Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Dealing with System Restore Virus [Closed]

Started by amylenise , Dec 10 2011 07:51 PM

  • This topic is locked This topic is locked

#1
amylenise
Posted 10 December 2011 - 07:51 PM

amylenise

    Member

  • Member
  • PipPip
  • 17 posts
Greetings!
Thanks for the great work you do! I got this Root Injection Trojan for the System Restore virus while visiting a WordPress site. My netbook was protected by Norton but my desktop was taken over. I am grateful to God I can even get online. The thing has basically hijacked my computer -- image attached below. Tried to install Norton to clean it, but it blocked me from seeing my files. Have run SuperAntispyware and Unhide no discernible relief. Will list OTL log below... Thanks in advance for any help/instructions.

sysrestore.png

OTL Log:

OTL Extras logfile created on: 12/10/2011 7:38:59 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Edna Gardner\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 68.94 Mb Available Physical Memory | 13.48% Memory free
1.22 Gb Paging File | 0.64 Gb Available in Paging File | 52.69% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 20.67 Gb Free Space | 55.46% Space Free | Partition Type: NTFS

Computer Name: EDNA-QD37W97K71 | User Name: Edna Gardner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a
"C:\Program Files\America Online 9.0c\waol.exe" = C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:America Online 9.0c
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a
"C:\Program Files\America Online 9.0c\waol.exe" = C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:America Online 9.0c
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader
"C:\Program Files\America Online 9.0d\waol.exe" = C:\Program Files\America Online 9.0d\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\1100798464\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1100798464\EE\AOLServiceHost.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\Rio\Rio Music Manager\riomm.exe" = C:\Program Files\Rio\Rio Music Manager\riomm.exe:*:Enabled:Rio Music Manager
"C:\Program Files\Common Files\AOL\1127509997\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1127509997\ee\AOLServiceHost.exe:*:Enabled:AOL
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8 -- (Macromedia, Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Messenger
"C:\Program Files\Hasbro Interactive\Scrabble v2.0\Scrabble v2.0.exe" = C:\Program Files\Hasbro Interactive\Scrabble v2.0\Scrabble v2.0.exe:*:Disabled:Scrabble v2.0
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\WINDOWS\system32\P2P Networking\P2P Networking.exe" = C:\WINDOWS\system32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\HPZipm12.exe" = C:\WINDOWS\system32\HPZipm12.exe:*:Enabled:HPZipm12 -- (HP)
"C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" = C:\Program Files\Common Files\SupportSoft\bin\bcont.exe:*:Enabled:bcont
"C:\Program Files\McAfee\VirusScan\mcods.exe" = C:\Program Files\McAfee\VirusScan\mcods.exe:*:Enabled:mcods
"C:\Program Files\McAfee\MSM\McSmtFwk.exe" = C:\Program Files\McAfee\MSM\McSmtFwk.exe:*:Enabled:McSmtFwk
"C:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe" = C:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{097346E0-6A51-11D1-AD16-00A0C95E0503}(Verizon Online)" = Visual IP InSight(Verizon Online)
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 22
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AD738DC-FC24-4342-A2DA-BB6DCCF6B048}" = Jing
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{4647BF57-21C4-4BC8-BA1B-E57A30EE1D31}" = Sprint SmartView
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{52D97366-9779-43AB-98A2-91600DCD9102}" = Enterprise
"{536F7C74-844B-4683-B0C5-EA39E19A6FE3}" = Microsoft AntiSpyware
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}" = Microsoft Outlook Web Access S/MIME
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86C3A7C1-454F-11D5-9BFF-080009B69BB3}" = Control Pad
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9A5CE1F7-BF8E-4B72-B02D-335E56793543}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support
"{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 wireless USB 2.0 adapter
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC1314E7-D28C-40A1-B322-80D2868D35CE}" = HP PSC & Officejet 4.2 Corporate Edition
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.8
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{C05E8183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AnyDVD" = AnyDVD
"Audacity_is1" = Audacity 1.2.6
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"CleanUp!" = CleanUp!
"CloneDVD2" = CloneDVD2
"FileZilla Client" = FileZilla Client 3.5.0
"hp instant support" = hp instant support
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"iLuminaPremiumStarter" = iLumina Gold Premium Starter
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate1.7" = LiveUpdate 1.7 (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.20)" = Mozilla Firefox (3.6.20)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"RealPlayer 12.0" = RealPlayer
"StreetPlugin" = Learn2 Player (Uninstall Only)
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Windows CE Services" = Microsoft ActiveSync 3.8
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

Advertisements

#2
amylenise
Posted 10 December 2011 - 08:06 PM

amylenise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Oops so sorry, just noticed that I posted the Extras Log. Please see below for actual OTL Log:

OTL logfile created on: 12/10/2011 7:38:59 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Edna Gardner\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 68.94 Mb Available Physical Memory | 13.48% Memory free
1.22 Gb Paging File | 0.64 Gb Available in Paging File | 52.69% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 20.67 Gb Free Space | 55.46% Space Free | Partition Type: NTFS

Computer Name: EDNA-QD37W97K71 | User Name: Edna Gardner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/10 19:37:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Edna Gardner\My Documents\Downloads\OTL.exe
PRC - [2011/12/10 19:34:18 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Edna Gardner\My Documents\Downloads\unhide.exe
PRC - [2011/10/17 10:32:38 | 004,615,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/08/18 22:56:37 | 000,912,344 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/18 22:55:41 | 000,116,608 | -H-- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/05/28 20:46:22 | 000,490,112 | -H-- | M] (RealNetworks, Inc.) -- c:\Program Files\real\realplayer\realplay.exe
PRC - [2011/05/28 20:46:15 | 000,273,544 | -H-- | M] (RealNetworks, Inc.) -- c:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2010/12/15 13:54:46 | 000,075,072 | -H-- | M] (Sprint) -- C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe
PRC - [2010/12/15 13:54:44 | 000,316,736 | -H-- | M] (C-motech Co.,Ltd) -- C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
PRC - [2010/12/15 13:54:44 | 000,120,128 | -H-- | M] (SmithMicro Inc.) -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
PRC - [2010/12/15 13:38:12 | 000,380,928 | -H-- | M] (Bytemobile, Inc.) -- C:\Program Files\Sprint\Sprint SmartView\bmctl.exe
PRC - [2010/08/19 14:23:10 | 003,069,192 | -H-- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Jing\Jing.exe
PRC - [2010/06/14 14:56:02 | 004,573,664 | -H-- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
PRC - [2010/03/22 20:07:22 | 000,268,768 | -H-- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
PRC - [2010/01/11 13:10:52 | 000,082,944 | -H-- | M] () -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
PRC - [2008/12/25 13:40:23 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 19:12:14 | 000,389,120 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2008/04/13 19:12:12 | 000,012,288 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\attrib.exe
PRC - [2006/01/11 15:08:00 | 000,577,536 | -H-- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005/06/15 18:35:00 | 000,756,552 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
PRC - [2005/06/06 23:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 15:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/06/16 05:02:54 | 000,471,040 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2003/04/06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/06 00:37:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
PRC - [2001/08/01 17:34:28 | 000,467,456 | -H-- | M] (Chicony) -- C:\WINDOWS\mHotkey.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/10 19:34:18 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Edna Gardner\My Documents\Downloads\unhide.exe
MOD - [2011/12/10 13:43:13 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/08/18 22:56:39 | 001,000,920 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/08/16 00:02:44 | 006,277,280 | -H-- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/10 23:26:22 | 000,971,264 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011/08/10 21:51:39 | 005,450,752 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/08/10 21:51:29 | 012,430,848 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
MOD - [2011/08/10 21:51:04 | 001,587,200 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
MOD - [2011/08/10 21:50:08 | 000,224,768 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f52e48f55258d0a04fbab3a1f93752e9\PresentationFramework.Classic.ni.dll
MOD - [2011/08/10 21:50:04 | 014,328,320 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\704556e34128441ea9f1a81cc89f8a79\PresentationFramework.ni.dll
MOD - [2011/08/10 21:49:27 | 012,215,808 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\5f332c48d03eca57419c4f0e884092ee\PresentationCore.ni.dll
MOD - [2011/08/10 21:49:01 | 003,325,440 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd6e0cd6f124a6d041ef1b4c9a5f080b\WindowsBase.ni.dll
MOD - [2011/08/10 21:48:49 | 007,950,848 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/08/03 22:11:34 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/08/03 22:11:34 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/08/03 22:11:33 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/06/24 22:02:07 | 011,490,816 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/12/15 13:55:28 | 000,120,128 | -H-- | M] () -- C:\Program Files\Sprint\Sprint SmartView\Pac.dll
MOD - [2010/12/15 13:54:56 | 000,070,976 | -H-- | M] () -- C:\Program Files\Sprint\Sprint SmartView\Eap.dll
MOD - [2010/12/15 13:36:04 | 000,307,200 | -H-- | M] () -- C:\Program Files\Sprint\Sprint SmartView\SDKs\Beceem\5268P3\libxvi010.dll
MOD - [2010/08/19 14:23:08 | 000,969,480 | -H-- | M] () -- C:\Program Files\TechSmith\Jing\Recorder.dll
MOD - [2010/06/14 14:56:02 | 004,573,664 | -H-- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
MOD - [2010/06/03 12:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/03/24 20:17:36 | 008,794,464 | -H-- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/22 20:07:22 | 000,268,768 | -H-- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
MOD - [2010/03/10 14:50:38 | 000,204,800 | -H-- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiLib.dll
MOD - [2010/01/30 01:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/01/11 13:10:52 | 000,082,944 | -H-- | M] () -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
MOD - [2009/08/28 16:50:18 | 000,282,624 | -H-- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvcLib.dll
MOD - [2001/07/02 19:36:30 | 000,024,576 | -H-- | M] () -- C:\WINDOWS\HKNTDLL.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/18 22:55:41 | 000,116,608 | -H-- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010/12/15 13:54:44 | 000,120,128 | -H-- | M] (SmithMicro Inc.) [On_Demand | Running] -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2010/03/25 09:25:22 | 030,969,208 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/22 20:07:22 | 000,268,768 | -H-- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2010/01/11 13:10:52 | 000,082,944 | -H-- | M] () [Auto | Running] -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)
SRV - [2009/11/05 16:08:36 | 000,360,529 | -H-- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2009/02/20 13:23:26 | 000,495,700 | -H-- | M] (Atheros) [Auto | Stopped] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/12/25 13:40:23 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard)
SRV - [2005/10/06 17:12:30 | 000,855,552 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/03/18 15:55:48 | 000,065,536 | -H-- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/02/15 09:51:00 | 000,114,749 | -H-- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32)


========== Driver Services (SafeList) ==========

DRV - [2011/08/03 22:07:45 | 000,067,664 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/03 22:07:44 | 000,012,880 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/12/15 13:38:22 | 000,229,376 | -H-- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2010/12/15 13:38:14 | 000,018,816 | -H-- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2010/12/15 13:38:10 | 000,038,680 | -H-- | M] (PCTEL Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctnullport.sys -- (Nmea)
DRV - [2010/12/15 13:35:56 | 000,032,408 | -H-- | M] (Smith Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2010/12/01 14:06:29 | 000,108,104 | -H-- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/05/04 09:50:36 | 000,105,544 | -H-- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DIFMNET.sys -- (DIFMNET)
DRV - [2010/04/28 10:03:02 | 000,164,552 | -H-- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DIFMVsp.sys -- (DIFMVsp)
DRV - [2010/04/28 10:03:00 | 000,164,552 | -H-- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DIFMNVsp.sys -- (DIFMNVsp)
DRV - [2010/04/28 10:03:00 | 000,164,552 | -H-- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DIFMMdm.sys -- (DIFMMdm)
DRV - [2010/04/28 10:03:00 | 000,164,552 | -H-- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DIFMCVsp.sys -- (DIFMCVsp)
DRV - [2010/04/28 10:03:00 | 000,056,392 | -H-- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DIFMBUS.sys -- (DIFMBUS)
DRV - [2010/03/26 19:07:28 | 000,319,488 | -H-- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\drxvi314.sys -- (bcm)
DRV - [2010/03/26 19:04:24 | 000,051,456 | -H-- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BcmBusCtr.sys -- (bcmbusctr)
DRV - [2010/03/09 16:34:56 | 001,723,840 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)
DRV - [2009/01/30 17:13:20 | 000,058,208 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2008/12/25 13:40:22 | 000,011,000 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver)
DRV - [2008/10/15 11:58:34 | 000,171,144 | -H-- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV - [2008/10/15 11:58:34 | 000,149,512 | -H-- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
DRV - [2008/10/15 11:58:34 | 000,024,840 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/10/15 11:58:32 | 000,027,072 | -H-- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/09/25 18:07:00 | 000,057,440 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/04/13 13:56:49 | 000,012,800 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2007/09/28 13:30:57 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2007/09/28 13:30:49 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2006/09/05 11:03:16 | 000,003,968 | -H-- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln)
DRV - [2006/02/08 15:44:00 | 003,846,016 | RH-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/12/30 18:06:40 | 000,427,776 | -H-- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/07/02 03:42:00 | 000,027,904 | -H-- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/01/10 15:13:04 | 000,033,588 | -H-- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/02/11 09:51:00 | 000,033,496 | -H-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AW_HOST5.sys -- (AW_HOST)
DRV - [2001/10/09 09:50:00 | 000,014,944 | -H-- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\GERNUWA.sys -- (Gernuwa)
DRV - [2000/09/11 09:50:00 | 000,010,816 | -H-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\awlegacy.sys -- (awlegacy)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.c...iv_eg_self_main

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.n....1&bm=ho_search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.blueletterbible.org/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://blueletterbible.org"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/28 20:47:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/18 22:56:43 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/18 22:56:43 | 000,000,000 | -H-D | M]

[2008/12/25 15:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Edna Gardner\Application Data\Mozilla\Extensions
[2011/12/10 19:38:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Edna Gardner\Application Data\Mozilla\Firefox\Profiles\8aepli4t.default\extensions
[2010/07/03 23:01:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Edna Gardner\Application Data\Mozilla\Firefox\Profiles\8aepli4t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/02 19:14:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/04 09:53:06 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/04 22:55:40 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/24 23:01:08 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2007/02/05 10:47:48 | 000,000,000 | -H-D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/05/28 20:47:10 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009/12/29 21:08:31 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/09/15 04:50:38 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/02/08 12:26:54 | 000,003,249 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\xfinitylcsearch.xml

========== Chrome ==========

CHR - default_search_provider: Comcast Search ()
CHR - default_search_provider: search_url = http://search.comcas...q={searchTerms}
CHR - default_search_provider: suggest_url =

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {7000b6ca-4388-4d95-893d-6659c2d4d1ce} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~2\VERIZO~1.DLL File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Updater For Xfinity.com Toolbar 3.1) - {e6d0b79e-ecac-411b-8bf6-7a574981af30} - C:\Program Files\xfinitytb\auxi\xfinityAu.dll File not found
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~2\VERIZO~1.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~2\VERIZO~1.DLL File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe File not found
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CHotKey] C:\WINDOWS\mHotkey.exe (Chicony)
O4 - HKLM..\Run: [gcasServ] C:\Program Files\Microsoft AntiSpyware\gcasServ.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe" -l File not found
O4 - HKLM..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe" File not found
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [RDVCHG] C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)
O4 - HKLM..\Run: [sm] C:\WINDOWS\sa_exe.exe File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe File not found
O4 - HKLM..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN File not found
O4 - HKLM..\Run: [wenupabeh] Rundll32.exe "c:\windows\system32\tidotiko.dll",a File not found
O4 - HKLM..\Run: [yxtaAetnpDWiqS.exe] C:\Documents and Settings\All Users\Application Data\yxtaAetnpDWiqS.exe File not found
O4 - HKCU..\Run: [A00F9F5AE.exe] C:\DOCUME~1\EDNAGA~1\LOCALS~1\Temp\_A00F9F5AE.exe File not found
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden File not found
O4 - HKCU..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10v_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_22.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyds...t Installer.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.h...staller_gmn.cab (VerifyGMN Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1005.cab (MySpace Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1126874131386 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} https://media.pineco...loadcontrol.cab (InetDownload Class)
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} http://viewers.strea...MINIBrowser.CAB (CBrowser Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5925121-7D36-46FA-B8F5-6224EC231D0E}: NameServer = 66.1.124.132 66.1.124.133
O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll ()
O20 - AppInit_DLLs: (C:\WINDOWS\System32\dxmasf32.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\jivazona.dll) - File not found
O20 - AppInit_DLLs: (kunuteva.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\tidotiko.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\d871105a448: DllName - (C:\WINDOWS\System32\dxmasf32.dll) - File not found
O20 - Winlogon\Notify\PCANotify: DllName - (PCANotify.dll) - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O21 - SSODL: vefalopek - {79852d63-8991-46ad-8d2b-f170d5fca348} - c:\windows\system32\jivazona.dll File not found
O21 - SSODL: zefuviwut - {4757e790-a35e-494f-9e4f-1d205ae16da4} - c:\windows\system32\tidotiko.dll File not found
O22 - SharedTaskScheduler: {4757e790-a35e-494f-9e4f-1d205ae16da4} - mujuzedij - c:\windows\system32\tidotiko.dll File not found
O22 - SharedTaskScheduler: {79852d63-8991-46ad-8d2b-f170d5fca348} - mujuzedij - c:\windows\system32\jivazona.dll File not found
O24 - Desktop Components:0 () - http://www.adobe.com...ges/aum_win.gif
O24 - Desktop Components:1 () - http://cdn.mapquest....h/mq-home-logo2
O24 - Desktop Components:2 () - http://www.cartoonne...tn_email_on.gif
O24 - Desktop Components:3 () - http://cdn.mapquest..../mq-logo-header
O24 - Desktop Components:4 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Edna Gardner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Edna Gardner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {9EF34FF2-3396-4527-9D27-04C8C1C67806} - C:\Program Files\Microsoft AntiSpyware\shellextension.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/05/27 21:14:05 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1e29d53a-1b6a-11e0-89f8-000c7693a609}\Shell - "" = AutoRun
O33 - MountPoints2\{1e29d53a-1b6a-11e0-89f8-000c7693a609}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1e29d53a-1b6a-11e0-89f8-000c7693a609}\Shell\AutoRun\command - "" = E:\WIN\setup.exe
O33 - MountPoints2\{9a0a3777-d2ba-11dd-898b-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{9a0a3777-d2ba-11dd-898b-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a0a3777-d2ba-11dd-898b-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{b795c4ce-da41-11de-89ac-000c7693a609}\Shell\AutoRun\command - "" = E:\rcaeasyrip_setup.exe
O33 - MountPoints2\{b795c4ce-da41-11de-89ac-000c7693a609}\Shell\install\command - "" = E:\rcaeasyrip_setup.exe
O33 - MountPoints2\{b795c4ce-da41-11de-89ac-000c7693a609}\Shell\usermanualEnglish\command - "" = E:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{b795c4ce-da41-11de-89ac-000c7693a609}\Shell\usermanualFrench\command - "" = E:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{b795c4ce-da41-11de-89ac-000c7693a609}\Shell\usermanualSpanish\command - "" = E:\rcaeasyrip_setup.exe /pdf_Spanish
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/10 19:48:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/11/14 22:43:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Edna Gardner\Recent
[2011/10/17 10:19:54 | 000,428,544 | ---- | C] (Производитель) -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe
[2003/04/09 12:13:50 | 000,577,536 | -H-- | C] (Hewlett-Packard) -- C:\Program Files\Setup.exe
[2003/03/09 20:30:44 | 000,184,320 | -H-- | C] (HP) -- C:\Program Files\hpzscr07.dll
[2003/03/09 20:30:42 | 000,274,432 | -H-- | C] (HP) -- C:\Program Files\hpzglu07.exe
[2003/03/09 20:30:42 | 000,237,568 | -H-- | C] (Hewlett-Packard Co.) -- C:\Program Files\hpzc3212.dll
[2002/09/09 17:48:20 | 000,022,608 | -H-- | C] (Microsoft Corporation) -- C:\Program Files\usbprint.sys
[2002/09/09 17:48:12 | 000,012,288 | -H-- | C] (Microsoft Corporation) -- C:\Program Files\usbmon.dll
[2002/09/09 17:47:52 | 000,254,005 | -H-- | C] (Microsoft Corporation) -- C:\Program Files\msvcrt.dll
[2002/09/09 17:47:44 | 000,070,656 | -H-- | C] (Microsoft Corporation) -- C:\Program Files\msvcirt.dll
[2002/09/09 17:47:00 | 000,212,992 | -H-- | C] (HP) -- C:\Program Files\hpzpnp07.dll
[2002/09/09 17:46:50 | 000,049,212 | -H-- | C] (Hewlett-Packard) -- C:\Program Files\hpzjvp01.dll
[2002/09/09 17:46:42 | 000,249,913 | -H-- | C] (Hewlett-Packard) -- C:\Program Files\hpzjut01.dll
[2002/09/09 17:46:32 | 000,417,849 | -H-- | C] (Hewlett-Packard) -- C:\Program Files\hpzjpp01.dll
[2002/09/09 17:46:24 | 000,028,722 | -H-- | C] (Hewlett-Packard) -- C:\Program Files\hpzjlog.dll
[2002/09/06 09:54:56 | 000,995,383 | -H-- | C] (Microsoft Corporation) -- C:\Program Files\MFC42.DLL
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/10 19:36:32 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-362288127-1801674531-1003.job
[2011/12/10 19:36:31 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-362288127-1801674531-1003.job
[2011/12/10 19:22:05 | 000,000,898 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/10 14:00:00 | 000,000,296 | -H-- | M] () -- C:\WINDOWS\tasks\enoynvss.job
[2011/12/10 13:41:54 | 000,000,125 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/12/10 13:41:04 | 000,013,646 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/10 13:41:03 | 000,000,894 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/10 13:40:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/10 13:40:33 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/14 23:36:02 | 536,399,872 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/17 10:20:22 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
[2011/10/17 10:20:22 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
[2011/10/17 10:20:00 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2011/07/27 21:36:22 | 004,521,014 | -H-- | C] () -- C:\Program Files\FileZilla_3.5.0_win32-setup.exe
[2011/07/19 09:11:51 | 000,081,544 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/19 01:19:57 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/25 16:27:53 | 000,019,469 | -H-- | C] () -- C:\WINDOWS\hpoins01.dat.temp
[2011/06/25 16:27:53 | 000,016,606 | -H-- | C] () -- C:\WINDOWS\hpomdl01.dat.temp
[2011/06/13 08:43:19 | 000,019,469 | -H-- | C] () -- C:\WINDOWS\hpoins01.dat
[2011/06/13 08:43:19 | 000,016,606 | -H-- | C] () -- C:\WINDOWS\hpomdl01.dat
[2011/05/25 17:57:16 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Edna Gardner\Local Settings\Application Data\fusioncache.dat
[2011/04/28 00:57:13 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/04/27 18:52:50 | 000,102,032 | -H-- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2011/04/27 18:52:50 | 000,017,218 | -H-- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2011/04/26 10:05:32 | 000,102,032 | -H-- | C] () -- C:\WINDOWS\hpoins04.dat
[2011/04/26 10:05:31 | 000,017,218 | -H-- | C] () -- C:\WINDOWS\hpomdl04.dat
[2011/01/03 19:33:06 | 000,262,216 | -H-- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2010/03/26 19:00:56 | 002,031,168 | -H-- | C] () -- C:\WINDOWS\System32\drivers\macxvi200.bin
[2009/12/29 19:36:51 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/12/29 19:33:46 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/08/03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | -H-- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/17 10:48:09 | 000,000,063 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/15 11:58:34 | 000,024,840 | -H-- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2006/11/23 12:12:32 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\liveup.ini
[2006/11/23 11:40:09 | 006,469,352 | -H-- | C] () -- C:\Program Files\avgas-setup-7.5.0.50.exe
[2006/11/23 11:20:22 | 002,855,080 | -H-- | C] () -- C:\Program Files\aawsepersonal.exe
[2006/11/16 08:55:40 | 000,000,024 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/10/07 18:56:12 | 000,004,074 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2006/01/01 15:53:15 | 000,001,390 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/11/23 21:10:38 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\hpqEmlsz.INI
[2005/10/12 20:20:23 | 000,072,645 | -H-- | C] () -- C:\Program Files\scriptina.zip
[2005/10/11 01:34:32 | 038,664,291 | -H-- | C] () -- C:\Program Files\MSIDVD.zip
[2005/09/15 02:00:35 | 000,002,202 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2005/08/17 14:25:17 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Edna Gardner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/17 12:16:57 | 004,077,184 | -H-- | C] () -- C:\Program Files\winzip90.exe
[2005/08/17 11:09:23 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\7F205E7CF8.sys
[2005/08/17 09:18:48 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/05/10 12:03:47 | 000,153,088 | -H-- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2005/05/10 12:03:47 | 000,075,264 | -H-- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2005/05/01 13:17:03 | 000,000,001 | -H-- | C] () -- C:\WINDOWS\619281.exe
[2005/05/01 13:10:54 | 000,000,001 | -H-- | C] () -- C:\WINDOWS\250109.exe
[2005/05/01 12:50:35 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\msoffice.ini
[2005/04/21 14:06:39 | 000,037,027 | -H-- | C] () -- C:\WINDOWS\atmoUn.exe
[2004/11/18 12:05:08 | 000,000,101 | -H-- | C] () -- C:\WINDOWS\upst.ini
[2004/09/26 12:53:13 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/17 17:37:42 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/06/18 16:24:43 | 000,053,058 | -H-- | C] () -- C:\WINDOWS\psa201se_DLM_us_full.exe
[2004/06/18 09:00:52 | 000,000,049 | -H-- | C] () -- C:\WINDOWS\upth.ini
[2004/06/18 09:00:52 | 000,000,029 | -H-- | C] () -- C:\WINDOWS\atid.ini
[2004/06/15 13:43:55 | 000,000,715 | -H-- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2004/06/15 13:39:48 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2004/06/12 14:53:01 | 000,399,872 | -H-- | C] () -- C:\WINDOWS\c4dstand.dll
[2004/06/12 14:52:44 | 000,003,196 | -H-- | C] () -- C:\WINDOWS\splash.ini
[2004/06/12 09:00:03 | 000,000,365 | -H-- | C] () -- C:\WINDOWS\PowerReg.dat
[2004/06/12 08:35:11 | 000,006,550 | -H-- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/06/07 18:22:10 | 000,561,152 | RH-- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2004/06/07 17:02:35 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\wh2robo.dll
[2004/06/07 17:02:34 | 000,040,448 | -H-- | C] () -- C:\WINDOWS\System32\regobj.dll
[2004/06/07 12:53:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2004/06/07 12:53:45 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\InstKeyb.exe
[2004/06/07 12:53:45 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2004/06/07 12:53:45 | 000,002,608 | -H-- | C] () -- C:\WINDOWS\KB9908.ini
[2004/06/02 13:05:40 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2004/05/27 21:17:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/05/27 21:10:41 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/05/27 17:01:23 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/05/27 17:00:19 | 000,284,520 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/05/27 10:06:45 | 000,363,520 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/10/30 09:53:44 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\sis650.bin
[2003/10/01 15:26:44 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\sis740.bin
[2003/04/22 09:46:52 | 002,719,744 | -H-- | C] () -- C:\Program Files\aiodrv.msi
[2003/04/22 09:42:04 | 002,588,672 | -H-- | C] () -- C:\Program Files\aiosw.msi
[2003/04/22 09:24:10 | 000,016,606 | -H-- | C] () -- C:\Program Files\hpomdl01.dat
[2003/04/22 09:24:02 | 000,019,469 | -H-- | C] () -- C:\Program Files\autorun.inf
[2003/04/22 09:23:58 | 000,000,267 | -H-- | C] () -- C:\Program Files\readme.html
[2003/04/09 17:19:46 | 000,002,848 | -H-- | C] () -- C:\Program Files\hpound08.inf
[2003/04/09 17:19:42 | 000,014,157 | -H-- | C] () -- C:\Program Files\hpousc08.inf
[2003/04/09 17:00:50 | 000,002,889 | -H-- | C] () -- C:\Program Files\hpousb08.inf
[2003/04/09 17:00:48 | 000,004,715 | -H-- | C] () -- C:\Program Files\hpoglu08.inf
[2003/03/31 07:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 07:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 07:00:00 | 000,439,042 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 07:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 07:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 07:00:00 | 000,070,218 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 07:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 07:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 07:00:00 | 000,004,461 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 07:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 07:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/03/27 15:28:44 | 000,004,955 | -H-- | C] () -- C:\WINDOWS\System32\DProg.ini
[2003/03/20 15:20:50 | 000,022,523 | -H-- | C] () -- C:\Program Files\HPZius12.cat
[2003/03/20 15:20:48 | 000,022,082 | -H-- | C] () -- C:\Program Files\hpzist12.cat
[2003/03/20 15:20:46 | 000,024,728 | -H-- | C] () -- C:\Program Files\HPZipr12.cat
[2003/03/20 15:20:44 | 000,022,082 | -H-- | C] () -- C:\Program Files\HPZid412.cat
[2003/03/20 15:20:42 | 000,021,641 | -H-- | C] () -- C:\Program Files\HPOunp08.cat
[2003/03/20 15:20:40 | 000,024,285 | -H-- | C] () -- C:\Program Files\hposcu08.cat
[2003/03/20 15:20:38 | 000,205,503 | -H-- | C] () -- C:\Program Files\hpoprn08.cat
[2003/03/09 20:30:44 | 000,016,352 | -H-- | C] () -- C:\Program Files\HPZUCI12.DLL
[2003/03/09 20:30:44 | 000,014,285 | -H-- | C] () -- C:\Program Files\hpzius12.inf
[2003/03/09 20:30:44 | 000,010,325 | -H-- | C] () -- C:\Program Files\hpzipr12.inf
[2003/03/09 20:30:44 | 000,003,667 | -H-- | C] () -- C:\Program Files\hpzist12.inf
[2003/03/09 20:30:42 | 000,063,562 | -H-- | C] () -- C:\Program Files\hposcu08.inf
[2003/03/09 20:30:42 | 000,051,266 | -H-- | C] () -- C:\Program Files\hpoprn08.inf
[2003/03/09 20:30:42 | 000,033,952 | -H-- | C] () -- C:\Program Files\hpzid412.inf
[2003/03/09 20:30:42 | 000,023,186 | -H-- | C] () -- C:\Program Files\hpzcin06.ex_
[2003/03/09 20:30:42 | 000,003,898 | -H-- | C] () -- C:\Program Files\hpounp08.inf
[2002/09/09 17:48:02 | 000,458,752 | -H-- | C] () -- C:\Program Files\tls704d.dll
[2002/09/09 17:47:36 | 000,055,155 | -H-- | C] () -- C:\Program Files\hpzusb00.sy_
[2002/09/09 17:47:26 | 000,005,705 | -H-- | C] () -- C:\Program Files\hpzuci02.dl_
[2002/09/09 17:47:08 | 000,025,639 | -H-- | C] () -- C:\Program Files\hpzpom04.dl_
[2002/09/09 17:46:16 | 000,052,552 | -H-- | C] () -- C:\Program Files\hpziou01.dl_
[2002/09/09 17:46:06 | 000,046,017 | -H-- | C] () -- C:\Program Files\hpzion00.sy_
[2002/01/08 18:03:10 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\System32\MiniBrowser.dll

========== LOP Check ==========

[2011/08/03 22:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2008/12/25 13:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/12/26 17:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2011/04/28 00:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2011/10/17 09:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint
[2009/11/25 12:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/10/17 10:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2004/06/07 17:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2010/07/09 23:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2005/12/29 14:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edna Gardner\Application Data\Aim
[2010/08/13 22:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edna Gardner\Application Data\CallingID
[2009/11/25 13:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edna Gardner\Application Data\comcasttb
[2011/07/27 23:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edna Gardner\Application Data\FileZilla
[2005/07/09 08:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edna Gardner\Application Data\Leadertech
[2004/06/15 13:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edna Gardner\Application Data\Learn2.com
[2011/01/08 15:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edna Gardner\Application Data\Sierra Wireless
[2011/01/08 16:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edna Gardner\Application Data\Sprint
[2007/12/26 15:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edna Gardner\Application Data\Viewpoint
[2010/08/13 21:56:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edna Gardner\Application Data\xfinitytb
[2011/12/10 14:00:00 | 000,000,296 | -H-- | M] () -- C:\WINDOWS\Tasks\enoynvss.job
[2010/01/03 06:35:31 | 000,000,368 | -H-- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1234897661.job
[2011/08/19 15:00:03 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\{3CB8748F-831C-457D-A9A8-C392A6ED0CCB}_EDNA-QD37W97K71_Edna Gardner.job
[2011/08/16 08:00:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\{D21ED0A7-7ADF-40EC-A66F-D549E5BD7194}_EDNA-QD37W97K71_Edna Gardner.job
[2011/08/19 15:00:03 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\{DDAF95FD-737D-4703-9FB1-A0B7E15F14AB}_EDNA-QD37W97K71_Edna Gardner.job

========== Purity Check ==========



< End of report >
  • 0

#3
Amlak
Posted 10 December 2011 - 10:10 PM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Welcome to GTG. Let's help you out with your malware issue(s).

As I'm still in training, my fix will first have to be approved by an expert before I can submit it. So expect a bit of delay in my responses involving actual fixes.

Before we start, make sure you carefully read what I have to say. Don't skip anything. You may even want to have this all printed out in case you're forced to exit this window.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#4
Amlak
Posted 13 December 2011 - 04:53 PM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Step 1

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.


Step 2

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    O4 - HKLM..\Run: [wenupabeh] Rundll32.exe "c:\windows\system32\tidotiko.dll",a File not found
O4 - HKLM..\Run: [yxtaAetnpDWiqS.exe] C:\Documents and Settings\All Users\Application Data\yxtaAetnpDWiqS.exe File not found
O4 - HKCU..\Run: [A00F9F5AE.exe] C:\DOCUME~1\EDNAGA~1\LOCALS~1\Temp\_A00F9F5AE.exe File not found
O20 - AppInit_DLLs: (C:\WINDOWS\System32\dxmasf32.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\jivazona.dll) - File not found
O20 - AppInit_DLLs: (kunuteva.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\tidotiko.dll) - File not found
O20 - Winlogon\Notify\d871105a448: DllName - (C:\WINDOWS\System32\dxmasf32.dll) - File not found
O21 - SSODL: vefalopek - {79852d63-8991-46ad-8d2b-f170d5fca348} - c:\windows\system32\jivazona.dll File not found
O21 - SSODL: zefuviwut - {4757e790-a35e-494f-9e4f-1d205ae16da4} - c:\windows\system32\tidotiko.dll File not found
O22 - SharedTaskScheduler: {4757e790-a35e-494f-9e4f-1d205ae16da4} - mujuzedij - c:\windows\system32\tidotiko.dll File not found
O22 - SharedTaskScheduler: {79852d63-8991-46ad-8d2b-f170d5fca348} - mujuzedij - c:\windows\system32\jivazona.dll File not found
O33 - MountPoints2\{1e29d53a-1b6a-11e0-89f8-000c7693a609}\Shell - "" = AutoRun
O33 - MountPoints2\{1e29d53a-1b6a-11e0-89f8-000c7693a609}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1e29d53a-1b6a-11e0-89f8-000c7693a609}\Shell\AutoRun\command - "" = E:\WIN\setup.exe
O33 - MountPoints2\{9a0a3777-d2ba-11dd-898b-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{9a0a3777-d2ba-11dd-898b-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a0a3777-d2ba-11dd-898b-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{b795c4ce-da41-11de-89ac-000c7693a609}\Shell\AutoRun\command - "" = E:\rcaeasyrip_setup.exe
O33 - MountPoints2\{b795c4ce-da41-11de-89ac-000c7693a609}\Shell\install\command - "" = E:\rcaeasyrip_setup.exe
O33 - MountPoints2\{b795c4ce-da41-11de-89ac-000c7693a609}\Shell\usermanualEnglish\command - "" = E:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{b795c4ce-da41-11de-89ac-000c7693a609}\Shell\usermanualFrench\command - "" = E:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{b795c4ce-da41-11de-89ac-000c7693a609}\Shell\usermanualSpanish\command - "" = E:\rcaeasyrip_setup.exe /pdf_Spanish
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe
[2011/10/17 10:19:54 | 000,428,544 | ---- | C] (Производитель) -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe
[2011/10/17 10:20:22 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
[2011/10/17 10:20:22 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
[2011/10/17 10:20:00 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2005/08/17 11:09:23 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\7F205E7CF8.sys
[2005/05/01 13:17:03 | 000,000,001 | -H-- | C] () -- C:\WINDOWS\619281.exe
[2005/05/01 13:10:54 | 000,000,001 | -H-- | C] () -- C:\WINDOWS\250109.exe

:FILES
attrib -h c:\*.* /s /d /c
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:COMMANDS
[resethosts]
  • Click the Run Fix button at the top.
  • When done, post the content of the resultant log in your next reply.


Step 3

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    msconfig
safebootminimal
safebootnetwork
activex
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.*
%APPDATA%\*.*
%systemroot%\Tasks\*.*
C:\Documents and Settings\All Users\Application Data\*.*
%Temp%\smtmp\*.* /s
  • Click the Run Scan button at the top.
  • Make sure you post the log it produces in your next reply.

  • 0

#5
Essexboy
Posted 21 December 2011 - 04:53 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP