Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malfunctioning audio & ESET can't delete olmarik variant

Started by elenya , Nov 13 2011 06:09 PM

  • Please log in to reply

#1
elenya
Posted 13 November 2011 - 06:09 PM

elenya

    New Member

  • Member
  • Pip
  • 8 posts
Hello! Been having problems with both topic issues all week. I'm not savvy enough to tell if the two issues are related through a deeper problem but any help at all would be greatly valued. I am current on my Windows updates and regularly run malware scans with ESET and Malwarebytes.

1) For the audio issue: Firstly, about an hour after I start my computer, I hear the "windows exclamation" sound randomly--even while no programs are running (no other users are logged in, no other tasks seem to be running). After that my computer runs extremely slowly. In addition to the error sounds, I noticed that even though I had already used it successfully earlier in the day, my computer's DVD player played the video was fine, but there was no audio. Same for Windows Media Player but NOT for youtube, where the sound was absolutely normal. I clicked on the speaker icon in the toolbar tray and an error message saying 'No audio devices detected.' All audio options were grayed out in the Device Manager. The next day, all audio worked as normal. For about 5 days now the same pattern happens.

2)ESET has been alerting me that it has blocked trojan variants and says it cannot remove an olmarik trojan even while I have no other programs running. I've performed a scan and it will not remove it. I then scanned using Malwarebytes, but the log said nothing was infected. Yet I am still seeing messages from ESET. I've done a quick scan with OTL and it's posted below.

Again, I appreciate any help offered!


OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Koko\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 40.81% Memory free
3.85 Gb Paging File | 2.82 Gb Available in Paging File | 73.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 46.72 Gb Free Space | 20.06% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 365.32 Gb Free Space | 78.44% Space Free | Partition Type: NTFS
Drive F: | 7.44 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: OFFICEPOWERSPEC | User Name: Koko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/13 16:46:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Koko\Desktop\OTL.exe
PRC - [2011/11/04 23:53:18 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/31 22:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/01 22:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/02/01 08:12:45 | 004,828,792 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2009/05/14 14:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/05/14 14:47:08 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008/08/29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/09/28 07:18:56 | 008,740,864 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
PRC - [2004/11/02 19:33:08 | 000,499,712 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/04 23:53:18 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/30 10:03:45 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/30 00:12:25 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/07/06 15:39:03 | 006,271,648 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2010/02/05 11:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/08/16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/08/29 13:58:26 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2008/04/14 04:42:04 | 000,386,048 | ---- | M] () -- C:\WINDOWS\system32\qdvd.dll
MOD - [2004/11/02 19:24:14 | 000,286,720 | ---- | M] () -- C:\Program Files\CyberLink\PowerDVD\AppBarCom.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/31 22:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2009/05/14 14:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/05/14 14:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/03/19 13:07:54 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/08/29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


========== Driver Services (SafeList) ==========

DRV - [2011/03/31 22:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 500(UVC)
DRV - [2011/03/31 22:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/12/01 12:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/07/27 01:15:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/05/14 14:49:26 | 000,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/05/14 14:49:26 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/05/14 14:49:22 | 000,133,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/05/14 14:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/05/14 14:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008/08/29 13:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/03/29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/11/14 17:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/01/18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/09/27 14:50:00 | 001,021,832 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/26 18:46:48 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2003/03/31 18:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CA 1B AE 01 98 50 73 4D BB FD FF B3 4D B6 70 4B [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..keyword.URL: "http://www.searchqu....ystemid=406&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Koko\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Koko\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/28 13:14:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/12 20:50:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/27 12:32:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009/08/15 19:21:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Koko\Application Data\Move Networks [2011/10/30 19:53:06 | 000,000,000 | ---D | M]

[2011/05/31 23:00:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Koko\Application Data\Mozilla\Extensions
[2011/09/10 14:11:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Koko\Application Data\Mozilla\Firefox\Profiles\43upblc2.default\extensions
[2011/09/10 22:20:50 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Koko\Application Data\Mozilla\Firefox\Profiles\43upblc2.default\extensions\{03b770d4-fd11-4379-86f4-e23d0b98f4a1}
[2010/05/08 10:59:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Koko\Application Data\Mozilla\Firefox\Profiles\43upblc2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/09 18:20:00 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Koko\Application Data\Mozilla\Firefox\Profiles\43upblc2.default\extensions\{b0e7ec96-3010-4c63-8086-d0a3f4408957}
[2011/09/08 18:35:41 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Koko\Application Data\Mozilla\Firefox\Profiles\43upblc2.default\extensions\{c580e1e5-ba39-4287-beaf-57641f2ad4d0}
[2011/11/12 20:50:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/14 15:20:53 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/11/12 20:47:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/04 23:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/06/21 17:38:54 | 000,079,432 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2007/06/21 17:38:56 | 000,071,240 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2007/06/21 17:39:18 | 000,034,376 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\logging.dll
[2008/06/17 23:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/06/21 17:39:34 | 000,325,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2007/06/21 17:40:02 | 000,030,280 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2011/11/04 20:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 20:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Reg Error: Value error.) - {01AE1BCA-5098-4D73-BBFD-FFB34DB6704b} - Reg Error: Value error. File not found
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [IntelAudioStudio] C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] sttray.exe File not found
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [CyberLinkUpdate] C:\Documents and Settings\Koko\Application Data\CyberLink\CyberLinkUpdate\CyberLinkupdt32.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} https://ra.qwest.com...ad/tgctlins.cab (SupportSoft Installer)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://ra.qwest.com...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05E09A72-1F6B-4AE2-961A-4A2B94277E5D}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Koko\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Koko\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/20 01:04:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/09/23 13:57:56 | 000,000,073 | R--- | M] () - F:\AUTORUN.INF -- [ UDF ]
O32 - AutoRun File - [2004/08/04 18:33:50 | 000,000,315 | R--- | M] () - F:\autorun.mcl -- [ UDF ]
O33 - MountPoints2\{e2f2ee9b-8a10-11de-b776-806d6172696f}\Shell\PlayWithPowerDVD\Command - "" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe -- [2004/11/02 19:33:08 | 000,499,712 | ---- | M] (CyberLink Corp.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/13 16:46:17 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Koko\Desktop\OTL.exe
[2011/11/13 16:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/11/12 20:47:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/10 21:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Koko\Application Data\ElevatedDiagnostics
[2011/11/10 21:16:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/11/10 18:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2011/11/09 19:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/11/09 19:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/11/09 18:56:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/11/09 18:32:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/11/09 18:32:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/10/24 14:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Koko\Desktop\AdminDefault4.aspx_files
[2011/10/24 10:36:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Koko\Desktop\AdminDefault3.aspx_files
[2011/10/24 10:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Koko\Desktop\AdminDefault2.aspx_files
[2011/10/24 10:35:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Koko\Desktop\AdminDefault.aspx_files
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Koko\Desktop\*.tmp files -> C:\Documents and Settings\Koko\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Koko\*.tmp files -> C:\Documents and Settings\Koko\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/13 16:46:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Koko\Desktop\OTL.exe
[2011/11/13 16:30:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/13 16:25:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/13 16:24:35 | 000,243,457 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/11/13 16:24:32 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/13 16:24:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/13 16:24:17 | 2145,484,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/13 16:24:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/11/13 14:36:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/12 20:50:33 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Koko\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/12 20:50:33 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/10 21:17:37 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/08 20:01:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/06 11:42:32 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/06 11:42:32 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/01 21:40:30 | 000,043,079 | ---- | M] () -- C:\Documents and Settings\Koko\Desktop\tree-faramir-final_Kipar.gif
[2011/11/01 21:39:35 | 000,094,693 | ---- | M] () -- C:\Documents and Settings\Koko\Desktop\Tudor ROse.jpg
[2011/10/30 10:02:01 | 000,291,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/24 14:47:14 | 000,024,685 | ---- | M] () -- C:\Documents and Settings\Koko\Desktop\AdminDefault4.aspx.htm
[2011/10/24 10:36:16 | 000,024,541 | ---- | M] () -- C:\Documents and Settings\Koko\Desktop\AdminDefault3.aspx.htm
[2011/10/24 10:36:03 | 000,024,648 | ---- | M] () -- C:\Documents and Settings\Koko\Desktop\AdminDefault2.aspx.htm
[2011/10/24 10:35:37 | 000,024,687 | ---- | M] () -- C:\Documents and Settings\Koko\Desktop\AdminDefault.aspx.htm
[2011/10/24 10:32:05 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Koko\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/10/22 09:41:46 | 000,089,016 | ---- | M] () -- C:\Documents and Settings\Koko\Desktop\FloralKaleidoscopeStencil.pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Koko\Desktop\*.tmp files -> C:\Documents and Settings\Koko\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Koko\*.tmp files -> C:\Documents and Settings\Koko\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/12 20:50:33 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Koko\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/12 20:50:33 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/01 21:40:29 | 000,043,079 | ---- | C] () -- C:\Documents and Settings\Koko\Desktop\tree-faramir-final_Kipar.gif
[2011/11/01 21:39:35 | 000,094,693 | ---- | C] () -- C:\Documents and Settings\Koko\Desktop\Tudor ROse.jpg
[2011/10/24 14:47:13 | 000,024,685 | ---- | C] () -- C:\Documents and Settings\Koko\Desktop\AdminDefault4.aspx.htm
[2011/10/24 10:36:15 | 000,024,541 | ---- | C] () -- C:\Documents and Settings\Koko\Desktop\AdminDefault3.aspx.htm
[2011/10/24 10:36:02 | 000,024,648 | ---- | C] () -- C:\Documents and Settings\Koko\Desktop\AdminDefault2.aspx.htm
[2011/10/24 10:35:36 | 000,024,687 | ---- | C] () -- C:\Documents and Settings\Koko\Desktop\AdminDefault.aspx.htm
[2011/10/22 09:41:46 | 000,089,016 | ---- | C] () -- C:\Documents and Settings\Koko\Desktop\FloralKaleidoscopeStencil.pdf
[2011/09/06 17:57:04 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Koko\Application Data\bb98f6fb
[2011/09/06 17:21:15 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Koko\Application Data\d33d0604
[2011/09/06 16:59:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Koko\Application Data\c4988e01
[2011/09/06 16:57:48 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Koko\Application Data\33e0f9fb
[2011/07/28 13:08:10 | 000,205,445 | ---- | C] () -- C:\WINDOWS\hpwins26.dat
[2011/07/28 13:08:10 | 000,000,370 | ---- | C] () -- C:\WINDOWS\hpwmdl26.dat
[2011/03/22 22:58:22 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/02/11 18:41:22 | 000,000,083 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/11/18 22:21:22 | 000,000,058 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2010/11/14 15:21:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/10/23 15:55:06 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/07 20:25:14 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Koko\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/27 01:03:20 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/07/27 01:03:20 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/07/27 01:03:18 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/07/27 00:56:04 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/06/11 20:14:19 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/06/06 16:25:44 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/12/20 23:50:31 | 000,000,244 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/12/20 23:43:07 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Koko\Local Settings\Application Data\fusioncache.dat
[2009/11/24 13:57:37 | 000,061,748 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/26 17:14:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/21 07:10:02 | 000,000,739 | ---- | C] () -- C:\Program Files\metaframe_ica.jsp
[2009/08/15 21:05:44 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/08/15 21:01:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/08/15 20:06:54 | 001,597,690 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/08/15 18:23:14 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2009/08/15 18:17:58 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/08/15 18:17:43 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/08/15 18:17:43 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/08/15 18:17:38 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/08/15 18:17:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/08/15 18:17:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/08/15 18:16:56 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/08/15 18:16:55 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/08/15 18:15:42 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/08/15 18:15:12 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2008/08/29 13:58:26 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/08/29 13:58:16 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/12/20 19:05:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/20 01:08:15 | 000,000,806 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/12/20 01:08:07 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/12/20 01:06:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/12/20 01:02:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/12/19 23:51:46 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/12/19 23:51:46 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2005/12/19 23:51:46 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/12/19 23:51:46 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2005/12/19 23:51:46 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/12/19 23:51:46 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/12/19 23:51:46 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/12/19 23:51:46 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/12/19 23:51:45 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2005/12/19 23:51:45 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2005/12/19 23:49:53 | 000,002,056 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/12/19 23:49:49 | 000,444,456 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/12/19 23:49:49 | 000,072,332 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/12/19 16:58:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/19 16:57:26 | 000,291,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/06/01 17:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bandoo
[2011/02/11 18:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2009/08/15 19:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/02/11 18:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/08/15 19:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009/08/15 19:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/17 12:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/19 11:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/17 20:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/06/01 17:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{EF2D8223-8F3C-423E-BFA7-5E8BEEA8A6C2}
[2011/07/28 12:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Koko\Application Data\Canon
[2011/11/10 21:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Koko\Application Data\ElevatedDiagnostics
[2009/08/15 21:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Koko\Application Data\ESET
[2011/08/09 21:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Koko\Application Data\XMind

========== Purity Check ==========



< End of report >

Edited by elenya, 17 November 2011 - 09:08 PM.

  • 0

Advertisements

#2
elenya
Posted 13 November 2011 - 06:11 PM

elenya

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTL Extras logfile created on: 11/13/2011 4:47:11 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Koko\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 40.81% Memory free
3.85 Gb Paging File | 2.82 Gb Available in Paging File | 73.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 46.72 Gb Free Space | 20.06% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 365.32 Gb Free Space | 78.44% Space Free | Partition Type: NTFS
Drive F: | 7.44 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: OFFICEPOWERSPEC | User Name: Koko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDirector\PDR.exe" = C:\Program Files\CyberLink\PowerDirector\PDR.exe:*:Enabled:CyberLink PowerDirector -- (CyberLink Corp.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = The Sims™ 2 Mansion and Garden Stuff
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 29
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D1B20A6-E31D-4BB5-BC5C-DDD3B0D91728}" = Intel Audio Studio 2.0
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{50ECE146-F7A0-467A-8F69-5CEE086DC5AD}" = Intel Audio Studio 2.0
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = CU VPN Client 5.0.04.0300
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® Home Stuff
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{71CBF9BB-7E07-4A9D-BF30-84C11810B242}" = ESET Smart Security
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007F-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E89956F9-5B89-470E-818D-BD46102D0A01}" = Citrix Presentation Server Client
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = The Sims™ 2 Celebration! Stuff
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F4A4E6B2-D45F-4EB1-8C3A-6EB8D45A31C9}" = ClientTools
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyDVD" = AnyDVD
"CEP - Colour Enable Packages_is1" = CEP (Color Enable Package) v.9.2 (beta)
"CloneDVD2" = CloneDVD2
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"ENTERPRISER" = Microsoft Office Enterprise 2007
"GRE POWERPREP" = GRE POWERPREP
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PC Magazine StartupCop Pro_is1" = PC Magazine StartupCop Pro
"PROSet" = Intel® PRO Network Connections Drivers
"Sims2Pack Clean Installer " = Sims2Pack Clean Installer
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/9/2011 1:55:18 AM | Computer Name = OFFICEPOWERSPEC | Source = Bonjour Service | ID = 100
Description = 204: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/9/2011 1:55:18 AM | Computer Name = OFFICEPOWERSPEC | Source = Bonjour Service | ID = 100
Description = 220: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/11/2011 1:46:38 AM | Computer Name = OFFICEPOWERSPEC | Source = Bonjour Service | ID = 100
Description = 284: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/11/2011 1:46:39 AM | Computer Name = OFFICEPOWERSPEC | Source = Bonjour Service | ID = 100
Description = 280: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/11/2011 1:46:39 AM | Computer Name = OFFICEPOWERSPEC | Source = Bonjour Service | ID = 100
Description = 288: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/11/2011 5:55:43 PM | Computer Name = OFFICEPOWERSPEC | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BB from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/11/2011 5:55:43 PM | Computer Name = OFFICEPOWERSPEC | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BB from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/11/2011 5:55:52 PM | Computer Name = OFFICEPOWERSPEC | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BB from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/12/2011 2:33:04 PM | Computer Name = OFFICEPOWERSPEC | Source = Application Error | ID = 1000
Description = Faulting application intelaudiostudio.exe, version 2.0.0.75, faulting
module sfidlock.dll, version 1.0.0.1, fault address 0x000012ae.

Error - 11/12/2011 7:12:16 PM | Computer Name = OFFICEPOWERSPEC | Source = Application Error | ID = 1000
Description = Faulting application intelaudiostudio.exe, version 2.0.0.75, faulting
module sfidlock.dll, version 1.0.0.1, fault address 0x000012ae.

[ OSession Events ]
Error - 11/14/2009 4:34:49 AM | Computer Name = OFFICEPOWERSPEC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17009
seconds with 1020 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/10/2011 11:36:44 PM | Computer Name = OFFICEPOWERSPEC | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 11/10/2011 11:48:06 PM | Computer Name = OFFICEPOWERSPEC | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 11/10/2011 11:54:47 PM | Computer Name = OFFICEPOWERSPEC | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 11/10/2011 11:56:56 PM | Computer Name = OFFICEPOWERSPEC | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 11/10/2011 11:58:56 PM | Computer Name = OFFICEPOWERSPEC | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 11/11/2011 12:01:33 AM | Computer Name = OFFICEPOWERSPEC | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 11/12/2011 12:58:41 PM | Computer Name = OFFICEPOWERSPEC | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 11/12/2011 12:58:43 PM | Computer Name = OFFICEPOWERSPEC | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 11/13/2011 3:45:11 PM | Computer Name = OFFICEPOWERSPEC | Source = Service Control Manager | ID = 7000
Description = The MBAMSwissArmy service failed to start due to the following error:
%%2

Error - 11/13/2011 3:47:16 PM | Computer Name = OFFICEPOWERSPEC | Source = Service Control Manager | ID = 7000
Description = The MBAMSwissArmy service failed to start due to the following error:
%%2


< End of report >
  • 0

#3
RKinner
Posted 17 November 2011 - 10:22 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
When you added the Extras log as a reply you made your post invisible since we look for posts that have no replies.

Copy the text in the code box by highlighting and Ctrl + c 


:OTL
[2011/09/10 22:20:50 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Koko\Application Data\Mozilla\Firefox\Profiles\43upblc2.default\extensions\{03b770d4-fd11-4379-86f4-e23d0b98f4a1}
[2011/09/09 18:20:00 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Koko\Application Data\Mozilla\Firefox\Profiles\43upblc2.default\extensions\{b0e7ec96-3010-4c63-8086-d0a3f4408957}
[2011/09/08 18:35:41 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Koko\Application Data\Mozilla\Firefox\Profiles\43upblc2.default\extensions\{c580e1e5-ba39-4287-beaf-57641f2ad4d0}
O2 - BHO: (Reg Error: Value error.) - {01AE1BCA-5098-4D73-BBFD-FFB34DB6704b} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [SigmatelSysTrayApp] sttray.exe File not found
O4 - HKCU..\Run: [CyberLinkUpdate] C:\Documents and Settings\Koko\Application Data\CyberLink\CyberLinkUpdate\CyberLinkupdt32.exe File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
[2011/09/06 17:57:04 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Koko\Application Data\bb98f6fb
[2011/09/06 17:21:15 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Koko\Application Data\d33d0604
[2011/09/06 16:59:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Koko\Application Data\c4988e01
[2011/09/06 16:57:48 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Koko\Application Data\33e0f9fb

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Commands
[RESETHOSTS]
[EMPTYJAVA]
[EMPTYFLASH]
[purity]
[Reboot]

Close all programs then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.


ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Ron
  • 0

#4
elenya
Posted 18 November 2011 - 08:18 PM

elenya

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
THANK YOU so much for your help--you are appreciated. Below are my logs for ComboFix, TDSSKiller, and aswMBR (when OTL rebooted the computer there didn't seem to be a way to save a new log--am I missing something?) I did not encounter any problems and the Fix button was not enabled in aswMBR...

ComboFix Log
ComboFix 11-11-18.02 - Koko 11/18/2011 18:30:57.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1322 [GMT -7:00]
Running from: c:\documents and settings\Koko\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Koko\WINDOWS
c:\documents and settings\Koko\xxojgjjgaz.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))
.
.
2011-11-19 00:54 . 2011-11-19 00:54 -------- d-----w- C:\_OTL
2011-11-13 03:47 . 2011-11-13 03:47 -------- d-----w- c:\program files\Common Files\Java
2011-11-11 06:00 . 2011-11-11 06:00 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-11 04:20 . 2011-11-11 04:24 -------- d-----w- c:\documents and settings\Koko\Application Data\ElevatedDiagnostics
2011-11-11 01:19 . 2011-11-11 01:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2011-11-10 01:56 . 2011-11-10 01:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 00:21 . 2011-05-20 13:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 12:06 . 2011-08-10 04:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 09:37 . 2011-08-10 04:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 17:41 . 2009-08-16 01:17 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 17:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 17:41 . 2009-08-16 01:17 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2009-08-16 01:15 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2005-12-20 06:49 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 23:00 . 2011-09-10 01:02 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48 . 2005-12-20 06:49 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2009-08-16 01:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2009-08-16 01:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2009-08-16 01:15 385024 ----a-w- c:\windows\system32\html.iec
2007-06-22 00:38 . 2007-06-22 00:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-22 00:38 . 2007-06-22 00:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-22 00:38 . 2007-06-22 00:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-22 00:38 . 2007-06-22 00:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-22 00:39 . 2007-06-22 00:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-22 00:39 . 2007-06-22 00:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-22 00:39 . 2007-06-22 00:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-06-22 00:39 . 2007-06-22 00:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-22 00:40 . 2007-06-22 00:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2011-11-05 06:53 . 2011-07-06 23:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-05 39408]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-02-01 4828792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2005-09-28 8740864]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-12 1505144]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\Koko\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 2:47 PM 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [5/14/2009 2:47 PM 731840]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [3/31/2011 10:11 PM 428640]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 5:38 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 5:38 PM 135664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 00:38]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 00:38]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxps://ra.qwest.com/sdccommon/download/tgctlins.cab
FF - ProfilePath - c:\documents and settings\Koko\Application Data\Mozilla\Firefox\Profiles\43upblc2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-18 18:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_SP2504C rev.VT100-33 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A1D22C6
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1584)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(1648)
c:\windows\system32\WININET.dll
.
Completion time: 2011-11-18 18:54:43
ComboFix-quarantined-files.txt 2011-11-19 01:54
.
Pre-Run: 50,715,131,904 bytes free
Post-Run: 62,956,961,792 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - C6C9A1FC3AF4F910277B9FBD0D1BCEC8




TDSSKiller Log:

19:02:32.0437 0332 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
19:02:33.0078 0332 ============================================================
19:02:33.0078 0332 Current date / time: 2011/11/18 19:02:33.0078
19:02:33.0078 0332 SystemInfo:
19:02:33.0078 0332
19:02:33.0078 0332 OS Version: 5.1.2600 ServicePack: 3.0
19:02:33.0078 0332 Product type: Workstation
19:02:33.0078 0332 ComputerName: OFFICEPOWERSPEC
19:02:33.0078 0332 UserName: Koko
19:02:33.0078 0332 Windows directory: C:\WINDOWS
19:02:33.0078 0332 System windows directory: C:\WINDOWS
19:02:33.0078 0332 Processor architecture: Intel x86
19:02:33.0078 0332 Number of processors: 2
19:02:33.0078 0332 Page size: 0x1000
19:02:33.0078 0332 Boot type: Normal boot
19:02:33.0078 0332 ============================================================
19:02:34.0468 0332 Initialize success
19:02:39.0656 0712 ============================================================
19:02:39.0656 0712 Scan started
19:02:39.0656 0712 Mode: Manual;
19:02:39.0656 0712 ============================================================
19:02:40.0781 0712 Abiosdsk - ok
19:02:40.0796 0712 abp480n5 - ok
19:02:40.0843 0712 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:02:40.0843 0712 ACPI - ok
19:02:40.0890 0712 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:02:40.0890 0712 ACPIEC - ok
19:02:40.0906 0712 adpu160m - ok
19:02:40.0921 0712 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:02:40.0921 0712 aec - ok
19:02:40.0968 0712 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:02:40.0968 0712 AFD - ok
19:02:40.0968 0712 Aha154x - ok
19:02:40.0984 0712 aic78u2 - ok
19:02:41.0000 0712 aic78xx - ok
19:02:41.0000 0712 AliIde - ok
19:02:41.0015 0712 amsint - ok
19:02:41.0078 0712 AnyDVD (40c279a23bd43553bfba6e88a9b38ae2) C:\WINDOWS\system32\Drivers\AnyDVD.sys
19:02:41.0078 0712 AnyDVD - ok
19:02:41.0109 0712 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:02:41.0109 0712 Arp1394 - ok
19:02:41.0109 0712 asc - ok
19:02:41.0125 0712 asc3350p - ok
19:02:41.0125 0712 asc3550 - ok
19:02:41.0156 0712 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:02:41.0156 0712 AsyncMac - ok
19:02:41.0171 0712 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:02:41.0171 0712 atapi - ok
19:02:41.0171 0712 Atdisk - ok
19:02:41.0203 0712 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:02:41.0203 0712 Atmarpc - ok
19:02:41.0203 0712 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:02:41.0203 0712 audstub - ok
19:02:41.0234 0712 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:02:41.0234 0712 Beep - ok
19:02:41.0375 0712 catchme - ok
19:02:41.0453 0712 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:02:41.0453 0712 cbidf2k - ok
19:02:41.0500 0712 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:02:41.0500 0712 CCDECODE - ok
19:02:41.0500 0712 cd20xrnt - ok
19:02:41.0515 0712 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:02:41.0515 0712 Cdaudio - ok
19:02:41.0531 0712 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:02:41.0531 0712 Cdfs - ok
19:02:41.0562 0712 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:02:41.0562 0712 Cdrom - ok
19:02:41.0562 0712 Changer - ok
19:02:41.0578 0712 CmdIde - ok
19:02:41.0593 0712 Cpqarray - ok
19:02:41.0625 0712 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
19:02:41.0625 0712 CVirtA - ok
19:02:41.0671 0712 CVPNDRVA (720482888c3778f26eeb83d286a6cdc3) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
19:02:41.0671 0712 CVPNDRVA - ok
19:02:41.0703 0712 dac2w2k - ok
19:02:41.0718 0712 dac960nt - ok
19:02:41.0750 0712 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:02:41.0750 0712 Disk - ok
19:02:41.0781 0712 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:02:41.0796 0712 dmboot - ok
19:02:41.0812 0712 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:02:41.0812 0712 dmio - ok
19:02:41.0812 0712 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:02:41.0812 0712 dmload - ok
19:02:41.0828 0712 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:02:41.0828 0712 DMusic - ok
19:02:41.0875 0712 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\WINDOWS\system32\DRIVERS\dne2000.sys
19:02:41.0875 0712 DNE - ok
19:02:41.0890 0712 dpti2o - ok
19:02:41.0906 0712 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:02:41.0906 0712 drmkaud - ok
19:02:41.0921 0712 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:02:41.0921 0712 E100B - ok
19:02:41.0984 0712 eamon (e31464ce787e3a0ffea55baa591897f0) C:\WINDOWS\system32\DRIVERS\eamon.sys
19:02:41.0984 0712 eamon - ok
19:02:42.0000 0712 ehdrv (2c95a7a87e4272c1fff9baf579677db3) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
19:02:42.0000 0712 ehdrv - ok
19:02:42.0031 0712 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
19:02:42.0031 0712 ElbyCDIO - ok
19:02:42.0078 0712 epfw (c2c9a92b560a775c65b89e78dcb6951a) C:\WINDOWS\system32\DRIVERS\epfw.sys
19:02:42.0078 0712 epfw - ok
19:02:42.0078 0712 Epfwndis (73fc7c4a5952b5493c6be2708d1538c0) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
19:02:42.0078 0712 Epfwndis - ok
19:02:42.0109 0712 epfwtdi (cd6d97a7a88a78fa6f1732b75971ead0) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
19:02:42.0109 0712 epfwtdi - ok
19:02:42.0125 0712 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:02:42.0125 0712 Fastfat - ok
19:02:42.0140 0712 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:02:42.0140 0712 Fdc - ok
19:02:42.0187 0712 FilterService (d59274041bbdbfbecd05b92c0c28b51f) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
19:02:42.0187 0712 FilterService - ok
19:02:42.0203 0712 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:02:42.0203 0712 Fips - ok
19:02:42.0218 0712 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:02:42.0218 0712 Flpydisk - ok
19:02:42.0234 0712 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:02:42.0234 0712 FltMgr - ok
19:02:42.0250 0712 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:02:42.0250 0712 Fs_Rec - ok
19:02:42.0265 0712 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:02:42.0265 0712 Ftdisk - ok
19:02:42.0281 0712 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:02:42.0281 0712 GEARAspiWDM - ok
19:02:42.0312 0712 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:02:42.0312 0712 Gpc - ok
19:02:42.0343 0712 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:02:42.0343 0712 HDAudBus - ok
19:02:42.0359 0712 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:02:42.0359 0712 HidUsb - ok
19:02:42.0375 0712 hpn - ok
19:02:42.0421 0712 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:02:42.0421 0712 HPZid412 - ok
19:02:42.0437 0712 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:02:42.0437 0712 HPZipr12 - ok
19:02:42.0453 0712 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:02:42.0453 0712 HPZius12 - ok
19:02:42.0500 0712 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:02:42.0500 0712 HTTP - ok
19:02:42.0515 0712 i2omgmt - ok
19:02:42.0531 0712 i2omp - ok
19:02:42.0531 0712 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:02:42.0531 0712 i8042prt - ok
19:02:42.0578 0712 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:02:42.0593 0712 ialm - ok
19:02:42.0609 0712 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:02:42.0609 0712 Imapi - ok
19:02:42.0625 0712 ini910u - ok
19:02:42.0625 0712 IntelIde - ok
19:02:42.0656 0712 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:02:42.0656 0712 intelppm - ok
19:02:42.0671 0712 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:02:42.0671 0712 Ip6Fw - ok
19:02:42.0718 0712 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:02:42.0718 0712 IpFilterDriver - ok
19:02:42.0750 0712 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:02:42.0750 0712 IpInIp - ok
19:02:42.0781 0712 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:02:42.0781 0712 IpNat - ok
19:02:42.0796 0712 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:02:42.0796 0712 IPSec - ok
19:02:42.0828 0712 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:02:42.0828 0712 IRENUM - ok
19:02:42.0859 0712 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:02:42.0859 0712 isapnp - ok
19:02:42.0906 0712 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:02:42.0906 0712 Kbdclass - ok
19:02:42.0921 0712 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:02:42.0921 0712 kbdhid - ok
19:02:42.0937 0712 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:02:42.0937 0712 kmixer - ok
19:02:42.0968 0712 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:02:42.0968 0712 KSecDD - ok
19:02:42.0984 0712 lbrtfdc - ok
19:02:43.0031 0712 ltmodem5 (fa2ed4a054360f3f873c15420f1f19cc) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
19:02:43.0031 0712 ltmodem5 - ok
19:02:43.0078 0712 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
19:02:43.0078 0712 LVPr2Mon - ok
19:02:43.0125 0712 LVRS (b6e1ccd6572984adcae68439afd07011) C:\WINDOWS\system32\DRIVERS\lvrs.sys
19:02:43.0125 0712 LVRS - ok
19:02:43.0250 0712 LVUVC (6c42815dd57e397f0cd988304b5eb4b3) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
19:02:43.0281 0712 LVUVC - ok
19:02:43.0343 0712 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:02:43.0343 0712 mnmdd - ok
19:02:43.0375 0712 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:02:43.0390 0712 Modem - ok
19:02:43.0437 0712 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:02:43.0437 0712 Mouclass - ok
19:02:43.0453 0712 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:02:43.0453 0712 mouhid - ok
19:02:43.0468 0712 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:02:43.0468 0712 MountMgr - ok
19:02:43.0468 0712 mraid35x - ok
19:02:43.0484 0712 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:02:43.0484 0712 MRxDAV - ok
19:02:43.0546 0712 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:02:43.0546 0712 MRxSmb - ok
19:02:43.0562 0712 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:02:43.0562 0712 Msfs - ok
19:02:43.0578 0712 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:02:43.0578 0712 MSKSSRV - ok
19:02:43.0593 0712 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:02:43.0593 0712 MSPCLOCK - ok
19:02:43.0625 0712 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:02:43.0625 0712 MSPQM - ok
19:02:43.0671 0712 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:02:43.0671 0712 mssmbios - ok
19:02:43.0703 0712 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:02:43.0703 0712 MSTEE - ok
19:02:43.0718 0712 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:02:43.0734 0712 Mup - ok
19:02:43.0781 0712 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:02:43.0781 0712 NABTSFEC - ok
19:02:43.0796 0712 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:02:43.0796 0712 NDIS - ok
19:02:43.0812 0712 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:02:43.0828 0712 NdisIP - ok
19:02:43.0828 0712 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:02:43.0828 0712 NdisTapi - ok
19:02:43.0843 0712 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:02:43.0843 0712 Ndisuio - ok
19:02:43.0859 0712 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:02:43.0859 0712 NdisWan - ok
19:02:43.0921 0712 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:02:43.0921 0712 NDProxy - ok
19:02:43.0937 0712 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:02:43.0937 0712 NetBIOS - ok
19:02:43.0953 0712 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:02:43.0953 0712 NetBT - ok
19:02:43.0984 0712 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:02:43.0984 0712 NIC1394 - ok
19:02:44.0000 0712 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:02:44.0000 0712 Npfs - ok
19:02:44.0031 0712 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:02:44.0031 0712 Ntfs - ok
19:02:44.0078 0712 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
19:02:44.0078 0712 NuidFltr - ok
19:02:44.0109 0712 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:02:44.0109 0712 Null - ok
19:02:44.0343 0712 nv (f85e109844787668ce8aab54ef14362a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:02:44.0390 0712 nv - ok
19:02:44.0593 0712 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:02:44.0593 0712 NwlnkFlt - ok
19:02:44.0609 0712 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:02:44.0609 0712 NwlnkFwd - ok
19:02:44.0656 0712 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:02:44.0656 0712 ohci1394 - ok
19:02:44.0687 0712 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:02:44.0687 0712 Parport - ok
19:02:44.0703 0712 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:02:44.0703 0712 PartMgr - ok
19:02:44.0750 0712 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:02:44.0750 0712 ParVdm - ok
19:02:44.0765 0712 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:02:44.0765 0712 PCI - ok
19:02:44.0781 0712 PCIDump - ok
19:02:44.0796 0712 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:02:44.0796 0712 PCIIde - ok
19:02:44.0828 0712 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:02:44.0828 0712 Pcmcia - ok
19:02:44.0828 0712 PDCOMP - ok
19:02:44.0843 0712 PDFRAME - ok
19:02:44.0859 0712 PDRELI - ok
19:02:44.0859 0712 PDRFRAME - ok
19:02:44.0875 0712 perc2 - ok
19:02:44.0890 0712 perc2hib - ok
19:02:44.0937 0712 Point32 (2e3394c8ebf31a9b4f0a531eb5cc7bc7) C:\WINDOWS\system32\DRIVERS\point32.sys
19:02:44.0937 0712 Point32 - ok
19:02:44.0984 0712 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:02:45.0000 0712 PptpMiniport - ok
19:02:45.0000 0712 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:02:45.0000 0712 PSched - ok
19:02:45.0015 0712 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:02:45.0015 0712 Ptilink - ok
19:02:45.0031 0712 ql1080 - ok
19:02:45.0046 0712 Ql10wnt - ok
19:02:45.0046 0712 ql12160 - ok
19:02:45.0062 0712 ql1240 - ok
19:02:45.0078 0712 ql1280 - ok
19:02:45.0093 0712 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:02:45.0093 0712 RasAcd - ok
19:02:45.0093 0712 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:02:45.0093 0712 Rasl2tp - ok
19:02:45.0109 0712 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:02:45.0109 0712 RasPppoe - ok
19:02:45.0125 0712 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:02:45.0125 0712 Raspti - ok
19:02:45.0140 0712 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:02:45.0140 0712 Rdbss - ok
19:02:45.0156 0712 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:02:45.0156 0712 RDPCDD - ok
19:02:45.0171 0712 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:02:45.0171 0712 rdpdr - ok
19:02:45.0218 0712 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:02:45.0218 0712 RDPWD - ok
19:02:45.0234 0712 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:02:45.0234 0712 redbook - ok
19:02:45.0265 0712 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:02:45.0265 0712 Secdrv - ok
19:02:45.0296 0712 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:02:45.0296 0712 serenum - ok
19:02:45.0312 0712 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:02:45.0312 0712 Serial - ok
19:02:45.0437 0712 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:02:45.0437 0712 Sfloppy - ok
19:02:45.0593 0712 sfng32 (3ce805e0e752f1febd52ac4899f5febf) C:\WINDOWS\system32\drivers\sfng32.sys
19:02:45.0593 0712 sfng32 - ok
19:02:45.0609 0712 Simbad - ok
19:02:45.0656 0712 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:02:45.0656 0712 SLIP - ok
19:02:45.0671 0712 Sparrow - ok
19:02:45.0687 0712 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:02:45.0687 0712 splitter - ok
19:02:45.0703 0712 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:02:45.0703 0712 sr - ok
19:02:45.0765 0712 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:02:45.0765 0712 Srv - ok
19:02:45.0843 0712 STHDA (ad7f9e184a75c5024707c5a41097f781) C:\WINDOWS\system32\drivers\sthda.sys
19:02:45.0843 0712 STHDA - ok
19:02:45.0859 0712 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:02:45.0859 0712 streamip - ok
19:02:45.0875 0712 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:02:45.0875 0712 swenum - ok
19:02:45.0890 0712 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:02:45.0890 0712 swmidi - ok
19:02:45.0906 0712 symc810 - ok
19:02:45.0921 0712 symc8xx - ok
19:02:45.0921 0712 sym_hi - ok
19:02:45.0937 0712 sym_u3 - ok
19:02:45.0953 0712 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:02:45.0953 0712 sysaudio - ok
19:02:46.0000 0712 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:02:46.0015 0712 Tcpip - ok
19:02:46.0031 0712 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:02:46.0031 0712 TDPIPE - ok
19:02:46.0046 0712 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:02:46.0046 0712 TDTCP - ok
19:02:46.0062 0712 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:02:46.0062 0712 TermDD - ok
19:02:46.0078 0712 TosIde - ok
19:02:46.0093 0712 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:02:46.0093 0712 Udfs - ok
19:02:46.0109 0712 ultra - ok
19:02:46.0140 0712 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:02:46.0140 0712 Update - ok
19:02:46.0187 0712 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:02:46.0187 0712 USBAAPL - ok
19:02:46.0218 0712 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:02:46.0218 0712 usbaudio - ok
19:02:46.0250 0712 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:02:46.0250 0712 usbccgp - ok
19:02:46.0265 0712 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:02:46.0265 0712 usbehci - ok
19:02:46.0281 0712 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:02:46.0281 0712 usbhub - ok
19:02:46.0296 0712 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:02:46.0296 0712 usbprint - ok
19:02:46.0296 0712 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:02:46.0312 0712 usbscan - ok
19:02:46.0312 0712 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:02:46.0312 0712 USBSTOR - ok
19:02:46.0328 0712 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:02:46.0328 0712 usbuhci - ok
19:02:46.0359 0712 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
19:02:46.0359 0712 usbvideo - ok
19:02:46.0375 0712 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:02:46.0375 0712 VgaSave - ok
19:02:46.0375 0712 ViaIde - ok
19:02:46.0390 0712 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:02:46.0390 0712 VolSnap - ok
19:02:46.0453 0712 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
19:02:46.0453 0712 vsdatant - ok
19:02:46.0484 0712 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:02:46.0484 0712 Wanarp - ok
19:02:46.0546 0712 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:02:46.0546 0712 Wdf01000 - ok
19:02:46.0546 0712 WDICA - ok
19:02:46.0578 0712 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:02:46.0578 0712 wdmaud - ok
19:02:46.0640 0712 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:02:46.0640 0712 WSTCODEC - ok
19:02:46.0671 0712 MBR (0x1B8) (7574ee4bd14f3f1b6c9e32266816b82d) \Device\Harddisk0\DR0
19:02:46.0687 0712 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
19:02:46.0687 0712 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
19:02:46.0687 0712 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:02:46.0687 0712 \Device\Harddisk1\DR1 - ok
19:02:46.0687 0712 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk6\DR8
19:02:49.0906 0712 \Device\Harddisk6\DR8 - ok
19:02:49.0921 0712 Boot (0x1200) (a523f452def87cab70df7389ce1fb51f) \Device\Harddisk0\DR0\Partition0
19:02:49.0921 0712 \Device\Harddisk0\DR0\Partition0 - ok
19:02:49.0921 0712 Boot (0x1200) (9e12e64cec2df8f18d5b8195be3a3190) \Device\Harddisk1\DR1\Partition0
19:02:49.0921 0712 \Device\Harddisk1\DR1\Partition0 - ok
19:02:49.0921 0712 Boot (0x1200) (354e16eea5b39622ff8b947fcff42328) \Device\Harddisk6\DR8\Partition0
19:02:49.0921 0712 \Device\Harddisk6\DR8\Partition0 - ok
19:02:49.0921 0712 ============================================================
19:02:49.0921 0712 Scan finished
19:02:49.0921 0712 ============================================================
19:02:49.0937 2488 Detected object count: 1
19:02:49.0937 2488 Actual detected object count: 1
19:03:02.0375 2488 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
19:03:02.0375 2488 \Device\Harddisk0\DR0 - ok
19:03:02.0375 2488 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
19:03:07.0687 1732 Deinitialize success



aswMBR Log:
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-18 19:06:48
-----------------------------
19:06:48.296 OS Version: Windows 5.1.2600 Service Pack 3
19:06:48.296 Number of processors: 2 586 0x602
19:06:48.296 ComputerName: OFFICEPOWERSPEC UserName: Koko
19:06:56.937 Initialize success
19:07:11.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
19:07:11.281 Disk 0 Vendor: SAMSUNG_SP2504C VT100-33 Size: 238475MB BusType: 3
19:07:11.281 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-22
19:07:11.281 Disk 1 Vendor: Hitachi_HDT725050VLA360 V56OA7EA Size: 476940MB BusType: 3
19:07:13.312 Disk 0 MBR read successfully
19:07:13.312 Disk 0 MBR scan
19:07:13.312 Disk 0 unknown MBR code
19:07:13.359 Disk 0 scanning sectors +488392065
19:07:13.437 Disk 0 scanning C:\WINDOWS\system32\drivers
19:07:37.187 Service scanning
19:07:38.531 Service BITS C:\WINDOWS\system32\qmgr.dll **HIDDEN**
19:07:40.109 Modules scanning
19:07:45.578 Scan finished successfully
19:08:11.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Koko\Desktop\MBR.dat"
19:08:11.859 The log file has been saved successfully to "C:\Documents and Settings\Koko\Desktop\aswMBR.txt"
  • 0

#5
RKinner
Posted 18 November 2011 - 11:44 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
TDSSKiller found something and said it would fix it on reboot.

19:03:02.0375 2488 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot


Let's run it again just as before to see if it was able to fix it.

aswMBR found something funny with BITS service. Let's check to see if the file it mentions is legit:


Copy the text in the code box:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg 
%systemroot%\*.jpg 
%systemroot%\*.png 
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav 
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x 
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
qmgr.dll
DMIcall.sys
beep.sys
Netshell.dll
netcfgx.dll
Netman.dll
connect.dll
mswsock.dll
mmswsock.dll 
mdnsNSP.dll
/md5stop

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Combofix complained about the MBR so run it again and let's see if the rootkit that TDSSKiller found was the cause.
  • 0

#6
elenya
Posted 19 November 2011 - 12:04 PM

elenya

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Second scan with TDSSKiller found no threats. Copies of the two logs from OTL are below. Should I uninstall aswMBR and then run ComboFix again?


OTL logfile created on: 11/19/2011 8:48:30 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Koko\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 72.87% Memory free
3.85 Gb Paging File | 3.47 Gb Available in Paging File | 90.24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 58.37 Gb Free Space | 25.06% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 368.07 Gb Free Space | 79.03% Space Free | Partition Type: NTFS
Drive E: | 612.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 6.96 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive L: | 3.76 Gb Total Space | 3.09 Gb Free Space | 82.30% Space Free | Partition Type: FAT32

Computer Name: OFFICEPOWERSPEC | User Name: Koko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/13 16:46:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Koko\Desktop\OTL.exe
PRC - [2011/03/31 22:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/01 22:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/02/01 08:12:45 | 004,828,792 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2009/05/14 14:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/05/14 14:47:08 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008/08/29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2009/08/16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/08/29 13:58:26 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/31 22:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2009/05/14 14:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/05/14 14:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/03/19 13:07:54 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/08/29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


========== Driver Services (SafeList) ==========

DRV - [2011/03/31 22:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 500(UVC)
DRV - [2011/03/31 22:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/12/01 12:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/07/27 01:15:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/05/14 14:49:26 | 000,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/05/14 14:49:26 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/05/14 14:49:22 | 000,133,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/05/14 14:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/05/14 14:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008/08/29 13:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/03/29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/11/14 17:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/01/18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/09/27 14:50:00 | 001,021,832 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/26 18:46:48 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2003/03/31 18:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CA 1B AE 01 98 50 73 4D BB FD FF B3 4D B6 70 4B [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..keyword.URL: "http://www.searchqu....ystemid=406&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Koko\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Koko\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/28 13:14:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/12 20:50:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/27 12:32:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009/08/15 19:21:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Koko\Application Data\Move Networks [2011/10/30 19:53:06 | 000,000,000 | ---D | M]

[2011/05/31 23:00:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Koko\Application Data\Mozilla\Extensions
[2011/11/18 17:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Koko\Application Data\Mozilla\Firefox\Profiles\43upblc2.default\extensions
[2010/05/08 10:59:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Koko\Application Data\Mozilla\Firefox\Profiles\43upblc2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/12 20:50:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/14 15:20:53 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/11/12 20:47:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/04 23:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/06/21 17:38:54 | 000,079,432 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2007/06/21 17:38:56 | 000,071,240 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2007/06/21 17:39:18 | 000,034,376 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\logging.dll
[2008/06/17 23:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/06/21 17:39:34 | 000,325,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2007/06/21 17:40:02 | 000,030,280 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2011/11/04 20:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 20:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/18 18:49:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [IntelAudioStudio] C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} https://ra.qwest.com...ad/tgctlins.cab (SupportSoft Installer)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://ra.qwest.com...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05E09A72-1F6B-4AE2-961A-4A2B94277E5D}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Koko\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Koko\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/20 01:04:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/10/11 16:47:17 | 000,662,592 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ]
O32 - AutoRun File - [2008/10/22 07:19:21 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2008/10/11 16:47:17 | 000,703,552 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/11 16:47:12 | 000,000,166 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2001/07/13 16:11:22 | 000,000,073 | R--- | M] () - F:\AUTORUN.INF -- [ UDF ]
O32 - AutoRun File - [2011/11/13 17:59:40 | 000,000,003 | RHS- | M] () - L:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/18 19:24:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/18 18:16:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/18 18:11:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/18 18:11:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/18 18:11:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/18 18:11:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/18 18:10:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/18 18:10:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/18 18:10:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Koko\Start Menu\Programs\Administrative Tools
[2011/11/18 17:54:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/18 17:40:19 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Koko\Desktop\aswMBR.exe
[2011/11/18 17:40:13 | 001,564,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Koko\Desktop\tdsskiller.exe
[2011/11/18 17:35:05 | 004,300,722 | R--- | C] (Swearware) -- C:\Documents and Settings\Koko\Desktop\ComboFix.exe
[2011/11/17 15:39:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/11/13 16:46:17 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Koko\Desktop\OTL.exe
[2011/11/13 16:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/11/13 16:18:32 | 000,347,920 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Koko\Desktop\MicrosoftFixit.AudioPlayback.Run.exe
[2011/11/13 16:15:56 | 000,347,920 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Koko\Desktop\MicrosoftFixit.devices.Run.exe
[2011/11/12 20:47:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/12 20:47:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/11/12 20:47:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/11/12 20:47:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/11/10 21:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Koko\Application Data\ElevatedDiagnostics
[2011/11/10 21:16:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/11/10 18:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2011/11/09 19:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/11/09 19:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/11/09 18:56:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/11/09 18:32:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/11/09 18:32:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/10/24 14:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Koko\Desktop\AdminDefault4.aspx_files
[2011/10/24 10:36:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Koko\Desktop\AdminDefault3.aspx_files
[2011/10/24 10:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Koko\Desktop\AdminDefault2.aspx_files
[2011/10/24 10:35:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Koko\Desktop\AdminDefault.aspx_files
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Koko\Desktop\*.tmp files -> C:\Documents and Settings\Koko\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/19 08:42:48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/19 08:41:30 | 000,243,457 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/11/19 08:41:28 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/19 08:41:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/19 08:41:17 | 2145,484,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/19 08:41:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/11/18 23:30:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/18 19:24:52 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/18 19:08:11 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Koko\Desktop\MBR.dat
[2011/11/18 19:02:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/18 18:59:52 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Koko\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/11/18 18:49:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/18 18:16:33 | 000,000,314 | RHS- | M] () -- C:\boot.ini
[2011/11/18 17:41:01 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Koko\Desktop\aswMBR.exe
[2011/11/18 17:40:56 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Koko\Desktop\tdsskiller.exe
[2011/11/18 17:35:16 | 004,300,722 | R--- | M] (Swearware) -- C:\Documents and Settings\Koko\Desktop\ComboFix.exe
[2011/11/15 20:01:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/14 17:21:30 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/13 16:46:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Koko\Desktop\OTL.exe
[2011/11/13 16:18:32 | 000,347,920 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Koko\Desktop\MicrosoftFixit.AudioPlayback.Run.exe
[2011/11/13 16:15:58 | 000,347,920 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Koko\Desktop\MicrosoftFixit.devices.Run.exe
[2011/11/12 20:50:33 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Koko\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/12 20:50:33 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/06 11:42:32 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/06 11:42:32 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/01 21:40:30 | 000,043,079 | ---- | M] () -- C:\Documents and Settings\Koko\Desktop\tree-faramir-final_Kipar.gif
[2011/11/01 21:39:35 | 000,094,693 | ---- | M] () -- C:\Documents and Settings\Koko\Desktop\Tudor ROse.jpg
[2011/10/30 10:02:01 | 000,291,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/24 14:47:14 | 000,024,685 | ---- | M] () -- C:\Documents and Settings\Koko\Desktop\AdminDefault4.aspx.htm
[2011/10/24 10:36:16 | 000,024,541 | ---- | M] () -- C:\Documents and Settings\Koko\Desktop\AdminDefault3.aspx.htm
[2011/10/24 10:36:03 | 000,024,648 | ---- | M] () -- C:\Documents and Settings\Koko\Desktop\AdminDefault2.aspx.htm
[2011/10/24 10:35:37 | 000,024,687 | ---- | M] () -- C:\Documents and Settings\Koko\Desktop\AdminDefault.aspx.htm
[2011/10/22 09:41:46 | 000,089,016 | ---- | M] () -- C:\Documents and Settings\Koko\Desktop\FloralKaleidoscopeStencil.pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Koko\Desktop\*.tmp files -> C:\Documents and Settings\Koko\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/18 19:08:11 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Koko\Desktop\MBR.dat
[2011/11/18 18:16:33 | 000,000,199 | ---- | C] () -- C:\Boot.bak
[2011/11/18 18:16:23 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/18 18:11:04 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/18 18:11:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/18 18:11:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/18 18:11:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/18 18:11:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/12 20:50:33 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Koko\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/12 20:50:33 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/01 21:40:29 | 000,043,079 | ---- | C] () -- C:\Documents and Settings\Koko\Desktop\tree-faramir-final_Kipar.gif
[2011/11/01 21:39:35 | 000,094,693 | ---- | C] () -- C:\Documents and Settings\Koko\Desktop\Tudor ROse.jpg
[2011/10/24 14:47:13 | 000,024,685 | ---- | C] () -- C:\Documents and Settings\Koko\Desktop\AdminDefault4.aspx.htm
[2011/10/24 10:36:15 | 000,024,541 | ---- | C] () -- C:\Documents and Settings\Koko\Desktop\AdminDefault3.aspx.htm
[2011/10/24 10:36:02 | 000,024,648 | ---- | C] () -- C:\Documents and Settings\Koko\Desktop\AdminDefault2.aspx.htm
[2011/10/24 10:35:36 | 000,024,687 | ---- | C] () -- C:\Documents and Settings\Koko\Desktop\AdminDefault.aspx.htm
[2011/10/22 09:41:46 | 000,089,016 | ---- | C] () -- C:\Documents and Settings\Koko\Desktop\FloralKaleidoscopeStencil.pdf
[2011/07/28 13:08:10 | 000,205,445 | ---- | C] () -- C:\WINDOWS\hpwins26.dat
[2011/07/28 13:08:10 | 000,000,370 | ---- | C] () -- C:\WINDOWS\hpwmdl26.dat
[2011/03/22 22:58:22 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/02/11 18:41:22 | 000,000,083 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/11/18 22:21:22 | 000,000,058 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2010/11/14 15:21:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/10/23 15:55:06 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/07 20:25:14 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Koko\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/27 01:03:20 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/07/27 01:03:20 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/07/27 01:03:18 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/07/27 00:56:04 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/06/11 20:14:19 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/06/06 16:25:44 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/12/20 23:50:31 | 000,000,244 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/12/20 23:43:07 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Koko\Local Settings\Application Data\fusioncache.dat
[2009/11/24 13:57:37 | 000,061,748 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/26 17:14:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/21 07:10:02 | 000,000,739 | ---- | C] () -- C:\Program Files\metaframe_ica.jsp
[2009/08/15 21:05:44 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/08/15 21:01:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/08/15 20:06:54 | 001,597,690 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/08/15 18:23:14 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2009/08/15 18:17:58 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/08/15 18:17:43 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/08/15 18:17:43 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/08/15 18:17:38 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/08/15 18:17:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/08/15 18:17:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/08/15 18:16:56 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/08/15 18:16:55 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/08/15 18:15:42 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/08/15 18:15:12 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2008/08/29 13:58:26 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/08/29 13:58:16 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/12/20 19:05:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/20 01:08:15 | 000,000,806 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/12/20 01:08:07 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/12/20 01:06:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/12/20 01:02:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/12/19 23:51:46 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/12/19 23:51:46 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2005/12/19 23:51:46 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/12/19 23:51:46 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2005/12/19 23:51:46 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/12/19 23:51:46 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/12/19 23:51:46 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/12/19 23:51:46 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/12/19 23:51:45 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2005/12/19 23:51:45 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2005/12/19 23:49:53 | 000,002,056 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/12/19 23:49:49 | 000,444,456 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/12/19 23:49:49 | 000,072,332 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/12/19 16:58:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/19 16:57:26 | 000,291,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005/12/20 01:04:45 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/08/15 18:23:14 | 000,000,199 | ---- | M] () -- C:\Boot.bak
[2011/11/18 18:16:33 | 000,000,314 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/11/18 18:55:55 | 000,011,524 | ---- | M] () -- C:\ComboFix.txt
[2005/12/20 01:04:45 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/11/19 08:41:17 | 2145,484,800 | -HS- | M] () -- C:\hiberfil.sys
[2005/12/20 01:04:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/08/15 18:04:24 | 000,000,088 | ---- | M] () -- C:\MOVE_RECOVERY
[2005/12/20 01:04:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/08/17 22:50:15 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/11/19 08:41:16 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011/11/18 19:03:07 | 000,052,722 | ---- | M] () -- C:\TDSSKiller.2.6.19.0_18.11.2011_19.02.32_log.txt
[2011/11/19 08:45:42 | 000,052,034 | ---- | M] () -- C:\TDSSKiller.2.6.19.0_19.11.2011_08.45.20_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/04 05:00:00 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/04/15 22:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD8Z.DLL
[2007/04/15 22:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP8Z.DLL
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2009/04/20 11:23:48 | 000,315,904 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp70w.dll
[2006/10/26 18:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/08/21 07:11:09 | 000,000,739 | ---- | M] () -- C:\Program Files\metaframe_ica.jsp

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/12/19 16:56:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/12/19 16:56:46 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005/12/19 16:56:46 | 000,897,024 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/08/17 22:57:15 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-19 02:25:02


< MD5 for: BEEP.SYS >
[2004/08/04 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\dllcache\beep.sys
[2004/08/04 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\dllcache\cache\beep.sys
[2004/08/04 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\drivers\beep.sys
[2004/08/04 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2004/08/04 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2004/08/04 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: MDNSNSP.DLL >
[2008/12/12 10:11:44 | 000,147,456 | ---- | M] (Apple Inc.) MD5=292F92469EFB2FD402E00742C06D539D -- C:\My old Disk Structure -- 09-08-15 0603PM\Program Files\Bonjour\mdnsNSP.dll
[2011/07/12 10:20:50 | 000,121,704 | ---- | M] (Apple Inc.) MD5=2B81226910F765A9191EB9DB93743237 -- C:\Program Files\Bonjour\mdnsNSP.dll

< MD5 for: MSWSOCK.DLL >
[2004/08/04 05:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\dllcache\mswsock.dll
[2004/08/04 05:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\mswsock.dll
[2004/08/04 05:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 10:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2008/06/20 09:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2008/06/20 09:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 09:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/14 04:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/14 04:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 10:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 10:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NETCFGX.DLL >
[2008/04/14 04:42:02 | 000,622,592 | ---- | M] (Microsoft Corporation) MD5=37A62C6092AADD2EFDE0468DD8818E99 -- C:\WINDOWS\ServicePackFiles\i386\netcfgx.dll
[2008/04/14 04:42:02 | 000,622,592 | ---- | M] (Microsoft Corporation) MD5=37A62C6092AADD2EFDE0468DD8818E99 -- C:\WINDOWS\system32\netcfgx.dll
[2004/08/04 05:00:00 | 000,622,080 | ---- | M] (Microsoft Corporation) MD5=E3AE8DC04643850D2DFD431443558B28 -- C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\dllcache\netcfgx.dll
[2004/08/04 05:00:00 | 000,622,080 | ---- | M] (Microsoft Corporation) MD5=E3AE8DC04643850D2DFD431443558B28 -- C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\netcfgx.dll
[2004/08/04 05:00:00 | 000,622,080 | ---- | M] (Microsoft Corporation) MD5=E3AE8DC04643850D2DFD431443558B28 -- C:\WINDOWS\$NtServicePackUninstall$\netcfgx.dll

< MD5 for: NETMAN.DLL >
[2008/04/14 04:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\ERDNT\cache\netman.dll
[2008/04/14 04:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\ServicePackFiles\i386\netman.dll
[2008/04/14 04:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\system32\netman.dll
[2005/08/22 11:24:55 | 000,197,632 | ---- | M] (Microsoft Corporation) MD5=3516D8A18B36784B1005B950B84232E1 -- C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\$hf_mig$\KB905414\SP2QFE\netman.dll
[2005/08/22 18:24:55 | 000,197,632 | ---- | M] (Microsoft Corporation) MD5=3516D8A18B36784B1005B950B84232E1 -- C:\WINDOWS\$hf_mig$\KB905414\SP2QFE\netman.dll
[2005/08/22 11:29:46 | 000,197,632 | ---- | M] (Microsoft Corporation) MD5=36739B39267914BA69AD0610A0299732 -- C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\dllcache\netman.dll
[2005/08/22 11:29:46 | 000,197,632 | ---- | M] (Microsoft Corporation) MD5=36739B39267914BA69AD0610A0299732 -- C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\netman.dll
[2005/08/22 18:29:46 | 000,197,632 | ---- | M] (Microsoft Corporation) MD5=36739B39267914BA69AD0610A0299732 -- C:\WINDOWS\$NtServicePackUninstall$\netman.dll
[2004/08/04 05:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=DAB9E6C7105D2EF49876FE92C524F565 -- C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\$NtUninstallKB905414$\netman.dll
[2004/08/04 05:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=DAB9E6C7105D2EF49876FE92C524F565 -- C:\WINDOWS\$NtUninstallKB905414$\netman.dll

< MD5 for: NETSHELL.DLL >
[2008/04/14 04:42:04 | 001,703,936 | ---- | M] (Microsoft Corporation) MD5=062F837C1FBDB6A0A75F82EFC2EE8E74 -- C:\WINDOWS\ServicePackFiles\i386\netshell.dll
[2008/04/14 04:42:04 | 001,703,936 | ---- | M] (Microsoft Corporation) MD5=062F837C1FBDB6A0A75F82EFC2EE8E74 -- C:\WINDOWS\system32\netshell.dll
[2005/04/20 12:21:33 | 001,705,472 | ---- | M] (Microsoft Corporation) MD5=9CD5B14F9B877DF0E64C34A2A9047BE7 -- C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\dllcache\netshell.dll
[2005/04/20 12:21:33 | 001,705,472 | ---- | M] (Microsoft Corporation) MD5=9CD5B14F9B877DF0E64C34A2A9047BE7 -- C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\netshell.dll
[2005/04/20 19:21:33 | 001,705,472 | ---- | M] (Microsoft Corporation) MD5=9CD5B14F9B877DF0E64C34A2A9047BE7 -- C:\WINDOWS\$NtServicePackUninstall$\netshell.dll
[2004/08/04 05:00:00 | 001,708,032 | ---- | M] (Microsoft Corporation) MD5=BF52A4D4EB4CFB3109667E429B93E21A -- C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\$NtUninstallKB893357$\netshell.dll
[2004/08/04 05:00:00 | 001,708,032 | ---- | M] (Microsoft Corporation) MD5=BF52A4D4EB4CFB3109667E429B93E21A -- C:\WINDOWS\$NtUninstallKB893357$\netshell.dll

< MD5 for: QMGR.DLL >
[2004/08/04 05:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\dllcache\cache\qmgr.dll
[2004/08/04 05:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\dllcache\qmgr.dll
[2004/08/04 05:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\qmgr.dll
[2004/08/04 05:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/14 04:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/14 04:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/14 04:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/14 04:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< >

< End of report >



OTL Extras logfile created on: 11/19/2011 8:48:30 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Koko\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 72.87% Memory free
3.85 Gb Paging File | 3.47 Gb Available in Paging File | 90.24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 58.37 Gb Free Space | 25.06% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 368.07 Gb Free Space | 79.03% Space Free | Partition Type: NTFS
Drive E: | 612.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 6.96 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive L: | 3.76 Gb Total Space | 3.09 Gb Free Space | 82.30% Space Free | Partition Type: FAT32

Computer Name: OFFICEPOWERSPEC | User Name: Koko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDirector\PDR.exe" = C:\Program Files\CyberLink\PowerDirector\PDR.exe:*:Enabled:CyberLink PowerDirector -- (CyberLink Corp.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = The Sims™ 2 Mansion and Garden Stuff
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 29
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D1B20A6-E31D-4BB5-BC5C-DDD3B0D91728}" = Intel Audio Studio 2.0
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{50ECE146-F7A0-467A-8F69-5CEE086DC5AD}" = Intel Audio Studio 2.0
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = CU VPN Client 5.0.04.0300
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® Home Stuff
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{71CBF9BB-7E07-4A9D-BF30-84C11810B242}" = ESET Smart Security
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007F-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E89956F9-5B89-470E-818D-BD46102D0A01}" = Citrix Presentation Server Client
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = The Sims™ 2 Celebration! Stuff
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F4A4E6B2-D45F-4EB1-8C3A-6EB8D45A31C9}" = ClientTools
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AnyDVD" = AnyDVD
"CEP - Colour Enable Packages_is1" = CEP (Color Enable Package) v.9.2 (beta)
"CloneDVD2" = CloneDVD2
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"ENTERPRISER" = Microsoft Office Enterprise 2007
"GRE POWERPREP" = GRE POWERPREP
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PC Magazine StartupCop Pro_is1" = PC Magazine StartupCop Pro
"PROSet" = Intel® PRO Network Connections Drivers
"Sims2Pack Clean Installer " = Sims2Pack Clean Installer
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/16/2011 8:23:42 PM | Computer Name = OFFICEPOWERSPEC | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BB from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/16/2011 8:25:08 PM | Computer Name = OFFICEPOWERSPEC | Source = Application Error | ID = 1000
Description = Faulting application intelaudiostudio.exe, version 2.0.0.75, faulting
module sfidlock.dll, version 1.0.0.1, fault address 0x000012ae.

Error - 11/16/2011 11:06:42 PM | Computer Name = OFFICEPOWERSPEC | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.51.0.1118, faulting module
unknown, version 0.0.0.0, fault address 0x00030004.

Error - 11/17/2011 1:52:39 AM | Computer Name = OFFICEPOWERSPEC | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BB from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/17/2011 1:11:05 PM | Computer Name = OFFICEPOWERSPEC | Source = Application Hang | ID = 1002
Description = Hanging application qw.exe, version 20.1.8.6, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/17/2011 10:55:46 PM | Computer Name = OFFICEPOWERSPEC | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/17/2011 10:55:47 PM | Computer Name = OFFICEPOWERSPEC | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/17/2011 10:55:48 PM | Computer Name = OFFICEPOWERSPEC | Source = Application Hang | ID = 1002
Description = Hanging application Sims2EP9.exe, version 1.17.0.66, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/18/2011 10:15:19 AM | Computer Name = OFFICEPOWERSPEC | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BB from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/18/2011 8:28:51 PM | Computer Name = OFFICEPOWERSPEC | Source = Application Error | ID = 1000
Description = Faulting application intelaudiostudio.exe, version 2.0.0.75, faulting
module sfidlock.dll, version 1.0.0.1, fault address 0x000012ae.

[ OSession Events ]
Error - 11/14/2009 4:34:49 AM | Computer Name = OFFICEPOWERSPEC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17009
seconds with 1020 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/17/2011 6:36:41 PM | Computer Name = OFFICEPOWERSPEC | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 00000005, parameter2 0000001c, parameter3
00000001, parameter4 804e958d.

Error - 11/17/2011 6:36:46 PM | Computer Name = OFFICEPOWERSPEC | Source = System Error | ID = 1003
Description = Error code 00000096, parameter1 b1b27adc, parameter2 8056a5fc, parameter3
8056a5c0, parameter4 c0000002.

Error - 11/18/2011 3:38:41 AM | Computer Name = OFFICEPOWERSPEC | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 11/18/2011 3:38:42 AM | Computer Name = OFFICEPOWERSPEC | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 11/18/2011 10:36:37 AM | Computer Name = OFFICEPOWERSPEC | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 11/18/2011 10:36:38 AM | Computer Name = OFFICEPOWERSPEC | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 11/18/2011 12:51:11 PM | Computer Name = OFFICEPOWERSPEC | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 11/18/2011 12:51:11 PM | Computer Name = OFFICEPOWERSPEC | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 11/18/2011 2:24:50 PM | Computer Name = OFFICEPOWERSPEC | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 11/18/2011 2:24:53 PM | Computer Name = OFFICEPOWERSPEC | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.


< End of report >
  • 0

#7
RKinner
Posted 19 November 2011 - 12:46 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
No need to uninstall aswMBR before you run Combofix.

I see something I missed in your OTL log:

Copy the text in the code box by highlighting and Ctrl + c 


:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CA 1B AE 01 98 50 73 4D BB FD FF B3 4D B6 70 4B [binary data]
     
:Commands
[EMPTYTEMP]
[Reboot]
Make sure IE is closed then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Are you still getting malfunctioning audio and is ESET still finding olmarik?

Let's run GMER and see if it can tell us more about the Hidden BITS service.

Download GMER from http://www.gmer.net/download.php Note the file's name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on http://www.bleepingcomputer.com/forums/topic114351.html to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

  • 0

#8
elenya
Posted 20 November 2011 - 10:30 AM

elenya

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
The audio is working absolutely fine and I haven't heard those random windows exclamation sounds. ESET hasn't found olmarik. I ran the OTL fix let it reboot; I also ran GMER scan and here is the log: (Also--thank you again for taking the time to help me with this :])

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-20 09:18:02
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 SAMSUNG_SP2504C rev.VT100-33
Running: 2n5ipqwg.exe; Driver: C:\DOCUME~1\Koko\LOCALS~1\Temp\fftyraoc.sys


---- System - GMER 1.0.15 ----

SSDT 89B8CC90 ZwAssignProcessToJobObject
SSDT 89B8D200 ZwDebugActiveProcess
SSDT 89B8D2F0 ZwDuplicateObject
SSDT 89B8C590 ZwOpenProcess
SSDT 89B8C800 ZwOpenThread
SSDT 89B8CFD0 ZwProtectVirtualMemory
SSDT 89B8D0E0 ZwQueueApcThread
SSDT 89B8CEC0 ZwSetContextThread
SSDT 89B8CD90 ZwSetInformationThread
SSDT 89B89DA0 ZwSetSecurityObject
SSDT 89B8CB90 ZwSuspendProcess
SSDT 89B8CA80 ZwSuspendThread
SSDT 89B8C6E0 ZwTerminateProcess
SSDT 89B8CA50 ZwTerminateThread
SSDT 89B8D6D0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7737380, 0x3DEB95, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1380] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[920] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [01642BC8] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[920] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!UnhandledExceptionFilter] [01642CE9] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[920] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess] [01642CB8] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

---- Files - GMER 1.0.15 ----

File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\amyuni_amyunidocumentconverter300\acfpdf.txt 109 bytes
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\amyuni_amyunidocumentconverter300\acpdf300.dll 434000 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\amyuni_amyunidocumentconverter300\acpdfui300.dll 387312 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\amyuni_amyunidocumentconverter300\cdintf300.dll 3523872 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\brothermfc_9700283e\BRHBP.GPD 6719 bytes
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\brothermfc_9700283e\BRM9700U.GPD 17450 bytes
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\brothermfc_9700283e\BROTHER.DLL 8192 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\brothermfc_9700283e\BROTHER.INI 134 bytes
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\brothermfc_9700283e\BROTHUI.DLL 7680 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\brothermfc_9700283e\STDNAMES.GPD 14362 bytes
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\brothermfc_9700283e\UNIDRV.DLL 264704 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\brothermfc_9700283e\UNIDRV.HLP 21225 bytes
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\brothermfc_9700283e\UNIDRVUI.DLL 197120 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\brothermfc_9700283e\UNIRES.DLL 619520 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canoni9503256\CNBMC157.DLL 75776 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canoni9503256\CNB_1570.TBL 1208320 bytes
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canoni9503256\CNMCP4d.DLL 53248 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canoni9503256\CNMD44d.DLL 208384 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canoni9503256\CNMDR4d.DLL 400384 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canoni9503256\CNMFU4d.DLL 17920 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canoni9503256\CNMIN4d.INI 85 bytes
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canoni9503256\CNMMH4d.CNT 1691 bytes
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canoni9503256\CNMMH4d.HLP 218882 bytes
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canoni9503256\CNMOP4d.DLL 30208 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canoni9503256\CNMP04d.DAT 23280 bytes
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canoni9503256\CNMP14d.DAT 27140 bytes
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canoni9503256\CNMP24d.DAT 30320 bytes
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canoni9503256\CNMPH4d.CNT 304 bytes
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canoni9503256\CNMPH4d.HLP 14406 bytes
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canoni9503256\CNMPI4d.DLL 6144 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canoni9503256\CNMPV4d.EXE 57856 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canoni9503256\CNMSB4d.DLL 866816 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canoni9503256\CNMSD4d.EXE 9216 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canoni9503256\CNMSH4d.CNT 263 bytes
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canoni9503256\CNMSH4d.HLP 18032 bytes
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canoni9503256\CNMSM4d.EXE 109568 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canoni9503256\CNMSQ4d.EXE 6144 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canoni9503256\CNMSR4d.DLL 47104 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canoni9503256\CNMSS4d.SMR 12800 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canoni9503256\CNMUB4d.DLL 110080 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canoni9503256\CNMUI4d.DLL 1406976 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canoni9503256\CNMUR4d.DLL 146944 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNB_2780.TBL 1806080 bytes
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMCB7Q.DLL 274944 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMCP7Q.DLL 100352 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMD57Q.DLL 151552 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMDR7Q.DLL 397312 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMFU7Q.DLL 19968 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMIN7Q.INI 127 bytes
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMLR7Q.DLL 92160 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMLR7Q0.411 54784 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMMH7Q.CHM 122933 bytes
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMMH7Q0.411 153301 bytes
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMOP7Q.DLL 25088 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMP07Q.DAT 23280 bytes
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMP17Q.DAT 27140 bytes
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMP27Q.DAT 30320 bytes
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMPI7Q.DLL 7168 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMPV7Q.DLL 89088 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMSB7Q.DLL 223744 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMSD7Q.DLL 39936 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMSH7Q.CHM 46831 bytes
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMSH7Q0.411 48784 bytes
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMSM7Q.DLL 194560 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMSQ7Q.DLL 39424 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMSR7Q.DLL 69632 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMSR7Q0.411 40448 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMSS7Q.SMR 48128 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMUB7Q.DLL 663552 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMUI7Q.DLL 1635840 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMUR7Q.DLL 254464 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMUR7Q0.411 192512 bytes executable
File C:\My old Disk Structure -- 09-08-15 0603PM\WINDOWS\system32\spool\drivers\w32x86\canonmp83040ef\CNMW37Q.DLL 6656 bytes executable

---- EOF - GMER 1.0.15 ----
  • 0

#9
RKinner
Posted 20 November 2011 - 10:59 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
GMER didn't find anything.

I do see from GMER you have ZoneAlarm running. Don't think you need it as ESET has its own firewall.

Run aswMBR again and let's see if it still sees the "hidden" BITS service.

Let's also see if your event logs show anything to worry about.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#10
elenya
Posted 20 November 2011 - 12:55 PM

elenya

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I ran aswMBR again as well as VEW.exe--the logs are below:


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-20 11:53:50
-----------------------------
11:53:50.906 OS Version: Windows 5.1.2600 Service Pack 3
11:53:50.906 Number of processors: 2 586 0x602
11:53:50.906 ComputerName: OFFICEPOWERSPEC UserName: Koko
11:53:51.687 Initialize success
11:54:00.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
11:54:00.375 Disk 0 Vendor: SAMSUNG_SP2504C VT100-33 Size: 238475MB BusType: 3
11:54:00.375 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-22
11:54:00.375 Disk 1 Vendor: Hitachi_HDT725050VLA360 V56OA7EA Size: 476940MB BusType: 3
11:54:02.406 Disk 0 MBR read successfully
11:54:02.406 Disk 0 MBR scan
11:54:02.406 Disk 0 unknown MBR code
11:54:02.406 Disk 0 scanning sectors +488392065
11:54:02.437 Disk 0 scanning C:\WINDOWS\system32\drivers
11:54:13.875 Service scanning
11:54:15.265 Modules scanning
11:54:19.265 Scan finished successfully
11:54:34.171 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Koko\Desktop\MBR.dat"
11:54:34.171 The log file has been saved successfully to "C:\Documents and Settings\Koko\Desktop\aswMBR2.txt"



Vino's Event Viewer v01c run on Windows XP in English
Report run at 20/11/2011 11:52:17 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/11/2011 11:21:18 AM
Type: warning Category: 0
Event: 1007 Source: Dhcp
Your computer has automatically configured the IP address for the Network Card with network address 00059A3C7800. The IP address being used is 169.254.18.31.
  • 0

#11
RKinner
Posted 20 November 2011 - 01:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
That's about all I see so I think we can clean up now.

We need to clean up System Restore. Follow Jim's procedure here:
http://aumha.net/vie...581099691bf108f


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You probably do not have the latest Java (Java™ 6 Update 29 or 7 update 1). Get the latest at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Note on Java and Firefox. For some reason Java does not remove old consoles from Firefox. Any time you update Java you should do Firefox, Add-ons, Extensions and disable any old Java Consoles

They will look like: Java Console 6.xx. The xx corresponds to the update number. When they switch to 7 update 0 then it will be Java Console 7.

Multiple Java Consoles will slow down the Firefox boot. After any change to Firefox or its extension you should run Speedyfox. (Mentioned later.)



Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#12
elenya
Posted 20 November 2011 - 04:02 PM

elenya

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you so much. I will take note of all your suggestions...you are thoroughly, THOROUGHLY awesome and appreciated!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP