Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Open with error/ no internet connection [Solved]


  • This topic is locked This topic is locked

#1
krobin75

krobin75

    Member

  • Member
  • PipPip
  • 12 posts
Hi...somewhat of a computer novice here. A couple days ago I got the 2012 Antivirus virus and removed it as was explained on one of the many forums I have been on looking for a solution. After stopping that, I then started having "MotoHelper Service" errors come up and now no executable files work - they all bring up the Open with window or simply say application not found. My wireless connect has also been 'acquiring network address" but never connects.

Please help!!!

Thanks!
  • 0

Advertisements


#2
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi, krobin75, Welcome to GeeksToGo! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
  • I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
  • If you are not sure of anything along the way, just ask.

OK, lets start ;)



Could you go through the following steps please, then get back to me with the logs that they create. As you have no internet connection on your PC at the moment, you will need to try and download these tools on another PC and transfer them onto this one using a USB stick or CD for example.



1)
OTL Quick Scan
Download OTL to your Desktop
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic




2)
Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image




In your next reply
Please post the contents of...
OTL logs
aswMBR log

  • 0

#3
krobin75

krobin75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks BlackOxide - you're a life saver! (I hope)

Here are the logs:

OTL:

OTL logfile created on: 1/2/2012 10:51:27 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.37 Mb Total Physical Memory | 630.65 Mb Available Physical Memory | 62.11% Memory free 2.39 Gb Paging File | 2.08 Gb Available in Paging File | 87.39% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 25.16 Gb Free Space | 33.77% Space Free | Partition Type: NTFS

Computer Name: USER-7086C1A3DC | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/02 22:45:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2010/09/07 11:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/04/13 19:12:18 | 000,180,224 | ---- | M] (Microsoft Corporation) --C:\WINDOWS\system32\dwwin.exe PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2007/05/17 16:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe PRC - [2007/02/21 09:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/13 19:38:22 | 000,212,992 | ---- | M] () --C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\Sys tem.ServiceProcess.ni.dll MOD - [2011/10/12 21:13:23 | 007,950,848 | ---- | M] () --C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll MOD - [2011/10/12 21:12:22 | 011,490,816 | ---- | M] () --C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll MOD - [2011/10/12 21:10:56 | 002,048,000 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2011/10/12 21:10:55 | 003,182,592 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2011/10/12 21:10:52 | 002,933,248 | ---- | M] () --C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2011/10/12 21:10:51 | 000,425,984 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2011/10/12 21:10:42 | 000,626,688 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2011/10/12 21:10:42 | 000,303,104 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.d ll MOD - [2011/10/12 21:10:39 | 000,258,048 | ---- | M] () --C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices .dll MOD - [2011/10/12 21:10:38 | 000,261,632 | ---- | M] () --C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2011/10/12 21:10:31 | 000,114,688 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll MOD - [2011/10/12 21:10:17 | 005,025,792 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2011/03/02 10:17:11 | 000,409,960 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit. Spc.Map.WindowsFirewallUtilities.dll MOD - [2011/03/02 10:17:10 | 000,476,520 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter .dll MOD - [2011/03/02 10:17:07 | 000,046,952 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816 ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll MOD - [2011/03/02 10:17:06 | 000,421,224 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd. WinClient.Api.Net.dll MOD - [2011/03/02 10:17:06 | 000,023,912 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead8632 1\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll MOD - [2011/03/02 10:17:06 | 000,018,792 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d481 6ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll MOD - [2011/03/02 10:17:06 | 000,012,136 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__ 540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll MOD - [2011/03/02 10:17:04 | 000,269,672 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll MOD - [2011/03/02 10:17:03 | 000,120,168 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd. Client.DataAccess.dll MOD - [2011/03/02 10:17:03 | 000,070,504 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Clie nt.Common.dll MOD - [2011/03/02 10:17:02 | 000,121,704 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.E sd.Client.BusinessLogic.dll MOD - [2010/09/07 11:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe MOD - [2010/01/09 21:41:08 | 000,854,016 | ---- | M] () --C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll MOD - [2010/01/09 21:41:05 | 000,403,456 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit. Spc.Map.WindowsFirewallUtilities.dll MOD - [2010/01/09 21:41:04 | 000,471,040 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter .dll MOD - [2010/01/09 21:41:01 | 000,046,880 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d481 6ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll MOD - [2010/01/09 21:41:01 | 000,018,720 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d48 16ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll MOD - [2010/01/09 21:41:00 | 000,419,616 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd .WinClient.Api.Net.dll MOD - [2010/01/09 21:41:00 | 000,270,112 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll MOD - [2010/01/09 21:40:58 | 000,121,632 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc. Esd.Client.BusinessLogic.dll MOD - [2010/01/09 21:40:58 | 000,120,096 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd .Client.DataAccess.dll MOD - [2010/01/09 21:40:58 | 000,070,432 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Cli ent.Common.dll MOD - [2010/01/09 15:43:39 | 000,047,392 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d481 6ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll MOD - [2010/01/09 15:43:39 | 000,018,720 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d48 16ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll MOD - [2010/01/09 15:43:38 | 000,402,208 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd .WinClient.Api.Net.dll MOD - [2010/01/09 15:43:38 | 000,130,848 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc. Esd.Client.BusinessLogic.dll MOD - [2010/01/09 15:43:38 | 000,120,608 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd .Client.DataAccess.dll MOD - [2010/01/09 15:43:38 | 000,072,992 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Cli ent.Common.dll MOD - [2009/12/30 17:48:10 | 000,102,032 | ---- | M] () -- C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu.dll MOD - [2009/02/19 18:51:04 | 000,238,368 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll MOD - [2009/01/31 22:53:47 | 001,058,304 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit. Spc.Map.WindowsFirewallUtilities.dll MOD - [2009/01/31 22:53:46 | 000,471,040 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter .dll MOD - [2009/01/31 22:43:37 | 000,755,712 | ---- | M] () --C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll MOD - [2009/01/31 22:43:36 | 000,270,336 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll MOD - [2009/01/31 22:43:33 | 000,458,752 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Fou ndations.Portability.dll MOD - [2009/01/31 22:43:32 | 000,065,536 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll MOD - [2009/01/31 22:43:32 | 000,045,056 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc .Foundations.Primary.Logging.dll MOD - [2009/01/31 22:43:31 | 000,073,728 | ---- | M] () --C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc. Foundations.Primary.Config.dll MOD - [2007/02/21 09:13:02 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll MOD - [2006/11/01 10:48:02 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll MOD - [2002/07/04 09:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll MOD - [2001/11/17 12:25:08 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9) SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (CLEARWIRERcAppSvc) SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon) SRV - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] --c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2010/09/07 11:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper) SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService) SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007/05/17 16:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] --C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2007/02/21 09:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] --C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®

========== Driver Services (SafeList) ==========

DRV - [2011/12/29 23:23:35 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C45D45A-1C8D-4D7B-BCC3-125F0B58B167}\MpKslcaa0c18b.sys -- (MpKslcaa0c18b) DRV - [2011/07/23 12:08:27 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2010/12/30 10:54:06 | 000,034,736 | ---- | M] () [Kernel | On_Demand | Stopped] --C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit) DRV - [2010/11/17 14:23:54 | 000,039,632 | ---- | M] () [Kernel | On_Demand | Running] --C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt) DRV - [2010/08/12 07:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] --C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2010/07/08 12:32:54 | 000,318,464 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drxvi314.sys -- (bcm) DRV - [2010/07/08 12:29:32 | 000,051,456 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BcmBusCtr.sys -- (bcmbusctr) DRV - [2010/06/18 14:09:48 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] --C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem) DRV - [2010/06/18 13:41:34 | 000,019,968 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] --C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp) DRV - [2010/04/01 13:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] --C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet) DRV - [2010/01/29 10:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive) DRV - [2010/01/25 18:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] --C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice) DRV - [2009/08/19 16:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2009/01/29 16:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] --C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl) DRV - [2009/01/29 16:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] --C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService) DRV - [2008/10/16 19:35:58 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2008/09/23 09:45:32 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2008/09/23 09:45:31 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2008/07/24 17:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] --C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2007/11/02 14:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] --C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService) DRV - [2007/05/10 08:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] --C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2007/04/10 16:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000) DRV - [2007/02/21 09:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] --C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2007/02/08 11:51:16 | 002,209,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel® DRV - [2006/11/14 22:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] --C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2006/11/14 17:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] --C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006/11/14 15:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] --C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2005/08/05 09:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2003/09/19 15:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] --C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2001/07/20 07:29:00 | 000,024,555 | R--- | M] (USB2LAN) [Kernel | On_Demand | Stopped] --C:\WINDOWS\system32\drivers\NET8511.SYS -- (NET8511)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..extensions.enabledItems: [email protected]:1.0 FF - prefs.js..extensions.enabledItems: {F78C6C5C-17E1-45A7-ACB0-F6760731BC67}:1.9.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..network.proxy.no_proxies_on: "localhost,*.local" FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin,version=3.1.0.05: C:\Program Files\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll (Skyhook Wireless) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F78C6C5C-17E1-45A7-ACB0-F6760731BC67}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{F78C6C5C-17E1-45A7-ACB0-F6760731BC67} [2010/10/10 13:49:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 09:38:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/17 13:14:06 | 000,000,000 | ---D | M]

[2010/10/26 19:17:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2010/09/16 20:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\[email protected] [2011/06/20 15:40:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\us9zlbb6.default\extensions [2011/02/07 09:04:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\us9zlbb6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/11/10 09:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\US9ZLBB6.DEFAULT\EXTENSIONS\[email protected] [2011/11/10 09:38:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2007/07/18 11:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files\mozilla firefox\plugins\nptgeqplugin.dll [2011/08/20 22:00:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/11/10 09:38:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/02/28 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.) O2 - BHO: (Browser Helper Object) - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Shared\lib.dll File not found O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ckuxicu] rundll32.exe "C:\WINDOWS\eqekekibehav.dll",Startup File not found O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe File not found O4 - HKLM..\Run: [eFax 4.3] C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe (j2 Global Communications, Inc.) O4 - HKLM..\Run: [EPSON Stylus CX7800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" File not found O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [pcsafedoctor.exe] C:\Program Files\PCSafeDoctor\pcsafedoctor.exe () O4 - HKLM..\Run: [PDFServiceEngine] C:\Program Files\PDF Suite\PDFServiceEngine.exe File not found O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [Standby] C:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel) O4 - HKLM..\Run: [StxTrayMenu] C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe (Seagate LLC) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation) O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc) O4 - HKCU..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.) O4 - HKCU..\Run: [Ctefu] rundll32.exe "C:\WINDOWS\wderms.dll",Startup File not found O4 - HKCU..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe () O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc) O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe (j2 Global Communications, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} http://riteaid.store...eUpload1_10.CAB (SFImageUpload1_10.ImageUpload) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://www.ritzpix.c...PUploader57.cab (Image Uploader Control) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://freetrial.we...bex/ieatgpc.cab (GpcContainer Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{268B952C-7E9C-4352-BAC8-90D44A37576F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60557C6D-1598-491F-9ACE-F9E6F8CD1DA1}: DhcpNameServer = 64.213.152.18 66.180.96.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/08/01 10:02:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{06470aea-b833-11df-a0cb-0023edf198ae}\Shell - "" = AutoRun O33 - MountPoints2\{06470aea-b833-11df-a0cb-0023edf198ae}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{06470aea-b833-11df-a0cb-0023edf198ae}\Shell\AutoRun\command - "" = E:\setup.exe -a O33 - MountPoints2\{21fd9ff0-7d2c-11de-a03e-0014229216e4}\Shell - "" = AutoRun O33 - MountPoints2\{21fd9ff0-7d2c-11de-a03e-0014229216e4}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{21fd9ff0-7d2c-11de-a03e-0014229216e4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{870ada68-c618-11de-a058-0014229216e4}\Shell\AutoRun\command - "" = E:\WDSetup.exe O33 - MountPoints2\{e0e58bb8-aa61-11df-a0c5-0014229216e4}\Shell\AutoRun\command - "" = G:\PMBP_Win.exe O33 - MountPoints2\{e6f37c34-d12a-11dd-9ff1-0014229216e4}\Shell - "" = AutoRun O33 - MountPoints2\{e6f37c34-d12a-11dd-9ff1-0014229216e4}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e6f37c34-d12a-11dd-9ff1-0014229216e4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: dmreedit - (C:\WINDOWS\system32\javaay32.dll) - File not found O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = 7YH] -- "C:\Documents and Settings\Administrator\Local Settings\Application Data\nxf.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/02 22:50:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com [2012/01/02 22:50:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2011/12/29 22:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PCSafeDoctor [2011/12/29 22:23:09 | 000,000,000 | ---D | C] -- C:\Program Files\PCSafeDoctor [2011/08/10 15:25:35 | 000,463,520 | ---- | C] (Corel) -- C:\Program Files\Common Files\AppFramework.dll [2011/08/10 15:25:35 | 000,330,400 | ---- | C] (Corel) -- C:\Program Files\Common Files\MediaOrganizer.dll [2011/08/10 15:25:35 | 000,031,392 | ---- | C] (Corel-V1E) -- C:\Program Files\Common Files\FlickrProvider.dll [2009/01/04 15:02:35 | 001,753,768 | ---- | C] (Microsoft Corporation) -- C:\Program Files\olk1004.exe [2008/11/05 23:11:21 | 067,167,528 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes801Setup.exe [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/02 22:45:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com [2011/12/30 00:40:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/12/29 23:28:37 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011/12/29 23:23:45 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2011/12/29 23:23:45 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2011/12/29 23:23:03 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011/12/29 23:23:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/12/29 23:22:52 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/12/29 23:22:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/12/29 22:54:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2011/12/29 22:24:12 | 000,000,022 | ---- | M] () -- C:\WINDOWS\tpcsd [2011/12/29 22:23:23 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\pcsafedoctor.lnk [2011/12/29 22:17:12 | 000,000,000 | -H-- | M] () --C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf [2011/12/26 17:18:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/12/23 00:21:08 | 000,020,392 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\651481b0r625f284t682b4nak2t4 [2011/12/23 00:21:07 | 000,020,392 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\651481b0r625f284t682b4nak2t4 [2011/12/22 10:38:31 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB [2011/12/21 15:45:32 | 000,039,775 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HOA Fees003.pdf [2011/12/21 11:46:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\eFax_4_3_Port [2011/12/18 21:48:10 | 000,003,766 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys [2011/12/18 21:34:36 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/12/16 10:40:46 | 000,315,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/12/16 09:49:30 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/12/08 12:15:02 | 000,172,867 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Addendum002.pdf [2011/12/07 18:21:00 | 005,312,393 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Ascot appraisal.pdf [2011/12/07 14:33:00 | 000,005,468 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\New Flight Info [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/29 22:24:12 | 000,000,022 | ---- | C] () -- C:\WINDOWS\tpcsd [2011/12/29 22:23:23 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\pcsafedoctor.lnk [2011/12/29 22:23:12 | 000,034,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RKHit.sys [2011/12/23 00:01:00 | 000,020,392 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\651481b0r625f284t682b4nak2t4 [2011/12/23 00:01:00 | 000,020,392 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\651481b0r625f284t682b4nak2t4 [2011/12/21 15:45:32 | 000,039,775 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HOA Fees003.pdf [2011/12/08 12:15:02 | 000,172,867 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Addendum002.pdf [2011/12/07 18:21:00 | 005,312,393 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Ascot appraisal.pdf [2011/12/07 14:33:00 | 000,005,468 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\New Flight Info [2011/10/04 20:50:46 | 003,426,080 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2011/08/10 15:25:35 | 000,401,056 | ---- | C] () -- C:\Program Files\Common Files\facebook.dll [2011/08/10 15:25:35 | 000,128,672 | ---- | C] () -- C:\Program Files\Common Files\PluginCommon.dll [2011/07/23 12:09:30 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011/07/23 12:09:30 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011/04/18 11:25:36 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011/01/13 21:00:46 | 000,039,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys [2010/12/23 14:03:16 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\1D89FA2FC5.sys [2010/12/23 14:03:15 | 000,003,766 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys [2010/12/13 16:41:51 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX7800.ini [2010/10/26 19:16:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010/09/09 22:01:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kxemikisoxebu.bin [2010/09/09 22:01:57 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Dkesimibahu.dat [2010/05/10 17:48:24 | 000,069,848 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/03/14 22:32:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/03/14 20:59:18 | 000,007,275 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini [2010/01/03 20:34:21 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2010/01/03 20:34:21 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2010/01/03 20:34:21 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2010/01/03 20:34:21 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2010/01/03 20:34:21 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2010/01/03 20:34:21 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2010/01/03 20:34:21 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2010/01/03 20:34:21 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2010/01/03 20:34:21 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2010/01/03 20:34:21 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2010/01/03 20:34:21 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2010/01/03 20:34:21 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2010/01/03 20:34:21 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2010/01/03 20:34:21 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2010/01/03 20:34:21 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2010/01/03 20:34:21 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2009/10/01 15:51:14 | 002,033,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\macxvi200.bin [2009/05/06 12:56:02 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2009/03/03 09:59:14 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini [2009/02/20 14:03:15 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009/01/07 21:10:55 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI [2009/01/07 18:45:48 | 007,364,608 | ---- | C] () -- C:\Program Files\epson12766.exe [2008/12/05 17:19:06 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin [2008/10/28 12:35:08 | 000,000,268 | ---- | C] () -- C:\WINDOWS\hpbafd.ini [2008/08/07 13:11:17 | 000,001,300 | ---- | C] () -- C:\WINDOWS\BARNACLES.INI [2008/08/06 21:28:34 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/08/01 13:45:25 | 000,000,484 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/08/01 10:45:28 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2008/08/01 10:41:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2008/08/01 10:41:05 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2008/08/01 10:41:05 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE [2008/08/01 10:05:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008/08/01 09:59:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/08/01 06:33:52 | 000,004,328 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008/08/01 06:32:37 | 000,315,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2007/08/06 10:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll [2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006/02/28 07:00:00 | 000,433,372 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006/02/28 07:00:00 | 000,068,162 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006/02/28 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2005/02/03 19:59:44 | 002,129,920 | ---- | C] () -- C:\WINDOWS\System32\myodbc3S.dll [2005/01/30 13:27:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\myodbcinst.exe [2005/01/30 13:27:32 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\imyodbc.exe [2001/11/17 12:25:08 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

========== LOP Check ==========

[2010/11/07 20:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon [2008/08/02 07:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\eFax Messenger [2009/01/04 13:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo [2010/06/14 15:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Individual Software [2010/12/13 16:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech [2010/10/26 20:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MyPublisher [2009/02/20 21:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Paltalk [2011/01/07 21:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PDF Software [2011/01/13 21:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sierra Wireless [2010/03/14 21:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Skinux [2010/09/16 21:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Smith Micro [2010/09/16 20:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Songbird2 [2010/12/22 12:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems [2010/10/26 13:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\webex [2009/11/16 11:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Output [2008/08/02 07:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Setup [2011/01/03 17:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eNcFc09000 [2010/12/13 16:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2009/04/11 17:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn [2009/01/16 20:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks [2011/08/10 11:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2011/04/18 11:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V CAST Media Manager [2008/10/07 11:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2010/04/09 07:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/09/16 19:27:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70} [2011/12/29 23:23:03 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2011/12/29 23:28:37 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

< End of report >

Extras:

OTL Extras logfile created on: 1/2/2012 10:51:27 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.37 Mb Total Physical Memory | 630.65 Mb Available Physical Memory | 62.11% Memory free 2.39 Gb Paging File | 2.08 Gb Available in Paging File | 87.39% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 25.16 Gb Free Space | 33.77% Space Free | Partition Type: NTFS

Computer Name: USER-7086C1A3DC | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = 7YH] -- "C:\Documents and Settings\Administrator\Local Settings\Application Data\nxf.exe" -a "%1" %* .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with Corel PaintShop Photo Pro X3] -- "C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 1 "FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\D omainProfile] "EnableFirewall" = 0 "DisableNotifications" = 1 "DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\S tandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\S tandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\D omainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\S tandardProfile\AuthorizedApplications\List] "C:\Program Files\Restaurant\Barnacles.Exe" = C:\Program Files\Restaurant\Barnacles.Exe:*:Enabled:Restaurant Sales Tracker "C:\Program Files\Autobahn\mlb-nexdef-autobahn.exe" = C:\Program Files\Autobahn\mlb-nexdef-autobahn.exe:*:Enabled:mlb-nexdef-autobahn "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "C:\Program Files\Paltalk Messenger\paltalk.exe" = C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene "C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation) "C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation) "C:\Program Files\ATT-HSI\McciBrowser.exe" = C:\Program Files\ATT-HSI\McciBrowser.exe:*:Enabled:motivebrowser.exe -- (Motive Communications, Inc.) "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971 "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company) "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{707EB912-C597-49D8-9460-46CC9AB03EBE}" = Corel Painter Photo Essentials 4 "_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3 "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO "{08DEC21F-F7E5-46F9-81D1-3ED30BD3AEC9}" = CASIO USB Driver V1.2.2474.0623 "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD "{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 23 "{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MyODBC "{293B2D75-5735-4DFE-8642-F0EDEE9EB064}" = TurboTax 2010 wgaiper "{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation "{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support "{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{374256A0-EAA2-012B-AD60-000000000000}" = TurboTax 2009 wgaiper "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore "{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2 "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg "{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001 "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5D51C5DC-3604-4C3B-981B-309340755447}" = Pantech Handset Driver "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA "{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam "{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr "{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack "{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules "{707EB912-C597-49D8-9460-46CC9AB03EBE}" = Corel Painter Photo Essentials 4 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03 "{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset "{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}" = Motorola Mobile Drivers Installation 4.7.1 "{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg "{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{ABE068DF-8DC4-4947-ABFC-DD2B40850225}" = SFR2 "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1) "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI "{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper "{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport "{B3076A28-345A-4d89-90A3-B68866C0DFB8}" = eFax Messenger 4.3 "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials "{C73F2967-062E-48F2-A462-D335B8950183}" = Safari "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CDEFD989-469E-421D-A8B1-EC7AB25C8CB2}" = TurboTax 2008 wgaiper "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup "{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software "{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5 "{D7D99A66-493F-468B-BCE1-6F88612B89D5}" = Contents "{D8C02397-E0EF-4891-820E-1547DCC6701B}" = ContentHD "{D94ABC2B-5CA9-48B2-9266-15AB78384D3C}" = Share "{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3 "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR "{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro "{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0 "{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore "{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 "{ECD43B7A-CB3B-4AF8-91F6-C460A575E411}" = FreeAgent Go Tools "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock "{FDF64A37-4842-48CD-A424-2C38444D36FD}" = LG Android Drivers "4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) "ActiveTouchMeetingClient" = WebEx "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Autobahn" = MLB.TV NexDef Plug-in "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card "Canon MOV Decoder" = Canon MOV Decoder "Canon MOV Encoder" = Canon MOV Encoder "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "EPSON Printer and Utilities" = EPSON Printer Software "EPSON Scanner" = EPSON Scan "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19] "Google Chrome" = Google Chrome "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 "InstallShield_{ECD43B7A-CB3B-4AF8-91F6-C460A575E411}" = FreeAgent Go Tools "Loki ActiveX Control" = Loki ActiveX Control "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Client" = Microsoft Security Essentials "MotoHelper" = MotoHelper 2.0.24 Driver 4.7.1 "Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MyPublisher" = MyPublisher "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PCSafeDoctor_is1" = PCSafeDoctor "Picasa 3" = Picasa 3 "ProInst" = Intel® PROSet/Wireless Software "Silent Package Run-Time Sample" = EPSON CX 7800 Guide "TurboTax 2008" = TurboTax 2008 "TurboTax 2009" = TurboTax 2009 "TurboTax 2010" = TurboTax 2010 "UltraISO_is1" = UltraISO Premium V9.36 "Verizon V CAST Media Manager" = Verizon V CAST Media Manager "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WIC" = Windows Imaging Component "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Search Defender" = Yahoo! Search Protection "Yahoo! Software Update" = Yahoo! Software Update "YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ] Error - 12/30/2011 1:50:35 AM | Computer Name = USER-7086C1A3DC | Source = Application Error | ID = 1000 Description = Faulting application MotoHelperService.exe, version 2.0.24.0, faulting module MotoHelperService.exe, version 2.0.24.0, fault address 0x000053dd.

Error - 12/30/2011 1:51:43 AM | Computer Name = USER-7086C1A3DC | Source = Application Error | ID = 1000 Description = Faulting application MotoHelperService.exe, version 2.0.24.0, faulting module MotoHelperService.exe, version 2.0.24.0, fault address 0x000053dd.

Error - 12/30/2011 1:56:47 AM | Computer Name = USER-7086C1A3DC | Source = Application Error | ID = 1000 Description = Faulting application MotoHelperService.exe, version 2.0.24.0, faulting module MotoHelperService.exe, version 2.0.24.0, fault address 0x000053dd.

Error - 1/2/2012 11:46:28 PM | Computer Name = USER-7086C1A3DC | Source = Application Error | ID = 1000 Description = Faulting application MotoHelperService.exe, version 2.0.24.0, faulting module MotoHelperService.exe, version 2.0.24.0, fault address 0x000053dd.

Error - 1/2/2012 11:47:28 PM | Computer Name = USER-7086C1A3DC | Source = Application Error | ID = 1000 Description = Faulting application MotoHelperService.exe, version 2.0.24.0, faulting module MotoHelperService.exe, version 2.0.24.0, fault address 0x000053dd.

Error - 1/2/2012 11:47:34 PM | Computer Name = USER-7086C1A3DC | Source = Application Error | ID = 1000 Description = Faulting application MotoHelperService.exe, version 2.0.24.0, faulting module MotoHelperService.exe, version 2.0.24.0, fault address 0x000053dd.

Error - 1/2/2012 11:47:39 PM | Computer Name = USER-7086C1A3DC | Source = Application Error | ID = 1000 Description = Faulting application MotoHelperService.exe, version 2.0.24.0, faulting module MotoHelperService.exe, version 2.0.24.0, fault address 0x000053dd.

Error - 1/2/2012 11:50:29 PM | Computer Name = USER-7086C1A3DC | Source = Application Error | ID = 1000 Description = Faulting application MotoHelperService.exe, version 2.0.24.0, faulting module MotoHelperService.exe, version 2.0.24.0, fault address 0x000053dd.

Error - 1/2/2012 11:55:33 PM | Computer Name = USER-7086C1A3DC | Source = Application Error | ID = 1000 Description = Faulting application MotoHelperService.exe, version 2.0.24.0, faulting module MotoHelperService.exe, version 2.0.24.0, fault address 0x000053dd.

Error - 1/2/2012 11:56:27 PM | Computer Name = USER-7086C1A3DC | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.

[ System Events ] Error - 1/2/2012 11:47:25 PM | Computer Name = USER-7086C1A3DC | Source = Service Control Manager | ID = 7031 Description = The MotoHelper Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error - 1/2/2012 11:47:31 PM | Computer Name = USER-7086C1A3DC | Source = Service Control Manager | ID = 7031 Description = The MotoHelper Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error - 1/2/2012 11:47:36 PM | Computer Name = USER-7086C1A3DC | Source = Service Control Manager | ID = 7031 Description = The MotoHelper Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error - 1/2/2012 11:50:26 PM | Computer Name = USER-7086C1A3DC | Source = Service Control Manager | ID = 7031 Description = The MotoHelper Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error - 1/2/2012 11:55:29 PM | Computer Name = USER-7086C1A3DC | Source = Service Control Manager | ID = 7031 Description = The MotoHelper Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error - 1/2/2012 11:56:27 PM | Computer Name = USER-7086C1A3DC | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1510.0 Update Source: %%859 Update Stage: %%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

Error - 1/2/2012 11:56:28 PM | Computer Name = USER-7086C1A3DC | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1510.0 Update Source: %%851 Update Stage: %%852 Source Path: http://go.microsoft.com/fwlink/? LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7903.0&avdelta=1.117.1510.0&asdelta=1.117.1510.0&pr od=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

Error - 1/2/2012 11:56:28 PM | Computer Name = USER-7086C1A3DC | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1510.0 Update Source: %%851 Update Stage: %%852 Source Path: http://go.microsoft.com/fwlink/? LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7903.0&avdelta=1.117.1510.0&asdelta=1.117.1510.0&pr od=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

Error - 1/2/2012 11:56:28 PM | Computer Name = USER-7086C1A3DC | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1510.0 Update Source: %%851 Update Stage: %%852 Source Path: http://go.microsoft.com/fwlink/? LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7903.0&avdelta=1.117.1510.0&asdelta=1.117.1510.0&pr od=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

Error - 1/2/2012 11:56:28 PM | Computer Name = USER-7086C1A3DC | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1510.0 Update Source: %%851 Update Stage: %%852 Source Path: http://go.microsoft.com/fwlink/? LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7903.0&avdelta=1.117.1510.0&asdelta=1.117.1510.0&pr od=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

< End of report >

aswMBR:

aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software Run date: 2012-01-02 23:01:11 -----------------------------23:01:11.500 OS Version: Windows 5.1.2600 Service Pack 3 23:01:11.500 Number of processors: 1 586 0xD08 23:01:11.500 ComputerName: USER-7086C1A3DC UserName: Administrator 23:01:12.312 Initialize success 23:01:36.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 23:01:36.531 Disk 0 Vendor: WDC_WD800VE-11KWT0 01.03K01 Size: 76319MB BusType: 3 23:01:36.531 Disk 0 MBR read successfully 23:01:36.531 Disk 0 MBR scan 23:01:36.531 Disk 0 Windows XP default MBR code 23:01:36.531 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63 23:01:36.546 Disk 0 scanning sectors +156280320 23:01:36.640 Disk 0 scanning C:\WINDOWS\system32\drivers 23:01:47.406 Service scanning 23:01:47.984 Service .afd \* **LOCKED** 123 23:01:48.265 Service MpKslcaa0c18b c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C45D45A-1C8D-4D7B-BCC3-125F0B58B167}\MpKslcaa0c18b.sys **LOCKED** 32 23:01:49.109 Modules scanning 23:01:57.218 Disk 0 trace - called modules: 23:01:57.218 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS 23:01:57.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87190ab8] 23:01:57.218 3 CLASSPNP.SYS[f75e7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x871c8940] 23:01:57.218 Scan finished successfully 23:02:13.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat" 23:02:13.890 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
  • 0

#4
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Thanks for the logs. However the lines in the logs appear all bunched together making it difficult to read. Could you check that 'Word Wrap' is not ticked in Notepad (It's under the Format menu at the top). If Word Wrap is already not ticked, could you run OTL and aswMBR again for me please, then attach the text files to your next post please. See below on how to attach files :)


To attach a file...
  • Click Add Reply as you would do normally
  • Then within the 'Attachments' area, click Browse and select the file that you want to attach
  • Click the Attach This File button
  • Now click Add to Post on the right hand side, to insert the attachment into your post.

  • 0

#5
krobin75

krobin75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
The second time around, it did not produce an extras file...

The wrap option was not ticked, so here are the attachments.

Thanks.

Attached Files


  • 0

#6
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Cheers, they look fine in the attachments. I'm just going to paste the OTL log below for myself so I can go through it.


OTL logfile created on: 1/4/2012 12:51:20 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.37 Mb Total Physical Memory | 601.07 Mb Available Physical Memory | 59.20% Memory free
2.39 Gb Paging File | 2.06 Gb Available in Paging File | 86.48% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 25.16 Gb Free Space | 33.76% Space Free | Partition Type: NTFS

Computer Name: USER-7086C1A3DC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/02 22:45:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/09/07 11:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 19:12:18 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/05/17 16:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/02/21 09:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/13 19:38:22 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/12 21:13:23 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/12 21:12:22 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/12 21:10:56 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011/10/12 21:10:55 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/10/12 21:10:52 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/10/12 21:10:51 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2011/10/12 21:10:42 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/10/12 21:10:42 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/10/12 21:10:39 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2011/10/12 21:10:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/10/12 21:10:31 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2011/10/12 21:10:17 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/03/02 10:17:11 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/03/02 10:17:10 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/03/02 10:17:07 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/03/02 10:17:06 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/03/02 10:17:06 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/03/02 10:17:06 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/03/02 10:17:06 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/03/02 10:17:04 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/03/02 10:17:03 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/03/02 10:17:03 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2011/03/02 10:17:02 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2010/09/07 11:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
MOD - [2010/01/09 21:41:08 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/01/09 21:41:05 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2010/01/09 21:41:04 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2010/01/09 21:41:01 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2010/01/09 21:41:01 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2010/01/09 21:41:00 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2010/01/09 21:41:00 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2010/01/09 21:40:58 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2010/01/09 21:40:58 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2010/01/09 21:40:58 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2010/01/09 15:43:39 | 000,047,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2010/01/09 15:43:39 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2010/01/09 15:43:38 | 000,402,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2010/01/09 15:43:38 | 000,130,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2010/01/09 15:43:38 | 000,120,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2010/01/09 15:43:38 | 000,072,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2009/12/30 17:48:10 | 000,102,032 | ---- | M] () -- C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu.dll
MOD - [2009/02/19 18:51:04 | 000,238,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2009/01/31 22:53:47 | 001,058,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2009/01/31 22:53:46 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2009/01/31 22:43:37 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
MOD - [2009/01/31 22:43:36 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2009/01/31 22:43:33 | 000,458,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
MOD - [2009/01/31 22:43:32 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
MOD - [2009/01/31 22:43:32 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
MOD - [2009/01/31 22:43:31 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
MOD - [2007/02/21 09:13:02 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/11/01 10:48:02 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2002/07/04 09:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll
MOD - [2001/11/17 12:25:08 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (CLEARWIRERcAppSvc)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/07 11:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/05/17 16:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2007/02/21 09:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/12/29 23:23:35 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C45D45A-1C8D-4D7B-BCC3-125F0B58B167}\MpKslcaa0c18b.sys -- (MpKslcaa0c18b)
DRV - [2011/07/23 12:08:27 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/12/30 10:54:06 | 000,034,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit)
DRV - [2010/11/17 14:23:54 | 000,039,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2010/08/12 07:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/07/08 12:32:54 | 000,318,464 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drxvi314.sys -- (bcm)
DRV - [2010/07/08 12:29:32 | 000,051,456 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BcmBusCtr.sys -- (bcmbusctr)
DRV - [2010/06/18 14:09:48 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/06/18 13:41:34 | 000,019,968 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/04/01 13:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/29 10:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2010/01/25 18:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/08/19 16:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/01/29 16:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 16:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/10/16 19:35:58 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/09/23 09:45:32 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/09/23 09:45:31 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/07/24 17:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2007/11/02 14:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/05/10 08:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/04/10 16:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2007/02/21 09:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/02/08 11:51:16 | 002,209,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2006/11/14 22:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 17:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 15:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/08/05 09:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/09/19 15:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/07/20 07:29:00 | 000,024,555 | R--- | M] (USB2LAN) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NET8511.SYS -- (NET8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {F78C6C5C-17E1-45A7-ACB0-F6760731BC67}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.no_proxies_on: "localhost,*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin,version=3.1.0.05: C:\Program Files\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll (Skyhook Wireless)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F78C6C5C-17E1-45A7-ACB0-F6760731BC67}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{F78C6C5C-17E1-45A7-ACB0-F6760731BC67} [2010/10/10 13:49:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 09:38:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/17 13:14:06 | 000,000,000 | ---D | M]

[2010/10/26 19:17:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/09/16 20:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\[email protected]
[2011/06/20 15:40:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\us9zlbb6.default\extensions
[2011/02/07 09:04:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\us9zlbb6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/10 09:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\US9ZLBB6.DEFAULT\EXTENSIONS\[email protected]
[2011/11/10 09:38:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/07/18 11:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files\mozilla firefox\plugins\nptgeqplugin.dll
[2011/08/20 22:00:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 09:38:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/02/28 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (Browser Helper Object) - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Shared\lib.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ckuxicu] rundll32.exe "C:\WINDOWS\eqekekibehav.dll",Startup File not found
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe File not found
O4 - HKLM..\Run: [eFax 4.3] C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKLM..\Run: [EPSON Stylus CX7800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [pcsafedoctor.exe] C:\Program Files\PCSafeDoctor\pcsafedoctor.exe ()
O4 - HKLM..\Run: [PDFServiceEngine] C:\Program Files\PDF Suite\PDFServiceEngine.exe File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Standby] C:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [StxTrayMenu] C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKCU..\Run: [Ctefu] rundll32.exe "C:\WINDOWS\wderms.dll",Startup File not found
O4 - HKCU..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe (j2 Global Communications, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} http://riteaid.store...eUpload1_10.CAB (SFImageUpload1_10.ImageUpload)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://www.ritzpix.c...PUploader57.cab (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://freetrial.we...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{268B952C-7E9C-4352-BAC8-90D44A37576F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60557C6D-1598-491F-9ACE-F9E6F8CD1DA1}: DhcpNameServer = 64.213.152.18 66.180.96.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/01 10:02:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{06470aea-b833-11df-a0cb-0023edf198ae}\Shell - "" = AutoRun
O33 - MountPoints2\{06470aea-b833-11df-a0cb-0023edf198ae}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{06470aea-b833-11df-a0cb-0023edf198ae}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{21fd9ff0-7d2c-11de-a03e-0014229216e4}\Shell - "" = AutoRun
O33 - MountPoints2\{21fd9ff0-7d2c-11de-a03e-0014229216e4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{21fd9ff0-7d2c-11de-a03e-0014229216e4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{870ada68-c618-11de-a058-0014229216e4}\Shell\AutoRun\command - "" = E:\WDSetup.exe
O33 - MountPoints2\{e0e58bb8-aa61-11df-a0c5-0014229216e4}\Shell\AutoRun\command - "" = G:\PMBP_Win.exe
O33 - MountPoints2\{e6f37c34-d12a-11dd-9ff1-0014229216e4}\Shell - "" = AutoRun
O33 - MountPoints2\{e6f37c34-d12a-11dd-9ff1-0014229216e4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e6f37c34-d12a-11dd-9ff1-0014229216e4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: dmreedit - (C:\WINDOWS\system32\javaay32.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = 7YH] -- "C:\Documents and Settings\Administrator\Local Settings\Application Data\nxf.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/02 23:00:19 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/01/02 22:50:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2012/01/02 22:50:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/12/29 22:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PCSafeDoctor
[2011/12/29 22:23:09 | 000,000,000 | ---D | C] -- C:\Program Files\PCSafeDoctor
[2011/08/10 15:25:35 | 000,463,520 | ---- | C] (Corel) -- C:\Program Files\Common Files\AppFramework.dll
[2011/08/10 15:25:35 | 000,330,400 | ---- | C] (Corel) -- C:\Program Files\Common Files\MediaOrganizer.dll
[2011/08/10 15:25:35 | 000,031,392 | ---- | C] (Corel-V1E) -- C:\Program Files\Common Files\FlickrProvider.dll
[2009/01/04 15:02:35 | 001,753,768 | ---- | C] (Microsoft Corporation) -- C:\Program Files\olk1004.exe
[2008/11/05 23:11:21 | 067,167,528 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes801Setup.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/02 23:02:13 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012/01/02 22:59:25 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/01/02 22:45:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/12/30 00:40:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/29 23:28:37 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/29 23:23:45 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/12/29 23:23:45 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/12/29 23:23:03 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/12/29 23:23:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/29 23:22:52 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/29 23:22:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/29 22:54:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/12/29 22:24:12 | 000,000,022 | ---- | M] () -- C:\WINDOWS\tpcsd
[2011/12/29 22:23:23 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\pcsafedoctor.lnk
[2011/12/29 22:17:12 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/12/26 17:18:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/23 00:21:08 | 000,020,392 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\651481b0r625f284t682b4nak2t4
[2011/12/23 00:21:07 | 000,020,392 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\651481b0r625f284t682b4nak2t4
[2011/12/22 10:38:31 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2011/12/21 15:45:32 | 000,039,775 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HOA Fees003.pdf
[2011/12/21 11:46:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\eFax_4_3_Port
[2011/12/18 21:48:10 | 000,003,766 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/12/18 21:34:36 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/16 10:40:46 | 000,315,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/16 09:49:30 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/08 12:15:02 | 000,172,867 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Addendum002.pdf
[2011/12/07 18:21:00 | 005,312,393 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Ascot appraisal.pdf
[2011/12/07 14:33:00 | 000,005,468 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\New Flight Info
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/02 23:02:13 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/12/29 22:24:12 | 000,000,022 | ---- | C] () -- C:\WINDOWS\tpcsd
[2011/12/29 22:23:23 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\pcsafedoctor.lnk
[2011/12/29 22:23:12 | 000,034,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RKHit.sys
[2011/12/23 00:01:00 | 000,020,392 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\651481b0r625f284t682b4nak2t4
[2011/12/23 00:01:00 | 000,020,392 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\651481b0r625f284t682b4nak2t4
[2011/12/21 15:45:32 | 000,039,775 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HOA Fees003.pdf
[2011/12/08 12:15:02 | 000,172,867 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Addendum002.pdf
[2011/12/07 18:21:00 | 005,312,393 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Ascot appraisal.pdf
[2011/12/07 14:33:00 | 000,005,468 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\New Flight Info
[2011/10/04 20:50:46 | 003,426,080 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/08/10 15:25:35 | 000,401,056 | ---- | C] () -- C:\Program Files\Common Files\facebook.dll
[2011/08/10 15:25:35 | 000,128,672 | ---- | C] () -- C:\Program Files\Common Files\PluginCommon.dll
[2011/07/23 12:09:30 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/07/23 12:09:30 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/18 11:25:36 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/01/13 21:00:46 | 000,039,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2010/12/23 14:03:16 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\1D89FA2FC5.sys
[2010/12/23 14:03:15 | 000,003,766 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/12/13 16:41:51 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX7800.ini
[2010/10/26 19:16:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/09 22:01:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kxemikisoxebu.bin
[2010/09/09 22:01:57 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Dkesimibahu.dat
[2010/05/10 17:48:24 | 000,069,848 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/14 22:32:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/14 20:59:18 | 000,007,275 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2010/01/03 20:34:21 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/01/03 20:34:21 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/01/03 20:34:21 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/01/03 20:34:21 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/01/03 20:34:21 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/01/03 20:34:21 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/01/03 20:34:21 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/01/03 20:34:21 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/01/03 20:34:21 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/01/03 20:34:21 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/01/03 20:34:21 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/01/03 20:34:21 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/01/03 20:34:21 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/01/03 20:34:21 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/01/03 20:34:21 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/01/03 20:34:21 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/10/01 15:51:14 | 002,033,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\macxvi200.bin
[2009/05/06 12:56:02 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/03 09:59:14 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2009/02/20 14:03:15 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/01/07 21:10:55 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2009/01/07 18:45:48 | 007,364,608 | ---- | C] () -- C:\Program Files\epson12766.exe
[2008/12/05 17:19:06 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/10/28 12:35:08 | 000,000,268 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/08/07 13:11:17 | 000,001,300 | ---- | C] () -- C:\WINDOWS\BARNACLES.INI
[2008/08/06 21:28:34 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/01 13:45:25 | 000,000,484 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/01 10:45:28 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/08/01 10:41:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/08/01 10:41:05 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/08/01 10:41:05 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2008/08/01 10:05:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/08/01 09:59:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/08/01 06:33:52 | 000,004,328 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/01 06:32:37 | 000,315,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/08/06 10:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 07:00:00 | 000,433,372 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 07:00:00 | 000,068,162 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/02/03 19:59:44 | 002,129,920 | ---- | C] () -- C:\WINDOWS\System32\myodbc3S.dll
[2005/01/30 13:27:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\myodbcinst.exe
[2005/01/30 13:27:32 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\imyodbc.exe
[2001/11/17 12:25:08 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

========== LOP Check ==========

[2010/11/07 20:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon
[2008/08/02 07:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\eFax Messenger
[2009/01/04 13:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2010/06/14 15:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Individual Software
[2010/12/13 16:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2010/10/26 20:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MyPublisher
[2009/02/20 21:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Paltalk
[2011/01/07 21:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PDF Software
[2011/01/13 21:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sierra Wireless
[2010/03/14 21:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Skinux
[2010/09/16 21:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Smith Micro
[2010/09/16 20:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Songbird2
[2010/12/22 12:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
[2010/10/26 13:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\webex
[2009/11/16 11:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Output
[2008/08/02 07:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Setup
[2011/01/03 17:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eNcFc09000
[2010/12/13 16:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/04/11 17:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/01/16 20:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2011/08/10 11:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/04/18 11:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V CAST Media Manager
[2008/10/07 11:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/04/09 07:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/16 19:27:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2011/12/29 23:23:03 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/12/29 23:28:37 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >
  • 0

#7
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Lets now remove some items found in your OTL log. Afterwards can you run ComboFix for me. The steps below will guide you through these two steps...



1)
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - [2010/12/30 10:54:06 | 000,034,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit)
    FF - prefs.js..extensions.enabledItems: {F78C6C5C-17E1-45A7-ACB0-F6760731BC67}:1.9.1
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F78C6C5C-17E1-45A7-ACB0-F6760731BC67}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{F78C6C5C-17E1-45A7-ACB0-F6760731BC67} [2010/10/10 13:49:12 | 000,000,000 | ---D | M]
    O4 - HKLM..\Run: [Ckuxicu] rundll32.exe "C:\WINDOWS\eqekekibehav.dll",Startup File not found
    O4 - HKCU..\Run: [Ctefu] rundll32.exe "C:\WINDOWS\wderms.dll",Startup File not found
    O36 - AppCertDlls: dmreedit - (C:\WINDOWS\system32\javaay32.dll) - File not found
    O37 - HKCU\...exe [@ = 7YH] -- "C:\Documents and Settings\Administrator\Local Settings\Application Data\nxf.exe" -a "%1" %*
    [2011/12/23 00:21:08 | 000,020,392 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\651481b0r625f284t682b4nak2t4
    [2011/12/23 00:21:07 | 000,020,392 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\651481b0r625f284t682b4nak2t4
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • A log may appear when the PC restarts. Just close this text file.
  • Open OTL again, Tick the Scan All Users box at the top and then click the Quick Scan button. Post the log it produces in your next reply.




2)
Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now



In your next reply
Please post the contents of...
OTL log
ComboFix log

  • 0

#8
krobin75

krobin75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I am going to keep trying different ways to copy/paste it, but I am going from a Xoom tablet to the infected PC via a USB and each time I save the paste to a word doc, it gives me an error when trying to open it on the PC....any suggestions?
  • 0

#9
krobin75

krobin75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Okay..got it to work...will repost shortly
  • 0

#10
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Ok no worries. Try this method below for the OTL fix. Also, if it's easier for you to attach the logs at the end, just do that if you wish :)



Save the following file to your tablet. Do NOT rename the file, keep it as fix.txt
Attached File  Fix.txt   1.26KB   46 downloads

  • On the infected PC, open OTL
  • Leave all the settings as they are and make sure the white box at the bottom of the OTL window is empty
  • Now click Run Fix at the top
  • Click OK on the message box that appears
  • Navigate to the fix.txt file that you saved earlier and then select that file and click Open
  • Now click the Run Fix button again and it should perform the fix
  • Once it has finished and your PC reboots, there may be a OTL log that shows automatically, just close this
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

Advertisements


#11
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts

Okay..got it to work...will repost shortly

Well done. You can ignore my post above for the alternative OTL fix then :)
  • 0

#12
krobin75

krobin75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Okay, did the OTL fix. Log is attached.

But...when running ComboFix, I got an error stating that Microsoft something is not installed on the computer and to click to install, but there is no connection to the internet. As it stands now, ComboFix says:

Please wait.
ComboFix is preparing to run.

Attempting to create a new System Restore point

The CURRENT error message says:

You do not appear to be connected to the internet. Kindly connect before clicking 'OK'



I will wait for your instructions as to what to do next...

Attached Files

  • Attached File  OTL.Txt   99.64KB   25 downloads

  • 0

#13
BlackOxide

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
That message will come up on XP machines with no Recovery Console installed and ComboFix is trying to download it. Please click OK, then close ComboFix. What you'll need to do is transfer a file from your tablet onto the PC and then drag it on to ComboFix's icon. The instructions are below, if you get stuck anywhere, just say.



Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

***************************************************


With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.


---------------------------------------------------------------------

Transfer the file you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Posted Image


  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Posted Image


  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.
  • 0

#14
krobin75

krobin75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
It is currently running through combofix. It says it has detected rootkit and says that if I cannot connect to the internet when ir is done to reboot and try. If it still doesn't connect, run combofix one more time and try again. Should I do that or send you the log first and await further instructions? As I type this it said it needs to reboot now and is rebooting...
  • 0

#15
krobin75

krobin75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Okay! Complete...attached is the combofix log.

A couple questions:

While combofix was finishing, PC Safe Doctor popped up and said 4022 temp files take up 1.5 GB of space, do I want to delete. From what I have seen, I shouldn't even use PC Safe Doctor. Should I just uninstall and ignore this?

While I am waiting for you to review the log, am I able to use the computer? Can I begin using some of the protections your "How did I get infected" blog suggests, or should I wait to do anything until I get further instructions?

Thanks,

kevin

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP