Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware removal help - W32.Blaster.Worm [Closed] [Solved]


  • This topic is locked This topic is locked

#46
LArnett

LArnett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
I'll find out. If it is corrupt, i just delete it and then make a new one? I was going to adjust their profiles and only have Mary and Ricky as Users and a seperate Admin profile w/ password.
  • 0

Advertisements


#47
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
They may be a smart move.. Are you happy with creating new users and deleting old accounts ?
  • 0

#48
LArnett

LArnett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Just got back from talking to the owners and they say that's fine. I can do what I need to secure their computer. Mary Kay just wanted all her picture of her kid saved and we did that so I'll just carry on from here and I really appreciate all the help. Sry it took so long.
  • 0

#49
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Time is not a problem... Let me know how you get on and if all is now good
  • 0

#50
LArnett

LArnett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Ok, will do.
  • 0

#51
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#52
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Returned
  • 0

#53
LArnett

LArnett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Here is my OTL log.

OTL logfile created on: 2/8/2012 5:39:01 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 43.44% Memory free
4.21 Gb Paging File | 2.91 Gb Available in Paging File | 69.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.35 Gb Total Space | 122.97 Gb Free Space | 55.55% Space Free | Partition Type: NTFS
Drive D: | 11.53 Gb Total Space | 2.02 Gb Free Space | 17.55% Space Free | Partition Type: NTFS
Drive F: | 959.22 Mb Total Space | 621.81 Mb Free Space | 64.82% Space Free | Partition Type: FAT

Computer Name: AMYS-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2012/01/17 20:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2012/01/15 21:15:24 | 000,307,312 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/01/11 11:17:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2012/01/06 15:19:15 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/20 19:06:54 | 000,494,424 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2011/11/12 12:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/11/12 11:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/09/09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/07/12 10:56:02 | 000,518,656 | ---- | M] (Humana Inc.) -- C:\Program Files\Humana\GearSync\Humana_GearSync.exe
PRC - [2011/05/23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/07 11:21:00 | 000,107,008 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/01/18 12:27:42 | 000,139,944 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
PRC - [2010/01/18 12:27:40 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
PRC - [2010/01/07 16:08:22 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeacoms.exe
PRC - [2010/01/07 16:08:16 | 000,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxeaserv.exe
PRC - [2009/07/06 20:07:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/10/03 17:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 17:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/11/02 07:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/10 22:43:26 | 000,138,072 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll
MOD - [2011/09/14 09:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/09/14 09:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/18 12:27:42 | 000,139,944 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
MOD - [2010/01/18 12:27:40 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
MOD - [2009/12/16 12:07:29 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeadrs.dll
MOD - [2009/12/16 12:04:21 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeascw.dll
MOD - [2009/11/09 03:06:45 | 000,159,744 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeaprpr.dll
MOD - [2009/11/04 08:14:38 | 000,165,376 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeadrui.dll
MOD - [2009/11/04 08:14:06 | 000,236,032 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeadr.dll
MOD - [2009/05/27 07:16:50 | 000,192,512 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeadatr.dll
MOD - [2009/05/18 08:29:08 | 000,819,200 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxeaptpc.dll
MOD - [2009/04/07 14:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\iptk.dll
MOD - [2009/03/30 07:37:47 | 000,094,208 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epoemdll.dll
MOD - [2009/03/30 07:37:46 | 000,045,056 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epstring.dll
MOD - [2009/03/30 07:37:44 | 002,203,648 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epwizres.dll
MOD - [2009/03/30 07:37:28 | 000,708,608 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epwizard.dll
MOD - [2009/03/30 07:35:40 | 000,159,744 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\customui.dll
MOD - [2009/03/30 07:35:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epfunct.dll
MOD - [2009/03/30 07:35:17 | 000,118,784 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\eputil.dll
MOD - [2009/03/30 07:35:05 | 000,139,264 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\imagutil.dll
MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeacaps.dll
MOD - [2009/03/02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeaptp.dll
MOD - [2009/02/20 03:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\System32\LXEAsmr.dll
MOD - [2009/02/20 03:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\System32\LXEAsm.dll
MOD - [2008/05/21 21:28:17 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark Printable Web\resource.dll
MOD - [2008/05/21 21:28:12 | 000,180,224 | ---- | M] () -- C:\Program Files\Lexmark Printable Web\bho.dll
MOD - [2007/08/20 07:10:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MyWebSearchService)
SRV - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/20 19:06:54 | 000,494,424 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/11/12 11:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/01/07 16:08:22 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeacoms.exe -- (lxea_device)
SRV - [2010/01/07 16:08:16 | 000,098,984 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/03 17:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/03/05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - [2011/05/27 18:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 06:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009/05/13 11:41:02 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2009/05/13 11:41:02 | 000,090,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV - [2009/05/13 11:41:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2008/08/21 22:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 22:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/02/27 08:26:04 | 000,201,728 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/10/11 06:17:56 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/10 09:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/25 06:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/30 17:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/04/23 16:51:08 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/06/28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...sario&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...sario&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2405032905-3553756322-4191152736-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...sario&pf=laptop
IE - HKU\S-1-5-21-2405032905-3553756322-4191152736-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2405032905-3553756322-4191152736-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2405032905-3553756322-4191152736-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/03 08:45:38 | 000,000,000 | ---D | M]

[2010/10/05 17:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2010/10/05 17:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========


O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKU\S-1-5-21-2405032905-3553756322-4191152736-1003\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKU\S-1-5-21-2405032905-3553756322-4191152736-1003\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKU\S-1-5-21-2405032905-3553756322-4191152736-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark S300-S400 Series\ezprint.exe ()
O4 - HKLM..\Run: [GearSyncAutoStart] C:\Program Files\Humana\GearSync\Humana_GearSync.exe (Humana Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [lxeamon.exe] C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2405032905-3553756322-4191152736-1003..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - Startup: C:\Users\Lyele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O7 - HKU\S-1-5-21-2405032905-3553756322-4191152736-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2405032905-3553756322-4191152736-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2405032905-3553756322-4191152736-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2405032905-3553756322-4191152736-1003\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 74.128.17.114
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11E0FDEF-086B-47EC-BA8B-CDE63273FF4A}: DhcpNameServer = 192.168.1.1 74.128.17.114
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B2E048D-99E0-4FC6-BEB9-4FA817F6941B}: DhcpNameServer = 192.168.1.1 74.128.17.114
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/27 02:45:25 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2007/10/28 13:21:56 | 000,000,794 | ---- | M] () - F:\Autorun.inf -- [ FAT ]
O32 - AutoRun File - [2007/03/12 23:50:16 | 000,362,264 | ---- | M] (Ceedo Technologies Ltd.) - F:\AutoDetect.exe -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/08 17:22:59 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2012/02/08 17:22:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/02/08 16:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexmark S300-S400 Series
[2012/02/08 16:13:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\ASUS
[2012/02/02 22:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/02/02 22:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/02/02 22:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/27 10:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012/01/27 10:57:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/01/27 10:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/01/27 10:56:00 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/01/27 10:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012/01/27 10:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/01/27 10:50:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012/01/27 10:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/01/24 20:29:30 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/01/24 20:29:28 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/01/24 20:29:00 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/24 20:28:15 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/24 20:28:14 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2011/12/29 20:54:27 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\lxeacoin.dll
[2011/12/29 20:49:23 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxeainpa.dll
[2011/12/29 20:49:23 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEAhcp.dll
[2011/12/29 20:49:23 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeaiesc.dll
[2011/12/29 20:49:22 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxeaserv.dll
[2011/12/29 20:49:22 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxeausb1.dll
[2011/12/29 20:49:22 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxeapmui.dll
[2011/12/29 20:49:21 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxealmpm.dll
[2011/12/29 20:49:20 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxeahbn3.dll
[2011/12/29 20:49:20 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeacoms.exe
[2011/12/29 20:49:20 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxeaih.exe
[2011/12/29 20:49:19 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeacomc.dll
[2011/12/29 20:49:19 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeacomm.dll
[2011/12/29 20:49:19 | 000,352,256 | ---- | C] ( ) -- C:\Windows\System32\lxeacfg.exe

========== Files - Modified Within 30 Days ==========

[2012/02/08 17:44:07 | 088,473,191 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/02/08 17:44:00 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F9F44191-FD06-4B7A-BF8B-C3DD928118BE}.job
[2012/02/08 17:15:09 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/08 17:15:09 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/08 17:00:01 | 000,000,279 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/02/08 16:59:31 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/08 16:59:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/08 16:59:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/08 16:59:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/08 15:59:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/06 17:43:11 | 000,453,418 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/02/02 22:53:11 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/27 11:15:38 | 000,402,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/25 09:23:03 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLyele.job
[2012/01/16 12:10:48 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2012/01/11 11:17:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe

========== Files Created - No Company Name ==========

[2012/02/02 22:53:11 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/29 20:54:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxeavs.dll
[2011/12/29 20:54:15 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxeagcfg.dll
[2011/12/29 20:54:14 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeacui.dll
[2011/12/29 20:54:14 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeacuir.dll
[2011/12/29 20:49:38 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxearwrd.ini
[2011/12/29 20:49:24 | 000,331,776 | ---- | C] () -- C:\Windows\System32\LXEAinst.dll
[2011/12/29 20:49:21 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxeains.dll
[2011/12/29 20:49:21 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxeainsb.dll
[2011/12/29 20:49:21 | 000,106,496 | ---- | C] () -- C:\Windows\System32\lxeainsr.dll
[2011/12/29 20:49:21 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxeajswr.dll
[2011/12/29 20:49:20 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeacu.dll
[2011/12/29 20:49:20 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxeagrd.dll
[2011/12/29 20:49:20 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeacub.dll
[2011/12/29 20:49:20 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeacur.dll
[2011/12/29 20:45:56 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEAsm.dll
[2011/12/29 20:45:56 | 000,023,552 | ---- | C] () -- C:\Windows\System32\LXEAsmr.dll
[2011/12/20 19:34:06 | 000,020,312 | ---- | C] () -- C:\Windows\System32\RegistryDefragBootTime.exe
[2011/10/20 11:28:35 | 000,005,648 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/27 16:03:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/16 13:25:22 | 000,023,090 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/01/10 18:35:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/01/10 18:29:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/07/26 15:13:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/03/21 18:56:45 | 000,155,648 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2008/02/27 02:59:45 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/08/20 07:34:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll
[2007/08/20 07:25:00 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/20 07:10:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,402,680 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:CF5C4195
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Here is the EXTRAS from OTL

OTL Extras logfile created on: 2/8/2012 5:39:01 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 43.44% Memory free
4.21 Gb Paging File | 2.91 Gb Available in Paging File | 69.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.35 Gb Total Space | 122.97 Gb Free Space | 55.55% Space Free | Partition Type: NTFS
Drive D: | 11.53 Gb Total Space | 2.02 Gb Free Space | 17.55% Space Free | Partition Type: NTFS
Drive F: | 959.22 Mb Total Space | 621.81 Mb Free Space | 64.82% Space Free | Partition Type: FAT

Computer Name: AMYS-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 
"AntiVirusOverride" = 
"FirewallDisableNotify" = 
"FirewallOverride" = 
"FirstRunDisabled" = 
"UpdatesDisableNotify" = 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C53644-4BF9-48C1-BB81-237D221F8C3D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1199788A-0834-4316-AAEB-D2E041E423DD}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1602354A-0E7D-461B-B983-FA1839950D18}" = rport=138 | protocol=17 | dir=out | app=system |
"{215AF27A-7D92-4FA0-80B4-B07996310F3B}" = rport=445 | protocol=6 | dir=out | app=system |
"{2CECF551-BDC7-4EF5-AB33-E957AE0295FC}" = lport=3390 | protocol=6 | dir=in | app=system |
"{4157CF58-C40B-439F-803D-A498875F1CFE}" = rport=137 | protocol=17 | dir=out | app=system |
"{59E7C237-E7F2-4FCE-B553-C50F73DD9CA8}" = rport=10244 | protocol=6 | dir=out | app=system |
"{5D2717D5-63EA-46A9-A531-D4CE82E69BEE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{5F2D9434-E7B6-4BD5-8516-F44281EF7EF4}" = lport=10244 | protocol=6 | dir=in | app=system |
"{68FC2566-9D2D-49A8-95E3-7546A5409844}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6A236BE8-1373-442B-A0BA-B2A34DA521FB}" = lport=3390 | protocol=6 | dir=in | app=system |
"{722BB46B-BF65-4DF4-9C80-1D628706E11F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{805A186E-4FC6-44DC-B711-98C879AA8F5B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{81012A9B-7BD3-4B70-9AAA-D58E8DED31DB}" = lport=10244 | protocol=6 | dir=in | app=system |
"{87C53C90-B2B0-43D6-B362-F1B941FFCB3F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8B056527-D55D-484F-A630-8F29FF5DCF71}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9B2B5AB0-4341-4218-A553-DA4FA4165ABF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AA5D7EFD-241B-4312-AFEB-AB3041DC2293}" = lport=139 | protocol=6 | dir=in | app=system |
"{ADCD9267-5625-4B5A-B64C-F6EDCEFBBF17}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AE16DE13-7CFE-43D0-83BC-91D6F96EB5BF}" = lport=138 | protocol=17 | dir=in | app=system |
"{B772CD93-B8D8-4FC1-A911-5200747CE41E}" = lport=445 | protocol=6 | dir=in | app=system |
"{B835E20B-A085-4BE3-9432-3B1EE50B1959}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{BDDA4961-5A00-44AB-85AC-B21264CB82EB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C23BD6A0-F699-4286-8B52-8CDE02B1A8BA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C2BEB259-0D03-4FA7-B48D-9BC80168A3F0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{C9280FA4-C013-40C7-859F-7F5EF3136032}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D0A45C8F-0E53-4B11-A278-53E22855B7AF}" = rport=10244 | protocol=6 | dir=out | app=system |
"{E47D6104-2E02-4955-868F-76BEC15CA0D9}" = rport=139 | protocol=6 | dir=out | app=system |
"{EBA64DEB-0B60-4C97-994B-5CC06404BE4B}" = lport=137 | protocol=17 | dir=in | app=system |
"{F2FDA1CE-640A-4467-8041-D8D5AD2EB841}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F310DCAB-B634-4C09-8E75-0901F58FEC51}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{F5B4BF24-2D58-44B1-A0FC-B85507BCA123}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{FAC09A10-C2BB-4F8D-88A7-2DE9B9E123BF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CA4C70-B84A-412A-A500-A0FEE55BAFDA}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{07F0ED00-9FD9-4691-ACF1-14513B50A265}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{0A261718-D0C5-4CBA-AA05-4724166B47CC}" = protocol=17 | dir=in | app=c:\users\lyele\appdata\roaming\dropbox\bin\dropbox.exe |
"{0AF13B70-43A0-4E94-A5E3-F3090084AC65}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{152A25A7-DCB2-4DE9-8C34-5C9FCC4F3497}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{1DFE466D-305A-4E85-BE37-59D5B086A994}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{1F6E69B1-58C8-41CB-A1FE-77410148A9C4}" = protocol=1 | dir=out | [email protected],-28544 |
"{1FAD031F-3690-4DC7-B077-6C8E6432BCD7}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{23D0FCB2-D8BD-4AEF-89C3-A65271D211C2}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{288B563E-A2A9-4B32-A1B2-3D499870F414}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2A1A24FA-B14A-4329-987E-390D55A05FCC}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{2F22321B-C3FE-4AAB-BF66-CD850D051B0D}" = protocol=58 | dir=out | [email protected],-28546 |
"{2F280F4D-303D-4051-96E5-305A388F971C}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{30ECFF11-9F33-4D73-9722-6DEF13CA499F}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{3755352C-3F1D-4456-AF8A-B117981E4F30}" = protocol=6 | dir=in | app=c:\users\lyele\appdata\roaming\dropbox\bin\dropbox.exe |
"{38FA45A3-D47C-4337-82A7-33827FF3735A}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{4078C716-C828-4625-A793-09237F18E14A}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{40A1A5AA-2FCF-4E67-973B-726CDDFACC39}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{42095198-4217-492C-BFA4-939CBF74E9A6}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{43044B0E-F9D2-404C-BA37-A5DB6DE50DEF}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{491F078D-9A0F-4A72-8865-2AE9F473F715}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{4F185D42-621D-4750-9EEA-0117CC05DA68}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{4FAA0BF6-9E71-404F-8216-58E6A1D3A44D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{511EAEC5-EC40-4BAD-A9F8-8ECFB8C28185}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{51300DC4-E060-4410-AC40-A7AEA0E3C0B9}" = dir=in | app=c:\program files\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{56142532-A4A6-42DE-AB7B-5F7C08AD8B39}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{57DFFFAB-7BFF-4186-A1BC-95AF003756DA}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{58398339-7B6D-4262-8FB5-24CFA06C3750}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{58BC9463-79E0-4D9A-B697-8F58806A9DD0}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{5DAC66F4-B4FB-4DDB-9EDD-A30D93406AAA}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{625682EC-C256-44F8-A8C4-220E0E826070}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6A0D3BAB-366E-449B-B394-6B4AEE1DD383}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{6F5EA738-C9FD-43C4-8C53-CE496BDFA179}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires online\spartan.exe |
"{70C37D40-BB13-4C3F-9637-F9C08D8EBAED}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{70C6BC9A-B7D9-4F73-BFE8-2C222B5CFE8D}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{7106533A-E17C-4BEA-A140-D7032951ED94}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{734D2887-0A64-446E-BF91-9D951D2DDBF2}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{7EC3B6CD-F177-4604-9111-FBD61B263688}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{83CE51E3-D674-42DA-A3AE-CAD1EFAF123F}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{86E93DB9-3CB7-422F-8691-E52A90B72C56}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{8C88159D-7FC2-425A-80B5-FE66F207B915}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{93DB7A70-5DA2-4CFA-96CA-7CFCF5682AC5}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{98291676-156F-4647-BE89-E1A1B6DFAE2D}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{9AE0CC5C-E7B4-47A7-A3E4-6FFED9E2D353}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{9DD47196-D02A-4EB6-9994-FDB643930465}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{A7DED472-3E67-4A34-BAB1-9A39DB6CD90D}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{AA2E9DA0-32D5-47C9-90C1-9D82C4499498}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{AE2EA2AF-42C0-4E23-BDDE-44F7DBA1E656}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{B09CCC4D-C61E-4714-8733-E90C3FE36EB2}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{B0FEACD0-2DB0-4927-AC77-34213110325F}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{B1521F3E-9846-42BC-AAA2-4F944EAD92F2}" = protocol=58 | dir=in | [email protected],-28545 |
"{B2912381-3C5A-4B36-9236-5D56BD502490}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{B3CF36D9-405C-4A85-A083-EAD92E2B16C1}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B78E2673-822F-4E46-AA2F-B48F17EEA926}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{B870A7CE-27C7-4C78-873C-DD162261675B}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires online\spartan.exe |
"{BA5C96CB-B6E4-4509-B141-D35580AA6BE0}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{BB90F092-86ED-4401-A0CF-539A89B79A55}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{BFF75065-1EBA-486E-83DA-5239F0EDF75C}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{C3E87E59-D02C-4635-81B7-3B153C2FEC77}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C5D1D3FB-B458-471C-BE85-FE71CAC1DCAC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CAEA8B85-B2D8-4A3D-8475-053C1A5C188B}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D2564BFC-FD74-40D6-BD74-F56198414DE9}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{D40B8C6B-B165-4E06-AA02-6524AAD02F37}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{D451BEBE-A697-4CAA-A0BD-7F44A712BDF4}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{D5D72B1F-1B19-4B4F-B27D-3BB126483C97}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{DC8556BE-7202-420F-B169-40E21FAF90A1}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{DD0FC31A-33EF-4CF6-8175-CB401520FD97}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DE1E44DD-5048-493C-A463-76D29A58B18B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{E610F88A-9818-4774-B9F2-077DE5463D4B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{E619A360-37AB-4898-B551-454A2AF01ED1}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{E760F57E-EF15-405D-9978-F122013F04F3}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{EB18FCE6-F0D2-4771-9366-3B819F010018}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{ECB02805-034B-4B83-9BC6-98523650ECF8}" = protocol=1 | dir=in | [email protected],-28543 |
"{F325A6E2-594A-4286-BC36-EDAF864CD344}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{FBB98699-FB7A-44E5-86DF-50ABEE878B63}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{FE22EC03-6F4C-4245-BACA-2B5820DD916F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"TCP Query User{D34E792B-2E04-4DBF-9EE7-035804D3ABCB}C:\users\lyele\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\lyele\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{FF6811D2-F07C-4805-BC43-5D17F9CAC489}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1564B9EA-EB94-4CBC-B212-130CDE3FCBD6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8B91885C-E276-4A68-88E6-68CC590DBE96}C:\users\lyele\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\lyele\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 29
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ADA60D4-895E-4B03-86BF-39582AD5E95C}_is1" = GearSync 1.5.112
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7170F93F-6B61-4DC1-A664-0E222744CEC7}" = Citrix online plug-in (DV)
"{73AA12E1-5FFD-4545-9A28-CE7C318F284E}" = AVG 2011
"{7617FC2E-EA1B-4F07-A0F5-5D5F437CB32D}" = MioMore Desktop
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{992C016C-CA8F-4D13-ABAB-D24A481C102B}" = LeapFrog Leapster2 Plugin
"{994796AD-3405-41EC-B024-5E4BCB0FD791}" = ASUS RT-N12 Wireless Router Utilities
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5909B3-8CF3-4E06-92A8-F3CB7C97EF20}" = KODAK Share Button App
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A29549FD-65F3-440C-A552-6B8114CF319D}" = Skype Toolbars
"{A5DC84AA-9358-4F87-89E0-185850884674}" = ASUS Wireless Router RT-N12 Manuals
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AE66F944-596A-4D09-9A1C-DAF3DE836991}" = Citrix online plug-in (HDX)
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D7358B07-4F10-4014-9869-7999578BE8ED}" = HP User Guides 0093
"{DBD477C0-F6EA-4C52-87A3-ACB68D06E190}" = General Ledger Software for Accounting 24th Edition
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E533E637-FB3E-4F28-8B18-449CC9AB7235}" = AVG 2011
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
"{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}" = Citrix online plug-in (Web)
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"3D970B9F930E7AAE23C06D39A1AC98548C90B442" = Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"AVG" = AVG 2011
"Canon iP2600 series User Registration" = Canon iP2600 series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Download Manager" = Download Manager 2.3.8
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"ImgBurn" = ImgBurn
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"Leapster2Plugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
"Lexmark S300-S400 Series" = Lexmark S300-S400 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSNINST" = MSN
"Naviextras Toolbox" = Naviextras Toolbox
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PLATO Web Learning Network Clients" = PLATO Web Learning Network Clients
"Professional Screen Saver Producer" = Axialis Professional Screen Saver Producer 3.6
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"TVWiz" = Intel® TV Wizard
"UPCShell" = LeapFrog Connect
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/7/2012 2:46:18 PM | Computer Name = AMYS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/7/2012 2:46:18 PM | Computer Name = AMYS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5663944

Error - 2/7/2012 2:46:18 PM | Computer Name = AMYS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5663944

Error - 2/7/2012 2:46:19 PM | Computer Name = AMYS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/7/2012 2:46:19 PM | Computer Name = AMYS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5664974

Error - 2/7/2012 2:46:19 PM | Computer Name = AMYS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5664974

Error - 2/7/2012 2:57:43 PM | Computer Name = AMYS-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/7/2012 8:25:31 PM | Computer Name = AMYS-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/8/2012 10:03:49 AM | Computer Name = AMYS-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/8/2012 5:59:43 PM | Computer Name = AMYS-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 8/28/2008 10:02:31 AM | Computer Name = AMYS-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/15/2009 7:33:40 PM | Computer Name = AMYS-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/9/2009 10:15:30 PM | Computer Name = AMYS-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 1:51:53 PM | Computer Name = AMYS-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/22/2010 10:38:51 PM | Computer Name = AMYS-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/23/2010 4:41:33 PM | Computer Name = AMYS-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ System Events ]
Error - 2/8/2012 5:28:38 PM | Computer Name = AMYS-PC | Source = Print | ID = 6161
Description = The document http://abwg.insightc...offense_details,
owned by Lyele, failed to print on printer Lexmark S400 Series (Network). Try to
print the document again, or restart the print spooler. Data type: LEMF. Size of
the spool file in bytes: 45794. Number of bytes printed: 45794. Total number of
pages in the document: 2. Number of pages printed: 0. Client computer: \\AMYS-PC.
Win32 error code returned by the print processor: 0. The operation completed successfully.


Error - 2/8/2012 5:45:11 PM | Computer Name = AMYS-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 001F3A56BF85 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/8/2012 5:45:23 PM | Computer Name = AMYS-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001F3A56BF85. The following
error occurred: %%1168. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 2/8/2012 5:46:17 PM | Computer Name = AMYS-PC | Source = Print | ID = 6161
Description = The document Test Page, owned by Admin, failed to print on printer
Lexmark S400 Series (Network). Try to print the document again, or restart the
print spooler. Data type: LEMF. Size of the spool file in bytes: 155846. Number
of bytes printed: 155846. Total number of pages in the document: 1. Number of pages
printed: 0. Client computer: \\AMYS-PC. Win32 error code returned by the print
processor: 0. The operation completed successfully.

Error - 2/8/2012 5:50:48 PM | Computer Name = AMYS-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001F3A56BF85. The following
error occurred: %%1168. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 2/8/2012 5:51:52 PM | Computer Name = AMYS-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001F3A56BF85. The following
error occurred: %%1168. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 2/8/2012 5:53:54 PM | Computer Name = AMYS-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001F3A56BF85. The following
error occurred: %%1168. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 2/8/2012 5:55:42 PM | Computer Name = AMYS-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001F3A56BF85. The following
error occurred: %%1168. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 2/8/2012 5:57:04 PM | Computer Name = AMYS-PC | Source = DCOM | ID = 10010
Description =

Error - 2/8/2012 5:59:44 PM | Computer Name = AMYS-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >


Here is my aswMBR report

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-02-08 18:03:00
-----------------------------
18:03:00.205 OS Version: Windows 6.0.6002 Service Pack 2
18:03:00.205 Number of processors: 2 586 0xF0D
18:03:00.205 ComputerName: AMYS-PC UserName: Admin
18:03:02.591 Initialize success
18:04:14.955 AVAST engine defs: 12020801
18:04:26.874 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:04:26.874 Disk 0 Vendor: FUJITSU_ 890B Size: 238475MB BusType: 3
18:04:26.889 Disk 0 MBR read successfully
18:04:26.905 Disk 0 MBR scan
18:04:26.905 Disk 0 unknown MBR code
18:04:26.921 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226667 MB offset 63
18:04:26.952 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11805 MB offset 464214240
18:04:26.967 Disk 0 scanning sectors +488392065
18:04:27.030 Disk 0 scanning C:\Windows\system32\drivers
18:04:42.818 Service scanning
18:04:44.565 Modules scanning
18:04:51.821 Disk 0 trace - called modules:
18:04:51.852 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
18:04:51.868 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859503b8]
18:04:51.884 3 CLASSPNP.SYS[883a98b3] -> nt!IofCallDriver -> [0x84ddf200]
18:04:51.884 5 acpi.sys[806926bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84e20028]
18:04:53.366 AVAST engine scan C:\Windows
18:04:56.267 AVAST engine scan C:\Windows\system32
18:11:08.258 AVAST engine scan C:\Windows\system32\drivers
18:11:24.887 AVAST engine scan C:\Users\Admin
18:13:01.390 AVAST engine scan C:\ProgramData
18:17:09.727 Scan finished successfully
18:53:03.731 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
18:53:03.747 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"
  • 0

#54
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi again - what did the ISP actually state ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Auto | Stopped] -- -- (MyWebSearchService)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKU\S-1-5-21-2405032905-3553756322-4191152736-1003\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
    O3 - HKU\S-1-5-21-2405032905-3553756322-4191152736-1003\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
    O3 - HKU\S-1-5-21-2405032905-3553756322-4191152736-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#55
LArnett

LArnett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Here's what my ISP sent me.


Please go to the following link for more detailed information:

http://www.fbi.gov/n.../malware_110911

Dear Insight Broadband Customer,

Insight monitors network usage and receives reports of issues which it acts upon to ensure that all Insight Broadband customers consistently receive the highest quality service available, as detailed in our Acceptable Use Policy. As has been communicated to you via the service suspension screen, your modem has been reported for violations of our Terms of Service. Now that you know, we request your cooperation. Unsolicited Bulk E-mail places a burden on the network and is in violation of the Insightbb.com Acceptable Use Policy (see sections x and xi.) which explains that you may not:

x. Transmit unsolicited bulk or commercial messages or "spam." This includes, but is not limited to, unsolicited advertising, promotional materials or other solicitation material; bulk mailing of commercial advertising, chain mail, informational announcements, charity requests, and petitions for signatures; The Service may be utilized for certain advertising by Small Business Customers if authorized by applicable law. The Customer is responsible for compliance with any laws, regulations or rules governing Customer's or authorized Users' use of the Service and/or the Insight Broadband Internet Service Equipment;

xi. Send numerous copies of the same or substantially similar messages, empty messages, or messages which contain no substantive content, or send very large messages or files to a recipient that disrupts a server, account, newsgroup, or chat service; or otherwise disrupts or interferes with the Service bandwidth, data storage or other Service features;



While we understand that you may not have been aware before, please understand that you are ultimately responsible to address the problem. Repeat occurrences may lead to a suspension of the service for a period of 30 days. If that occurs, you would not be charged for the service during those 30 days, but you would not be able to use your service either. It is possible that your Internet services could even be terminated if this issue is not resolved.



Please address this issue to avoid interruption of your Insight Broadband service.


What is Spam?

Spam is the common term for junk e-mail or unwanted messages sent to one’s e-mail account.



Click here to learn more!

Why is my computer sending out SPAM?

When a customer’s account is found to be sending out SPAM it is almost always caused by a Botnet infection.

What is a Botnet?

A Botnet is a program that is installed on your computer (an infection) without your knowledge which sends out information over the PCs internet connection. The information gets sent out in the form of SPAM e-mails, personal information etc. In the case of emails. the Botnet sends the e-mails directly, so you do not even need to have a mail program on your computer.



How did I get the Botnet?

There are numerous ways that you can get an infection of this sort. One is using Peer to Peer programs. There are people who purposefully upload items and disguise them as legitimate downloads on these programs and so it is very easy to contract an infection from the use of these programs. Be sure to scan all downloaded files with a virus scanner when using Peer to Peer clients, however be advised that it will not catch 100% of the viruses downloaded. Another method is through e-mails. Please do not click on any links or attachments from a sender you do not know. Also, if it looks suspicious, even if it comes from recognized address, do not open it without first consulting the sender. Your anti-virus should be set to scan all your emails. Some websites have viruses on them. Do not go to any website without anti-virus protection. Also, be very careful about which applets you install on your own web pages.

How to Detect and Remove Botnet Infections

There are a few ways to tell that you have been infected before you get flagged.

Keep your computer updated with security fixes

Use a good spam filter.

Use anti-spyware, anti-virus and firewall protection

Never Click on dubious links in spam emails or shady websites

It's difficult to detect if your computer has been caught up in a botnet. If you notice that your computer is sluggish, that *may* be a sign that you are affected.

Slow browsing is indicated by the amount of time that elapses between the time you type in a web page and the time it pulls up the web page. Slow processing is indicated by the amount of time that elapses between you clicking on a program, such as Internet Explorer, a game or Microsoft Word, and the time it actually opens the program.

It is very difficult to get rid of this type of infection. There are only 2 ways to be sure to completely remove a Botnet. First, you can take your PC to a PC repair shop and they can clean your PC. The second way is to reformat your PC, which means completely deleting all programs off of your PC and reinstalling Windows.

In general, if you have been affected by a botnet, you've got some sort of malware infection. Install good anti-virus and anti-spyware software and it should detect, take care of, or prevent the problem.



Stay Informed!
Learn more about Internet security and how to best protect your PC from online threats. The following links provide a wealth of information including a glossary of the more common Internet security terms, troubleshooting tips, how to report Internet abuses and much more.

· Internet Security Information

· Insight Help Pages


For questions concerning this email, please call: 1-800-715-1774 (leave name, phone number, and best time/date for us to call)


Thank You,

Insight Broadband
  • 0

Advertisements


#56
LArnett

LArnett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
OTL had a problem in the middle of running the fix and windows forced it to close. I had to reboot since all desktop icons were missing. Upon reboot I had a notepad that popped up on the Admin profile with a list of files that had been moved or deleted after restart. Do you want me just to post those results and continue with the Virus removal tool or rerun the OTL with the fix?
  • 0

#57
LArnett

LArnett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Here is the zip file from the Virus removal tool

Attached Files


  • 0

#58
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm that shows no problems either

Lets use a different tool

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#59
LArnett

LArnett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
combofix log

ComboFix 12-02-13.01 - Admin 02/15/2012 8:51.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1032 [GMT -5:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\CSec
c:\program files\TelevisionFanaticEI
c:\users\MY COMPUTER\Desktop\Internet Explorer.lnk
c:\users\MY COMPUTER\Documents\~WRL0004.tmp
c:\windows\system32\KBL.LOG
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-15 to 2012-02-15 )))))))))))))))))))))))))))))))
.
.
2012-02-15 14:06 . 2012-02-15 14:07 -------- d-----w- c:\users\Admin\AppData\Local\temp
2012-02-15 14:06 . 2012-02-15 14:06 -------- d-----w- c:\users\Paige\AppData\Local\temp
2012-02-15 14:06 . 2012-02-15 14:06 -------- d-----w- c:\users\MY COMPUTER\AppData\Local\temp
2012-02-15 14:06 . 2012-02-15 14:06 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-02-15 14:06 . 2012-02-15 14:06 -------- d-----w- c:\users\Lyele\AppData\Local\temp
2012-02-15 14:06 . 2012-02-15 14:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-13 02:12 . 2012-02-13 14:54 -------- d-----w- c:\programdata\AVAST Software
2012-02-13 02:12 . 2012-02-13 02:12 -------- d-----w- c:\program files\AVAST Software
2012-02-11 15:51 . 2012-01-17 09:39 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9754A96F-C5CE-4D69-A015-148667ED3E34}\mpengine.dll
2012-02-10 00:32 . 2012-02-10 00:32 -------- d-----w- c:\programdata\Kaspersky Lab
2012-02-09 21:53 . 2012-02-09 21:53 -------- d-----w- C:\_OTL
2012-02-08 21:41 . 2012-02-08 21:41 -------- d-----w- c:\programdata\Lexmark S300-S400 Series
2012-02-03 03:52 . 2012-02-03 03:52 -------- d-----w- c:\program files\iPod
2012-02-03 03:52 . 2012-02-03 03:53 -------- d-----w- c:\program files\iTunes
2012-01-30 13:52 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-30 13:52 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-30 13:52 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-30 13:52 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-30 13:52 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-30 13:52 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-27 15:57 . 2012-01-27 15:57 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-01-27 15:56 . 2012-01-27 15:56 -------- d-----w- c:\windows\PCHEALTH
2012-01-27 15:56 . 2012-01-27 15:56 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-01-27 15:56 . 2012-01-27 15:56 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-01-27 15:50 . 2012-01-27 15:50 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-01-27 15:49 . 2012-01-27 15:49 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-01-25 01:29 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-25 01:29 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-25 01:29 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-25 01:29 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-25 01:29 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-25 01:28 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-25 01:28 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-25 01:28 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-18 12:49 . 2012-01-18 12:49 -------- d-----w- c:\users\MY COMPUTER\AppData\Roaming\IObit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 10:10 . 2009-10-04 22:06 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-06 20:19 . 2011-12-19 16:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:37 . 2011-12-19 16:04 2043904 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-21 619352]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-30 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"lxeamon.exe"="c:\program files\Lexmark S300-S400 Series\lxeamon.exe" [2010-01-18 770728]
"EzPrint"="c:\program files\Lexmark S300-S400 Series\ezprint.exe" [2010-01-18 139944]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=""
"FirewallOverride"=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-21 494424]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-24 00:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-18 22:38]
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-18 22:38]
.
2012-01-25 c:\windows\Tasks\HPCeeScheduleForLyele.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-02-27 19:58]
.
2009-05-04 c:\windows\Tasks\HPCeeScheduleForMY COMPUTER.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-02-27 19:58]
.
2012-02-15 c:\windows\Tasks\User_Feed_Synchronization-{F9F44191-FD06-4B7A-BF8B-C3DD928118BE}.job
- c:\windows\system32\msfeedssync.exe [2011-12-19 04:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.1.1 74.128.17.114
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-15 09:07
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-02-15 09:11:05
ComboFix-quarantined-files.txt 2012-02-15 14:11
.
Pre-Run: 134,478,942,208 bytes free
Post-Run: 135,632,244,736 bytes free
.
- - End Of File - - A68BD8A154BB8DF449D53DBEBC8B7EC1
  • 0

#60
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What are the current problems ?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP