:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 13:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 13:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 03:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 03:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1995/04/24 18:45:12 | 000,006,496 | ---- | M] () -- C:\WINDOWS\system\ODBCADM.EXE

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >
 
Status of Machine

The PC seemed to be running faster last night; however, today it seems a bit slower, took a while for windows to fully load (start up apps, desktop icons to appear, etc.). On the wife's user side she is unable to execute Internet Explorer, when executed from shortcut or program in start menu, it opens the "Open File With" dialog box, which lists IE as an option. When IE is selected it opens IE, then closes it. The PC then dispalys dialog boxes for a file download and "Open File With".

IE has been working fine on my user side and it works fine on the kids' side.

Thanks,
Tim
 
Is it the only thing not working on your wife account?
Right click on that IE link, click "Properties" and let me know what it says in "Target:" window.

============================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
DRV - [2010/10/14 16:08:38 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/10/14 16:08:38 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/09/21 15:51:58 | 000,327,256 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O15 - HKU\S-1-5-21-1935655697-963894560-725345543-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1935655697-963894560-725345543-1003\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
[2012/01/10 17:20:31 | 000,010,262 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\el568bb703jwls21282tw45562d81wy144m4hv4w6ik520
[2011/12/15 17:57:00 | 000,001,544 | -HS- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\786687y7c168q428n153s8xbl4s1
[2011/12/15 17:57:00 | 000,001,544 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\786687y7c168q428n153s8xbl4s1
[2011/07/29 20:08:52 | 000,012,378 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\kv1h3spw143o20xyju4u0o2s80x3o83i717
[2011/07/29 20:08:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rxj.exe
[2011/07/29 20:08:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ovw.exe
[2011/07/29 20:08:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\guo.exe
[2011/07/29 20:08:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\glf.exe
[2011/07/29 20:08:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ctf.exe
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=======================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

===========================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Wife's IE is point to C:\Program Files\Internet Explorer\iexplore.exe

OTL ran, but seemed to freeze up, I left it alone and waited over an hour. Then rebooted the machine, OTL restarted itself (it was waiting for a reboot?) and produced the following:


Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\kl1.sys scheduled to be moved on reboot.

Registry entries deleted on Reboot...


I updated Java and removed the old versions

Security Check Log:
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm Internet Security Suite
ZoneAlarm Toolbar
ZoneAlarm Security
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
PC Tools Spyware Doctor 9.0
Java(TM) 6 Update 30
Java(TM) 6 Update 16
Java(TM) 6 Update 18
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Out of date Java installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
ThreatFire TFService.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
``````````End of Log````````````



FSS Log:
Farbar Service Scanner
Ran by Tim (administrator) on 16-01-2012 at 22:35:55
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) pctgntdi(9) PSched(7) Tcpip(4) Tcpip6(10)
0x0A0000000800000005000000010000000200000003000000040000000900000006000000070000000A000000


**** End of log ****


Ran the Temp File Cleaner as instructed.


and the ESET Scanner is running, I'll post that result in the morning.
 
When done with Eset....

1. Re-run OTL fix from safe mode.

2. Uninstall:
Java(TM) 6 Update 16
Java(TM) 6 Update 18
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
 
Other Issues on Wife's side

Solitare (the one included with windows) doesn't work where it can't find the application to run it. MS Office (word, excel, etc.) from the start menu return an program not found message, but I can open a document/spreadsheet directy and Word/Excel will open it.

Tim
 
Rerun OTL wtih the Fix script listed above? Also, how do I go about removeing the other Java versions if JavaRa didn't remove them?

Thanks,
Tim
 
Eset

I ran the ESET scan, the first one got interupted by my AV that I had suspended, but generated the following.

C:\Documents and Settings\Lisa\My Documents\CouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD application deleted - quarantined


I then disabled the AV and reran, which generated the following.
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\mrxsmb.sys.vir a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1852\A2509289.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1852\A2510289.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1852\A2511289.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1852\A2512296.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1852\A2513296.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1853\A2513317.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1853\A2514317.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1853\A2515317.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1853\A2516317.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1853\A2517317.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1853\A2518317.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1853\A2519317.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1854\A2520325.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1855\A2521333.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1855\A2522333.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1855\A2523333.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1855\A2524333.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1855\A2525333.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1855\A2526338.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1855\A2527338.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1855\A2527359.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1855\A2527379.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1856\A2527400.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1856\A2528400.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1856\A2529400.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1856\A2529479.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1856\A2530479.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1856\A2531479.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1856\A2532479.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1856\A2533479.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1856\A2534479.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1856\A2534510.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1856\A2535512.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1856\A2535525.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1856\A2536525.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1856\A2537525.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1856\A2538525.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1856\A2539525.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1856\A2539537.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1856\A2540537.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1856\A2541537.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1856\A2542537.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1856\A2543537.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1856\A2544561.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1856\A2545561.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1857\A2545574.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1857\A2545587.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1857\A2546587.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1857\A2547587.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1857\A2548587.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1857\A2549587.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1857\A2550587.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1857\A2551590.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1857\A2552590.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1857\A2553590.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1857\A2554590.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1857\A2555591.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1857\A2556591.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1857\A2557591.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1857\A2558594.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1857\A2559594.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1857\A2560594.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1857\A2561594.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1857\A2562594.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{12882104-69A8-4D46-8684-D9FCD401F195}\RP1857\A2563622.sys a variant of Win32/Rootkit.Kryptik.HD trojan cleaned by deleting - quarantined


I removed the Java Versions, except 16 and 18 - both of these are throwing an error after the "Gathering Information" window, with the message "Fatal Error During Installation".
 
OTL Safe Mode Log

All processes killed
========== OTL ==========
Error: No service named KL1 was found to stop!
Service\Driver key KL1 not found.
C:\WINDOWS\system32\drivers\kl1.sys moved successfully.
Error: No service named kl2 was found to stop!
Service\Driver key kl2 not found.
C:\WINDOWS\system32\drivers\kl2.sys moved successfully.
Service KLIF stopped successfully!
Service KLIF deleted successfully!
C:\WINDOWS\system32\drivers\klif.sys moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_USERS\S-1-5-21-1935655697-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1935655697-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\All Users\Application Data\el568bb703jwls21282tw45562d81wy144m4hv4w6ik520 moved successfully.
C:\Documents and Settings\Tim\Local Settings\Application Data\786687y7c168q428n153s8xbl4s1 moved successfully.
C:\Documents and Settings\All Users\Application Data\786687y7c168q428n153s8xbl4s1 moved successfully.
C:\Documents and Settings\All Users\Application Data\kv1h3spw143o20xyju4u0o2s80x3o83i717 moved successfully.
C:\Documents and Settings\All Users\Application Data\rxj.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\ovw.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\guo.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\glf.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\ctf.exe moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Ben and Erin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Lisa
->Temp folder emptied: 993772 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 994136 bytes
->Temporary Internet Files folder emptied: 131854 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 1991512 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Tim
->Temp folder emptied: 6351773 bytes
->Temporary Internet Files folder emptied: 10835114 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 470 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4406787 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 15257066 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 39.00 mb


[EMPTYJAVA]

User: All Users

User: Ben and Erin
->Java cache emptied: 0 bytes

User: Default User

User: Lisa
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Tim
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Ben and Erin
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Lisa
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Tim
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01172012_173319

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
Computer seems to be working fine so far. The last run of OTL did not produce a log though. Also, do I need to remove Java Update 16 and 18, as they keep giving me an error when I try to uninstall?

I'm working on getting the wife set back-up as a user.

I really appreciate all your help. I'll post back after I test out the computer more.

Thanks,
Tim
 
do I need to remove Java Update 16 and 18, as they keep giving me an error when I try to uninstall?
Click to expand...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

Whatever it removes.....

Good luck and stay safe :)
 
JavaRa ran but I still have Java 16 and 18 listed as installed programs under Control Panel/Add Remove programs, which still give me the error if I try uninstalling. I suspect JavaRa did it's thing, but somehow they got left in the list of programs.

Thanks again for all your help.

Tim
 
You must log in or register to reply here.

Similar threads

D
Google Chrome gets real-time phishing and malware protection with upgraded Safe Browsing...
Replies
7
Views
250
Evrsr
E
midian182
Google's AI-powered search can recommend malicious sites, including scams and malware
Replies
6
Views
133
James Ryan
J
AGenericFool
Help - Valid Windows 10 Licenses deactivate after two days?!
Replies
1
Views
303
Nelson28
N

Latest posts

Back