Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dwm.exe could not load or Run specified in Registry.


  • Please log in to reply

#1
RedXBaka

RedXBaka

    New Member

  • Member
  • Pip
  • 5 posts
My other computer is infected with a virus, I believe, and the error message "Could not load or run C:\users\PMAH\AppData\Local\Temp\dwm.exe specified in the registry. Make sure the file exists on your computer or remove the reference to it in the registry." the PMAH refers to the computer, I believe.
I've also looked around and found some other topics from people with the same problem but I'm unsure whether I should follow the instructions given to them because mine might be different.

Other than the popup, the internet was automatically set to a proxy, of which I am unsure of. Also, the internet access is pretty much cut off from that computer. What should I do? The other topics I've read included the infected person doing an OTL scan OR a Rootkit scan, and I'm unsure which to do.

So any help would be really really really appreciated!
And also, thanks in advance for any replies/help.




Edit:
I used OTL.exe and did a scan (using scan.exe) and this is the OTL file that came up:



OTL logfile created on: 11/13/2010 5:08:30 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\pmah\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 451.07 Gb Total Space | 336.56 Gb Free Space | 74.61% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.84 Gb Free Space | 53.52% Space Free | Partition Type: NTFS
Drive I: | 1.89 Gb Total Space | 1.88 Gb Free Space | 99.77% Space Free | Partition Type: FAT

Computer Name: PMAH-PC | User Name: pmah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\pmah\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe (Verizon)
PRC - C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe (Radialpoint SafeCare Inc.)
PRC - C:\Program Files\McAfee Security Scan\1.0.150\mcuicnt.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe (Verizon)
PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\Kav\Bin\ScanningProcess.exe (Kaspersky Lab.)
PRC - C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe (Radialpoint Inc.)
PRC - C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
PRC - C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
PRC - C:\Program Files\Dell Remote Access\ezi_ra.exe (Dell Inc.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\bin\SanaMonitor.exe (Sana Security)
PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\bin\SanaAgent.exe (Sana Security)
PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe ()
PRC - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe ()
PRC - C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
PRC - C:\Windows\System32\spool\drivers\w32x86\3\lxddserv.exe (Lexmark International, Inc.)
PRC - C:\Windows\System32\lxddcoms.exe ( )
PRC - C:\Program Files\Lexmark 2500 Series\lxddamon.exe (Lexmark)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\pmah\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msshsq.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Windows\Temp\logishrd\LVPrcInj01.dll (Logitech Inc.)
MOD - C:\Windows\System32\duser.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\actxprxy.dll (Microsoft Corporation)
MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\System32\SLC.dll (Microsoft Corporation)
MOD - C:\Windows\System32\networkexplorer.dll (Microsoft Corporation)
MOD - C:\Windows\System32\thumbcache.dll (Microsoft Corporation)
MOD - C:\Windows\System32\IconCodecService.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll File not found
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (Radialpoint Security Services) -- C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe (Radialpoint SafeCare Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (RP_FWS) -- C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe (Verizon)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (hnmsvc) -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (RadialpointSafeConnectAgent) -- C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe (Sana Security)
SRV - (PD91Engine) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe (Raxco Software, Inc.)
SRV - (PD91Agent) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe (Raxco Software, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxddCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe ()
SRV - (lxdd_device) -- C:\Windows\System32\lxddcoms.exe ( )
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (MSSQL$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (npkcusb) -- C:\Users\pmah\Desktop\New Folder (4)\MapleStoreh\npkcusb.sys File not found
DRV - (npkcrypt) -- C:\Users\pmah\Desktop\New Folder (4)\MapleStoreh\npkcrypt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (HCW85BDA) -- C:\Windows\System32\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV - (RPSKT) Security Services Driver (x86) -- C:\Windows\System32\drivers\rp_skt32.sys (Radialpoint Inc.)
DRV - (RadialpointSafeConnectDriver) -- C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_VISTA\SafeConnectDriver.sys (Sana Security, Inc. )
DRV - (RadialpointSafeConnectFilter) -- C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_VISTA\SafeConnectFilter.sys (Sana Security, Inc. )
DRV - (RadialpointSafeConnectShim) -- C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_VISTA\SafeConnectShim.sys (Sana Security, Inc. )
DRV - (PCD5SRVC{3F6A8B78-EC003E00-05040104}) -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (DefragFS) -- C:\Windows\System32\drivers\DefragFS.sys (Raxco Software, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (Packet) -- C:\Windows\System32\drivers\packet.sys (SingleClick Systems)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\HyperCam Toolbar\tbhelper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.aol.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.18.0
FF - prefs.js..keyword.URL: "http://www.bigseekpr...F85D794C62}?q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\firefox\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/25 15:37:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/09 08:57:37 | 000,000,000 | ---D | M]

[2010/04/04 18:50:07 | 000,000,000 | ---D | M] -- C:\Users\pmah\AppData\Roaming\Mozilla\Extensions
[2010/10/31 21:13:51 | 000,000,000 | ---D | M] -- C:\Users\pmah\AppData\Roaming\Mozilla\Firefox\Profiles\fi9hy5i0.default\extensions
[2010/04/04 20:05:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\pmah\AppData\Roaming\Mozilla\Firefox\Profiles\fi9hy5i0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/30 16:56:15 | 000,000,000 | ---D | M] (HyperCam Toolbar) -- C:\Users\pmah\AppData\Roaming\Mozilla\Firefox\Profiles\fi9hy5i0.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2010/07/03 09:07:17 | 000,000,000 | ---D | M] -- C:\Users\pmah\AppData\Roaming\Mozilla\Firefox\Profiles\fi9hy5i0.default\extensions\[email protected]
[2010/04/04 18:48:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (PopKill Class) - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll (Verizon)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe (Lexmark)
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [Nokia FastStart] C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe (Nokia)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [QQIntl] C:\Program Files\Tencent\QQIntl\Bin\QQ.exe (Tencent)
O4 - HKCU..\Run: [svchost] C:\Users\pmah\AppData\Roaming\Microsoft\svchost.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\pmah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
F3 - HKCU WinNT: Load - (C:\Users\pmah\AppData\Local\Temp\dwm.exe) - C:\Users\pmah\AppData\Local\Temp\dwm.exe File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: QQ - C:\Program Files\Tencent\QQIntl\Bin\AddEmotion.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefi...er_4.0.27.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\pmah\AppData\Roaming\Microsoft\Windows\shell.exe) - C:\Users\pmah\AppData\Roaming\Microsoft\Windows\shell.exe File not found
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\pmah\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\pmah\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1a18cc4f-6d52-11de-b69f-0024e8064d7c}\Shell\Auto\command - "" = Windows.scr
O33 - MountPoints2\{1acf1252-40c3-11de-88ca-0024e8064d7c}\Shell - "" = AutoRun
O33 - MountPoints2\{1acf1252-40c3-11de-88ca-0024e8064d7c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{408ed12f-a447-11de-a91b-0024e8064d7c}\Shell - "" = AutoRun
O33 - MountPoints2\{408ed12f-a447-11de-a91b-0024e8064d7c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (PDBoot.exe) - C:\Windows\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.CFHD - C:\Windows\System32\cfhd.dll (CineForm Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/13 16:58:22 | 000,000,000 | ---D | C] -- C:\Users\pmah\Desktop\New Desktop
[2010/11/13 16:58:15 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\pmah\Desktop\OTL.exe
[2009/08/04 09:22:31 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\pmah\AppData\Roaming\DataSafeDotNet.exe
[2009/05/01 23:54:49 | 000,999,424 | ---- | C] ( ) -- C:\Windows\System32\lxddusb1.dll
[2009/05/01 23:54:49 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxddinpa.dll
[2009/05/01 23:54:49 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxddiesc.dll
[2009/05/01 23:54:49 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDDhcp.dll
[2009/05/01 23:54:48 | 001,232,896 | ---- | C] ( ) -- C:\Windows\System32\lxddserv.dll
[2009/05/01 23:54:48 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxddpmui.dll
[2009/05/01 23:54:48 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxddlmpm.dll
[2009/05/01 23:54:48 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxddprox.dll
[2009/05/01 23:54:48 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxddpplc.dll
[2009/05/01 23:54:47 | 000,700,416 | ---- | C] ( ) -- C:\Windows\System32\lxddhbn3.dll
[2009/05/01 23:54:46 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxddcomc.dll
[2009/05/01 23:54:46 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxddcomm.dll

========== Files - Modified Within 30 Days ==========

[2010/11/13 17:01:08 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/13 17:01:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/13 17:00:34 | 000,630,258 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/13 17:00:34 | 000,114,942 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/13 16:51:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/13 16:50:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\pmah\Desktop\OTL.exe
[2010/11/13 16:49:24 | 003,909,080 | ---- | M] () -- C:\Users\pmah\Desktop\ComboFix.exe
[2010/11/13 15:35:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/13 15:35:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/13 15:35:12 | 3478,310,912 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/13 15:32:49 | 172,523,040 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2010/11/13 15:25:01 | 000,000,556 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for pmah.job
[2010/11/12 18:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2010/11/12 18:00:00 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010/11/12 03:24:01 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2010/11/10 18:44:14 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\DriverCure.job
[2010/11/10 18:44:07 | 564,263,622 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/09 22:27:01 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{295438A0-EB5A-4FF9-9588-1F02EDD5219F}.job
[2010/11/02 06:07:11 | 000,010,294 | ---- | M] () -- C:\Users\pmah\AppData\Roaming\wklnhst.dat
[2010/11/02 06:07:02 | 000,011,264 | ---- | M] () -- C:\Users\pmah\Documents\research plan 2.wps
[2010/10/30 19:21:08 | 002,287,736 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2010/10/19 20:55:01 | 000,000,099 | ---- | M] () -- C:\Users\pmah\jagex_runescape_preferences2.dat
[2010/10/19 20:34:39 | 000,000,046 | ---- | M] () -- C:\Users\pmah\jagex_runescape_preferences.dat
[2010/10/18 14:48:01 | 000,011,264 | ---- | M] () -- C:\Users\pmah\Documents\Ch24 Multiple Choice.wps

========== Files Created - No Company Name ==========

[2010/11/13 16:58:15 | 003,909,080 | ---- | C] () -- C:\Users\pmah\Desktop\ComboFix.exe
[2010/11/09 22:30:38 | 3478,310,912 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/09 22:27:01 | 000,000,390 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{295438A0-EB5A-4FF9-9588-1F02EDD5219F}.job
[2010/11/02 05:27:36 | 000,011,264 | ---- | C] () -- C:\Users\pmah\Documents\research plan 2.wps
[2010/10/31 23:53:33 | 564,263,622 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/18 14:48:01 | 000,011,264 | ---- | C] () -- C:\Users\pmah\Documents\Ch24 Multiple Choice.wps
[2010/08/31 19:39:09 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/08/16 18:31:21 | 000,018,760 | ---- | C] () -- C:\Windows\System32\QQVistaHelper.dll
[2010/07/02 09:28:22 | 000,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2010/06/07 09:10:40 | 000,000,043 | ---- | C] () -- C:\Windows\WALLSTRT.INI
[2009/11/14 20:03:49 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/11/14 20:03:48 | 000,138,056 | ---- | C] () -- C:\Users\pmah\AppData\Roaming\PnkBstrK.sys
[2009/11/05 07:33:00 | 000,002,379 | ---- | C] () -- C:\ProgramData\lxdd
[2009/07/10 16:19:08 | 000,000,552 | ---- | C] () -- C:\Users\pmah\AppData\Local\d3d8caps.dat
[2009/07/08 14:55:11 | 000,000,680 | ---- | C] () -- C:\Users\pmah\AppData\Local\d3d9caps.dat
[2009/05/18 23:37:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/05/18 23:20:42 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/05/01 23:59:54 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxddcoin.dll
[2009/05/01 23:57:03 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL
[2009/05/01 23:57:03 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL
[2009/05/01 23:56:43 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2009/05/01 23:56:43 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2009/05/01 23:55:41 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxddrwrd.ini
[2009/05/01 23:54:49 | 000,286,720 | ---- | C] () -- C:\Windows\System32\LXDDinst.dll
[2009/05/01 23:54:47 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxddgrd.dll
[2009/05/01 06:19:08 | 000,010,294 | ---- | C] () -- C:\Users\pmah\AppData\Roaming\wklnhst.dat
[2009/04/29 21:53:07 | 000,023,040 | ---- | C] () -- C:\Users\pmah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/24 01:10:04 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2009/04/24 01:10:03 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2009/04/24 01:10:02 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2009/04/24 01:10:02 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2009/04/24 01:10:02 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/10/14 15:09:12 | 000,005,504 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen_x86.sys
[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007/01/23 13:40:03 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxddcaps.dll
[2007/01/09 11:13:08 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdddrs.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/06 12:08:04 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxddcnv4.dll
[2006/05/17 21:47:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxddvs.dll

========== LOP Check ==========

[2009/05/01 20:18:13 | 000,000,000 | ---D | M] -- C:\Users\pmah\AppData\Roaming\acccore
[2009/08/20 04:50:44 | 000,000,000 | ---D | M] -- C:\Users\pmah\AppData\Roaming\Azureus
[2009/06/20 23:17:04 | 000,000,000 | ---D | M] -- C:\Users\pmah\AppData\Roaming\DriverCure
[2009/08/12 12:22:06 | 000,000,000 | ---D | M] -- C:\Users\pmah\AppData\Roaming\GetRightToGo
[2009/05/18 23:21:20 | 000,000,000 | ---D | M] -- C:\Users\pmah\AppData\Roaming\Leadertech
[2009/05/02 00:17:42 | 000,000,000 | ---D | M] -- C:\Users\pmah\AppData\Roaming\Lexmark Productivity Studio
[2009/07/10 16:19:28 | 000,000,000 | ---D | M] -- C:\Users\pmah\AppData\Roaming\Nexon
[2009/08/28 20:14:33 | 000,000,000 | ---D | M] -- C:\Users\pmah\AppData\Roaming\Nokia
[2009/08/29 06:28:14 | 000,000,000 | ---D | M] -- C:\Users\pmah\AppData\Roaming\PC Suite
[2010/06/15 07:42:07 | 000,000,000 | ---D | M] -- C:\Users\pmah\AppData\Roaming\Publish Providers
[2010/10/14 16:51:09 | 000,000,000 | ---D | M] -- C:\Users\pmah\AppData\Roaming\Smilebox
[2010/06/13 23:51:49 | 000,000,000 | ---D | M] -- C:\Users\pmah\AppData\Roaming\Sony
[2009/05/01 06:19:09 | 000,000,000 | ---D | M] -- C:\Users\pmah\AppData\Roaming\Template
[2010/08/16 18:45:31 | 000,000,000 | ---D | M] -- C:\Users\pmah\AppData\Roaming\Tencent
[2010/06/07 08:54:25 | 000,000,000 | ---D | M] -- C:\Users\pmah\AppData\Roaming\TradeStation Technologies
[2009/04/30 16:34:28 | 000,000,000 | ---D | M] -- C:\Users\pmah\AppData\Roaming\WildTangent
[2009/05/08 19:44:36 | 000,000,000 | ---D | M] -- C:\Users\pmah\AppData\Roaming\WildTangentv1005
[2010/11/10 18:44:14 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\DriverCure.job
[2010/11/12 18:00:00 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2010/11/12 18:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2010/11/12 03:24:01 | 000,000,414 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
[2010/10/30 19:20:46 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/09 22:27:01 | 000,000,390 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{295438A0-EB5A-4FF9-9588-1F02EDD5219F}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/20 21:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/04/24 01:10:12 | 000,003,760 | RH-- | M] () -- C:\dell.sdr
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/11/13 15:35:12 | 3478,310,912 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/10/09 08:58:16 | 000,001,527 | -H-- | M] () -- C:\IPH.PH
[2009/05/02 00:29:30 | 000,024,420 | ---- | M] () -- C:\lxdd.log
[2010/09/26 03:23:59 | 000,000,172 | ---- | M] () -- C:\lxddjswx.log
[2010/11/13 15:35:11 | 3791,929,344 | -HS- | M] () -- C:\pagefile.sys
[2009/09/13 15:22:41 | 000,000,204 | ---- | M] () -- C:\Plugins
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2007/02/26 23:16:25 | 000,103,936 | ---- | M] () -- C:\Windows\System32\spool\prtprocs\w32x86\lxdddrpp.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 11:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/10/30 17:41:24 | 000,004,871 | ---- | M] () -- C:\Users\pmah\AppData\Roaming\Microsoft\stor.cfg

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/09/03 21:21:58 | 000,000,286 | -HS- | M] () -- C:\Users\pmah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2009/09/13 11:10:59 | 000,103,720 | ---- | M] () -- C:\Users\pmah\GoToAssistDownloadHelper.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/04/29 21:03:13 | 000,000,402 | -HS- | M] () -- C:\Users\pmah\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/08/26 08:46:01 | 000,002,379 | ---- | M] () -- C:\ProgramData\lxdd

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >
[3 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >
[2006/09/18 16:31:55 | 000,107,620 | ---- | M] () -- C:\Windows\System32\acwizard.ico

< %systemroot%\system\*.exe >

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >
[2010/07/04 18:54:13 | 000,055,668 | ---- | M] () -- C:\Windows\Logs\DirectX.log

< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

< %AppData%\Adobe\dlluplwin25\*.* >

< %UserProfile%\*.dat >
[2010/10/19 20:34:39 | 000,000,046 | ---- | M] () -- C:\Users\pmah\jagex_runescape_preferences.dat
[2010/10/19 20:55:01 | 000,000,099 | ---- | M] () -- C:\Users\pmah\jagex_runescape_preferences2.dat
[2010/09/25 15:44:42 | 000,000,000 | ---- | M] () -- C:\Users\pmah\jagex__preferences3.dat
[2010/11/13 17:16:38 | 003,145,728 | -HS- | M] () -- C:\Users\pmah\NTUSER.DAT

< %UserProfile%\*.dll >

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

< %appdata%\Microsoft\Windows\*.* >

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< %systemroot%\system32\windows32\*.* >

< %ProgramFiles%\win\*.* >

< %AppData%\Microsoft\CD Burning\*.* >

< %systemroot%\*.cab >

< %systemroot%\K.Backup\*.* >

< %ProgramFiles%\Massenger\*.* >

< %systemroot%\System32\*.doc >

< %systemroot%\Office12\*.* >

< %systemroot%\System32\Rundl32.exe\*.* >

< %ProgramFiles%\yahoo.net\*.* >

< %systemroot%\system32\*.igo >

< %systemroot%\*.rew >

< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >
[2007/04/26 00:22:32 | 000,115,360 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxddcfgx.exe
[2007/04/26 00:21:37 | 000,398,256 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxddjswx.exe
[2007/04/26 00:21:33 | 000,291,760 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxddpswx.exe
[2007/04/26 00:21:42 | 000,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxddserv.exe
[2007/04/26 00:21:53 | 000,082,864 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxddtime.exe
[2007/04/26 00:21:50 | 000,082,864 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxddupld.exe
[2007/04/26 00:21:45 | 000,082,864 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxddview.exe
[2007/04/16 05:55:20 | 000,343,086 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxddwavs.exe
[2007/04/26 00:21:57 | 000,140,208 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxddwbgw.exe

< %USERPROFILE%\.COMMgr\*.* >

< %USERPROFILE%\Desktop\*.bat >

< %PROGRAMFILES%\Common Files\Real\visualizations\*.rpv /x >

< %PROGRAMFILES%\Internet Explorer\*.Jmp >

< %PROGRAMFILES%\Windows NT\system\*.dll >

< %systemroot%\system32\*.ext >

< %systemroot%\system32\Com\*.cfg >

< %systemroot%\system32\btz\*.* >

< %systemroot%\system32\EMP\*.* >

< %systemroot%\system32\expo\*.* >

< %systemroot%\system32\inet2\*.* >

< %systemroot%\system32\xrem\*.* >

< %ProgramFiles%\Microsoft\*.* >

< %systemroot%\usgwmt\*.* >

< %ProgramFiles%\B\*.* >

< %SYSTEMDRIVE%\lspp\*.* >

< %systemroot%\Kral\*.* >

< %SYSTEMDRIVE%\windowsdvd.exe\*.* >

< %systemroot%\system32\*.ipo >

< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >

< %systemroot%\system32\*.mof >

< %systemroot%\*.atm >

< %systemroot%\system32\svhost\*.* >

< %ProgramFiles%\system32\*.* >

< %ProgramFiles%\Docmentt\*.* >

< %systemroot%\Help\*.vbs >

< %ProgramFiles%\Windows WinSxs\*.* /s >

< %ProgramFiles%\Outlook Express\IDT\*.* /s >

< %ProgramFiles%\Microsoft Office\365\*.* /s >

< %ProgramFiles%\Windows Live\*.* >

< %systemroot%\system32\win32\*.* >

< %SYSTEMDRIVE%\RECYCLER\*.* >

< %systemroot%\Fresh1\*.* >

< %ProgramFiles%\Kekj\*.* /s >

< %systemroot%\GDU\*.* >

< %systemroot%\KA\*.* >

< %systemroot%\R\*.* >

< %systemroot%\system32\*.fyo >

< %USERPROFILE%\System\*.* >

< %systemroot%\Source\*.* >

< %systemroot%\system32\ac\*.* >

< %ProgramFiles%\MSDN\*.* >

< %AppData%\AdobeUM\winvcldll54\*.* /s >

< %ProgramFiles%\Internet Explorer\*.ico >

< %systemroot%\system32\*.ojo >

< %systemroot%\system32\d323s\*.* >

< %systemroot%\system32\re\*.* >

< %UserProfile%\Microsoft\*.dll >

< %UserProfile%\Microsoft\*.log >

< %systemroot%\Bios\*.* >

< %ProgramFiles%\Spool\*.* >

< %ProgramFiles%\promp3\*.* >

< %SYSTEMDRIVE%\Driver\*.* /s >

< %SYSTEMDRIVE%\inetserver.exe\*.* >

< %systemroot%\java\trustlib\*.* >

< %ProgramFiles%\Common Files\designer\*.exe >

< %ProgramFiles%\*. >
[2009/05/01 23:55:39 | 000,000,000 | ---D | M] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
[2009/04/23 22:29:28 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/10/09 08:57:57 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2009/11/08 22:11:30 | 000,000,000 | ---D | M] -- C:\Program Files\Aimersoft
[2009/11/07 16:45:24 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/12/12 20:02:32 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2009/07/18 20:42:33 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/11/07 16:48:24 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/06/13 22:47:26 | 000,000,000 | ---D | M] -- C:\Program Files\CamStudio
[2009/07/20 19:56:09 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/04/23 22:35:13 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2010/10/09 08:57:35 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/04/23 23:01:43 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2010/01/26 09:10:13 | 000,000,000 | ---D | M] -- C:\Program Files\Dell DataSafe Online
[2009/04/23 22:27:17 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Inc
[2009/04/23 22:43:33 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Remote Access
[2009/04/23 22:44:17 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2009/08/28 20:07:14 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2009/09/16 23:20:13 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/08/02 16:19:23 | 000,000,000 | ---D | M] -- C:\Program Files\DNA
[2009/06/24 19:17:12 | 000,000,000 | ---D | M] -- C:\Program Files\EA Games
[2009/12/25 15:25:17 | 000,000,000 | ---D | M] -- C:\Program Files\FunWebProducts
[2010/06/13 23:11:06 | 000,000,000 | ---D | M] -- C:\Program Files\Game Cam V2
[2010/07/04 17:32:34 | 000,000,000 | ---D | M] -- C:\Program Files\GamersFirst
[2009/05/18 23:35:19 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/05/17 17:29:44 | 000,000,000 | ---D | M] -- C:\Program Files\Hamachi
[2010/05/30 16:56:15 | 000,000,000 | ---D | M] -- C:\Program Files\HyperCam Toolbar
[2010/01/24 13:22:27 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/04/23 22:28:16 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/10/14 02:20:54 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/11/07 16:49:27 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/04/23 22:26:29 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/05/01 23:57:37 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark 2500 Series
[2009/05/01 23:57:33 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Fax Solutions
[2009/05/01 23:55:41 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Toolbar
[2009/05/18 23:21:26 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2010/09/17 17:05:16 | 000,000,000 | ---D | M] -- C:\Program Files\Lx_cats
[2010/06/13 23:07:17 | 000,000,000 | ---D | M] -- C:\Program Files\MagicDVDRipper
[2010/01/24 10:55:45 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2009/04/23 22:52:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/05/20 09:07:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/04/23 22:32:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/10/07 18:29:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/06/13 23:44:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2009/04/23 22:56:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/04/23 22:57:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2010/08/12 02:05:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/26 02:03:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/08/27 15:32:54 | 000,000,000 | ---D | M] -- C:\Program Files\MoparScape
[2010/08/12 03:15:24 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/09/25 15:37:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/12/24 14:39:17 | 000,000,000 | ---D | M] -- C:\Program Files\MyWebSearch
[2009/08/28 20:11:03 | 000,000,000 | ---D | M] -- C:\Program Files\Nokia
[2009/12/11 18:05:50 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Security Scan
[2009/11/15 17:51:50 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller
[2009/07/02 18:22:49 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2009/05/22 06:59:57 | 000,000,000 | ---D | M] -- C:\Program Files\ParetoLogic
[2009/11/07 16:48:04 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/09/26 21:35:46 | 000,000,000 | ---D | M] -- C:\Program Files\Raxco
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/04/23 22:35:08 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2009/05/12 12:11:55 | 000,000,000 | ---D | M] -- C:\Program Files\ScottradeELITE
[2009/10/02 05:50:27 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/06/13 23:38:31 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2010/06/13 23:37:32 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Setup
[2010/04/16 17:16:42 | 000,000,000 | ---D | M] -- C:\Program Files\StepMania
[2010/08/16 18:40:52 | 000,000,000 | ---D | M] -- C:\Program Files\Tencent
[2010/06/07 09:10:41 | 000,000,000 | ---D | M] -- C:\Program Files\TradeStation 8.7 (Build 3085)
[2010/06/13 23:45:03 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/08/31 19:39:17 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
[2009/09/26 21:35:33 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon
[2009/05/01 20:08:36 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2010/06/13 23:39:13 | 000,000,000 | ---D | M] -- C:\Program Files\Vstplugins
[2009/04/23 22:38:44 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2008/01/20 21:35:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2008/01/20 21:35:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2008/01/20 21:35:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2008/01/20 21:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/03/21 08:51:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/04/23 22:52:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/09/16 02:21:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/14 02:20:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/01/20 21:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2008/01/20 21:35:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/07/16 18:10:05 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/06/13 23:12:40 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %systemroot%\system32\*.tso >

< %ALLUSERSPROFILE%\Documents\Server\*.* >

< %systemroot%\*.pif >
[2006/09/18 16:43:58 | 000,000,707 | ---- | M] () -- C:\Windows\_default.pif

< %systemroot%\system32\n7533\*.* >

< %systemroot%\Us18336\*.* >

< %systemroot%\system32\*.zip >

< %systemroot%\system32\*.wgo >

< %systemroot%\system32\dllcache\*.com >

< %systemroot%\system32\dllchache\*.* >

< %systemroot%\system32\038840\*.* >

< %systemroot%\system32\13E92A\*.* >

< %systemroot%\system32\1CB5AD\*.* >

< %systemroot%\system32\52682A\*.* >

< %USERPROFILE%\My Documents\*.htm >

< %SYSTEMDRIVE%\Mr_CF\*.* >

< %USERPROFILE%\My Documents\*.dll >

< %USERPROFILE%\My Documents\*.ccc >

< %systemroot%\system32\Sis\*.* >

< %systemroot%\Microsft\*.* >

< %SYSTEMDRIVE%\driverwinx.exe\*.* >

< %systemroot%\BifroXx\*.* >

< %SYSTEMDRIVE%\TSTP\*.* >

< %systemroot%\winsn\*.* >

< %ProgramFiles%\windata\*.* >

< %SYSTEMDRIVE%\msixxxxxxx.exe\*.* >

< %systemroot%\system32\*.sao >

< %systemroot%\system32\*.iem >

< %systemroot%\system32\*.mdd >

< %systemroot%\system32\*.wlo >

< %systemroot%\system32\*.skn >

< %SYSTEMDRIVE%\Winup\*.* >

< %SYSTEMDRIVE%\test\*.* >

< %systemroot%\system32\med\*.* >

< %systemroot%\Bifrost\*.* >

< %systemroot%\system32\explorer.exe\*.* >

< %UserProfile%\UserData\*.dat /x >

< %SYSTEMDRIVE%\Arquivo de programas\*.* >

< %ProgramFiles%\tcpview\*.* >

< %systemroot%\system32\*.lyo >

< %ProgramFiles%\huanbang2\*.* >

< %systemroot%\winhuanbang\*.* >

< %systemroot%\minrsv.ini\*.* >

< %systemroot%\assembly\GAC\*.* >

< %AppData%\Adobe\crtmswin91\*.* >

< %ProgramFiles%\Windows NT\Accessories\*.exe >
[2010/06/28 09:31:26 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe

< %systemroot%\system32\*.pdo >

< %SYSTEMDRIVE%\APPDATASH\*.* >

< %SYSTEMDRIVE%\sy\*.* >

< %systemroot%\*.cot >

< %systemroot%\system32\*.html >

< %systemroot%\system32\win32.exe\*.* >

< %systemroot%\System32\9283\*.* >

< %systemroot%\System32\hardpol\*.* /s >

< %systemroot%\Fonts\*.dat >

< %ProgramFiles%\WinNTsystem operation\*.* >

< %SYSTEMDRIVE%\moneyxmexx.exe\*.* >

< %USERPROFILE%\Templates\*.exe >

< %SYSTEMDRIVE%\MSOCache\*.* >

< %systemroot%\inf\win\*.* >

< %SYSTEMDRIVE%\users\*.ini /x >

< %systemroot%\Media\*.exe >

< %systemroot%\Media\*.dll >

< %USERPROFILE%\Desktop\*.exe >
[2010/11/13 16:49:24 | 003,909,080 | ---- | M] () -- C:\Users\pmah\Desktop\ComboFix.exe
[2010/11/13 16:50:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\pmah\Desktop\OTL.exe

< %PROGRAMFILES%\*.* >
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %systemroot%\system\*.dat >

< %AppData%\AdobeUM\upldrvdrv2\*.* >

< %ProgramFiles%\wiselink\*.* >

< %systemroot%\*.wd >

< %systemroot%\boot\*.* >

< %systemroot%\ime\*.dll /x >

< %systemroot%\system32\GroupPolicy\User\Scripts\*.* /s >

< %systemroot%\system32\*.INS >

< %SYSTEMDRIVE%\Temporary\*.* >

< %AppData%\AdobeUM\vclvclupl66\*.* >

< %SYSTEMDRIVE%\KEY\*.* /s >

< %SYSTEMDRIVE%\INVRSO\*.* >

< %systemroot%\Config\Audit\*.* /s >

< %ProgramFiles%\facebook\*.* >

< %SystemRoot%\system32\___hptmp\*.* >

< %SystemRoot%\system32\Macromedia\*.* >

< %SystemRoot%\system32\Macrocmp\*.* >

< %systemroot%\ap0calypse_00CD1A40\*.* /s >

< %SYSTEMDRIVE%\bbotxxxxxx.exe\*.* >

< %systemroot%\cacher\*.* >

< %systemroot%\down\*.* >

< %systemroot%\up\*.* >

< %SYSTEMDRIVE%\bootstartx.exe\*.* >

< %systemroot%\system32\wbem\grpconv.exe >

< %SYSTEMDRIVE%\Zolander\*.* /s >

< %systemroot%\Media_\*.* >

< %systemroot%\SV1\*.* >

< %systemroot%\system32\Hotspot\*.* >

< %systemroot%\java\*.* >

< %systemroot%\system32\JAVA\*.* >

< %systemroot%\system32\syst\*.* >

< %systemroot%\msapps\*.* >

< %systemroot%\Fonts\*.html >

< %systemroot%\WinRecycleb\*.* >

< %systemroot%\system32\PassTools\*.* >

< %USERPROFILE%\Templates\*.txt >

< %systemroot%\system32\[bleep]\*.* >

< %systemroot%\system32\xmldm\*.* >

< %systemroot%\system32\ui\*.* /s >

< %SYSTEMDRIVE%\autorun.inf\*.* /s >

< %ProgramFiles%\autorun.inf\*.* /s >

< %ProgramFiles%\Windows Media Player\autorun.inf\*.* /s >

< %ProgramFiles%\Windows Media Player\c\*.* /s >

< %systemroot%\win\*.* >

< %systemroot%\system32\update_flash\*.* >

< %systemroot%\system32\dllcache\*.bak >

< %SYSTEMDRIVE%\wedfwefeee.exe\*.* >

< %SYSTEMDRIVE%\explorxxxx.exe\*.* >

< %USERPROFILE%\My Documents\Windows\*.* /s >

< HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers >

< HKLM\Software\Policies\Microsoft\Windows\System\Scripts /s >

< HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download >
"CheckExeSignatures" = yes

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Providers|ProviderFileName6 /rs >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-27 07:07:58

========== Files - Unicode (All) ==========
[2009/09/26 21:38:59 | 000,000,036 | ---- | M] ()(C:\Windows\System32\????????????????????4???????????????????????) -- C:\Windows\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2009/09/26 21:38:59 | 000,000,036 | ---- | C] ()(C:\Windows\System32\????????????????????4???????????????????????) -- C:\Windows\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >



The second notepad that was saved onto my desktop from the scan was scan.exe.
I'm unsure whether it has any significance as to my problem but here it is:



netsvcs
drivers32
msconfig
safebootminimal
safebootnetwork
activex
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.exe
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
%USERPROFILE%\Templates\*.tmp
%SYSTEMDRIVE%\explorexxx.exe\*.*
%Windir%\Installer\*.tmp
%systemroot%\System32\*.xco
%ProgramFiles%\system32\*.*
%systemroot%\System32\windos\*.*
%SystemRoot%\system32\sandbox\*.*
%SystemRoot%\system32\*.amo
%SystemRoot%\system32\Windows Live\*.*
%ProgramFiles%\logs\*.*
%ProgramFiles%\Bifrost\*.*
%SystemRoot%\system32\*.goo
%systemroot%\system32\IME\*.*
%systemroot%\BackUp\*.*
%systemroot%\system32\*.ico
%systemroot%\system\*.exe
%AppData%\Macromedia\Common\*.*
%SYSTEMDRIVE%\dir\*.* /s
%systemroot%\system32\ras\*.exe
%SYSTEMDRIVE%\MFILES\*.*
%SYSTEMDRIVE%\mDNSRespon.exe\*.*
%systemroot%\system32\services\*.*
%systemroot%\Spooler\*.*
%ProgramFiles%\system32\*.*
%systemroot%\system32\Setup\*.dll /x
%systemroot%\system32\*.mine
%SYSTEMDRIVE%\cleansweep.exe\*.*
%systemroot%\system32\ras\*.dll
%systemroot%\system32\ras\*.drv
%systemroot%\*.iq
%systemroot%\system32\XP\*.*
%SYSTEMDRIVE%\Extracted\*.*
%systemroot%\system32\windows\*.*
%systemroot%\logs\*.*
%SYSTEMDRIVE%\Win.Msi\*.*
%systemroot%\regedit\*.*
%systemroot%\system32\skype\*.*
%AppData%\Adobe\dlluplwin25\*.*
%UserProfile%\*.dat
%UserProfile%\*.dll
%systemroot%\system32\*.sxo
%SYSTEMDRIVE%\Gazma\*.* /s
%systemroot%\system32\spynet\*.*
%systemroot%\system32\System\*.*
%appdata%\Microsoft\Windows\*.*
%systemroot%\system32\WinDir\*.*
%systemroot%\_\*.*
%systemroot%\system32\windows32\*.*
%ProgramFiles%\win\*.*
%AppData%\Microsoft\CD Burning\*.*
%systemroot%\*.cab
%systemroot%\K.Backup\*.*
%ProgramFiles%\Massenger\*.*
%systemroot%\System32\*.doc
%systemroot%\Office12\*.*
%systemroot%\System32\Rundl32.exe\*.*
%ProgramFiles%\yahoo.net\*.*
%systemroot%\system32\*.igo
%systemroot%\*.rew
%systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe
%USERPROFILE%\.COMMgr\*.*
%USERPROFILE%\Desktop\*.bat
%PROGRAMFILES%\Common Files\Real\visualizations\*.rpv /x
%PROGRAMFILES%\Internet Explorer\*.Jmp
%PROGRAMFILES%\Windows NT\system\*.dll
%systemroot%\system32\*.ext
%systemroot%\system32\Com\*.cfg
%systemroot%\system32\btz\*.*
%systemroot%\system32\EMP\*.*
%systemroot%\system32\expo\*.*
%systemroot%\system32\inet2\*.*
%systemroot%\system32\xrem\*.*
%ProgramFiles%\Microsoft\*.*
%systemroot%\usgwmt\*.*
%ProgramFiles%\B\*.*
%SYSTEMDRIVE%\lspp\*.*
%systemroot%\Kral\*.*
%SYSTEMDRIVE%\windowsdvd.exe\*.*
%systemroot%\system32\*.ipo
%SYSTEMDRIVE%\usxxxxxxxx.exe\*.*
%systemroot%\system32\*.mof
%systemroot%\*.atm
%systemroot%\system32\svhost\*.*
%ProgramFiles%\system32\*.*
%ProgramFiles%\Docmentt\*.*
%systemroot%\Help\*.vbs
%ProgramFiles%\Windows WinSxs\*.* /s
%ProgramFiles%\Outlook Express\IDT\*.* /s
%ProgramFiles%\Microsoft Office\365\*.* /s
%ProgramFiles%\Windows Live\*.*
%systemroot%\system32\win32\*.*
%SYSTEMDRIVE%\RECYCLER\*.*
%systemroot%\Fresh1\*.*
%ProgramFiles%\Kekj\*.* /s
%systemroot%\GDU\*.*
%systemroot%\KA\*.*
%systemroot%\R\*.*
%systemroot%\system32\*.fyo
%USERPROFILE%\System\*.*
%systemroot%\Source\*.*
%systemroot%\system32\ac\*.*
%ProgramFiles%\MSDN\*.*
%AppData%\AdobeUM\winvcldll54\*.* /s
%ProgramFiles%\Internet Explorer\*.ico
%systemroot%\system32\*.ojo
%systemroot%\system32\d323s\*.*
%systemroot%\system32\re\*.*
%UserProfile%\Microsoft\*.dll
%UserProfile%\Microsoft\*.log
%systemroot%\Bios\*.*
%ProgramFiles%\Spool\*.*
%ProgramFiles%\promp3\*.*
%SYSTEMDRIVE%\Driver\*.* /s
%SYSTEMDRIVE%\inetserver.exe\*.*
%systemroot%\java\trustlib\*.*
%ProgramFiles%\Common Files\designer\*.exe
%ProgramFiles%\*.
%systemroot%\system32\*.tso
%ALLUSERSPROFILE%\Documents\Server\*.*
%systemroot%\*.pif
%systemroot%\system32\n7533\*.*
%systemroot%\Us18336\*.*
%systemroot%\system32\*.zip
%systemroot%\system32\*.wgo
%systemroot%\system32\dllcache\*.com
%systemroot%\system32\dllchache\*.*
%systemroot%\system32\038840\*.*
%systemroot%\system32\13E92A\*.*
%systemroot%\system32\1CB5AD\*.*
%systemroot%\system32\52682A\*.*
%USERPROFILE%\My Documents\*.htm
%SYSTEMDRIVE%\Mr_CF\*.*
%USERPROFILE%\My Documents\*.dll
%USERPROFILE%\My Documents\*.ccc
%systemroot%\system32\Sis\*.*
%systemroot%\Microsft\*.*
%SYSTEMDRIVE%\driverwinx.exe\*.*
%systemroot%\BifroXx\*.*
%SYSTEMDRIVE%\TSTP\*.*
%systemroot%\winsn\*.*
%ProgramFiles%\windata\*.*
%SYSTEMDRIVE%\msixxxxxxx.exe\*.*
%systemroot%\system32\*.sao
%systemroot%\system32\*.iem
%systemroot%\system32\*.mdd
%systemroot%\system32\*.wlo
%systemroot%\system32\*.skn
%SYSTEMDRIVE%\Winup\*.*
%SYSTEMDRIVE%\test\*.*
%systemroot%\system32\med\*.*
%systemroot%\Bifrost\*.*
%systemroot%\system32\explorer.exe\*.*
%UserProfile%\UserData\*.dat /x
%SYSTEMDRIVE%\Arquivo de programas\*.*
%ProgramFiles%\tcpview\*.*
%systemroot%\system32\*.lyo
%ProgramFiles%\huanbang2\*.*
%systemroot%\winhuanbang\*.*
%systemroot%\minrsv.ini\*.*
%systemroot%\assembly\GAC\*.*
%AppData%\Adobe\crtmswin91\*.*
%ProgramFiles%\Windows NT\Accessories\*.exe
%systemroot%\system32\*.pdo
%SYSTEMDRIVE%\APPDATASH\*.*
%SYSTEMDRIVE%\sy\*.*
%systemroot%\*.cot
%systemroot%\system32\*.html
%systemroot%\system32\win32.exe\*.*
%systemroot%\System32\9283\*.*
%systemroot%\System32\hardpol\*.* /s
%systemroot%\Fonts\*.dat
%ProgramFiles%\WinNTsystem operation\*.*
%SYSTEMDRIVE%\moneyxmexx.exe\*.*
%USERPROFILE%\Templates\*.exe
%SYSTEMDRIVE%\MSOCache\*.*
%systemroot%\inf\win\*.*
%SYSTEMDRIVE%\users\*.ini /x
%systemroot%\Media\*.exe
%systemroot%\Media\*.dll
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\*.*
%systemroot%\system\*.dat
%AppData%\AdobeUM\upldrvdrv2\*.*
%ProgramFiles%\wiselink\*.*
%systemroot%\*.wd
%systemroot%\boot\*.*
%systemroot%\ime\*.dll /x
%systemroot%\system32\GroupPolicy\User\Scripts\*.* /s
%systemroot%\system32\*.INS
%SYSTEMDRIVE%\Temporary\*.*
%AppData%\AdobeUM\vclvclupl66\*.*
%SYSTEMDRIVE%\KEY\*.* /s
%SYSTEMDRIVE%\INVRSO\*.*
%systemroot%\Config\Audit\*.* /s
%ProgramFiles%\facebook\*.*
%SystemRoot%\system32\___hptmp\*.*
%SystemRoot%\system32\Macromedia\*.*
%SystemRoot%\system32\Macrocmp\*.*
%systemroot%\ap0calypse_00CD1A40\*.* /s
%SYSTEMDRIVE%\bbotxxxxxx.exe\*.*
%systemroot%\cacher\*.*
%systemroot%\down\*.*
%systemroot%\up\*.*
%SYSTEMDRIVE%\bootstartx.exe\*.*
%systemroot%\system32\wbem\grpconv.exe
%SYSTEMDRIVE%\Zolander\*.* /s
%systemroot%\Media_\*.*
%systemroot%\SV1\*.*
%systemroot%\system32\Hotspot\*.*
%systemroot%\java\*.*
%systemroot%\system32\JAVA\*.*
%systemroot%\system32\syst\*.*
%systemroot%\msapps\*.*
%systemroot%\Fonts\*.html
%systemroot%\WinRecycleb\*.*
%systemroot%\system32\PassTools\*.*
%USERPROFILE%\Templates\*.txt
%systemroot%\system32\[bleep]\*.*
%systemroot%\system32\xmldm\*.*
%systemroot%\system32\ui\*.* /s
%SYSTEMDRIVE%\autorun.inf\*.* /s
%ProgramFiles%\autorun.inf\*.* /s
%ProgramFiles%\Windows Media Player\autorun.inf\*.* /s
%ProgramFiles%\Windows Media Player\c\*.* /s
%systemroot%\win\*.*
%systemroot%\system32\update_flash\*.*
%systemroot%\system32\dllcache\*.bak
%SYSTEMDRIVE%\wedfwefeee.exe\*.*
%SYSTEMDRIVE%\explorxxxx.exe\*.*
%USERPROFILE%\My Documents\Windows\*.* /s
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
HKLM\Software\Policies\Microsoft\Windows\System\Scripts /s
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Providers|ProviderFileName6 /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Edited by RedXBaka, 14 November 2010 - 03:29 PM.

  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,047 posts
Hello RedXBaka,

Welcome to Geekstogo.

Firstly, please go to Start > Control Panel >Add or Remove Programs (Programs and Features if you are a Vista user) and uninstall the following if they exist:

Viewpoint, Viewpoint Manager, Viewpoint Media Player.:

Viewpoint Manager is considered to be foistware. You can go to the link below to read about it.

http://www.clickz.co...cle.php/3561546

Next

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
    FF - prefs.js..keyword.URL: "http://www.bigseekpro.com/search/toolbar/hypercam/{9A2B6413-B796-8AAF-B3AB-AAF85D794C62}?q="
    FF - prefs.js..network.proxy.http_port: 50370
    FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\firefox\
    [2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
    O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
    O4 - HKCU..\Run: [svchost] C:\Users\pmah\AppData\Roaming\Microsoft\svchost.exe File not found
    F3 - HKCU WinNT: Load - (C:\Users\pmah\AppData\Local\Temp\dwm.exe) - C:\Users\pmah\AppData\Local\Temp\dwm.exe File not found
    O33 - MountPoints2\{1a18cc4f-6d52-11de-b69f-0024e8064d7c}\Shell\Auto\command - "" = Windows.scr
    O33 - MountPoints2\{1acf1252-40c3-11de-88ca-0024e8064d7c}\Shell - "" = AutoRun
    O33 - MountPoints2\{1acf1252-40c3-11de-88ca-0024e8064d7c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{408ed12f-a447-11de-a91b-0024e8064d7c}\Shell - "" = AutoRun
    O33 - MountPoints2\{408ed12f-a447-11de-a91b-0024e8064d7c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
Finally in this post

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

So when you return please post
  • OTL fix log
  • ComboFix.txt

  • 0

#3
RedXBaka

RedXBaka

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
When you mentioned not to mouselick combofix's window when it is running what did you mean?
and I've run into a rather bad problem.

When I was running combofix, it told me to disable Verizon Security Suite Anti Spyware and Anti Virus, which I did, but it said it would continue with them running even though I thought I disabled them, and when ComboFix ran, I quickly X'ed out of the window. I believe that exited it however, because I X'ed out either before or while it was getting ready to run.
On second run of ComboFix, the same problem occurred, but this time I just let it run.
Combofix also did not prompt me about Microsoft Windows Recover Console, (most likely because of my lack of internet connection?) and instead rebooted my computer automatically.
On startup, it began to scan, and the computer rebooted again automatically.
Upon the next startup, a blue command prompt says "Preparing Log Report.", and "Do not run any programs until Combofix is finished"

The "Preparing Log Report" has been going on for almost around 18 hours now. Should I try to cancel ComboFix or do anything or just keep on waiting.?

I've also clicked the screen and pressed spacebar a couple times, around 2 spacebar hits and 2 mouseclicks, for when my computer went to sleep.

What should I do? and is there a way to properly stop ComboFix?
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,047 posts
Hello RedXBaka,

My apologies, I see I missed replying to this :D

If I don't reply within 24hours please send me a personal message.

What should I do? and is there a way to properly stop ComboFix?


I guess by now you will have worked out that rebooting is the way around that.

Usually works but if it hasn't please tell me.

Also please update me on what is the position now.
  • 0

#5
RedXBaka

RedXBaka

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Sorry about the late reply, schoolwork has caught the better of me recently and I haven't touched my computer in a bit as well.
Anyways, the infected computer seems as if nothing has happened, and I can't find the OTL fix log, and I'm unsure whether to run another fix, or to not.
Also, as with the Combofox, I haven't touched it since I rebooted my computer, (thanks for the help on that by the way, I didn't reboot it until I read your post haha) and I'm unsure whether to try to run Combofix again.
I did, however, delete Viewpoint Manager via Control Panel however, so I guess I'm not 100% back to where I started at.

I'm ready for another go at it, but the computer has been infected for a while now, is it possible for a fix of any sort?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP