Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

r.looksmart has infected Google searches (OTL and MBR logs included)

Started by AridParadise , Sep 22 2011 06:02 PM

  • This topic is locked This topic is locked

#1
AridParadise
Posted 22 September 2011 - 06:02 PM

AridParadise

    New Member

  • Member
  • Pip
  • 7 posts
Hello! Thank you in advance for any help with this, and will donate.

My symptoms are the same as was described in this thread:

My link

The doc handling the case, Essexboy, had this warning:

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

So, I thought I'd better ask before following the exact same instructions.

I did follow the Google Redirects instructions, but TDssKiller did not pick up anything on my system, either.

Thank you!
Dave

PS Here are the OTL files, as well as MBR text. It won't let me attached the MBR dat file, however.

OTL logfile created on: 9/22/2011 11:51:54 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Dave bray\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 104.55 Mb Available Physical Memory | 13.63% Memory free
1.46 Gb Paging File | 0.53 Gb Available in Paging File | 36.35% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.05 Gb Total Space | 156.96 Gb Free Space | 52.66% Space Free | Partition Type: NTFS

Computer Name: DAVELAND | User Name: Dave bray | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/21 12:31:55 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave bray\Desktop\OTL.exe
PRC - [2011/09/20 19:10:26 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Dave bray\Local Settings\Application Data\AOL\AOLUpdate\AOLupdt32.exe
PRC - [2011/09/08 06:18:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2011/03/03 20:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2009/05/21 23:13:36 | 000,275,768 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2009/05/21 22:46:36 | 000,559,104 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
PRC - [2009/05/21 22:46:36 | 000,168,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2009/05/21 19:57:00 | 000,362,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
PRC - [2008/10/12 18:49:17 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/12 12:50:02 | 001,462,272 | ---- | M] (Dynex) -- C:\Program Files\Dynex G USB Network Adapter\DynexWCUI.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/08/01 15:35:36 | 000,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\instant messenger\aim.exe
PRC - [2005/10/13 19:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe
PRC - [2005/08/24 16:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe
PRC - [2002/09/11 08:04:58 | 000,053,248 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
PRC - [2002/09/03 11:55:42 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTHELPER.EXE


========== Modules (No Company Name) ==========

MOD - [2011/09/08 06:18:44 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/05/22 10:21:36 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/04/29 11:16:41 | 006,053,536 | ---- | M] () -- C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll
MOD - [2010/02/05 11:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\SYSTEM32\quartz.dll
MOD - [2009/03/11 14:41:42 | 000,049,152 | ---- | M] () -- C:\Program Files\OxelonMedia\menuext.dll
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\SYSTEM32\msdmo.dll
MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\SYSTEM32\devenum.dll
MOD - [2008/01/29 10:24:42 | 000,081,920 | ---- | M] () -- C:\Program Files\Dynex G USB Network Adapter\SCMLib.dll
MOD - [2008/01/03 18:46:04 | 000,172,032 | ---- | M] () -- C:\Program Files\Dynex G USB Network Adapter\WcuiDLL.dll
MOD - [2008/01/03 18:45:48 | 000,241,664 | ---- | M] () -- C:\Program Files\Dynex G USB Network Adapter\DynexDLL.dll
MOD - [2007/10/02 17:01:10 | 000,327,680 | ---- | M] () -- C:\Program Files\Dynex G USB Network Adapter\WscAPI.dll
MOD - [2007/09/06 16:00:42 | 000,032,768 | ---- | M] () -- C:\Program Files\Dynex G USB Network Adapter\BCMLib.dll
MOD - [2007/06/14 16:57:48 | 000,757,760 | ---- | M] () -- C:\WINDOWS\SYSTEM32\bcm1xsup.dll
MOD - [2007/06/14 16:57:22 | 000,086,016 | ---- | M] () -- C:\WINDOWS\SYSTEM32\preflib.dll
MOD - [2006/10/22 12:22:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\SYSTEM32\nvshell.dll
MOD - [2006/10/22 12:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\SYSTEM32\nvapi.dll
MOD - [2006/08/01 15:24:54 | 000,006,656 | ---- | M] () -- C:\Program Files\instant messenger\stats.ocm
MOD - [2006/08/01 15:17:26 | 000,106,496 | ---- | M] () -- C:\Program Files\instant messenger\aimax.dll
MOD - [2006/07/25 16:16:02 | 000,013,312 | ---- | M] () -- C:\Program Files\instant messenger\oscres.dll
MOD - [2006/07/25 13:03:56 | 000,229,376 | ---- | M] () -- C:\Program Files\instant messenger\inetsocket.dll
MOD - [2006/07/25 12:54:18 | 000,110,592 | ---- | M] () -- C:\Program Files\instant messenger\AIM_xmlp.dll
MOD - [2005/06/16 17:46:26 | 000,081,920 | ---- | M] () -- C:\Program Files\instant messenger\AIMToday.dll
MOD - [2005/04/11 06:37:00 | 000,049,152 | ---- | M] () -- C:\Program Files\LitexMedia\Fast Audio Converter\FastACShellExt.dll
MOD - [2004/08/18 13:56:48 | 000,176,128 | ---- | M] () -- C:\Program Files\instant messenger\nssckbi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (mcupdmgr.exe)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/09/21 10:35:17 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/05/21 23:13:36 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/05/21 23:09:24 | 000,660,992 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2009/05/21 23:03:06 | 000,133,120 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/10/13 19:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe -- (McDetect.exe)
SRV - [2005/08/24 16:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe)
SRV - [2002/10/10 02:18:36 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/09/21 10:35:57 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SBREDrv.sys -- (SBRE)
DRV - [2011/09/21 10:34:56 | 000,074,968 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sbapifs.sys -- (sbapifs)
DRV - [2011/09/21 10:34:55 | 000,021,592 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sbaphd.sys -- (sbaphd)
DRV - [2011/08/18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/08/18 15:25:12 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2007/10/09 15:33:00 | 000,198,144 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NdisWDM.sys -- (NdisWDM)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2007/01/30 14:15:24 | 000,513,152 | ---- | M] (Windows ® 2000/XP) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SndTDriverV32.sys -- (SndTDriverV32)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/10/04 19:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/04 19:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/08/03 22:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 22:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/07/14 12:51:18 | 000,005,068 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Samhid.sys -- (samhid)
DRV - [2004/04/14 11:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmXlCore.sys -- (WmXlCore)
DRV - [2004/04/14 11:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmFilter.sys -- (WmFilter)
DRV - [2004/04/14 11:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmBEnum.sys -- (WmBEnum)
DRV - [2004/04/14 11:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmVirHid.sys -- (WmVirHid)
DRV - [2003/11/05 11:11:14 | 000,017,920 | R--- | M] (CEntrance, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ceusbaud.sys -- (CEUSBAUD)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/05/08 05:32:17 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2003/05/08 05:32:17 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2003/05/08 05:32:17 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2003/05/08 05:32:17 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/12/17 10:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/12/09 11:20:32 | 000,115,936 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys -- (emupia)
DRV - [2002/12/09 11:20:20 | 000,134,032 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/12/09 11:20:02 | 000,117,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2002/12/09 11:19:50 | 000,493,568 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/12/04 12:35:44 | 000,298,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys -- (ctdvda2k)
DRV - [2002/11/26 12:31:36 | 000,816,576 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/11/26 12:30:32 | 000,135,728 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hap16v2k.sys -- (hap16v2k)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sonypvs1.sys -- (sonypvs1)
DRV - [2002/10/10 02:18:58 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS -- (NMSCFG)
DRV - [2002/10/09 12:38:14 | 000,080,864 | ---- | M] (Ahead Software AG and its licensors) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagedrv.sys -- (Imagedrv)
DRV - [2002/10/09 02:09:58 | 000,010,477 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT)
DRV - [2002/09/03 11:30:00 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/09/03 11:28:22 | 000,186,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys -- (ctac32k)
DRV - [2002/07/19 08:22:08 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 10:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/08/17 09:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 09:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 09:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 09:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctljystk.sys -- (ctljystk)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsof...obby/search.asp
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DD 00 2F 01 51 61 85 43 9A FB 0F 52 CA 3B 32 BC [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsof...obby/search.asp
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DD 00 2F 01 51 61 85 43 9A FB 0F 52 CA 3B 32 BC [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DD 00 2F 01 51 61 85 43 9A FB 0F 52 CA 3B 32 BC [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DD 00 2F 01 51 61 85 43 9A FB 0F 52 CA 3B 32 BC [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-877690994-1423518253-1684835088-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.com
IE - HKU\S-1-5-21-877690994-1423518253-1684835088-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
IE - HKU\S-1-5-21-877690994-1423518253-1684835088-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-877690994-1423518253-1684835088-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKU\S-1-5-21-877690994-1423518253-1684835088-1006\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DD 00 2F 01 51 61 85 43 9A FB 0F 52 CA 3B 32 BC [binary data]
IE - HKU\S-1-5-21-877690994-1423518253-1684835088-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:4.5
FF - prefs.js..network.proxy.backup.ftp: "mail.theweb.co.uk"
FF - prefs.js..network.proxy.backup.ftp_port: 8000
FF - prefs.js..network.proxy.backup.gopher: "mail.theweb.co.uk"
FF - prefs.js..network.proxy.backup.gopher_port: 8000
FF - prefs.js..network.proxy.backup.socks: "mail.theweb.co.uk"
FF - prefs.js..network.proxy.backup.socks_port: 8000
FF - prefs.js..network.proxy.backup.ssl: "mail.theweb.co.uk"
FF - prefs.js..network.proxy.backup.ssl_port: 8000
FF - prefs.js..network.proxy.ftp: "202.105.230.226"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "202.105.230.226"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "202.105.230.226"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "202.105.230.226"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "202.105.230.226"
FF - prefs.js..network.proxy.ssl_port: 80


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Dave bray\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Dave bray\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Dave bray\Application Data\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Dave bray\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2011/07/22 18:35:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/22 18:18:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/08 06:18:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/21 19:08:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/31 19:20:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.02\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2011/07/22 18:24:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.02\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011/06/30 11:51:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.3\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2009/05/03 17:47:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.3\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2011/06/11 12:01:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/22 18:18:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.02\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2011/07/22 18:24:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.02\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011/06/30 11:51:48 | 000,000,000 | ---D | M]

[2011/07/22 16:40:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave bray\Application Data\Mozilla\Extensions
[2011/05/31 19:20:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave bray\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/09/22 22:14:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave bray\Application Data\Mozilla\Firefox\Profiles\1gua58w9.default\extensions
[2011/07/22 16:40:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dave bray\Application Data\Mozilla\Firefox\Profiles\1gua58w9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/22 16:40:28 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Dave bray\Application Data\Mozilla\Firefox\Profiles\1gua58w9.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2011/08/01 22:07:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Dave bray\Application Data\Mozilla\Firefox\Profiles\1gua58w9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/09/22 22:14:42 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Dave bray\Application Data\Mozilla\Firefox\Profiles\1gua58w9.default\extensions\{a20ce696-1450-4461-b21f-826956c518a7}
[2011/07/22 18:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/23 06:48:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/06/30 11:51:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/30 11:51:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/08 06:18:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/30 11:51:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/05/11 17:41:00 | 000,200,704 | ---- | M] (Ancestry.com) -- C:\Program Files\mozilla firefox\plugins\npImgCtl.dll
[2006/11/20 10:08:57 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2003/08/04 15:19:02 | 000,438,272 | ---- | M] (AOL Time Warner) -- C:\Program Files\mozilla firefox\plugins\npwinamp.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/22 16:28:04 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Reg Error: Value error.) - {012F00DD-6151-4385-9AFB-0F52CA3B32Bc} - C:\Documents and Settings\Dave bray\Local Settings\Application Data\NetworkWin32.dll (Microsoft Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKU\S-1-5-21-877690994-1423518253-1684835088-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-877690994-1423518253-1684835088-1006\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKU\S-1-5-21-877690994-1423518253-1684835088-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-877690994-1423518253-1684835088-1006\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun File not found
O4 - HKLM..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun File not found
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb08.exe (HP)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [AOL Update] C:\Documents and Settings\Dave bray\Local Settings\Application Data\AOL\AOLUpdate\AOLupdt32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [AOL Update] C:\Documents and Settings\Dave bray\Local Settings\Application Data\AOL\AOLUpdate\AOLupdt32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [AOL Update] C:\Documents and Settings\Dave bray\Local Settings\Application Data\AOL\AOLUpdate\AOLupdt32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [AOL Update] C:\Documents and Settings\Dave bray\Local Settings\Application Data\AOL\AOLUpdate\AOLupdt32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-877690994-1423518253-1684835088-1006..\Run: [AOL Update] C:\Documents and Settings\Dave bray\Local Settings\Application Data\AOL\AOLUpdate\AOLupdt32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-877690994-1423518253-1684835088-1006..\Run: [DisplayUpdatePolicy] C:\Documents and Settings\All Users\Application Data\DisplayUpdatePolicy.dll (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RealUpgradeHelper] C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [RealUpgradeHelper] C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dynex Wireless Networking Utility.lnk = C:\Program Files\Dynex G USB Network Adapter\DynexWCUI.exe (Dynex)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-877690994-1423518253-1684835088-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-877690994-1423518253-1684835088-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKU\S-1-5-21-877690994-1423518253-1684835088-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-877690994-1423518253-1684835088-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: ssddvd = C:\WINDOWS\System32\ssddvd.exe
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\instant messenger\aim.exe (America Online, Inc.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O15 - HKU\S-1-5-21-877690994-1423518253-1684835088-1006\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-877690994-1423518253-1684835088-1006\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative....110/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-3-17.cab (EPUImageControl Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {539DA0E0-74A7-11D9-9669-0800200C9A66} http://www.ouchvideo...viewer_ic13.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1123884884958 (WUWebControl Class)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai...all/xscan53.cab (HouseCall Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,23/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....12110/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {FDCC1518-6A63-11D9-AAC8-91EC5E497716} http://www.ouchvideo...iewer_emg11.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98E07822-B26E-4104-99A9-C60AA32866C4}: DhcpNameServer = 192.168.1.1 68.238.64.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBB9F2A7-4B8D-43F5-BEBE-726A49129F02}: DhcpNameServer = 192.168.1.1 68.238.64.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (kdhdl.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dave bray\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 06:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/02/18 17:22:55 | 000,000,000 | ---D | M] - C:\autorun -- [ NTFS ]
O33 - MountPoints2\{3ef4ec52-5dc9-11dd-b071-0007e986b9d6}\Shell\AutoRun\command - "" = G:\wd_windows_tools\WDSetup.exe
O33 - MountPoints2\{a6e7a460-0e31-11e0-b126-0007e986b9d6}\Shell\AutoRun\command - "" = H:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/22 16:49:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave bray\Desktop\tdsskiller
[2011/09/22 16:47:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave bray\Desktop\GooredFix Backups
[2011/09/22 16:45:07 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Dave bray\Desktop\GooredFix.exe
[2011/09/22 16:27:55 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/09/22 16:26:21 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dave bray\Desktop\OTM.exe
[2011/09/22 16:19:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/22 16:18:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/09/22 16:18:39 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/09/21 12:30:07 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dave bray\Desktop\OTL.exe
[2011/09/21 10:41:18 | 000,074,968 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2011/09/21 10:41:16 | 000,021,592 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2011/09/21 10:18:16 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/09/21 10:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/09/21 00:02:32 | 000,208,896 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NVUNINST.EXE
[2011/09/21 00:01:55 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/09/20 19:11:07 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\DisplayUpdatePolicy.dll
[2011/09/20 19:10:27 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Dave bray\Local Settings\Application Data\NetworkWin32.dll
[2011/08/27 09:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave bray\My Documents\AnimalActionLeague
[2011/08/27 09:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave bray\Application Data\Windows Search
[2003/06/18 13:15:52 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1 C:\Documents and Settings\Dave bray\*.tmp files -> C:\Documents and Settings\Dave bray\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/23 00:01:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/22 23:51:34 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Dave bray\Application Data\b77ab0da
[2011/09/22 23:05:58 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Dave bray\Application Data\3f02bfda
[2011/09/22 22:27:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2011/09/22 22:24:09 | 000,075,776 | ---- | M] () -- C:\Documents and Settings\Dave bray\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/22 22:16:49 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Dave bray\Application Data\57a74f25
[2011/09/22 16:45:45 | 001,386,742 | ---- | M] () -- C:\Documents and Settings\Dave bray\Desktop\tdsskiller.zip
[2011/09/22 16:45:15 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Dave bray\Desktop\GooredFix.exe
[2011/09/22 16:43:13 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/09/22 16:40:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/22 16:39:33 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/09/22 16:36:50 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/09/22 16:36:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/09/22 16:35:17 | 000,030,424 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/09/22 16:35:17 | 000,030,424 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/09/22 16:35:17 | 000,029,580 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/09/22 16:35:17 | 000,029,580 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/09/22 16:35:17 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/09/22 16:35:17 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/09/22 16:35:17 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2011/09/22 16:35:17 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2011/09/22 16:28:04 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2011/09/22 16:26:27 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave bray\Desktop\OTM.exe
[2011/09/22 16:18:40 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Dave bray\Desktop\NTREGOPT.lnk
[2011/09/22 16:18:40 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Dave bray\Desktop\ERUNT.lnk
[2011/09/22 15:36:38 | 000,003,611 | ---- | M] () -- C:\Documents and Settings\Dave bray\Application Data\4002c720
[2011/09/22 14:57:53 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2011/09/22 09:07:36 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/09/22 09:07:36 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/09/21 22:10:16 | 000,005,691 | ---- | M] () -- C:\WINDOWS\FORGE32.ini
[2011/09/21 12:31:55 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave bray\Desktop\OTL.exe
[2011/09/21 10:35:57 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/21 10:34:56 | 000,074,968 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2011/09/21 10:34:55 | 000,021,592 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2011/09/21 10:18:36 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/09/21 09:41:18 | 000,003,356 | ---- | M] () -- C:\Documents and Settings\Dave bray\Desktop\Document2.rtf
[2011/09/20 19:10:28 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Dave bray\Local Settings\Application Data\NetworkWin32.dll
[2011/09/20 19:10:26 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\DisplayUpdatePolicy.dll
[2011/09/18 23:06:46 | 000,000,233 | ---- | M] () -- C:\Documents and Settings\Dave bray\Desktop\Document.rtf
[2011/09/18 23:06:14 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2011/09/16 13:49:48 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[1 C:\Documents and Settings\Dave bray\*.tmp files -> C:\Documents and Settings\Dave bray\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/22 22:17:56 | 004,501,893 | ---- | C] () -- C:\Documents and Settings\Dave bray\Desktop\VH vamp.m4v
[2011/09/22 16:45:26 | 001,386,742 | ---- | C] () -- C:\Documents and Settings\Dave bray\Desktop\tdsskiller.zip
[2011/09/22 16:18:40 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Dave bray\Desktop\NTREGOPT.lnk
[2011/09/22 16:18:40 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Dave bray\Desktop\ERUNT.lnk
[2011/09/21 10:18:36 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/09/21 01:32:06 | 000,003,356 | ---- | C] () -- C:\Documents and Settings\Dave bray\Desktop\Document2.rtf
[2011/09/21 00:04:24 | 000,088,566 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2011/09/20 20:11:54 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Dave bray\Application Data\3f02bfda
[2011/09/20 19:32:02 | 000,003,611 | ---- | C] () -- C:\Documents and Settings\Dave bray\Application Data\4002c720
[2011/09/20 19:12:19 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Dave bray\Application Data\57a74f25
[2011/09/20 19:11:50 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Dave bray\Application Data\b77ab0da
[2011/09/18 23:06:46 | 000,000,233 | ---- | C] () -- C:\Documents and Settings\Dave bray\Desktop\Document.rtf
[2011/07/26 11:21:15 | 000,025,864 | ---- | C] () -- C:\WINDOWS\System32\EEInstMngr.exe
[2011/04/29 23:08:13 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/04/29 11:33:43 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/29 11:33:43 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/01/03 00:03:41 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2011/01/03 00:03:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\wltrysvc.exe
[2011/01/03 00:03:39 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/12/14 19:34:52 | 000,206,900 | ---- | C] () -- C:\WINDOWS\hpoins35.dat
[2010/12/14 19:34:52 | 000,001,069 | ---- | C] () -- C:\WINDOWS\hpomdl35.dat
[2010/08/22 00:28:47 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/08/22 00:28:46 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/08/22 00:28:44 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/08/22 00:28:44 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/08/22 00:28:41 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/03 12:15:33 | 000,000,110 | ---- | C] () -- C:\WINDOWS\PCB123.INI
[2009/05/18 11:42:34 | 000,000,131 | -H-- | C] () -- C:\Documents and Settings\Dave bray\Application Data\lakerda1967.sys
[2009/05/18 11:42:01 | 000,010,584 | ---- | C] () -- C:\Documents and Settings\Dave bray\Application Data\docXConverter (3).ini
[2008/11/23 11:36:48 | 000,157,264 | ---- | C] () -- C:\WINDOWS\hphins26.dat
[2008/11/23 11:36:48 | 000,000,787 | ---- | C] () -- C:\WINDOWS\hphmdl26.dat
[2008/09/25 11:33:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2008/09/25 11:33:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2008/08/19 19:52:43 | 000,000,608 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/08/19 17:52:27 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDVPMON.DLL
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/22 01:19:10 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/05 00:10:25 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/12/02 18:20:28 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/22 12:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/10 10:10:39 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2005/08/13 18:15:09 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/06/03 23:32:34 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/06/03 23:32:32 | 000,088,064 | ---- | C] () -- C:\WINDOWS\System32\AudioExCtl.dll
[2005/05/14 14:13:51 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\pngu3260.dll
[2005/05/14 14:13:51 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\pnrs3260.dll
[2005/05/11 10:59:09 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/05/10 12:20:59 | 000,004,928 | ---- | C] () -- C:\WINDOWS\cfgmgr52.ini
[2005/05/10 08:45:12 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/05/06 23:54:59 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/05/06 23:54:59 | 000,000,674 | ---- | C] () -- C:\WINDOWS\tsc.ini
[2005/05/06 23:50:34 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/05/06 16:40:21 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/05/06 11:09:01 | 000,001,145 | ---- | C] () -- C:\WINDOWS\System32\winupdt.bin
[2004/12/26 05:42:47 | 000,015,628 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/12/23 09:09:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CONTROL(2).INI
[2004/11/19 22:13:13 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\pyrufor.dat
[2004/08/31 19:00:22 | 000,005,068 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samhid.sys
[2004/08/31 18:04:41 | 000,000,159 | ---- | C] () -- C:\WINDOWS\System32\sam.ini
[2004/08/31 18:02:21 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\Ffpage.dll
[2004/02/26 22:00:40 | 000,000,520 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2003/11/18 23:24:30 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2003/11/18 23:24:29 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2003/10/06 14:16:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2003/10/06 14:16:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2003/10/06 14:16:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003/10/06 14:16:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2003/10/06 14:16:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2003/10/06 14:16:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2003/10/06 14:16:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003/10/02 18:47:21 | 000,004,836 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
[2003/10/02 18:46:43 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2003/09/24 19:26:20 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/09/18 16:13:03 | 001,923,290 | ---- | C] () -- C:\Program Files\cdex_151.zip
[2003/09/18 15:37:27 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\rmmerge2.DLL
[2003/09/18 15:37:27 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\rmevents.DLL
[2003/09/16 21:30:24 | 000,000,020 | ---- | C] () -- C:\WINDOWS\prefs_zb.dll
[2003/07/09 17:37:01 | 017,500,902 | -H-- | C] () -- C:\Documents and Settings\Dave bray\Application Data\fiz21
[2003/07/08 18:12:28 | 000,030,024 | -H-- | C] () -- C:\Documents and Settings\Dave bray\Application Data\fiz20
[2003/07/07 18:50:31 | 000,030,041 | -H-- | C] () -- C:\Documents and Settings\Dave bray\Application Data\fiz19
[2003/07/06 09:39:47 | 000,030,064 | -H-- | C] () -- C:\Documents and Settings\Dave bray\Application Data\fiz18
[2003/06/30 19:45:59 | 000,030,046 | -H-- | C] () -- C:\Documents and Settings\Dave bray\Application Data\fiz17
[2003/06/29 16:16:42 | 000,030,057 | -H-- | C] () -- C:\Documents and Settings\Dave bray\Application Data\fiz16
[2003/06/29 10:51:52 | 016,051,496 | ---- | C] () -- C:\Program Files\AdbeRdr60_enu_full.exe
[2003/06/29 10:51:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dave bray\Application Data\dm.ini
[2003/06/28 18:04:14 | 000,030,082 | -H-- | C] () -- C:\Documents and Settings\Dave bray\Application Data\fiz15
[2003/06/24 18:23:04 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2003/06/24 18:23:04 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2003/06/24 18:10:09 | 000,030,076 | -H-- | C] () -- C:\Documents and Settings\Dave bray\Application Data\fiz14
[2003/06/23 12:55:44 | 000,030,119 | -H-- | C] () -- C:\Documents and Settings\Dave bray\Application Data\fiz13
[2003/06/22 09:05:05 | 000,030,053 | -H-- | C] () -- C:\Documents and Settings\Dave bray\Application Data\fiz12
[2003/06/21 19:23:19 | 000,030,163 | -H-- | C] () -- C:\Documents and Settings\Dave bray\Application Data\fiz11
[2003/06/21 06:17:40 | 000,030,024 | -H-- | C] () -- C:\Documents and Settings\Dave bray\Application Data\fiz10
[2003/06/18 13:28:58 | 000,000,023 | ---- | C] () -- C:\WINDOWS\MixBUda.INI
[2003/06/18 13:16:55 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2003/06/18 13:16:51 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2003/06/18 13:16:08 | 000,060,034 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2003/06/18 13:16:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/06/18 13:15:55 | 000,183,703 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2003/06/18 13:15:54 | 000,298,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\ctdvda2k.sys
[2003/06/18 13:15:54 | 000,189,490 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2003/06/18 13:15:54 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2003/06/18 13:15:53 | 000,142,968 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2003/06/18 13:15:53 | 000,114,972 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2003/06/18 13:15:49 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2003/06/18 13:15:48 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2003/06/18 13:15:47 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2003/06/18 13:15:47 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2003/06/18 13:15:47 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2003/06/18 13:15:33 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2003/06/18 13:15:06 | 000,277,200 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2003/06/12 12:46:29 | 000,090,832 | ---- | C] () -- C:\WINDOWS\NSUninst.exe
[2003/06/08 18:21:36 | 000,075,776 | ---- | C] () -- C:\Documents and Settings\Dave bray\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/06/08 14:12:33 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2003/06/01 10:57:08 | 000,017,408 | ---- | C] () -- C:\WINDOWS\UnInstall.dll
[2003/06/01 10:57:07 | 000,000,028 | ---- | C] () -- C:\WINDOWS\CTDelLau.INI
[2003/05/20 17:19:00 | 000,000,214 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/05/18 16:01:09 | 000,005,691 | ---- | C] () -- C:\WINDOWS\FORGE32.ini
[2003/05/18 15:57:22 | 000,004,739 | ---- | C] () -- C:\WINDOWS\newsbot.ini
[2003/05/18 15:47:04 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Dave bray\Application Data\PFP100JPR.{PB
[2003/05/18 15:47:04 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Dave bray\Application Data\PFP100JCM.{PB
[2003/05/13 19:11:10 | 000,000,103 | ---- | C] () -- C:\WINDOWS\CTRec.INI
[2003/05/08 05:33:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/05/08 05:30:59 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/05/08 05:24:43 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/05/08 05:24:42 | 000,000,744 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/05/08 05:24:41 | 000,007,406 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2003/05/08 05:21:23 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/05/08 05:17:17 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/05/08 05:10:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2003/05/08 05:07:30 | 000,503,104 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2003/05/08 05:07:30 | 000,087,188 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2003/05/08 04:56:00 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/11/01 16:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/09/03 07:05:08 | 000,195,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 06:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 06:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 06:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 06:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/02/06 07:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 12:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 11591 bytes -> C:\WINDOWS\mozver.dat:xywmr

< End of report >

OTL Extras logfile created on: 9/22/2011 11:51:54 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Dave bray\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 104.55 Mb Available Physical Memory | 13.63% Memory free
1.46 Gb Paging File | 0.53 Gb Available in Paging File | 36.35% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.05 Gb Total Space | 156.96 Gb Free Space | 52.66% Space Free | Partition Type: NTFS

Computer Name: DAVELAND | User Name: Dave bray | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.js [@ = JSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-877690994-1423518253-1684835088-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1119:TCP" = 1119:TCP:*:Enabled:wow
"3724:TCP" = 3724:TCP:*:Enabled:wow2
"6112:TCP" = 6112:TCP:*:Enabled:wow3
"6113:TCP" = 6113:TCP:*:Enabled:wow4
"6114:TCP" = 6114:TCP:*:Enabled:wow5
"4000:TCP" = 4000:TCP:*:Enabled:wow6
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\instant messenger\aim.exe" = C:\Program Files\instant messenger\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\World of Warcraft Trial\Launcher.exe" = C:\Program Files\World of Warcraft Trial\Launcher.exe:*:Enabled:World of Warcraft Trial
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}" = HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{146E1B7E-A456-4C2F-B2B0-7BA8883C9670}" = PCB123 V3.3.10
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}" = Video DVD Maker v3.30.0.75
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Office 2002
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
"{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45893FEB-30FD-4034-8661-3BA4238FE67A}" = Britannica Ready Reference
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{531D27E5-DE21-4777-9EDB-B7803087E7F3}" = Dynex Wireless G USB Network Adapter Setup
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64116298-93C5-401D-B06C-39D8E3338508}" = DAO
"{6774F0CF-C7DD-4CB4-BCB2-11C3E08BBA03}" = McAfee Shredder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C9C52E1-5DC8-4FA8-8B12-6B3AC2E35357}" = Chord Miner
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{885894A5-BA0A-460E-AB4C-96C5C9B2C5E2}" = iTunes
"{888F0154-4AAA-4719-BFAE-01C3066B8408}" = C309a
"{8B8240B3-891D-4965-AA51-8799622D44FF}" = DJ_SF_03_D1500_ProductContext
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9D98F245-3010-43C6-B3B0-67A464DA298E}" = ELNKInst
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A088AF9D-0B94-4C33-B327-E5B494CE810B}" = PS_AIO_05_C309_Software_Min
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A844AF89-2DB6-DAAA-6881-884F8E6DB96A}" = FedEx Desktop
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9B54408-EF50-4821-B8A2-F597A657112A}" = HP Photosmart C309a All-In-One Driver Software 13.0 Rel .5
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B1421599-A42D-47ef-B512-B9B0317BD599}" = DJ_SF_03_D1500_Software
"{B23F9E40-E6E5-11D4-89B3-00201856C449}" = Tassman DXi SE 2.0
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B4FFB413-B107-4C00-93F5-A3E699F13754}" = SeasideSoft Photo Cropper
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BBF08789-06CB-4D2F-9330-CD617AFDE528}" = Fax
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E3F2EC51-4473-4535-BEE4-01B8B39ACEF7}" = Hello Kitty Cutie World
"{E82BF103-904F-49C0-B77F-6EC110B71E87}" = Sound Blaster Audigy 2
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AdobeESD" = Adobe Download Manager 1.2 (Remove Only)
"AIPL WarmTone" = AIPL WarmTone
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"AOL Instant Messenger" = AOL Instant Messenger
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Carbonite Backup" = Carbonite
"eMachineShop" = eMachineShop
"ERUNT_is1" = ERUNT 1.1j
"Evidence Eliminator" = Evidence Eliminator
"FaceMorpher Lite" = FaceMorpher Lite 2.1
"Fast Audio Converter_is1" = Fast Audio Converter version 1.2rc2
"FedExDesktop.026F9BDCA0F141E500950436A5D33181EE6B8EF5.1" = FedEx Desktop
"FileZilla" = FileZilla (remove only)
"FileZilla Client" = FileZilla Client 3.5.0
"FLV Player2.0 " = FLV Player
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"HTMLcolor_is1" = HTMLcolor 2.0.2
"ImageDrive!UninstallKey" = Ahead ImageDrive
"InstallShield_{9D98F245-3010-43C6-B3B0-67A464DA298E}" = Earthlink Installer - uninstall 'Earthlink 5.0' entry first if present
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"mIRC" = mIRC
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWASPI" = MicroStaff WINASPI
"Nero - Burning Rom!UninstallKey" = Ahead Nero Express
"Netscape (7.02)" = Netscape (7.02)
"Netscape Navigator (9.0.0.3)" = Netscape Navigator (9.0.0.3)
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"Oxelon Media Converter_is1" = Oxelon Media Converter 1.1
"Pro Tracks Plus 2.2" = Pro Tracks Plus 2.2
"PROSet" = Intel® PRO Ethernet Adapter and Software
"Quicken 2002 New User Edition" = Quicken 2002 New User Edition
"Radio@Netscape" = Radio@Netscape
"RealPlayer 6.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"Sonic Foundry Sound Forge 4.5c" = Sonic Foundry Sound Forge 4.5c
"Sound Forge 4.5a Build 228" = Sound Forge 4.5a Build 228
"SoundTaxi_is1" = SoundTaxi 2.0.0
"TDSL Personal Edition 1.0" = TDSL Personal Edition 1.0
"Tone Stack Calculator" = Tone Stack Calculator
"U.S. Legal Forms, Inc. Pleading Macro" = U.S. Legal Forms, Inc. Pleading Macro
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Winamp" = Winamp (Remove Only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMX" = WinMX
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordPerfect Office 2002" = WordPerfect Office 2002
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-877690994-1423518253-1684835088-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/23/2011 1:12:12 AM | Computer Name = DAVELAND | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070015 (converted
to 0x800423f3).

Error - 9/23/2011 1:27:30 AM | Computer Name = DAVELAND | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 9/23/2011 2:50:16 AM | Computer Name = DAVELAND | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{526f33c1-85a0-11d7-b909-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070005.

Error - 9/23/2011 2:50:16 AM | Computer Name = DAVELAND | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{526f33c2-85a0-11d7-b909-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070005.

Error - 9/23/2011 2:50:16 AM | Computer Name = DAVELAND | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{ea0d2cec-5174-11df-b102-0007e986b9d6},0xc0000000,0x00000003,...).
hr = 0x80070005.

Error - 9/23/2011 2:50:16 AM | Computer Name = DAVELAND | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{526f33c3-85a0-11d7-b909-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070005.

Error - 9/23/2011 2:54:27 AM | Computer Name = DAVELAND | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{526f33c1-85a0-11d7-b909-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070005.

Error - 9/23/2011 2:54:27 AM | Computer Name = DAVELAND | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{526f33c2-85a0-11d7-b909-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070005.

Error - 9/23/2011 2:54:27 AM | Computer Name = DAVELAND | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{ea0d2cec-5174-11df-b102-0007e986b9d6},0xc0000000,0x00000003,...).
hr = 0x80070005.

Error - 9/23/2011 2:54:27 AM | Computer Name = DAVELAND | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{526f33c3-85a0-11d7-b909-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070005.

[ System Events ]
Error - 9/22/2011 7:27:58 PM | Computer Name = DAVELAND | Source = Service Control Manager | ID = 7034
Description = The McAfee Task Scheduler service terminated unexpectedly. It has
done this 1 time(s).

Error - 9/22/2011 7:27:58 PM | Computer Name = DAVELAND | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 9/22/2011 7:27:58 PM | Computer Name = DAVELAND | Source = Service Control Manager | ID = 7034
Description = The Viewpoint Manager Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 9/22/2011 7:28:57 PM | Computer Name = DAVELAND | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the CarboniteService service,
but this action failed with the following error: %%1056

Error - 9/22/2011 7:37:10 PM | Computer Name = DAVELAND | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 9/22/2011 7:37:10 PM | Computer Name = DAVELAND | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 9/22/2011 8:01:34 PM | Computer Name = DAVELAND | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 9/23/2011 1:12:54 AM | Computer Name = DAVELAND | Source = Removable Storage Service | ID = 262159
Description = RSM cannot manage library CdRom1. The database is corrupt.

Error - 9/23/2011 1:12:56 AM | Computer Name = DAVELAND | Source = Removable Storage Service | ID = 262159
Description = RSM cannot manage library CdRom0. The database is corrupt.

Error - 9/23/2011 1:12:57 AM | Computer Name = DAVELAND | Source = Removable Storage Service | ID = 262159
Description = RSM cannot manage library CdRom2. The database is corrupt.


< End of report >

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-23 15:21:18
-----------------------------
15:21:18.265 OS Version: Windows 5.1.2600 Service Pack 3
15:21:18.265 Number of processors: 1 586 0x207
15:21:18.265 ComputerName: DAVELAND UserName:
15:21:23.921 Initialize success
15:31:42.406 AVAST engine defs: 11092301
15:34:10.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:34:10.203 Disk 0 Vendor: WDC_WD3200JB-00KFA0 08.05J08 Size: 305245MB BusType: 3
15:34:12.234 Disk 0 MBR read successfully
15:34:12.234 Disk 0 MBR scan
15:34:12.359 Disk 0 Windows XP default MBR code
15:34:12.359 Disk 0 scanning sectors +625137345
15:34:12.656 Disk 0 scanning C:\WINDOWS\system32\drivers
15:34:31.859 Service scanning
15:34:36.156 Modules scanning
15:34:51.843 Disk 0 trace - called modules:
15:34:51.875 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
15:34:51.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83f80ab8]
15:34:51.875 3 CLASSPNP.SYS[f74effd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x83f88b00]
15:34:54.171 AVAST engine scan C:\WINDOWS
15:35:17.218 AVAST engine scan C:\WINDOWS\system32
15:38:43.187 AVAST engine scan C:\WINDOWS\system32\drivers
15:39:07.921 AVAST engine scan C:\Documents and Settings\Dave bray
15:48:17.578 File: C:\Documents and Settings\Dave bray\Local Settings\Application Data\AOL\AOLUpdate\AOLupdt32.exe **INFECTED** Win32:Tracur-ES [Trj]
17:04:36.734 AVAST engine scan C:\Documents and Settings\All Users
17:05:38.390 File: C:\Documents and Settings\All Users\Application Data\DisplayUpdatePolicy.dll **INFECTED** Win32:Kryptik-EVX [Trj]
17:29:16.234 Scan finished successfully
17:48:45.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dave bray\Desktop\MBR.dat"
17:48:45.437 The log file has been saved successfully to "C:\Documents and Settings\Dave bray\Desktop\aswMBR.txt"

Edited by AridParadise, 23 September 2011 - 10:06 PM.

  • 0

Advertisements

#2
maliprog
Posted 26 September 2011 - 01:11 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello AridParadise and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DD 00 2F 01 51 61 85 43 9A FB 0F 52 CA 3B 32 BC [binary data]
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DD 00 2F 01 51 61 85 43 9A FB 0F 52 CA 3B 32 BC [binary data]
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DD 00 2F 01 51 61 85 43 9A FB 0F 52 CA 3B 32 BC [binary data]
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DD 00 2F 01 51 61 85 43 9A FB 0F 52 CA 3B 32 BC [binary data]
    IE - HKU\S-1-5-21-877690994-1423518253-1684835088-1006\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DD 00 2F 01 51 61 85 43 9A FB 0F 52 CA 3B 32 BC [binary data]
    FF - prefs.js..network.proxy.ftp: "202.105.230.226"
    FF - prefs.js..network.proxy.ftp_port: 80
    FF - prefs.js..network.proxy.gopher: "202.105.230.226"
    FF - prefs.js..network.proxy.gopher_port: 80
    FF - prefs.js..network.proxy.http: "202.105.230.226"
    FF - prefs.js..network.proxy.http_port: 80
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "202.105.230.226"
    FF - prefs.js..network.proxy.socks_port: 80
    FF - prefs.js..network.proxy.ssl: "202.105.230.226"
    FF - prefs.js..network.proxy.ssl_port: 80
    [2011/09/22 22:14:42 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Dave bray\Application Data\Mozilla\Firefox\Profiles\1gua58w9.default\extensions\{a20ce696-1450-4461-b21f-826956c518a7}
    O2 - BHO: (Reg Error: Value error.) - {012F00DD-6151-4385-9AFB-0F52CA3B32Bc} - C:\Documents and Settings\Dave bray\Local Settings\Application Data\NetworkWin32.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun File not found
    O4 - HKLM..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun File not found
    O4 - HKU\S-1-5-21-877690994-1423518253-1684835088-1006..\Run: [DisplayUpdatePolicy] C:\Documents and Settings\All Users\Application Data\DisplayUpdatePolicy.dll (Microsoft Corporation)
    O7 - HKU\S-1-5-21-877690994-1423518253-1684835088-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: ssddvd = C:\WINDOWS\System32\ssddvd.exe
    O20 - HKLM Winlogon: System - (kdhdl.exe) - File not found
    [2011/09/20 19:10:27 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Dave bray\Local Settings\Application Data\NetworkWin32.dll
    [2011/09/22 23:51:34 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Dave bray\Application Data\b77ab0da
    [2011/09/22 23:05:58 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Dave bray\Application Data\3f02bfda
    [2011/09/22 22:16:49 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Dave bray\Application Data\57a74f25
    [2011/09/22 15:36:38 | 000,003,611 | ---- | M] () -- C:\Documents and Settings\Dave bray\Application Data\4002c720
    [2011/09/20 19:11:07 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\DisplayUpdatePolicy.dll

    :Files
    C:\Documents and Settings\Dave bray\Application Data\fiz*

    :Reg
    [HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-

    [HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-

    [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-

    [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-

    [HKU\S-1-5-21-877690994-1423518253-1684835088-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
    "XMLHTTP_UUID_Default"=-

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#3
AridParadise
Posted 26 September 2011 - 03:44 PM

AridParadise

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you, maliprog!

All processes killed
========== OTL ==========
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-21-877690994-1423518253-1684835088-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
Prefs.js: "202.105.230.226" removed from network.proxy.ftp
Prefs.js: 80 removed from network.proxy.ftp_port
Prefs.js: "202.105.230.226" removed from network.proxy.gopher
Prefs.js: 80 removed from network.proxy.gopher_port
Prefs.js: "202.105.230.226" removed from network.proxy.http
Prefs.js: 80 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "202.105.230.226" removed from network.proxy.socks
Prefs.js: 80 removed from network.proxy.socks_port
Prefs.js: "202.105.230.226" removed from network.proxy.ssl
Prefs.js: 80 removed from network.proxy.ssl_port
C:\Documents and Settings\Dave bray\Application Data\Mozilla\Firefox\Profiles\1gua58w9.default\extensions\{a20ce696-1450-4461-b21f-826956c518a7}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Dave bray\Application Data\Mozilla\Firefox\Profiles\1gua58w9.default\extensions\{a20ce696-1450-4461-b21f-826956c518a7}\defaults folder moved successfully.
C:\Documents and Settings\Dave bray\Application Data\Mozilla\Firefox\Profiles\1gua58w9.default\extensions\{a20ce696-1450-4461-b21f-826956c518a7}\chrome folder moved successfully.
C:\Documents and Settings\Dave bray\Application Data\Mozilla\Firefox\Profiles\1gua58w9.default\extensions\{a20ce696-1450-4461-b21f-826956c518a7} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{012F00DD-6151-4385-9AFB-0F52CA3B32Bc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{012F00DD-6151-4385-9AFB-0F52CA3B32Bc}\ deleted successfully.
C:\Documents and Settings\Dave bray\Local Settings\Application Data\NetworkWin32.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\cfgmgr51 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\cfgmgr52 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-877690994-1423518253-1684835088-1006\Software\Microsoft\Windows\CurrentVersion\Run\\DisplayUpdatePolicy deleted successfully.
C:\Documents and Settings\All Users\Application Data\DisplayUpdatePolicy.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-877690994-1423518253-1684835088-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\ssddvd deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System:kdhdl.exe deleted successfully.
File C:\Documents and Settings\Dave bray\Local Settings\Application Data\NetworkWin32.dll not found.
C:\Documents and Settings\Dave bray\Application Data\b77ab0da moved successfully.
C:\Documents and Settings\Dave bray\Application Data\3f02bfda moved successfully.
C:\Documents and Settings\Dave bray\Application Data\57a74f25 moved successfully.
C:\Documents and Settings\Dave bray\Application Data\4002c720 moved successfully.
File C:\Documents and Settings\All Users\Application Data\DisplayUpdatePolicy.dll not found.
========== FILES ==========
C:\Documents and Settings\Dave bray\Application Data\fiz10 moved successfully.
C:\Documents and Settings\Dave bray\Application Data\fiz11 moved successfully.
C:\Documents and Settings\Dave bray\Application Data\fiz12 moved successfully.
C:\Documents and Settings\Dave bray\Application Data\fiz13 moved successfully.
C:\Documents and Settings\Dave bray\Application Data\fiz14 moved successfully.
C:\Documents and Settings\Dave bray\Application Data\fiz15 moved successfully.
C:\Documents and Settings\Dave bray\Application Data\fiz16 moved successfully.
C:\Documents and Settings\Dave bray\Application Data\fiz17 moved successfully.
C:\Documents and Settings\Dave bray\Application Data\fiz18 moved successfully.
C:\Documents and Settings\Dave bray\Application Data\fiz19 moved successfully.
C:\Documents and Settings\Dave bray\Application Data\fiz20 moved successfully.
C:\Documents and Settings\Dave bray\Application Data\fiz21 moved successfully.
========== REGISTRY ==========
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
Registry value HKEY_USERS\S-1-5-21-877690994-1423518253-1684835088-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Application Data
  • 0

#4
AridParadise
Posted 26 September 2011 - 03:45 PM

AridParadise

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ComboFix 11-09-26.02 - Dave bray 09/26/2011 14:05:03.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.255 [GMT -7:00]
Running from: c:\documents and settings\Dave bray\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DirectCDUserNameE.txt
c:\documents and settings\Dave bray\Application Data\AdwareAlert
c:\documents and settings\Dave bray\Local Settings\Application Data\AOL\AOLUpdate\AOLupdt32.dll
c:\documents and settings\Dave bray\Local Settings\Application Data\AOL\AOLUpdate\AOLupdt32.exe
c:\documents and settings\Dave bray\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Dave bray\Local Settings\Application Data\ApplicationHistory\DA_PASlog.exe.266217b1.ini
c:\documents and settings\Dave bray\Local Settings\Application Data\ApplicationHistory\DFolder.exe.368dcbb5.ini
c:\documents and settings\Dave bray\Local Settings\Application Data\ApplicationHistory\DNgen.exe.516df7ac.ini
c:\documents and settings\Dave bray\Local Settings\Application Data\ApplicationHistory\DReg1.exe.2e6500e7.ini
c:\documents and settings\Dave bray\Local Settings\Application Data\ApplicationHistory\dsca.exe.cf6b816f.ini
c:\documents and settings\Dave bray\Local Settings\Application Data\ApplicationHistory\ExpEval21.exe.8f3e9125.ini
c:\documents and settings\Dave bray\Local Settings\Application Data\ApplicationHistory\GUI.exe.f0196921.ini
c:\documents and settings\Dave bray\Local Settings\Application Data\ApplicationHistory\ISCallingDLL.exe.7c210265.ini
c:\documents and settings\Dave bray\Local Settings\Application Data\ApplicationHistory\MSI9.tmp.f18ad531.ini
c:\documents and settings\Dave bray\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Dave bray\Local Settings\Application Data\ApplicationHistory\Ngen.exe.89f695a3.ini
c:\documents and settings\Dave bray\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini
c:\documents and settings\Dave bray\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini.inuse
c:\documents and settings\Dave bray\Local Settings\Application Data\ApplicationHistory\PolMigrate.exe.48b82cc6.ini
c:\documents and settings\Dave bray\Local Settings\Application Data\ApplicationHistory\prstp.exe.a15f4573.ini
c:\documents and settings\Dave bray\Local Settings\Application Data\ApplicationHistory\rng.exe.ac4aa698.ini
c:\documents and settings\Dave bray\Local Settings\Application Data\ApplicationHistory\SL1F3.tmp.ccaf9aa9.ini
c:\documents and settings\Dave bray\Local Settings\Application Data\ApplicationHistory\SL51.tmp.47ba4923.ini
c:\documents and settings\Dave bray\Local Settings\Application Data\ApplicationHistory\SLCFA.tmp.d58b4209.ini
c:\documents and settings\Dave bray\Local Settings\Application Data\ApplicationHistory\SoundTaxi.exe.7e862e9c.ini
c:\documents and settings\Dave bray\Local Settings\Application Data\ApplicationHistory\ssIS.exe.be56f7cc.ini
c:\documents and settings\Dave bray\Local Settings\Application Data\ApplicationHistory\startDSLog.exe.b8aff5f3.ini
c:\documents and settings\Dave bray\Local Settings\Application Data\ApplicationHistory\startDSLog.exe.c6f6cd35.ini
c:\documents and settings\Dave bray\Local Settings\Application Data\ApplicationHistory\update21GUI.exe.c94e3979.ini
c:\documents and settings\Dave bray\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.da38aab9.ini
c:\documents and settings\Dave bray\Start Menu\Programs\Evidence Eliminator
c:\documents and settings\Dave bray\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator Help.lnk
c:\documents and settings\Dave bray\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator License Agreement.lnk
c:\documents and settings\Dave bray\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator Read Me.lnk
c:\documents and settings\Dave bray\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator.lnk
c:\documents and settings\Dave bray\WINDOWS
c:\documents and settings\Dave bray\zjudeywjfg.tmp
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Guest\WINDOWS
c:\documents and settings\Kianna\Application Data\Mozilla\Firefox\Profiles\1z1wtyx2.default\extensions\{a20ce696-1450-4461-b21f-826956c518a7}
c:\documents and settings\Kianna\Application Data\Mozilla\Firefox\Profiles\1z1wtyx2.default\extensions\{a20ce696-1450-4461-b21f-826956c518a7}\chrome.manifest
c:\documents and settings\Kianna\Application Data\Mozilla\Firefox\Profiles\1z1wtyx2.default\extensions\{a20ce696-1450-4461-b21f-826956c518a7}\chrome\xulcache.jar
c:\documents and settings\Kianna\Application Data\Mozilla\Firefox\Profiles\1z1wtyx2.default\extensions\{a20ce696-1450-4461-b21f-826956c518a7}\defaults\preferences\xulcache.js
c:\documents and settings\Kianna\Application Data\Mozilla\Firefox\Profiles\1z1wtyx2.default\extensions\{a20ce696-1450-4461-b21f-826956c518a7}\install.rdf
c:\documents and settings\Kianna\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Kianna\Local Settings\Application Data\ApplicationHistory\ISCallingDLL.exe.7c210265.ini
c:\documents and settings\Kianna\Local Settings\Application Data\ApplicationHistory\Ngen.exe.89f695a3.ini
c:\documents and settings\Kianna\Local Settings\Application Data\ApplicationHistory\PolMigrate.exe.48b82cc6.ini
c:\documents and settings\Kianna\WINDOWS
c:\documents and settings\Thabata\Application Data\Mozilla\Firefox\Profiles\ev4p6qmf.default\extensions\{a20ce696-1450-4461-b21f-826956c518a7}
c:\documents and settings\Thabata\Application Data\Mozilla\Firefox\Profiles\ev4p6qmf.default\extensions\{a20ce696-1450-4461-b21f-826956c518a7}\chrome.manifest
c:\documents and settings\Thabata\Application Data\Mozilla\Firefox\Profiles\ev4p6qmf.default\extensions\{a20ce696-1450-4461-b21f-826956c518a7}\chrome\xulcache.jar
c:\documents and settings\Thabata\Application Data\Mozilla\Firefox\Profiles\ev4p6qmf.default\extensions\{a20ce696-1450-4461-b21f-826956c518a7}\defaults\preferences\xulcache.js
c:\documents and settings\Thabata\Application Data\Mozilla\Firefox\Profiles\ev4p6qmf.default\extensions\{a20ce696-1450-4461-b21f-826956c518a7}\install.rdf
c:\documents and settings\Thabata\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Thabata\Local Settings\Application Data\ApplicationHistory\ISCallingDLL.exe.7c210265.ini
c:\documents and settings\Thabata\Local Settings\Application Data\ApplicationHistory\Ngen.exe.89f695a3.ini
c:\documents and settings\Thabata\Local Settings\Application Data\ApplicationHistory\PolMigrate.exe.48b82cc6.ini
c:\documents and settings\Thabata\WINDOWS
C:\install.exe
c:\program files\Evidence Eliminator
c:\program files\Evidence Eliminator\Data\Config.dat
c:\program files\Evidence Eliminator\Data\Drives.dat
c:\program files\Evidence Eliminator\Data\Files.dat
c:\program files\Evidence Eliminator\Data\FilesContents.dat
c:\program files\Evidence Eliminator\Data\Folders.dat
c:\program files\Evidence Eliminator\Data\FolderScans.dat
c:\program files\Evidence Eliminator\Data\IECookiesKeep.dat
c:\program files\Evidence Eliminator\Data\IEDownloadedKeep.dat
c:\program files\Evidence Eliminator\Data\MozillaCookiesKeep.dat
c:\program files\Evidence Eliminator\Data\OE5ChoiceList.dat
c:\program files\Evidence Eliminator\Data\Plug-Ins\AbsoluteFTP.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\ACDSEE Photo Viewer v3.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adaptec Easy CD Creator v4.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v3.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v3.1.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v4.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v5.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v5.1.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v6.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v7.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v8.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v9.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat v6.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v10.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v11.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v12.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v5.0 LE.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v5.5.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v5.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v6.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v7.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v8.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v9.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\ASPack.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Avant Browser.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Cabinet Manager.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Copernic 2000 Pro.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Copernic 2000.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Copernic Agent.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Corel Paintshop Pro v10.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Cute FTP v3.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Cute FTP v4.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Cute FTP v7.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Delphi v3.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Delphi v4.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Delphi v5.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\DiskKeeper v5.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\DivXPlayer.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Download Accelerator.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Eudora Mail.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\EventLog.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\FTP Explorer.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\GetRight ExplorerBar.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\GetRight v4.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Google Chrome.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\GoogleBar.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\GoogleNavigation.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\GoZilla.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Helios TextPad v3.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Helios TextPad v4.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\HelpWriter.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Icon Extractor.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\ICQ 2000a.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\InstallShield Express.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\J2 Messenger.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v5.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v6.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v7.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v8.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Jet PhotoShell v1.2.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Kazaa.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Limewire v4.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Macromedia Flash v4.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\MasterSplitter v2.1.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\McAfee Virus Scan v4.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microangelo 98.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Micrografx Picture Publisher v7.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Micrografx Picture Publisher v8.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft FrontPage Express.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft FrontPage.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft Help Workshop.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft HTML Help.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft Office.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft Publisher 2000.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft Send-To Extensions.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft Windows Paint.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Microsoft Windows WordPad.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\My Network Places.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Napster Music Community.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\NEATO Labels.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\NeoPlanet v5.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Norton AntiVirus 2000 (v6).eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Norton Antivirus 2003.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Norton File Manager.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Norton Internet Security 2004.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Norton Personal Firewall.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Norton Utilities 2000.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\NoteTab Pro.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Opera Browser.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\PackageForTheWeb.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Personal Ancestral File.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Quicktime.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Real Audio Player v6 v7 v8.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Real Download v4.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Real Player v10.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\RealOne Player.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\RemoteDesktop.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Roxio Easy CD Creator v6.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Safari Browser.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\SureThing CD Labeler.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Telnet.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Ulead Gif Animator v4.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Ulead Photo Explorer v4.2.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Ulead Photo Viewer v4.0.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Ulead PhotoImpact v10.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Ulead PhotoImpact v5.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Ulead PhotoImpact Viewer v4.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\UltraEdit v4.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\UltraEdit v7.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Web Ferret v3.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\WinOnCD.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\WinRar v2.6.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\WinRar v2.70.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\WinRar v3.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\WinZip v7.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\WinZip v8.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Wise Installer.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Yahoo Player.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\YahooMessenger.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\ZipMagic 2000.eep
c:\program files\Evidence Eliminator\Data\Plug-Ins\Zone Alarm.eep
c:\program files\Evidence Eliminator\Data\PlugInSelections.dat
c:\program files\Evidence Eliminator\Data\ScanMasks.dat
c:\program files\Evidence Eliminator\Data\shell.txt
c:\program files\Evidence Eliminator\Data\TBChoiceList.dat
c:\program files\Evidence Eliminator\Ee.exe
c:\program files\Evidence Eliminator\EEShellExt.dll
c:\program files\Evidence Eliminator\Help\ee.chm
c:\program files\Evidence Eliminator\INSTALL.LOG
c:\program files\Evidence Eliminator\License.txt
c:\program files\Evidence Eliminator\ReadMe.txt
c:\program files\Evidence Eliminator\UNWISE.EXE
c:\program files\Evidence Eliminator\UNWISE.INI
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
C:\setup.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\mswinstall.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\TEMP\nsi4B.tmp\PEV.DAT
c:\windows\TEMP\nsi4B.tmp\System.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-08-26 to 2011-09-26 )))))))))))))))))))))))))))))))
.
.
2011-09-22 23:18 . 2011-09-22 23:18 -------- d-----w- c:\program files\ERUNT
2011-09-21 17:41 . 2011-09-21 17:34 74968 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2011-09-21 17:41 . 2011-09-21 17:34 21592 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2011-09-21 17:18 . 2011-08-18 22:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-09-21 07:02 . 2006-10-22 22:06 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2011-09-21 07:01 . 2011-09-21 07:01 -------- d-----w- C:\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-21 17:35 . 2010-02-23 07:48 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-12 02:44 . 2011-04-29 22:28 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-06-30 18:51 . 2010-10-07 08:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-30 18:51 . 2008-09-23 05:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
2003-06-29 17:53 . 2003-06-29 17:51 16051496 ----a-w- c:\program files\AdbeRdr60_enu_full.exe
2011-09-08 13:18 . 2011-06-22 02:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 03:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 03:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 03:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-09-11 53248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"CTHelper"="CTHELPER.EXE" [2002-09-03 24576]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"Broadcom Wireless Manager"="c:\windows\system32\wltray.exe" [2007-06-14 1282048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-13 185896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2008-10-13 136768]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - [N/A]
Dynex Wireless Networking Utility.lnk - c:\program files\Dynex G USB Network Adapter\DynexWCUI.exe [2011-1-3 1462272]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dave bray^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\Dave bray\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 11:59 122880 ----a-w- c:\windows\BCMSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 16:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-09-12 08:58 229952 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 18:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-10-13 01:49 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\instant messenger\\aim.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1119:TCP"= 1119:TCP:*:Disabled:wow
"3724:TCP"= 3724:TCP:*:Disabled:wow2
"6112:TCP"= 6112:TCP:*:Disabled:wow3
"6113:TCP"= 6113:TCP:*:Disabled:wow4
"6114:TCP"= 6114:TCP:*:Disabled:wow5
"4000:TCP"= 4000:TCP:*:Disabled:wow6
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [9/21/2011 10:18 AM 64512]
R1 sbaphd;sbaphd;c:\windows\SYSTEM32\DRIVERS\sbaphd.sys [9/21/2011 10:41 AM 21592]
R1 SBRE;SBRE;c:\windows\SYSTEM32\DRIVERS\SBREDrv.sys [2/23/2010 12:48 AM 101720]
R2 sbapifs;sbapifs;c:\windows\SYSTEM32\DRIVERS\sbapifs.sys [9/21/2011 10:41 AM 74968]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/10/2009 12:36 PM 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 NdisWDM;Dynex Wireless G USB Network Adapter Service;c:\windows\SYSTEM32\DRIVERS\NdisWDM.sys [1/3/2011 12:03 AM 198144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/7/2010 5:21 PM 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/18/2011 3:25 PM 2151640]
S3 CEUSBAUD;Lexicon USB MIDI Driver1;c:\windows\SYSTEM32\DRIVERS\ceusbaud.sys [10/22/2006 9:52 AM 17920]
S3 cpuz134;cpuz134;\??\c:\docume~1\DAVEBR~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\DAVEBR~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/7/2010 5:21 PM 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/18/2011 3:25 PM 15232]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S3 samhid;samhid;c:\windows\SYSTEM32\DRIVERS\Samhid.sys [8/31/2004 7:00 PM 5068]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/29/2002 3:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-26 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 17:35]
.
2011-09-26 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 17:35]
.
2011-09-26 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 17:35]
.
2011-09-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-21 18:53]
.
2011-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 00:21]
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 00:21]
.
2011-09-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uDefault_Search_URL = hxxp://search.msn.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Dave bray\Application Data\Mozilla\Firefox\Profiles\1gua58w9.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-AOL Update - c:\documents and settings\Dave bray\Local Settings\Application Data\AOL\AOLUpdate\AOLupdt32.exe
HKU-Default-Run-AOL Update - c:\documents and settings\Dave bray\Local Settings\Application Data\AOL\AOLUpdate\AOLupdt32.exe
MSConfigStartUp-27oV3tW - dmsrac32.exe
MSConfigStartUp-Evidence Eliminator - c:\program files\Evidence Eliminator\ee.exe
MSConfigStartUp-Jw79Rja9T - dmcsnd.exe
AddRemove-Evidence Eliminator - c:\progra~1\EVIDEN~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-26 14:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-09-26 14:38:38
ComboFix-quarantined-files.txt 2011-09-26 21:38
.
Pre-Run: 168,719,085,568 bytes free
Post-Run: 169,100,197,888 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 09F03D199C65E91D78790435DFD5D172
  • 0

#5
maliprog
Posted 26 September 2011 - 11:05 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi AridParadise,

How is your system now? Do you still get redirections?

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#6
AridParadise
Posted 26 September 2011 - 11:56 PM

AridParadise

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
No more redirects so far. Two things I noticed: One exe it deleted was a program I bought, Evidence Eliminator, I was told it would "clean things up" and that my computer would run better after using it. After installing it, Windows Installer would repeatedly open whenever I tried to run it, I would have to shut both of them off by using Windows Task Manager.

Upon installing MBAM, I ran into the same error with Windows Installer:
__
Windows Installer

The feature you are trying to use is on a
network resource that is unavailable.

Click OK to try again, or enter an altrnate path to a
folder containing the installation package 'Chord
Miner.msi' in the box below.
__

Chord Miner was a small guitar chord program, maybe I became corrupted?


use source:
C:\DOCUME~1\DAVEBR~1\LOCALS~1\Temp\WZSE6.TMP\

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7806

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/26/2011 10:47:04 PM
mbam-log-2011-09-26 (22-47-04).txt

Scan type: Quick scan
Objects scanned: 245230
Time elapsed: 14 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Evidence Eliminator Quick Mode (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Evidence Eliminator Safe Restart (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Evidence Eliminator Safe Shutdown (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Evidence Eliminator Safe Recycle (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\Evidence Eliminator (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Evidence Eliminator (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#7
maliprog
Posted 27 September 2011 - 12:10 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Evidence Eliminator is a rogue software. They fooled you to buy this software. It doesn't do anything! Remove all installation of this program if you still have one. Always double check software that you are buying. Especially when you never herd of it.

Can you reinstall Chord Miner? That should resolve the problem. Test your system for one day for redirections and I'll prepare some clean up for you. Stay tuned...
  • 0

#8
AridParadise
Posted 27 September 2011 - 08:59 AM

AridParadise

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you so much. All EE is gone. I downloaded Chord Miner and tried to reinstall it (so i could then remove it completely) but i still have that Windows Installer Error.

No more redirects! :)
  • 0

#9
maliprog
Posted 27 September 2011 - 10:54 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Glad to hear that redirect problem is gone.

Let's resolve Windows Installer problem. Download the Windows Installer CleanUp Utility and remove the program that's showing up in Windows Installer.

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#10
AridParadise
Posted 27 September 2011 - 04:00 PM

AridParadise

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you so much for your help, everything is fine now. Donation sent, enjoy your coffees my friend. :)
  • 0

#11
maliprog
Posted 27 September 2011 - 11:11 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi AridParadise,

Thank you very much for your donation. I really appreciate it!

Goodbye and stay safe :)
  • 0

#12
maliprog
Posted 27 September 2011 - 11:11 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP