Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

mshuib.dll error / TR/ATRAPS.Gen2[trojan]

Started by relakz , May 22 2011 02:55 PM

This topic is locked

#1
relakz

Posted 22 May 2011 - 02:55 PM

New Member

Member
4 posts

Hello,

I just recently have started using my Dell Inspiron 9400 laptop again, and upon booting it up for the first time in quite a while, I began getting this 'mshuib.dll' error while Windows(XP) starts up, and when I open up pretty much anything else (except IE).

I did a system scan for malware with Avira antivirus and the system came up clean, although when I looked at events in Avira in the last day it has about 100 occurances of:

Virus or unwanted program 'TR/ATRAPS.Gen2[trojan]'
detected in file 'C:\WINDOWS\system32\mshuib.dll.
Action performed: Deny Access

After a ton of those entries, there is one of these:

The file 'C:\WINDOWS\system32\mshuib.dll'
contained a virus or unwanted program ''TR/ATRAPS.Gen2[trojan]
Actions taken:
An error has occured and the file was not deleted. ErrorID: 26003
The file could not be deleted!
Attempting to perform action using the ARK library.
The file was moved to the quarantine directory under the name
'545f5848.qua

I checked the quarantine, but it was empty for some reason.

The other things I have tried so far are:

Safemode - Error still occurs here.
Restoring to a previous date - Didn't help, plus since it hadn't been used in so long I could only restore 1 day.

Here is the quickscan OTL report:

OTL logfile created on: 5/22/2011 4:42:56 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Nicolas\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 576.86 Mb Available Physical Memory | 56.87% Memory free
2.39 Gb Paging File | 2.04 Gb Available in Paging File | 85.61% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.44 Gb Total Space | 6.54 Gb Free Space | 12.71% Space Free | Partition Type: NTFS

Computer Name: NICK | User Name: Nicolas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/22 16:35:40 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicolas\Desktop\OTL.exe
PRC - [2011/05/22 16:25:00 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Nicolas\Desktop\aswMBR.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/22 04:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2008/02/22 04:25:20 | 000,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
PRC - [2008/01/28 17:42:12 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/11/16 23:35:16 | 000,397,312 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/01/27 03:02:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2003/09/10 04:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe

========== Modules (SafeList) ==========

MOD - [2011/05/22 16:35:40 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicolas\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/11/22 21:58:48 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/02/01 21:08:12 | 000,108,800 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/02/01 21:08:12 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2006/02/01 21:08:12 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006/02/01 21:08:12 | 000,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2006/02/01 21:08:12 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/02/01 21:08:12 | 000,039,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/02/01 21:08:12 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006/02/01 21:08:12 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2006/02/01 21:08:12 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/11/16 23:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/02 21:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 18:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/15 01:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/15 00:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/13 02:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2004/02/13 18:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/09/09 14:53:50 | 000,017,018 | ---- | M] (Intellon, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PLCNDIS5.SYS -- (PLCNDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...-inc&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...-inc&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...-inc&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\prxtb4sh2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "my.yahoo.com"
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071102000005
FF - prefs.js..extensions.enabledItems: {E13A4525-447B-4D52-83FA-C91C38F25154}:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/01/28 17:42:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{E13A4525-447B-4D52-83FA-C91C38F25154}: C:\Documents and Settings\Nicolas\Local Settings\Application Data\{E13A4525-447B-4D52-83FA-C91C38F25154} [2009/04/08 17:08:10 | 000,000,000 | ---D | M]

[2008/10/23 13:44:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Extensions
[2009/08/22 16:32:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\yp8c66ic.default\extensions
[2009/03/29 16:53:29 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\yp8c66ic.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2009/03/26 10:06:33 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\yp8c66ic.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/12/19 18:31:10 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\yp8c66ic.default\extensions\[email protected]
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
[2009/04/08 17:08:10 | 000,000,000 | ---D | M] (XUL Cache) -- C:\DOCUMENTS AND SETTINGS\NICOLAS\LOCAL SETTINGS\APPLICATION DATA\{E13A4525-447B-4D52-83FA-C91C38F25154}
[2010/06/02 03:09:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - File not found
O2 - BHO: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\prxtb4sh2.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\prxtb4sh2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (4shared.com Toolbar) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - C:\Program Files\4shared.com\prxtb4sh2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AOLDialer] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Nqurunicap] File not found
O4 - HKLM..\Run: [ShowLOMControl] File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ares] File not found
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [SVCHOST.EXE] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} http://asp.mathxl.co...ntingPlayer.cab (Pearson Accounting Player)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.co...GenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} http://asp.mathxl.co...InstallAsst.cab (PearsonAsstX Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://sdlc-esd.sun....ows-i586-jc.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.co.../MathPlayer.cab (Pearson MathXL Player)
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} http://asp.mathxl.co.../EconPlayer.cab (Pearson MyEconLab Player Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Winlogon: DllName - winmm64.dll - File not found
O21 - SSODL: WinCheck - {EAD8F454-EC03-4B47-A5B7-6534DA513FA5} - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/22 16:35:34 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nicolas\Desktop\OTL.exe
[2011/05/22 16:24:19 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Nicolas\Desktop\aswMBR.exe
[2011/05/21 10:14:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/05/20 22:57:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2011/05/20 22:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RegGenie
[2011/05/20 22:46:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft Corporation
[2011/05/20 20:54:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2011/05/18 11:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\RegGenie
[2011/05/18 11:35:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicolas\Local Settings\Application Data\ConduitEngine
[2011/05/18 11:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/22 16:35:40 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicolas\Desktop\OTL.exe
[2011/05/22 16:25:54 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Nicolas\Desktop\MBR.dat
[2011/05/22 16:25:00 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Nicolas\Desktop\aswMBR.exe
[2011/05/22 16:24:36 | 000,446,386 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/22 16:24:35 | 000,073,426 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/22 16:20:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/22 16:20:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/21 10:53:45 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/05/20 21:13:48 | 000,010,088 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2011/05/20 21:13:48 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2011/05/20 21:09:24 | 000,002,417 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LOKI.lnk
[2011/05/20 20:54:30 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/05/18 11:51:47 | 000,337,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/18 11:36:02 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\Nicolas\Desktop\RegGenie.lnk
[2011/05/17 03:25:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/22 16:25:54 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Nicolas\Desktop\MBR.dat
[2011/05/21 10:17:52 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/05/21 10:17:52 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2011/05/21 10:17:52 | 000,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2011/05/20 20:58:24 | 000,010,088 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2011/05/20 20:58:24 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2011/05/20 20:54:30 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/05/20 20:54:29 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2011/05/18 11:36:02 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\Nicolas\Desktop\RegGenie.lnk
[2011/05/18 11:36:00 | 000,299,544 | ---- | C] () -- C:\WINDOWS\RegGenieOnUninstall.exe
[2010/06/04 20:51:48 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/04/08 17:08:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jdanexexexivux.bin
[2009/04/08 17:08:09 | 000,000,408 | ---- | C] () -- C:\WINDOWS\Cdiroledunumul.dat
[2009/03/04 08:24:34 | 000,000,133 | ---- | C] () -- C:\WINDOWS\System32\VersionInfo.dat
[2009/03/04 03:33:48 | 000,000,291 | ---- | C] () -- C:\WINDOWS\System32\streamset.dat
[2009/03/02 01:16:15 | 000,055,833 | ---- | C] () -- C:\WINDOWS\Sysvxd.exe
[2009/03/01 21:23:29 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\Nicolas\Application Data\ay6wYKYrtt.gif
[2009/03/01 21:23:29 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Nicolas\Application Data\ay6wYKYrnn.gif
[2009/03/01 21:23:29 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Nicolas\Application Data\ay6wYKYryy.gif
[2008/10/07 12:09:17 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Nicolas\Local Settings\Application Data\PUTTY.RND
[2008/09/19 17:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 17:54:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/03/31 15:14:02 | 000,075,556 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/02/05 13:59:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/12 17:32:50 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/03/18 20:52:14 | 000,118,642 | ---- | C] () -- C:\WINDOWS\hpoins09.dat
[2006/09/19 00:41:48 | 000,005,729 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006/08/31 18:03:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2006/07/23 14:24:52 | 000,002,301 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/07/17 13:52:47 | 000,000,291 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2006/07/17 13:52:42 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2006/07/17 11:14:06 | 000,000,542 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/07/10 14:42:14 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Nicolas\Local Settings\Application Data\fusioncache.dat
[2006/07/05 23:00:24 | 000,002,162 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/01 15:21:55 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Nicolas\Application Data\PFP120JPR.{PB
[2006/07/01 15:21:55 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Nicolas\Application Data\PFP120JCM.{PB
[2006/07/01 15:21:24 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/07/01 15:21:24 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\4BE6627519.sys
[2006/05/24 17:41:02 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Nicolas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/21 11:08:13 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/31 19:44:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/31 19:36:40 | 000,000,299 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/31 19:33:30 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/03/31 19:30:26 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/03/31 19:07:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/03/31 19:07:08 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/03/31 19:06:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/03/31 19:06:50 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/03/31 19:06:46 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/03/31 19:06:38 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/03/09 13:29:36 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat
[2005/09/01 23:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 23:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/04/27 14:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 14:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/01/28 10:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 15:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 15:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 15:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 14:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 14:57:15 | 000,337,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 14:51:35 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/10 14:51:35 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/10 14:51:35 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/10 14:51:35 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/10 14:51:35 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/10 14:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 14:51:20 | 000,446,386 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 14:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 14:51:20 | 000,073,426 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 14:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 14:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 14:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 14:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 14:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 14:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 14:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 14:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/07/20 19:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 16:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2008/01/21 22:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/19 10:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/09 13:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/03/01 21:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\.BitTornado
[2008/05/26 23:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Aim
[2010/06/07 13:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\DaocTB
[2007/03/28 22:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Electronic Arts
[2009/01/08 22:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\GetRightToGo
[2008/01/29 12:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Image Zone Express
[2008/09/01 13:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\KSCraft
[2006/04/12 09:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Leadertech
[2008/04/27 00:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\LimeWire
[2011/05/22 16:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\PriceGong
[2008/10/31 12:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\SecondLife
[2009/08/21 10:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\uTorrent
[2007/01/11 22:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Viewpoint
[2006/04/12 08:58:54 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job

========== Purity Check ==========

< End of report >

Thank you for any help.

#2
relakz

Posted 22 May 2011 - 02:58 PM

New Member

Topic Starter
Member
4 posts

I also read a thread with someone who had the same Trojan infection, and they were instrcuted to provide the aswMBR report.

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-22 16:25:00
-----------------------------
16:25:00.656 OS Version: Windows 5.1.2600 Service Pack 3
16:25:00.656 Number of processors: 2 586 0xE08
16:25:00.656 ComputerName: NICK UserName:
16:25:01.359 Initialize success
16:25:03.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:25:03.984 Disk 0 Vendor: TOSHIBA_MK6032GSX AS312D Size: 55796MB BusType: 3
16:25:06.015 Disk 0 MBR read successfully
16:25:06.015 Disk 0 MBR scan
16:25:06.015 Disk 0 unknown MBR code
16:25:08.015 Disk 0 scanning sectors +114254280
16:25:08.062 Disk 0 scanning C:\WINDOWS\system32\drivers
16:25:16.625 Service scanning
16:25:20.062 Disk 0 trace - called modules:
16:25:20.093 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
16:25:20.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f60ab8]
16:25:20.109 3 CLASSPNP.SYS[f753dfd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f27940]
16:25:20.109 Scan finished successfully
16:25:54.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Nicolas\Desktop\MBR.dat"
16:25:54.750 The log file has been saved successfully to "C:\Documents and Settings\Nicolas\Desktop\aswMBRscan1.txt"

#3
Essexboy

Posted 22 May 2011 - 03:26 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi there I will take out what I can see and I would then like you to run a fresh OTL scan but looking in different areas

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2009/04/08 17:08:10 | 000,000,000 | ---D | M] (XUL Cache) -- C:\DOCUMENTS AND SETTINGS\NICOLAS\LOCAL SETTINGS\APPLICATION DATA\{E13A4525-447B-4D52-83FA-C91C38F25154}
O4 - HKLM..\Run: [Nqurunicap] File not found
O4 - HKCU..\Run: [SVCHOST.EXE] File not found
O20 - Winlogon\Notify\Winlogon: DllName - winmm64.dll - File not found
[2009/04/08 17:08:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jdanexexexivux.bin
[2009/04/08 17:08:09 | 000,000,408 | ---- | C] () -- C:\WINDOWS\Cdiroledunumul.dat
[2009/03/01 21:23:29 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\Nicolas\Application Data\ay6wYKYrtt.gif
[2009/03/01 21:23:29 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Nicolas\Application Data\ay6wYKYrnn.gif
[2009/03/01 21:23:29 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Nicolas\Application Data\ay6wYKYryy.gif
[2011/05/22 16:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\PriceGong

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Run OTL.
Select All Users
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
mshuib.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

#4
relakz

Posted 22 May 2011 - 03:58 PM

New Member

Topic Starter
Member
4 posts

Thanks for the quick reply!

After pasting the first step, the command/ipconfig window popped up and then was closed after the mshuib.dll error

First off, after rebooting after the first step this was open when windows started up:

All processes killed
========== OTL ==========
C:\DOCUMENTS AND SETTINGS\NICOLAS\LOCAL SETTINGS\APPLICATION DATA\{E13A4525-447B-4D52-83FA-C91C38F25154}\chrome\content folder moved successfully.
C:\DOCUMENTS AND SETTINGS\NICOLAS\LOCAL SETTINGS\APPLICATION DATA\{E13A4525-447B-4D52-83FA-C91C38F25154}\chrome folder moved successfully.
C:\DOCUMENTS AND SETTINGS\NICOLAS\LOCAL SETTINGS\APPLICATION DATA\{E13A4525-447B-4D52-83FA-C91C38F25154} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Nqurunicap deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SVCHOST.EXE deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Winlogon\ deleted successfully.
C:\WINDOWS\Jdanexexexivux.bin moved successfully.
C:\WINDOWS\Cdiroledunumul.dat moved successfully.
C:\Documents and Settings\Nicolas\Application Data\ay6wYKYrtt.gif moved successfully.
C:\Documents and Settings\Nicolas\Application Data\ay6wYKYrnn.gif moved successfully.
C:\Documents and Settings\Nicolas\Application Data\ay6wYKYryy.gif moved successfully.
C:\Documents and Settings\Nicolas\Application Data\PriceGong\Data folder moved successfully.
C:\Documents and Settings\Nicolas\Application Data\PriceGong folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Nicolas\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Nicolas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 162560 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 36329837 bytes
->Flash cache emptied: 569 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 113903074 bytes

User: Nicolas
->Temp folder emptied: 27218516 bytes
->Temporary Internet Files folder emptied: 133976571 bytes
->Java cache emptied: 85851230 bytes
->FireFox cache emptied: 40405779 bytes
->Google Chrome cache emptied: 242089406 bytes
->Apple Safari cache emptied: 157147136 bytes
->Flash cache emptied: 1471773 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 3613713 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 100364586 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 104206298 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 998.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Nicolas
->Flash cache emptied: 0 bytes

User: Owner

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.23.0 log created on 05222011_173554

Files\Folders moved on Reboot...
C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\YFSBH2UN\component[1].htm moved successfully.
C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\YFSBH2UN\index[1].htm moved successfully.
C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\DFR0CHRG\301307-mshuibdll-error-tratrapsgen2trojan[1].htm moved successfully.
C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\DFR0CHRG\like[1].htm moved successfully.
C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\4X4BXHBZ\301307-mshuibdll-error-tratrapsgen2trojan[1].htm moved successfully.
C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...

First log:

OTL logfile created on: 5/22/2011 5:48:31 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Nicolas\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 536.39 Mb Available Physical Memory | 52.88% Memory free
2.39 Gb Paging File | 2.02 Gb Available in Paging File | 84.51% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.44 Gb Total Space | 7.50 Gb Free Space | 14.58% Space Free | Partition Type: NTFS

Computer Name: NICK | User Name: Nicolas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/22 16:35:40 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicolas\Desktop\OTL.exe
PRC - [2008/04/23 03:38:16 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2008/04/13 20:12:40 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/22 04:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2008/01/28 17:42:12 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/11/16 23:35:16 | 000,397,312 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/01/27 03:02:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2003/09/10 04:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe

========== Modules (SafeList) ==========

MOD - [2011/05/22 16:35:40 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicolas\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 20:12:02 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008/04/13 20:12:02 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008/04/13 20:12:02 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008/04/13 20:12:01 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2008/04/13 20:11:52 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008/04/13 20:11:51 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/11/22 21:58:48 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/02/01 21:08:12 | 000,108,800 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/02/01 21:08:12 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2006/02/01 21:08:12 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006/02/01 21:08:12 | 000,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2006/02/01 21:08:12 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/02/01 21:08:12 | 000,039,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/02/01 21:08:12 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006/02/01 21:08:12 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2006/02/01 21:08:12 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/11/16 23:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/02 21:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 18:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/15 01:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/15 00:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/13 02:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2004/02/13 18:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/09/09 14:53:50 | 000,017,018 | ---- | M] (Intellon, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PLCNDIS5.SYS -- (PLCNDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...-inc&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...-inc&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...-inc&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\prxtb4sh2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "my.yahoo.com"
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071102000005
FF - prefs.js..extensions.enabledItems: {E13A4525-447B-4D52-83FA-C91C38F25154}:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/01/28 17:42:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{E13A4525-447B-4D52-83FA-C91C38F25154}: C:\Documents and Settings\Nicolas\Local Settings\Application Data\{E13A4525-447B-4D52-83FA-C91C38F25154}

[2008/10/23 13:44:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Extensions
[2009/08/22 16:32:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\yp8c66ic.default\extensions
[2009/03/29 16:53:29 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\yp8c66ic.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2009/03/26 10:06:33 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\yp8c66ic.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/12/19 18:31:10 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\yp8c66ic.default\extensions\[email protected]
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\NICOLAS\LOCAL SETTINGS\APPLICATION DATA\{E13A4525-447B-4D52-83FA-C91C38F25154}
[2010/06/02 03:09:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2011/05/22 17:36:01 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - File not found
O2 - BHO: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\prxtb4sh2.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\prxtb4sh2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (4shared.com Toolbar) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - C:\Program Files\4shared.com\prxtb4sh2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AOLDialer] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShowLOMControl] File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ares] File not found
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} http://asp.mathxl.co...ntingPlayer.cab (Pearson Accounting Player)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.co...GenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} http://asp.mathxl.co...InstallAsst.cab (PearsonAsstX Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://sdlc-esd.sun....ows-i586-jc.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.co.../MathPlayer.cab (Pearson MathXL Player)
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} http://asp.mathxl.co.../EconPlayer.cab (Pearson MyEconLab Player Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O21 - SSODL: WinCheck - {EAD8F454-EC03-4B47-A5B7-6534DA513FA5} - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/22 17:46:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicolas\Application Data\PriceGong
[2011/05/22 17:35:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/22 16:35:34 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nicolas\Desktop\OTL.exe
[2011/05/22 16:24:19 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Nicolas\Desktop\aswMBR.exe
[2011/05/21 10:14:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/05/20 22:57:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2011/05/20 22:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RegGenie
[2011/05/20 22:46:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft Corporation
[2011/05/20 20:54:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2011/05/18 11:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\RegGenie
[2011/05/18 11:35:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicolas\Local Settings\Application Data\ConduitEngine
[2011/05/18 11:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine

========== Files - Modified Within 30 Days ==========

[2011/05/22 17:48:35 | 000,446,386 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/22 17:48:35 | 000,073,426 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/22 17:44:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/22 17:44:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/22 17:36:01 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/22 16:35:40 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicolas\Desktop\OTL.exe
[2011/05/22 16:25:54 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Nicolas\Desktop\MBR.dat
[2011/05/22 16:25:00 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Nicolas\Desktop\aswMBR.exe
[2011/05/21 10:53:45 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/05/20 21:13:48 | 000,010,088 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2011/05/20 21:13:48 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2011/05/20 21:09:24 | 000,002,417 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LOKI.lnk
[2011/05/20 20:54:30 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/05/18 11:51:47 | 000,337,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/18 11:36:02 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\Nicolas\Desktop\RegGenie.lnk
[2011/05/17 03:25:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2011/05/22 16:25:54 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Nicolas\Desktop\MBR.dat
[2011/05/21 10:17:52 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/05/21 10:17:52 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2011/05/21 10:17:52 | 000,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2011/05/20 20:58:24 | 000,010,088 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2011/05/20 20:58:24 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2011/05/20 20:54:30 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/05/20 20:54:29 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2011/05/18 11:36:02 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\Nicolas\Desktop\RegGenie.lnk
[2011/05/18 11:36:00 | 000,299,544 | ---- | C] () -- C:\WINDOWS\RegGenieOnUninstall.exe
[2010/06/04 20:51:48 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/03/04 08:24:34 | 000,000,133 | ---- | C] () -- C:\WINDOWS\System32\VersionInfo.dat
[2009/03/04 03:33:48 | 000,000,291 | ---- | C] () -- C:\WINDOWS\System32\streamset.dat
[2009/03/02 01:16:15 | 000,055,833 | ---- | C] () -- C:\WINDOWS\Sysvxd.exe
[2008/10/07 12:09:17 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Nicolas\Local Settings\Application Data\PUTTY.RND
[2008/09/19 17:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 17:54:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/03/31 15:14:02 | 000,075,556 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/02/05 13:59:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/12 17:32:50 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/03/18 20:52:14 | 000,118,642 | ---- | C] () -- C:\WINDOWS\hpoins09.dat
[2006/09/19 00:41:48 | 000,005,729 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006/08/31 18:03:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2006/07/23 14:24:52 | 000,002,301 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/07/17 13:52:47 | 000,000,291 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2006/07/17 13:52:42 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2006/07/17 11:14:06 | 000,000,542 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/07/10 14:42:14 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Nicolas\Local Settings\Application Data\fusioncache.dat
[2006/07/05 23:00:24 | 000,002,162 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/01 15:21:55 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Nicolas\Application Data\PFP120JPR.{PB
[2006/07/01 15:21:55 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Nicolas\Application Data\PFP120JCM.{PB
[2006/07/01 15:21:24 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/07/01 15:21:24 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\4BE6627519.sys
[2006/05/24 17:41:02 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Nicolas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/21 11:08:13 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/31 19:44:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/31 19:36:40 | 000,000,299 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/31 19:33:30 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/03/31 19:30:26 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/03/31 19:07:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/03/31 19:07:08 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/03/31 19:06:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/03/31 19:06:50 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/03/31 19:06:46 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/03/31 19:06:38 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/03/09 13:29:36 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat
[2005/09/01 23:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 23:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/04/27 14:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 14:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/01/28 10:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 15:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 15:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 15:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 14:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 14:57:15 | 000,337,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 14:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 14:51:20 | 000,446,386 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 14:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 14:51:20 | 000,073,426 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 14:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 14:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 14:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 14:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 14:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 14:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 14:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 14:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/07/20 19:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 16:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2008/01/21 22:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/19 10:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/09 13:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/03/01 21:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\.BitTornado
[2008/05/26 23:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Aim
[2010/06/07 13:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\DaocTB
[2007/03/28 22:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Electronic Arts
[2009/01/08 22:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\GetRightToGo
[2008/01/29 12:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Image Zone Express
[2008/09/01 13:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\KSCraft
[2006/04/12 09:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Leadertech
[2008/04/27 00:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\LimeWire
[2011/05/22 17:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\PriceGong
[2008/10/31 12:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\SecondLife
[2009/08/21 10:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\uTorrent
[2007/01/11 22:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Viewpoint
[2006/04/12 08:58:54 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job

========== Purity Check ==========

< End of report >

Second log:

OTL logfile created on: 5/22/2011 5:53:17 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Nicolas\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 621.79 Mb Available Physical Memory | 61.30% Memory free
2.39 Gb Paging File | 2.07 Gb Available in Paging File | 86.61% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.44 Gb Total Space | 7.50 Gb Free Space | 14.58% Space Free | Partition Type: NTFS

Computer Name: NICK | User Name: Nicolas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/22 16:35:40 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicolas\Desktop\OTL.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/22 04:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2008/02/22 04:25:20 | 000,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
PRC - [2008/01/28 17:42:12 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/11/16 23:35:16 | 000,397,312 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/01/27 03:02:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2003/09/10 04:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe

========== Modules (SafeList) ==========

MOD - [2011/05/22 16:35:40 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicolas\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 20:12:02 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008/04/13 20:12:02 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008/04/13 20:12:02 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008/04/13 20:12:01 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2008/04/13 20:11:52 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008/04/13 20:11:51 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2005/11/19 05:37:16 | 000,073,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hccutils.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/11/22 21:58:48 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/02/01 21:08:12 | 000,108,800 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/02/01 21:08:12 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2006/02/01 21:08:12 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006/02/01 21:08:12 | 000,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2006/02/01 21:08:12 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/02/01 21:08:12 | 000,039,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/02/01 21:08:12 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006/02/01 21:08:12 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2006/02/01 21:08:12 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/11/16 23:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/02 21:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 18:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/15 01:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/15 00:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/13 02:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2004/02/13 18:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/09/09 14:53:50 | 000,017,018 | ---- | M] (Intellon, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PLCNDIS5.SYS -- (PLCNDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...-inc&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...-inc&channel=us

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...-inc&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...-inc&channel=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...-inc&channel=us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...-inc&channel=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-4189335538-513798262-1475724608-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...-inc&channel=us
IE - HKU\S-1-5-21-4189335538-513798262-1475724608-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-4189335538-513798262-1475724608-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-4189335538-513798262-1475724608-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-4189335538-513798262-1475724608-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-4189335538-513798262-1475724608-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4189335538-513798262-1475724608-1006\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\prxtb4sh2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4189335538-513798262-1475724608-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4189335538-513798262-1475724608-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "my.yahoo.com"
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071102000005
FF - prefs.js..extensions.enabledItems: {E13A4525-447B-4D52-83FA-C91C38F25154}:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/01/28 17:42:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{E13A4525-447B-4D52-83FA-C91C38F25154}: C:\Documents and Settings\Nicolas\Local Settings\Application Data\{E13A4525-447B-4D52-83FA-C91C38F25154}

[2008/10/23 13:44:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Extensions
[2009/08/22 16:32:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\yp8c66ic.default\extensions
[2009/03/29 16:53:29 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\yp8c66ic.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2009/03/26 10:06:33 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\yp8c66ic.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/12/19 18:31:10 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\yp8c66ic.default\extensions\[email protected]
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\NICOLAS\LOCAL SETTINGS\APPLICATION DATA\{E13A4525-447B-4D52-83FA-C91C38F25154}
[2010/06/02 03:09:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2011/05/22 17:36:01 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - File not found
O2 - BHO: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\prxtb4sh2.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\prxtb4sh2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4189335538-513798262-1475724608-1006\..\Toolbar\WebBrowser: (4shared.com Toolbar) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - C:\Program Files\4shared.com\prxtb4sh2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AOLDialer] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShowLOMControl] File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-4189335538-513798262-1475724608-1006..\Run: [ares] File not found
O4 - HKU\S-1-5-21-4189335538-513798262-1475724608-1006..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4189335538-513798262-1475724608-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-4189335538-513798262-1475724608-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} http://asp.mathxl.co...ntingPlayer.cab (Pearson Accounting Player)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.co...GenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} http://asp.mathxl.co...InstallAsst.cab (PearsonAsstX Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://sdlc-esd.sun....ows-i586-jc.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.co.../MathPlayer.cab (Pearson MathXL Player)
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} http://asp.mathxl.co.../EconPlayer.cab (Pearson MyEconLab Player Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O21 - SSODL: WinCheck - {EAD8F454-EC03-4B47-A5B7-6534DA513FA5} - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/22 17:46:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicolas\Application Data\PriceGong
[2011/05/22 17:35:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/22 16:35:34 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nicolas\Desktop\OTL.exe
[2011/05/22 16:24:19 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Nicolas\Desktop\aswMBR.exe
[2011/05/21 10:14:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/05/20 22:57:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2011/05/20 22:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RegGenie
[2011/05/20 22:46:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft Corporation
[2011/05/20 20:54:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2011/05/18 11:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\RegGenie
[2011/05/18 11:35:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nicolas\Local Settings\Application Data\ConduitEngine
[2011/05/18 11:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine

========== Files - Modified Within 30 Days ==========

[2011/05/22 17:48:35 | 000,446,386 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/22 17:48:35 | 000,073,426 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/22 17:44:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/22 17:44:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/22 17:36:01 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/22 16:35:40 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicolas\Desktop\OTL.exe
[2011/05/22 16:25:54 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Nicolas\Desktop\MBR.dat
[2011/05/22 16:25:00 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Nicolas\Desktop\aswMBR.exe
[2011/05/21 10:53:45 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/05/20 21:13:48 | 000,010,088 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2011/05/20 21:13:48 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2011/05/20 21:09:24 | 000,002,417 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LOKI.lnk
[2011/05/20 20:54:30 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/05/18 11:51:47 | 000,337,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/18 11:36:02 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\Nicolas\Desktop\RegGenie.lnk
[2011/05/17 03:25:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2011/05/22 16:25:54 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Nicolas\Desktop\MBR.dat
[2011/05/21 10:17:52 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/05/21 10:17:52 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2011/05/21 10:17:52 | 000,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2011/05/20 20:58:24 | 000,010,088 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2011/05/20 20:58:24 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2011/05/20 20:54:30 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/05/20 20:54:29 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2011/05/18 11:36:02 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\Nicolas\Desktop\RegGenie.lnk
[2011/05/18 11:36:00 | 000,299,544 | ---- | C] () -- C:\WINDOWS\RegGenieOnUninstall.exe
[2010/06/04 20:51:48 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/03/04 08:24:34 | 000,000,133 | ---- | C] () -- C:\WINDOWS\System32\VersionInfo.dat
[2009/03/04 03:33:48 | 000,000,291 | ---- | C] () -- C:\WINDOWS\System32\streamset.dat
[2009/03/02 01:16:15 | 000,055,833 | ---- | C] () -- C:\WINDOWS\Sysvxd.exe
[2008/10/07 12:09:17 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Nicolas\Local Settings\Application Data\PUTTY.RND
[2008/09/19 17:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 17:54:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/03/31 15:14:02 | 000,075,556 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/02/05 13:59:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/12 17:32:50 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/03/18 20:52:14 | 000,118,642 | ---- | C] () -- C:\WINDOWS\hpoins09.dat
[2006/09/19 00:41:48 | 000,005,729 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006/08/31 18:03:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2006/07/23 14:24:52 | 000,002,301 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/07/17 13:52:47 | 000,000,291 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2006/07/17 13:52:42 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2006/07/17 11:14:06 | 000,000,542 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/07/10 14:42:14 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Nicolas\Local Settings\Application Data\fusioncache.dat
[2006/07/05 23:00:24 | 000,002,162 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/01 15:21:55 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Nicolas\Application Data\PFP120JPR.{PB
[2006/07/01 15:21:55 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Nicolas\Application Data\PFP120JCM.{PB
[2006/07/01 15:21:24 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/07/01 15:21:24 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\4BE6627519.sys
[2006/05/24 17:41:02 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Nicolas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/21 11:08:13 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/31 19:44:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/31 19:36:40 | 000,000,299 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/31 19:33:30 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/03/31 19:30:26 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/03/31 19:07:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/03/31 19:07:08 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/03/31 19:06:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/03/31 19:06:50 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/03/31 19:06:46 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/03/31 19:06:38 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/03/09 13:29:36 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat
[2005/09/01 23:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 23:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/04/27 14:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 14:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/01/28 10:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 15:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 15:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 15:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 14:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 14:57:15 | 000,337,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 14:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 14:51:20 | 000,446,386 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 14:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 14:51:20 | 000,073,426 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 14:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 14:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 14:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 14:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 14:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 14:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 14:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 14:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/07/20 19:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 16:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2008/01/21 22:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/19 10:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/09 13:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/12/21 17:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/03/01 21:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\.BitTornado
[2008/05/26 23:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Aim
[2010/06/07 13:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\DaocTB
[2007/03/28 22:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Electronic Arts
[2009/01/08 22:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\GetRightToGo
[2008/01/29 12:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Image Zone Express
[2008/09/01 13:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\KSCraft
[2006/04/12 09:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Leadertech
[2008/04/27 00:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\LimeWire
[2011/05/22 17:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\PriceGong
[2008/10/31 12:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\SecondLife
[2009/08/21 10:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\uTorrent
[2007/01/11 22:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nicolas\Application Data\Viewpoint
[2006/04/12 08:58:54 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/04/18 16:46:03 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/02/14 08:17:08 | 000,634,648 | ---- | M] (Microsoft Corporation)

< End of report >

Extras:

OTL Extras logfile created on: 5/22/2011 4:42:56 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Nicolas\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 576.86 Mb Available Physical Memory | 56.87% Memory free
2.39 Gb Paging File | 2.04 Gb Available in Paging File | 85.61% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.44 Gb Total Space | 6.54 Gb Free Space | 12.71% Space Free | Partition Type: NTFS

Computer Name: NICK | User Name: Nicolas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\Common Files\AOL\1148224228\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1148224228\ee\aolsoftware.exe:*:Enabled:AOL Services
"C:\Program Files\Common Files\AOL\1148224228\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1148224228\ee\aim6.exe:*:Enabled:AIM
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23CA024E-7A69-467A-99F0-45462A144AE3}" = LOKI2
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{44A91B04-3D0C-47F9-B644-7F682869AFF3}" = MobileMe Control Panel
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}" = HP Photosmart and Deskjet 7.0.A
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{AF79DFD1-04C2-4CE5-9C8F-F60CA3CF01A7}" = NETGEAR XE102 Powerline Ethernet Adapter
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"4shared.com Toolbar" = 4shared.com Toolbar
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"DAOCCharplan" = DAOC-Charplan
"Dark Age of Camelot" = Dark Age of Camelot
"GearBunnies_is1" = GearBunnyX and Classic 1.102
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 6.0" = RealPlayer
"RegGenie" = RegGenie v3.0
"SeaStorm 3D Screensaver" = SeaStorm 3D Screensaver (remove only)
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yazzle1461Oin" = MediaTickets by OIN

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/18/2011 2:45:45 PM | Computer Name = NICK | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070015 (converted
to 0x800423f3).

Error - 5/18/2011 3:00:44 PM | Computer Name = NICK | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{31c17da3-ca23-11da-a364-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070005.

Error - 5/18/2011 3:01:07 PM | Computer Name = NICK | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070015 (converted
to 0x800423f3).

Error - 5/18/2011 3:01:11 PM | Computer Name = NICK | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{31c17da3-ca23-11da-a364-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070005.

Error - 5/18/2011 3:01:34 PM | Computer Name = NICK | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070015 (converted
to 0x800423f3).

Error - 5/18/2011 3:06:15 PM | Computer Name = NICK | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{31c17da3-ca23-11da-a364-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070005.

Error - 5/18/2011 3:06:38 PM | Computer Name = NICK | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070015 (converted
to 0x800423f3).

Error - 5/18/2011 4:30:16 PM | Computer Name = NICK | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{31c17da3-ca23-11da-a364-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070005.

Error - 5/18/2011 4:30:42 PM | Computer Name = NICK | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070015 (converted
to 0x800423f3).

Error - 5/21/2011 10:21:05 AM | Computer Name = NICK | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

[ OSession Events ]
Error - 1/8/2009 11:10:59 PM | Computer Name = NICK | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 1/8/2009 11:12:07 PM | Computer Name = NICK | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

[ System Events ]
Error - 5/20/2011 8:33:16 PM | Computer Name = NICK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/20/2011 8:33:46 PM | Computer Name = NICK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 5/20/2011 8:33:53 PM | Computer Name = NICK | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 5/20/2011 8:33:53 PM | Computer Name = NICK | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 5/20/2011 8:33:53 PM | Computer Name = NICK | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 5/20/2011 8:33:53 PM | Computer Name = NICK | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 5/20/2011 8:33:53 PM | Computer Name = NICK | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 5/20/2011 8:33:53 PM | Computer Name = NICK | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 5/20/2011 8:33:53 PM | Computer Name = NICK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD APPDRV avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip

Error - 5/20/2011 8:45:41 PM | Computer Name = NICK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

< End of report >

#5
Essexboy

Posted 23 May 2011 - 10:18 AM

GeekU Moderator

Retired Staff
69,964 posts

What antivirus are you using at the moment ?

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#6
relakz

Posted 24 May 2011 - 08:58 AM

New Member

Topic Starter
Member
4 posts

I'm running Avira AntiVir Personal - www.avira.com/free

Could you recommened a better antivirus program?

Success! After the ComboFix ran, I'm no longer getting the mshuib.dll error when windows boots or when opening other programs! Here is the log:

ComboFix 11-05-23.02 - Nicolas 05/24/2011 10:41:23.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.546 [GMT -4:00]
Running from: c:\documents and settings\Nicolas\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\Programs\RegGenie
c:\documents and settings\All Users\Start Menu\Programs\RegGenie\RegGenie.lnk
c:\documents and settings\All Users\Start Menu\Programs\RegGenie\Uninstall RegGenie.lnk
c:\documents and settings\Nicolas\Application Data\PriceGong
c:\documents and settings\Nicolas\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Nicolas\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Nicolas\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Nicolas\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Nicolas\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Nicolas\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Nicolas\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Nicolas\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Nicolas\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Nicolas\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Nicolas\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Nicolas\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Nicolas\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Nicolas\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Nicolas\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Nicolas\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Nicolas\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Nicolas\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Nicolas\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Nicolas\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Nicolas\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Nicolas\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Nicolas\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Nicolas\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Nicolas\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Nicolas\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Nicolas\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Nicolas\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Nicolas\Desktop\RegGenie.lnk
c:\program files\RegGenie
c:\program files\RegGenie\RegGenie.bim
c:\program files\RegGenie\RegGenie.bin
c:\program files\RegGenie\RegGenie.exe
c:\program files\RegGenie\RegGenie.ini
c:\program files\RegGenie\RegGenieOnReboot.exe
c:\program files\RegGenie\RegGenieOnRebootExpired.exe
c:\program files\RegGenie\RegGenieScheduler.exe
c:\program files\RegGenie\unins000.dat
c:\program files\RegGenie\unins000.exe
c:\program files\RegGenie\unins000.msg
c:\windows\RegGenieOnUninstall.exe
c:\windows\Sysvxd.exe
.
Infected copy of c:\windows\system32\imm32.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\imm32.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-04-24 to 2011-05-24 )))))))))))))))))))))))))))))))
.
.
2011-05-22 21:35 . 2011-05-22 21:35 -------- d-----w- C:\_OTL
2011-05-21 02:57 . 2011-05-21 02:57 -------- d-----w- c:\windows\Performance
2011-05-21 02:46 . 2011-05-21 02:46 -------- d-----w- c:\documents and settings\Nicolas\Local Settings\Application Data\Microsoft Corporation
2011-05-21 00:54 . 2011-05-21 02:57 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2011-05-18 15:57 . 2011-05-21 02:57 -------- d-----w- c:\documents and settings\Administrator
2011-05-18 15:35 . 2011-05-24 14:32 -------- d-----w- c:\documents and settings\Nicolas\Local Settings\Application Data\ConduitEngine
2011-05-18 15:35 . 2011-05-21 02:56 -------- d-----w- c:\program files\ConduitEngine
2011-05-16 15:14 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-05-16 15:14 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-05-16 15:13 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-05-16 15:13 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-05-16 15:05 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2004-08-10 19:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2004-08-10 18:51 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-10 18:51 1857920 ----a-w- c:\windows\system32\win32k.sys
2007-08-13 09:01 . 2007-08-13 09:01 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\program files\4shared.com\prxtb4sh2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
2011-01-17 14:54 175912 ----a-w- c:\program files\4shared.com\prxtb4sh2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"= "c:\program files\4shared.com\prxtb4sh2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}"= "c:\program files\4shared.com\prxtb4sh2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowLOMControl"="" [X]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-28 185896]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-17 397312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-19 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-19 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-19 77824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-11-12 1347584]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-3-31 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
.
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/22/2007 6:59 PM 24652]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [9/9/2002 2:53 PM 17018]
.
Contents of the 'Scheduled Tasks' folder
.
2010-09-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]
.
2006-04-12 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-ares - c:\program files\Ares\Ares.exe
HKLM-Run-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
AddRemove-Yazzle1461Oin - c:\program files\Common Files\Yazzle1461OinUninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-24 10:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(1244)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Java\jre1.6.0_05\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-05-24 10:54:27 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-24 14:54
.
Pre-Run: 7,901,171,712 bytes free
Post-Run: 7,777,595,392 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - FC37CA13A20C2EC896671EBDD963E1DF

#7
Essexboy

Posted 24 May 2011 - 11:22 AM

GeekU Moderator

Retired Staff
69,964 posts

Are you still getting the error on boot ? As for antivirus Avira is one of the free options we recommend

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

#8
Essexboy

Posted 28 May 2011 - 06:18 AM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.