Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

BSOD & strange IP addresses [Solved]


  • This topic is locked This topic is locked

#1
docfxit

docfxit

    Member

  • Member
  • PipPipPip
  • 102 posts
Please help me remove whatever spyware/malware is on this machine.

I am seeing strange behavior like my router is seeing IP addresses that are dropped like 69.43.161.153
When Firefox starts a download it takes a long time for it to start and then the download manager screen shows starting with no progress until it's finished.

I have updated/scanned this PC with CA antivirus, Malwarebytes, Spypot and Superantivirus.
I have uninstalled Spybot, Superantivirus, CA antivirus and ZoneAlarm.

I should have no antivirus or firewall installed.

When I run:
net view Docfxit"
System error 5 has occurred.
Access is denied.

Docfxit is another PC on my LAN

OTL logfile created on: 3/8/2012 2:54:18 PM - Run 1
OTL by OldTimer - Version 3.2.36.1 Folder = C:\Dnload\SpywarePreventers
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 75.20% Memory free
5.84 Gb Paging File | 5.30 Gb Available in Paging File | 90.79% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.41 Gb Total Space | 89.14 Gb Free Space | 69.97% Space Free | Partition Type: NTFS
Drive F: | 105.48 Gb Total Space | 48.27 Gb Free Space | 45.77% Space Free | Partition Type: NTFS

Computer Name: JIMSDESKTOP | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/08 14:53:49 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Dnload\SpywarePreventers\OTL.exe
PRC - [2012/02/27 11:03:31 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/02/27 11:03:07 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/02/20 17:39:54 | 000,224,920 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
PRC - [2012/02/16 06:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\FireFox\firefox.exe
PRC - [2012/02/16 06:40:41 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\FireFox\plugin-container.exe
PRC - [2011/10/02 02:42:52 | 000,665,608 | ---- | M] (NTWind Software) -- C:\Program Files\WinSnap\WinSnap.exe
PRC - [2011/07/30 13:32:31 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AEADISRV.EXE
PRC - [2011/05/18 22:40:06 | 002,016,504 | ---- | M] (UltraVNC) -- C:\Program Files\UltraVNC\winvnc.exe
PRC - [2011/03/22 21:11:48 | 002,859,077 | ---- | M] (Informer Technologies, Inc.) -- C:\Program Files\Software Informer\softinfo.exe
PRC - [2011/01/11 19:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2011/01/11 19:04:04 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/09/01 23:57:48 | 001,774,992 | ---- | M] (ALTAP) -- C:\Program Files\Salamander 2.5\salamand.exe
PRC - [2010/07/04 11:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/09/20 12:47:08 | 000,091,648 | ---- | M] () -- C:\Program Files\stunnel\stunnel.exe
PRC - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/29 15:06:10 | 001,077,248 | ---- | M] (Marvell Semiconductor, Inc.) -- C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/02/21 00:15:02 | 000,112,208 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
PRC - [2007/02/08 18:14:10 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/12/22 18:11:52 | 000,114,688 | ---- | M] (Avanquest Publishing, Inc.) -- C:\Program Files\MySoftware\MyInvoices\Tracker.exe
PRC - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2005/01/01 15:41:28 | 000,151,552 | ---- | M] (Peas Inc.) -- C:\Program Files\DeeEnEs\DeeEnEs.exe
PRC - [2004/10/12 13:01:52 | 000,032,768 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Common Files\Smith Micro Shared\Fax\SMLoader.exe
PRC - [2004/04/18 11:43:44 | 000,082,944 | ---- | M] (KeirNet) -- C:\Program Files\K9\K9.exe
PRC - [2002/03/19 17:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/24 15:55:50 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/20 17:39:54 | 000,224,920 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
MOD - [2012/02/16 06:40:41 | 001,911,768 | ---- | M] () -- C:\Program Files\FireFox\mozjs.dll
MOD - [2010/07/04 13:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/07/04 13:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 11:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2008/09/20 12:47:08 | 000,091,648 | ---- | M] () -- C:\Program Files\stunnel\stunnel.exe
MOD - [2008/09/20 12:20:26 | 000,074,240 | ---- | M] () -- C:\Program Files\stunnel\zlib1.dll
MOD - [2008/09/20 12:19:40 | 001,420,256 | ---- | M] () -- C:\Program Files\stunnel\libeay32.dll
MOD - [2008/09/20 12:19:40 | 000,306,052 | ---- | M] () -- C:\Program Files\stunnel\libssl32.dll
MOD - [2007/02/08 18:14:10 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2006/12/22 18:02:52 | 000,462,848 | ---- | M] () -- C:\Program Files\MySoftware\MyInvoices\c4dll_v6503.dll
MOD - [2004/09/12 08:17:42 | 000,061,440 | ---- | M] () -- C:\WINDOWS\ContextMenuExt.dll
MOD - [2004/02/27 12:24:30 | 000,026,448 | ---- | M] () -- C:\WINDOWS\system32\smfaxmon.dll
MOD - [2002/03/19 17:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
MOD - [1997/11/05 03:06:00 | 000,517,120 | ---- | M] () -- C:\Program Files\MySoftware\MyInvoices\mtl70mt.dll
MOD - [1997/11/05 03:05:00 | 000,241,664 | ---- | M] () -- C:\Program Files\MySoftware\MyInvoices\mmnyd.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (ACDaemon)
SRV - [2012/02/27 11:03:31 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2012/02/27 11:03:07 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/02/20 17:39:54 | 000,224,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe)
SRV - [2011/07/30 13:32:31 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\system32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011/05/18 22:40:06 | 002,016,504 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files\UltraVNC\WinVNC.exe -- (uvnc_service)
SRV - [2011/01/11 19:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/09/29 10:43:22 | 000,582,424 | ---- | M] (ParetoLogic Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe -- (XoftSpyService)
SRV - [2008/09/20 12:47:08 | 000,091,648 | ---- | M] () [Auto | Running] -- C:\Program Files\stunnel\stunnel.exe -- (stunnel)
SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/02/08 18:14:10 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (ATICDSDr)
DRV - [2012/02/27 11:03:09 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/02/27 10:41:03 | 000,011,496 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mv2.sys -- (mv2)
DRV - [2012/02/20 17:40:08 | 000,016,024 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pssnap.sys -- (pssnap)
DRV - [2011/08/09 16:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/07/30 13:33:12 | 000,073,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2011/07/30 13:33:12 | 000,026,104 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2011/03/18 08:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2011/01/11 19:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/01/11 19:04:04 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/09/23 22:04:50 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/07/04 11:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/05/11 15:29:52 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/05/11 15:29:50 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/09/23 04:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/04/13 11:15:53 | 000,316,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mhtcwqe.sys -- (mhtcwqe)
DRV - [2008/01/31 10:35:54 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007/10/19 10:29:22 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/09/19 20:33:17 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hdaudio.sys -- (HdAudAddService)
DRV - [2007/09/13 03:17:56 | 002,372,096 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2006/07/17 14:07:28 | 000,017,290 | R--- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btpmw32.sys -- (BCMTPM)
DRV - [2006/06/12 23:59:52 | 000,254,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2006/06/12 23:59:46 | 000,727,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/06/12 23:59:42 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [1996/04/03 11:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 B8 53 1D 79 F7 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: File not found
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2011/08/31 07:12:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2012/03/01 17:37:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\FireFox\components [2012/02/25 11:27:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\FireFox\plugins [2012/03/01 17:37:39 | 000,000,000 | ---D | M]

[2010/08/20 12:30:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Extensions
[2012/03/01 18:36:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\j3eu5mmv.default\extensions
[2008/12/08 17:42:09 | 000,000,000 | ---D | M] (Flat Bookmark Editing) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\j3eu5mmv.default\extensions\{5362CD9D-AC69-43e5-8E7D-92EDE5CEF304}
[2010/08/20 12:33:40 | 000,000,000 | ---D | M] (fireform) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\j3eu5mmv.default\extensions\[email protected]
[2008/12/26 13:53:41 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2008/12/26 13:53:41 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2008/12/26 13:53:41 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]

O1 HOSTS File: ([2012/02/24 11:22:46 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [Client Access Express Welcome] C:\Program Files\Client Access\cwbwlwiz.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Help Update] C:\Program Files\Client Access\cwbinhlp.exe (IBM Corporation)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\hdashcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.)
O4 - HKLM..\Run: [SMSI Loader] C:\Program Files\Common Files\Smith Micro Shared\Fax\SMLoader.exe (Smith Micro Software, Inc.)
O4 - HKLM..\Run: [Tracker] C:\Program Files\MySoftware\MyInvoices\Tracker.exe (Avanquest Publishing, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [DeeEnEs] C:\Program Files\DeeEnEs\DeeEnEs.exe (Peas Inc.)
O4 - HKCU..\Run: [WinSnap] C:\Program Files\WinSnap\WinSnap.exe (NTWind Software)
O4 - Startup: C:\Documents and Settings\Jim\Start Menu\Programs\Startup\AS400SignOn.lnk = C:\Batch\AS400SignOn.exe ()
O4 - Startup: C:\Documents and Settings\Jim\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Jim\Start Menu\Programs\Startup\Launch K9.lnk = C:\Program Files\K9\K9.exe (KeirNet)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LocalAccountTokenFilterPolicy = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0C754E3-253F-4332-9262-B3E9D5901E6B}: NameServer = 66.51.205.100,66.51.206.100
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/23 12:16:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4ec531e7-09f9-11de-a0e2-001a6b46c013}\Shell - "" = AutoRun
O33 - MountPoints2\{4ec531e7-09f9-11de-a0e2-001a6b46c013}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4ec531e7-09f9-11de-a0e2-001a6b46c013}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{64f45ced-b9a0-11dd-839b-b7880dc09edf}\Shell - "" = AutoRun
O33 - MountPoints2\{64f45ced-b9a0-11dd-839b-b7880dc09edf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{64f45ced-b9a0-11dd-839b-b7880dc09edf}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{7a40f2a0-9b34-11de-a0f6-001a6b46c013}\Shell - "" = AutoRun
O33 - MountPoints2\{7a40f2a0-9b34-11de-a0f6-001a6b46c013}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7a40f2a0-9b34-11de-a0f6-001a6b46c013}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{e9609108-ee23-11e0-bc33-001a6b46c013}\Shell\AutoRun\command - "" = G:\SecureII\Windows\SecureII.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/08 13:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\AutoIt3
[2012/03/08 13:12:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AutoIt v3
[2012/03/06 22:47:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS
[2012/03/06 22:47:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2012/03/06 22:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2012/03/06 14:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloaded Installers
[2012/03/06 14:24:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2012/03/06 12:41:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/03/06 06:52:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Start Menu\Programs\pdfFactory Pro
[2012/03/06 06:52:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\My Documents\PDF files
[2012/03/06 06:52:38 | 000,335,872 | ---- | C] (FinePrint Software, LLC) -- C:\WINDOWS\System32\fppmon3.dll
[2012/03/06 06:52:38 | 000,126,976 | ---- | C] (FinePrint Software, LLC) -- C:\WINDOWS\System32\fppr332.dll
[2012/03/05 15:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\XoftSpySE
[2012/03/05 15:10:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2012/03/05 15:10:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/03/05 15:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\XoftSpySE
[2012/03/05 15:10:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\XoftSpySE
[2012/03/05 15:10:46 | 000,000,000 | ---D | C] -- C:\Program Files\XoftSpySE6
[2012/03/05 15:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AboutTime
[2012/03/05 15:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\AboutTime
[2012/03/01 19:28:54 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Jim\Desktop\WinsockxpFix.exe
[2012/03/01 19:28:42 | 000,186,368 | ---- | C] (CEXX.ORG) -- C:\Documents and Settings\Jim\Desktop\LSPFix.exe
[2012/03/01 19:28:40 | 000,036,864 | ---- | C] (Rock Systems & Development) -- C:\Documents and Settings\Jim\Desktop\SafeMSI.exe
[2012/03/01 19:26:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2012/03/01 17:39:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\Foxit Software
[2012/03/01 17:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Phantom
[2012/03/01 17:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Foxit Software
[2012/03/01 17:37:02 | 000,000,000 | ---D | C] -- C:\Program Files\foxit phantom
[2012/03/01 16:47:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistOld
[2012/02/29 13:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinSnap
[2012/02/29 13:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinSnap
[2012/02/27 11:02:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Local Settings\Application Data\LogMeIn
[2012/02/27 11:02:00 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2012/02/27 11:02:00 | 000,030,592 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2012/02/27 11:01:59 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2012/02/27 11:01:56 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2012/02/27 11:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2012/02/27 10:41:17 | 000,021,480 | ---- | C] (UVNC BVBA) -- C:\WINDOWS\System32\mv2.dll
[2012/02/27 10:41:17 | 000,011,496 | ---- | C] (UVNC BVBA) -- C:\WINDOWS\System32\drivers\mv2.sys
[2012/02/27 09:49:04 | 000,000,000 | ---D | C] -- C:\dell
[2012/02/27 09:44:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\My Documents\Double Driver Backup
[2012/02/27 09:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Double Driver
[2012/02/26 12:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bonjour Print Services
[2012/02/26 12:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour Print Services
[2012/02/26 12:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\Software Informer
[2012/02/26 12:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\Software Informer
[2012/02/26 12:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Software Informer
[2012/02/25 15:34:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2012/02/25 12:26:58 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2012/02/25 11:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Local Settings\Application Data\ApplicationHistory
[2012/02/25 10:59:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jim\Recent
[2012/02/25 10:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/02/25 10:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/24 15:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\My Documents\ForceField Shared Files
[2012/02/24 15:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\zonealarm_security_suite
[2012/02/24 15:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012/02/24 13:31:05 | 000,000,000 | ---D | C] -- C:\872272a54d70ee97187129d8bf018a00
[2012/02/24 13:02:42 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2012/02/24 13:02:42 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2012/02/24 13:02:31 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2012/02/24 13:02:30 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2012/02/24 13:02:11 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2012/02/24 13:02:10 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2012/02/24 13:02:05 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2012/02/24 13:01:59 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2012/02/24 13:01:51 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2012/02/24 13:01:50 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2012/02/24 13:01:50 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2012/02/24 13:01:48 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2012/02/24 13:01:47 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2012/02/24 13:01:46 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2012/02/24 13:01:46 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2012/02/24 13:01:41 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2012/02/24 13:01:39 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2012/02/24 13:01:39 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2012/02/24 13:01:39 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2012/02/24 13:01:34 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2012/02/24 13:01:30 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2012/02/24 13:01:29 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2012/02/24 13:01:28 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2012/02/24 13:01:25 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2012/02/24 13:01:25 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2012/02/24 13:01:24 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2012/02/24 13:01:24 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2012/02/24 13:01:23 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2012/02/24 13:01:23 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2012/02/24 13:01:16 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2012/02/24 13:01:14 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2012/02/24 13:01:13 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2012/02/24 13:01:12 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2012/02/24 13:01:11 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2012/02/24 13:01:10 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2012/02/24 13:01:06 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2012/02/24 13:01:06 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2012/02/24 13:00:58 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2012/02/24 13:00:58 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2012/02/24 13:00:57 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2012/02/24 13:00:56 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2012/02/24 13:00:55 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2012/02/24 13:00:49 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2012/02/24 13:00:17 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2012/02/24 13:00:16 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2012/02/24 13:00:15 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2012/02/24 13:00:15 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2012/02/24 13:00:14 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2012/02/24 13:00:03 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2012/02/24 13:00:02 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2012/02/24 13:00:02 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2012/02/24 13:00:00 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2012/02/24 12:59:53 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2012/02/24 12:59:52 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2012/02/24 12:59:52 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2012/02/24 12:59:52 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2012/02/24 12:15:34 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2012/02/24 12:15:33 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2012/02/24 12:15:32 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2012/02/24 12:15:29 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2012/02/24 12:15:28 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2012/02/24 12:15:28 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2012/02/24 12:15:27 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2012/02/24 12:15:27 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2012/02/24 12:15:26 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2012/02/24 12:15:26 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2012/02/24 12:15:25 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2012/02/24 12:15:25 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2012/02/24 12:15:24 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2012/02/24 12:15:23 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2012/02/24 12:15:21 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2012/02/24 12:15:20 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2012/02/24 12:15:16 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2012/02/24 12:15:13 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2012/02/24 12:15:12 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2012/02/24 12:15:11 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2012/02/24 12:15:06 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2012/02/24 12:15:06 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2012/02/24 12:14:59 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2012/02/24 12:14:58 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2012/02/24 12:14:58 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2012/02/24 12:14:54 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2012/02/24 12:14:37 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2012/02/24 12:14:35 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2012/02/24 12:14:34 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2012/02/24 12:14:33 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2012/02/24 12:14:27 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2012/02/24 12:14:26 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2012/02/24 12:14:26 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2012/02/24 12:14:25 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2012/02/24 12:14:17 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2012/02/24 12:14:14 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2012/02/24 12:14:13 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2012/02/24 12:14:11 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2012/02/24 12:14:09 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2012/02/24 12:14:08 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2012/02/24 12:14:05 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2012/02/24 12:14:05 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2012/02/24 12:14:05 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2012/02/24 12:14:04 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2012/02/24 12:14:04 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2012/02/24 12:14:04 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2012/02/24 12:14:02 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2012/02/24 12:14:02 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2012/02/24 12:14:02 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2012/02/24 12:14:02 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2012/02/24 12:14:01 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2012/02/24 12:13:35 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2012/02/24 12:13:16 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2012/02/24 12:13:10 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2012/02/24 12:13:10 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2012/02/24 12:13:09 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2012/02/24 12:13:08 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2012/02/24 12:13:08 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2012/02/24 12:13:07 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2012/02/24 12:13:05 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2012/02/24 12:13:04 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2012/02/24 12:13:04 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2012/02/24 12:13:03 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2012/02/24 12:13:02 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2012/02/24 12:13:01 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2012/02/24 12:12:32 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2012/02/24 12:12:11 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2012/02/24 12:11:43 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2012/02/24 12:11:41 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2012/02/24 12:11:34 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2012/02/24 12:11:33 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2012/02/24 12:11:33 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2012/02/24 12:11:28 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2012/02/24 12:11:22 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2012/02/24 12:11:22 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2012/02/24 12:11:20 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2012/02/24 12:11:19 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2012/02/24 12:11:18 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2012/02/24 12:11:17 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2012/02/24 12:11:13 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2012/02/24 12:11:11 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2012/02/24 12:11:11 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2012/02/24 12:10:42 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2012/02/24 12:10:39 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2012/02/24 12:10:35 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2012/02/24 12:10:34 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2012/02/24 12:10:34 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2012/02/24 12:10:33 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2012/02/24 12:10:32 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2012/02/24 12:10:32 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2012/02/24 12:10:32 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2012/02/24 12:10:31 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2012/02/24 12:10:23 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2012/02/24 12:10:23 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2012/02/24 12:10:21 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2012/02/24 12:10:13 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2012/02/24 12:10:13 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2012/02/24 12:10:12 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2012/02/24 12:10:12 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2012/02/24 12:10:11 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2012/02/24 12:10:11 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2012/02/24 12:10:10 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2012/02/24 12:10:09 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2012/02/24 12:10:06 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2012/02/24 12:09:59 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2012/02/24 12:09:54 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2012/02/24 12:09:44 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2012/02/24 12:09:44 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2012/02/24 12:09:44 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2012/02/24 12:09:43 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2012/02/24 12:09:42 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2012/02/24 12:09:41 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2012/02/24 12:09:40 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2012/02/24 12:09:40 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2012/02/24 12:09:39 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2012/02/24 12:09:39 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2012/02/24 12:09:38 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2012/02/24 12:09:07 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2012/02/24 12:09:07 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2012/02/24 12:09:07 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2012/02/24 12:09:06 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2012/02/24 12:09:06 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2012/02/24 12:09:05 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2012/02/24 12:09:05 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2012/02/24 12:09:05 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2012/02/24 12:09:03 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2012/02/24 12:09:03 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2012/02/24 12:09:02 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2012/02/24 12:09:01 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2012/02/24 12:09:01 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2012/02/24 12:09:00 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2012/02/24 12:09:00 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2012/02/24 12:09:00 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2012/02/24 12:08:59 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2012/02/24 12:08:59 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2012/02/24 12:08:55 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2012/02/24 12:08:53 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2012/02/24 12:08:53 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2012/02/24 12:08:52 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2012/02/24 12:08:51 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2012/02/24 12:08:50 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2012/02/24 12:08:50 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2012/02/24 12:08:49 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2012/02/24 12:08:26 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2012/02/24 12:08:22 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2012/02/24 12:08:14 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2012/02/24 12:08:14 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2012/02/24 12:08:13 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2012/02/24 12:08:13 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2012/02/24 12:08:12 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2012/02/24 12:08:10 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2012/02/24 12:08:08 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2012/02/24 12:08:08 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2012/02/24 12:08:06 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2012/02/24 12:08:06 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2012/02/24 12:08:05 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2012/02/24 11:22:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/24 11:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/02/24 11:21:40 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/02/24 08:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\My Documents\Reflect
[2012/02/24 08:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Start Menu\Programs\Macrium
[2012/02/24 08:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\Macrium
[2012/02/24 08:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2012/02/23 11:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2012/02/23 11:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Start Menu\Programs\Unlocker
[2012/02/23 08:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2012/02/23 08:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Start Menu\Programs\SpeedFan
[2012/02/23 08:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbox
[2012/02/20 17:40:18 | 000,012,952 | ---- | C] (Paramount Software UK Ltd) -- C:\WINDOWS\System32\drivers\PSVolAcc.sys
[2012/02/20 17:40:08 | 000,016,024 | ---- | C] (Macrium Software) -- C:\WINDOWS\System32\drivers\pssnap.sys
[2012/02/20 17:40:00 | 000,047,256 | ---- | C] (Macrium Software) -- C:\WINDOWS\System32\drivers\psmounter.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/08 13:31:10 | 000,000,985 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\AVS4YOU Software Navigator.lnk
[2012/03/08 10:22:40 | 000,002,485 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WordPerfect X3.lnk
[2012/03/08 07:41:59 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/08 07:41:55 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/03/08 07:41:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/06 22:47:53 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2012/03/06 22:35:16 | 000,001,762 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/03/06 22:35:16 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2012/03/06 18:00:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2012/03/06 14:32:17 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/06 12:47:42 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/05 15:10:55 | 000,000,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\XoftSpySE.lnk
[2012/03/05 15:10:55 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2012/03/05 15:10:52 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2012/03/01 19:28:54 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Jim\Desktop\WinsockxpFix.exe
[2012/03/01 19:28:42 | 000,186,368 | ---- | M] (CEXX.ORG) -- C:\Documents and Settings\Jim\Desktop\LSPFix.exe
[2012/03/01 19:28:40 | 000,036,864 | ---- | M] (Rock Systems & Development) -- C:\Documents and Settings\Jim\Desktop\SafeMSI.exe
[2012/03/01 19:16:39 | 000,058,012 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2012/03/01 17:37:39 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Phantom.lnk
[2012/03/01 17:03:06 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/03/01 17:03:06 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/02/29 13:58:54 | 000,000,723 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\WinSnap.lnk
[2012/02/29 13:58:54 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinSnap.lnk
[2012/02/29 10:03:34 | 000,002,377 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Reflect.lnk
[2012/02/27 11:03:09 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2012/02/27 11:03:07 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2012/02/27 11:03:07 | 000,030,592 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2012/02/27 10:41:17 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\UltraVNC Viewer.lnk
[2012/02/27 10:41:17 | 000,000,709 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\UltraVNC Server.lnk
[2012/02/27 10:41:03 | 000,011,496 | ---- | M] (UVNC BVBA) -- C:\WINDOWS\System32\drivers\mv2.sys
[2012/02/27 10:41:02 | 000,021,480 | ---- | M] (UVNC BVBA) -- C:\WINDOWS\System32\mv2.dll
[2012/02/26 16:10:46 | 000,554,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/26 16:10:46 | 000,102,620 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/26 11:54:47 | 000,210,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/25 11:27:07 | 000,000,723 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/25 10:29:32 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Total Uninstall 5.lnk
[2012/02/24 11:22:46 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/24 11:21:50 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\Jim\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/24 11:21:41 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\NTREGOPT.lnk
[2012/02/23 10:14:27 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/02/23 10:14:27 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/23 08:47:54 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\SpeedFan.lnk
[2012/02/23 08:47:54 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2012/02/22 15:53:54 | 000,004,184 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/02/20 17:40:18 | 000,012,952 | ---- | M] (Paramount Software UK Ltd) -- C:\WINDOWS\System32\drivers\PSVolAcc.sys
[2012/02/20 17:40:08 | 000,016,024 | ---- | M] (Macrium Software) -- C:\WINDOWS\System32\drivers\pssnap.sys
[2012/02/20 17:40:00 | 000,047,256 | ---- | M] (Macrium Software) -- C:\WINDOWS\System32\drivers\psmounter.sys
[2012/02/19 17:00:24 | 000,002,016 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\Dear Diary.wpd
[2012/02/15 16:55:58 | 001,119,104 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\New Tour Permit.pdf
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/06 22:47:53 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Fix it Center.lnk
[2012/03/06 22:47:53 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2012/03/06 22:35:16 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/03/06 22:35:16 | 000,001,750 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
[2012/03/06 22:35:16 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2012/03/06 22:35:14 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2012/03/06 12:47:42 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/05 15:12:32 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2012/03/05 15:10:55 | 000,000,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\XoftSpySE.lnk
[2012/03/05 15:10:55 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2012/03/05 15:10:50 | 000,000,372 | ---- | C] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2012/03/01 17:37:39 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Phantom.lnk
[2012/02/29 13:58:54 | 000,000,723 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\WinSnap.lnk
[2012/02/29 13:58:54 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinSnap.lnk
[2012/02/27 11:01:44 | 000,000,758 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn.lnk
[2012/02/27 10:41:17 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\UltraVNC Server.lnk
[2012/02/26 11:04:24 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/02/26 11:00:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/26 11:00:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/24 14:41:21 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Jim\Start Menu\Programs\Internet Explorer.lnk
[2012/02/24 13:02:41 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2012/02/24 13:02:40 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2012/02/24 12:14:55 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2012/02/24 12:14:54 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2012/02/24 12:13:38 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2012/02/24 12:11:42 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2012/02/24 12:11:42 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2012/02/24 12:11:41 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2012/02/24 12:11:40 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2012/02/24 12:11:39 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2012/02/24 12:10:34 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2012/02/24 12:10:33 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2012/02/24 12:10:33 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2012/02/24 12:08:44 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2012/02/24 12:08:43 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2012/02/24 12:08:42 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2012/02/24 12:08:41 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2012/02/24 12:08:40 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2012/02/24 12:08:40 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2012/02/24 12:08:39 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2012/02/24 12:08:39 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2012/02/24 12:08:37 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2012/02/24 12:08:32 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2012/02/24 11:21:50 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\Jim\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/24 11:21:41 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\NTREGOPT.lnk
[2012/02/23 10:14:27 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/02/23 10:14:27 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/23 09:00:22 | 000,002,377 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Reflect.lnk
[2012/02/23 08:47:54 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\SpeedFan.lnk
[2012/02/23 08:47:52 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2012/02/19 17:00:24 | 000,002,016 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\Dear Diary.wpd
[2011/05/13 14:01:12 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\housecall.guid.cache
[2010/11/15 19:56:16 | 000,042,556 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/20 09:36:27 | 001,774,720 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010/08/20 09:36:27 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010/08/20 09:36:27 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/08/20 09:36:27 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/08/20 09:36:27 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/03/10 18:57:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

========== LOP Check ==========

[2008/12/02 09:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2008/12/03 12:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2012/03/01 19:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2010/01/13 14:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2012/03/08 07:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/02/24 08:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2011/11/09 16:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2009/10/26 15:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Martau
[2012/03/05 15:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/01/13 14:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters Inc
[2008/12/04 21:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PKWARE
[2008/12/02 12:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2011/07/30 13:00:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2010/07/10 08:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/02/24 15:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\ElevatedDiagnostics
[2008/12/26 13:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\eMusic
[2012/03/05 13:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Foxit Software
[2010/01/13 14:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\GetRightToGo
[2008/12/03 18:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\InterVideo
[2008/12/01 09:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\K9
[2009/10/20 17:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Marvell
[2011/11/09 16:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\mjusbsp
[2011/05/13 14:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\PCFix
[2008/12/04 21:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\PKWARE
[2009/03/05 19:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Skinux
[2012/03/08 13:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Software Informer
[2012/02/25 11:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Uniblue
[2008/11/23 23:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Windows Desktop Search
[2008/11/24 00:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Windows Search
[2012/03/06 18:00:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2012/03/05 15:10:55 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 3/8/2012 2:54:18 PM - Run 1
OTL by OldTimer - Version 3.2.36.1 Folder = C:\Dnload\SpywarePreventers
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 75.20% Memory free
5.84 Gb Paging File | 5.30 Gb Available in Paging File | 90.79% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.41 Gb Total Space | 89.14 Gb Free Space | 69.97% Space Free | Partition Type: NTFS
Drive F: | 105.48 Gb Total Space | 48.27 Gb Free Space | 45.77% Space Free | Partition Type: NTFS

Computer Name: JIMSDESKTOP | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\FireFox\firefox.exe (Mozilla Corporation)
.js [@ = UltraEdit.js] -- C:\Program Files\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\FireFox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\FireFox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\FireFox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [opennew] -- explorer.exe /e, %1 (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800
"80:TCP" = 80:TCP:*:Enabled:HTTP web server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\setup\HPZNUI01.EXE" = E:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe
"E:\setup\HPONICIFS01.EXE" = E:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Port Detective\PortDetective.exe" = C:\Program Files\Port Detective\PortDetective.exe:*:Enabled:PortDetective -- ()
"C:\Documents and Settings\Jim\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Jim\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\UltraVNC\winvnc.exe" = C:\Program Files\UltraVNC\winvnc.exe:*:Enabled:winvnc.exe -- (UltraVNC)
"C:\Program Files\UltraVNC\vncviewer.exe" = C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{05807631-02A1-3459-8856-0237F67DAC12}" = Catalyst Control Center Localization German
"{073786F2-18E0-439B-9A31-312B71FA48D5}" = MyInvoices & Estimates Deluxe
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B989801-2569-68FF-DEBA-C36802FB32FF}" = Catalyst Control Center Localization French
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{135DBA2F-F801-7BE6-DFBD-08F5A32A9A52}" = Catalyst Control Center Localization Polish
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1B0A6F19-81DD-42BB-E62D-D5A47BE3BD71}" = Catalyst Control Center Localization Greek
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1E187923-04E5-4E1F-9BF2-40E32D93A1C4}" = HP Color LaserJet CP1210 Series Toolbox
"{20615E77-DE29-BCC4-3006-7A1448276EC7}" = Catalyst Control Center Localization Chinese Standard
"{211FBC16-D15B-6DB3-D2C6-939F082888F0}" = ccc-core-preinstall
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26DDB12A-CB5E-4C0B-89AF-817CA0E59CC9}" = HP LaserJet Toolbox
"{29BA5FC8-8573-C9B7-C7A7-24C02A74BABC}" = Catalyst Control Center Graphics Previews Common
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{31B213A4-BCDA-5188-9BDA-220C0121C07D}" = CCC Help Greek
"{31D82DC2-E407-45B1-A9B7-950FD4D7B4FC}" = Macrium Reflect Free Edition
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E332AF0-1EC9-DF35-5298-7DD744406DC1}" = CCC Help French
"{3F1347BE-D017-AC98-F9FA-5BC340DB4601}" = CCC Help Russian
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{452BD7BC-4608-D20F-5CDA-8F1416BB4661}" = CCC Help English
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB05099-1963-4268-A3BB-9153964750ED}" = XoftSpySE
"{4E11A012-894F-2767-0476-531CF538DCFA}" = Catalyst Control Center Localization Spanish
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{54360A73-B080-4A69-BFD4-53C190DD3AB0}" = HP Color LaserJet CP1210 Series
"{54A3A1D0-B95D-A722-C59B-F481FD3E958A}" = Catalyst Control Center Localization Turkish
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57573545-74EB-46D2-B362-AA05364E4ED8}" = LogMeIn
"{578A9233-27DA-1BCB-1416-05411B6D916C}" = CCC Help Chinese Standard
"{591AC478-F95B-BF7C-A5F6-0AD56C3F10AF}" = CCC Help Spanish
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{606A6455-968B-AC75-7BC3-00C34179CC35}" = ccc-core-static
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65DF7F3D-7AF5-250B-6538-8E543643D1F0}" = CCC Help Italian
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6E7E56F6-561C-78A3-BFCB-6A465092939B}" = Catalyst Control Center Localization Japanese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 2.3.00
"{7298DF06-5997-7DB4-E2B5-8BBCF977CE40}" = CCC Help Chinese Traditional
"{7516254D-7F98-49DD-8209-5D2208BD1033}" = Nero 7 Ultra Edition
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CC853FD-298A-4AD5-A1D7-70ED2DCBFB3A}" = Catalyst Control Center - Branding
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{806369DC-E913-E546-6D09-AAA9F311EAED}" = CCC Help Korean
"{83ED5194-BD1B-4FF7-456D-E8B42CCB5592}" = CCC Help Dutch
"{87ECA286-F3AE-000B-7D64-B731A97B0F61}" = CCC Help Thai
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8D6E1F36-9085-662A-5731-E0815658ADA8}" = Skins
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9576B4EE-5E87-4C14-AFCE-2F6FC2B276B8}" = Broadcom TPM Driver Installer
"{977CEF18-AB33-4C8C-8D6A-B05972CA3F6C}" = UltraEdit v14.00a
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A9ED54A-0FAB-4D34-A3B9-F6C659E1F898}" = CopyProfile
"{9AD3BFB5-16D0-2A86-951B-1D775E000200}" = CCC Help Portuguese
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C09E3A4-850A-40B2-B94F-EBFB5349C238}" = hppusgCP1215
"{9C654A82-4C2C-D0B9-DE34-4014972109AA}" = ccc-utility
"{9C8A73A4-9802-AC21-57C7-989A1FB3E45E}" = Catalyst Control Center Graphics Light
"{9D210D79-AEC5-453B-960C-4DD2C73931E1}" = Bonjour Print Services
"{9E7D2F45-B67D-0CFB-828A-CB287E648F60}" = Catalyst Control Center Localization Italian
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5F029F-D2A2-AE1B-3F66-7D26D49ECFBC}" = Catalyst Control Center Graphics Full Existing
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B01F3300-D34B-9826-3C8C-4379A714A9F0}" = Catalyst Control Center Localization Korean
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B7070927-595B-C492-EA17-468A71D700CF}" = Catalyst Control Center Localization Czech
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B7933CA3-BE8E-F3D0-C5A7-C1399F0F816D}" = Catalyst Control Center Localization Dutch
"{B99E17CF-E74A-5C58-0263-9728D1E5446C}" = CCC Help Polish
"{BB13193C-6884-0682-C01E-69EF957A6C90}" = Catalyst Control Center Graphics Full New
"{BB92E35A-F5B8-4D59-90F3-CF863871BCF3}" = OpenMG Secure Module 4.0.05
"{BBD6BA59-4593-43CC-BBC8-8E53D354AEA4}" = Atmel TPM Driver Installer 3.0.3.15
"{BE50AEA5-368C-0486-6937-819AD6332602}" = CCC Help Danish
"{BFD00D02-D752-0815-6906-6A84C83DF17D}" = CCC Help Hungarian
"{BFDE0B2A-CA9F-D6A5-7494-EB2B205786A9}" = CCC Help German
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C33F4232-592E-CFE2-227F-FA1DCA22F88E}" = Catalyst Control Center Localization Norwegian
"{C44D64EB-DE2D-8485-33F2-415B6E909845}" = Catalyst Control Center Localization Portuguese
"{C587E5B1-BC8D-2FB8-5BD6-4B7C3D84C918}" = CCC Help Swedish
"{C5BB031B-D27B-2452-D0A4-AA290348FEF6}" = Catalyst Control Center Localization Russian
"{C6D4C3EA-79AD-FD30-871E-BA6B513240ED}" = Catalyst Control Center Localization Finnish
"{C9182AFC-D4B9-C61F-A633-8C57E61DE536}" = Catalyst Control Center Localization Swedish
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CA3F0F69-C11F-9F41-705B-823C4E53734D}" = CCC Help Turkish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBD1C514-207F-3F5E-6D06-ABC0614F2A75}" = Catalyst Control Center Localization Thai
"{CC5CFE0B-EA3B-B4C6-9189-4C1FB30FBB74}" = Catalyst Control Center Localization Danish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DFB2F7D7-F17C-309C-4937-A1E9D9528F41}" = CCC Help Norwegian
"{DFDABF78-C0AD-637F-C105-33E902DEC871}" = CCC Help Japanese
"{E009960A-C84E-C9CE-6F7C-481E1F187819}" = CCC Help Finnish
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{F005F163-0F80-9E4F-401A-526D20F200AE}" = Catalyst Control Center Core Implementation
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3A52623-4890-415D-A43A-F71A3A39C273}" = HPCarePackProducts
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F62BA1E9-06EE-447B-7200-16E46ADFE849}" = CCC Help Czech
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA62EEEE-138C-FDD0-20B7-09DBE9234785}" = Catalyst Control Center Localization Chinese Traditional
"{FB9589FD-F721-4C34-ACB6-C6169645EEB5}" = SecureZIP for Windows 12.00.0017
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows XP Signed Files
"{FCB4BF83-069D-4A95-00A7-0839ABD4CC49}" = Catalyst Control Center Localization Hungarian
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"AboutTime_is1" = AboutTime
"ActiCalc" = ActiCalc
"Active Ports" = Active Ports
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Altap Salamander 2.54" = Altap Salamander 2.54
"ATI Display Driver" = ATI Display Driver
"AutoItv3" = AutoIt v3.3.8.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Belarc Advisor" = Belarc Advisor 8.2
"CCleaner" = CCleaner
"ClientAccessExpress" = IBM AS/400 Client Access Express for Windows
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_201414F1" = HSF2014 56K Data Fax Modem
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"EASEUS Partition Master Professional Edition_is1" = EASEUS Partition Master 6.0.1 Professional
"Emicsoft MTS Converter_is1" = Emicsoft MTS Converter
"eMusic Download Manager" = eMusic Download Manager 4.0.0.5
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.60
"Foxit Phantom" = Foxit Phantom
"HomeVision-Pro 3.5" = HomeVision-Pro 3.5
"HotFax MessageCenter" = HotFax MessageCenter
"HP Color LaserJet CP1210 Series" = HP Color LaserJet CP1210 Series
"ie8" = Windows Internet Explorer 8
"InstallShield_{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9
"Jetsoft Art-Copy 7.6 - Business" = Jetsoft Art-Copy 7.6 - Business
"jv16 PowerTools 2009_is1" = jv16 PowerTools 2009
"K9" = K9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"pdfFactory Pro" = pdfFactory Pro
"Pegasus Mail" = Pegasus Mail
"PFPortChecker" = PFPortChecker 1.0.36
"Port" = Port Detective
"Revo Uninstaller" = Revo Uninstaller 1.93
"Software Informer_is1" = Software Informer 1.1
"SpeedFan" = SpeedFan (remove only)
"stunnel" = stunnel
"Total Uninstall 5_is1" = Total Uninstall 5.10.2
"Tweak UI 2.10" = Tweak UI
"Ultravnc2_is1" = UltraVnc
"Unlocker" = Unlocker 1.9.0
"VuePrint" = VuePrint
"Weather Display_is1" = Weather Display 10.37M
"WinSnap" = WinSnap
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"magicJack" = magicJack

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/6/2012 11:53:11 AM | Computer Name = JIMSDESKTOP | Source = Application Error | ID = 1000
Description = Faulting application jv16PT.exe, version 1.9.0.526, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x0001e374.

Error - 3/6/2012 2:47:25 PM | Computer Name = JIMSDESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19190, fault address 0x0019a8ab.

Error - 3/6/2012 3:22:06 PM | Computer Name = JIMSDESKTOP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/6/2012 3:22:06 PM | Computer Name = JIMSDESKTOP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/6/2012 3:22:06 PM | Computer Name = JIMSDESKTOP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/6/2012 3:22:06 PM | Computer Name = JIMSDESKTOP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/6/2012 4:32:09 PM | Computer Name = JIMSDESKTOP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/6/2012 4:32:09 PM | Computer Name = JIMSDESKTOP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/6/2012 4:32:09 PM | Computer Name = JIMSDESKTOP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/6/2012 4:32:09 PM | Computer Name = JIMSDESKTOP | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 3/6/2012 3:22:14 PM | Computer Name = JIMSDESKTOP | Source = Service Control Manager | ID = 7023
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated with the following error: %%31

Error - 3/6/2012 4:32:19 PM | Computer Name = JIMSDESKTOP | Source = Service Control Manager | ID = 7023
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated with the following error: %%31

Error - 3/6/2012 4:42:35 PM | Computer Name = JIMSDESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service WSearch with
arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}

Error - 3/6/2012 4:47:53 PM | Computer Name = JIMSDESKTOP | Source = Service Control Manager | ID = 7023
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated with the following error: %%31

Error - 3/6/2012 6:27:31 PM | Computer Name = JIMSDESKTOP | Source = Service Control Manager | ID = 7023
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated with the following error: %%31

Error - 3/6/2012 6:34:24 PM | Computer Name = JIMSDESKTOP | Source = Service Control Manager | ID = 7023
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated with the following error: %%31

Error - 3/6/2012 9:44:09 PM | Computer Name = JIMSDESKTOP | Source = Service Control Manager | ID = 7023
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated with the following error: %%31

Error - 3/6/2012 9:48:31 PM | Computer Name = JIMSDESKTOP | Source = Service Control Manager | ID = 7023
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated with the following error: %%31

Error - 3/7/2012 1:35:34 AM | Computer Name = JIMSDESKTOP | Source = Service Control Manager | ID = 7023
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated with the following error: %%31

Error - 3/8/2012 11:41:56 AM | Computer Name = JIMSDESKTOP | Source = Service Control Manager | ID = 7023
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated with the following error: %%31


< End of report >

Thank you,

Docfxit

Edited by docfxit, 08 March 2012 - 07:06 PM.

  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello docfxit and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

These errors could be caused by anything. Remember that we are going to check if your problems are related to malware first.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O33 - MountPoints2\{4ec531e7-09f9-11de-a0e2-001a6b46c013}\Shell - "" = AutoRun
    O33 - MountPoints2\{4ec531e7-09f9-11de-a0e2-001a6b46c013}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{4ec531e7-09f9-11de-a0e2-001a6b46c013}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O33 - MountPoints2\{64f45ced-b9a0-11dd-839b-b7880dc09edf}\Shell - "" = AutoRun
    O33 - MountPoints2\{64f45ced-b9a0-11dd-839b-b7880dc09edf}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{64f45ced-b9a0-11dd-839b-b7880dc09edf}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O33 - MountPoints2\{7a40f2a0-9b34-11de-a0f6-001a6b46c013}\Shell - "" = AutoRun
    O33 - MountPoints2\{7a40f2a0-9b34-11de-a0f6-001a6b46c013}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{7a40f2a0-9b34-11de-a0f6-001a6b46c013}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O33 - MountPoints2\{e9609108-ee23-11e0-bc33-001a6b46c013}\Shell\AutoRun\command - "" = G:\SecureII\Windows\SecureII.exe

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles


Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe &amp; follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now


Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#3
docfxit

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Thank you for taking on this case. And thank you for helping me clean up this PC.

ComboFix 12-03-15.03 - Jim 03/15/2012 9:52.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2504 [GMT -7:00]
Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jim\WINDOWS
c:\windows\system32\Cache
c:\windows\system32\default_user_class.dat.LOG
c:\windows\system32\drivers\mhtcwqe.sys
c:\windows\system32\PowerToyReadme.htm
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_mhtcwqe
-------\Service_mhtcwqe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-15 to 2012-03-15 )))))))))))))))))))))))))))))))
.
.
2012-03-15 16:43 . 2012-03-15 16:43 -------- d-----w- C:\_OTL
2012-03-13 04:17 . 2012-03-13 04:17 -------- d-----w- c:\program files\Event Log Explorer
2012-03-09 00:58 . 2012-03-09 00:58 -------- d-----w- c:\documents and settings\Jim\Application Data\Malwarebytes
2012-03-08 21:30 . 2011-09-17 00:05 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll
2012-03-08 21:30 . 2011-08-23 00:33 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2012-03-08 21:12 . 2012-03-08 21:12 -------- d-----w- c:\program files\AutoIt3
2012-03-07 06:47 . 2012-03-07 06:47 -------- d-----w- c:\windows\MATS
2012-03-07 06:47 . 2012-03-07 06:47 -------- d-----w- c:\program files\Microsoft Fix it Center
2012-03-07 06:35 . 2012-03-07 06:35 -------- d-----w- c:\program files\Belarc
2012-03-07 06:35 . 2011-08-10 00:33 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2012-03-07 04:32 . 2012-03-07 04:32 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Foxit Software
2012-03-06 20:41 . 2012-03-06 20:42 -------- dc-h--w- c:\windows\ie8
2012-03-06 18:45 . 2012-03-06 18:46 -------- d-----w- c:\documents and settings\Administrator
2012-03-06 14:52 . 2008-04-18 20:24 126976 ------w- c:\windows\system32\fppr332.dll
2012-03-06 14:52 . 2008-04-18 20:22 335872 ------w- c:\windows\system32\fppmon3.dll
2012-03-05 23:01 . 2012-03-05 23:01 -------- d-----w- c:\program files\AboutTime
2012-03-02 03:26 . 2012-03-02 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\CA-SupportBridge
2012-03-02 01:39 . 2012-03-05 21:06 -------- d-----w- c:\documents and settings\Jim\Application Data\Foxit Software
2012-03-02 01:37 . 2012-03-02 01:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\Foxit Software
2012-03-02 01:37 . 2012-03-02 01:50 -------- d-----w- c:\program files\foxit phantom
2012-03-02 00:47 . 2012-03-02 01:10 -------- d-----w- c:\windows\SoftwareDistOld
2012-02-29 21:58 . 2012-02-29 21:58 -------- d-----w- c:\program files\WinSnap
2012-02-28 04:29 . 2008-01-31 18:35 21376 ----a-w- c:\windows\system32\drivers\psadd.sys
2012-02-27 19:02 . 2012-02-27 19:02 -------- d-----w- c:\documents and settings\Jim\Local Settings\Application Data\LogMeIn
2012-02-27 19:02 . 2012-02-27 19:03 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-27 19:02 . 2012-02-27 19:03 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-02-27 19:02 . 2012-02-27 19:03 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-02-27 19:01 . 2011-01-12 03:04 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-02-27 19:01 . 2012-02-27 19:03 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-02-27 19:01 . 2012-02-28 03:36 -------- d-----w- c:\program files\LogMeIn
2012-02-27 18:41 . 2012-02-27 18:41 11496 ----a-w- c:\windows\system32\drivers\mv2.sys
2012-02-27 18:41 . 2012-02-27 18:41 21480 ----a-w- c:\windows\system32\mv2.dll
2012-02-27 17:49 . 2012-02-27 17:49 -------- d-----w- C:\dell
2012-02-27 17:41 . 2012-02-27 17:41 -------- d-----w- c:\program files\Double Driver
2012-02-26 20:59 . 2012-02-26 20:59 -------- d-----w- c:\program files\Bonjour Print Services
2012-02-26 20:35 . 2012-03-09 22:28 -------- d-----w- c:\documents and settings\Jim\Application Data\Software Informer
2012-02-26 20:35 . 2012-02-26 20:35 -------- d-----w- c:\program files\Software Informer
2012-02-26 19:00 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-26 19:00 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-26 17:51 . 2012-02-26 17:51 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2012-02-26 17:51 . 2012-02-26 23:32 -------- d-----w- c:\documents and settings\ATUUser5
2012-02-25 23:34 . 2012-03-15 16:51 -------- d-----w- c:\windows\system32\CatRoot2
2012-02-25 19:19 . 2012-02-25 19:24 -------- d-----w- c:\documents and settings\Jim\Local Settings\Application Data\ApplicationHistory
2012-02-25 18:26 . 2012-02-25 18:26 -------- d-----w- c:\program files\Common Files\Java
2012-02-25 18:25 . 2012-02-25 18:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-24 23:54 . 2012-02-24 23:54 -------- d-----w- c:\program files\zonealarm_security_suite
2012-02-24 23:42 . 2012-03-06 18:25 -------- d-----w- c:\program files\CheckPoint
2012-02-24 21:31 . 2012-02-24 22:38 -------- d-----w- C:\872272a54d70ee97187129d8bf018a00
2012-02-24 20:59 . 2001-08-17 21:56 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2012-02-24 20:15 . 2001-08-17 20:51 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2012-02-24 20:14 . 2001-08-17 20:28 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2012-02-24 20:13 . 2008-04-13 17:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2012-02-24 20:12 . 2001-08-18 05:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2012-02-24 20:11 . 2001-08-17 20:28 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
2012-02-24 20:10 . 2001-08-18 05:36 53248 -c--a-w- c:\windows\system32\dllcache\eqndiag.exe
2012-02-24 20:09 . 2001-08-17 20:51 6656 -c--a-w- c:\windows\system32\dllcache\cmdide.sys
2012-02-24 20:08 . 2001-08-18 05:36 9728 -c--a-w- c:\windows\system32\dllcache\brcoinst.dll
2012-02-24 20:07 . 2001-08-17 21:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-02-24 19:21 . 2012-02-24 19:21 -------- d-----w- c:\program files\ERUNT
2012-02-24 16:31 . 2012-02-24 16:31 -------- d-----w- c:\program files\Macrium
2012-02-24 16:20 . 2012-02-24 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrium
2012-02-23 19:08 . 2012-02-25 23:33 -------- d-----w- c:\program files\Unlocker
2012-02-23 16:47 . 2012-03-13 15:39 -------- d-----w- c:\program files\SpeedFan
2012-02-23 16:46 . 2012-02-23 16:46 -------- d-----w- c:\program files\Toolbox
2012-02-21 01:40 . 2012-02-21 01:40 12952 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2012-02-21 01:40 . 2012-02-21 01:40 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys
2012-02-21 01:40 . 2012-02-21 01:40 47256 ----a-w- c:\windows\system32\drivers\psmounter.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 20:48 . 2011-07-07 02:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-25 18:25 . 2010-08-16 18:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-18 06:21 . 2008-12-02 17:13 65536 ----a-r- c:\documents and settings\Jim\Application Data\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2012-01-12 16:53 . 2007-09-20 04:49 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-20 14:22 . 2008-12-07 23:03 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2011-12-17 19:46 . 2007-09-20 04:59 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2007-09-20 04:58 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2007-09-20 04:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeeEnEs"="c:\program files\DeeEnEs\DeeEnEs.exe" [2005-01-01 151552]
"WinSnap"="c:\program files\WinSnap\WinSnap.exe" [2011-10-02 665608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-20 45632]
"SMSI Loader"="c:\program files\Common Files\Smith Micro Shared\Fax\SMLoader.exe" [2004-10-12 32768]
"Client Access Help Update"="c:\program files\Client Access\cwbinhlp.exe" [2001-05-08 24626]
"Client Access Express Welcome"="c:\program files\Client Access\cwbwlwiz.exe" [2001-05-08 20530]
"Tracker"="c:\program files\MySoftware\MyInvoices\tracker.exe" [2006-12-23 114688]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2007-09-20 61952]
"PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1077248]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-12 63048]
"pdfFactory Pro Dispatcher v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2008-04-18 520192]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2007-02-21 112208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"LabelMaker2.0"="c:\program files\Common Files\MySoftware\regdll.dll" [2006-08-03 94208]
.
c:\documents and settings\Jim\Start Menu\Programs\Startup\
AS400SignOn.lnk - c:\batch\AS400SignOn.exe [2008-11-30 120972]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Launch K9.lnk - c:\program files\K9\K9.exe [2004-4-18 82944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"LocalAccountTokenFilterPolicy"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-02-27 19:03 87424 ----a-w- c:\windows\system32\LMIinit.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Port Detective\\PortDetective.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Jim\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/27/2009 8:52 AM 64288]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2/20/2012 6:40 PM 16024]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/27/2009 8:51 AM 95024]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [7/6/2011 5:32 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [1/11/2011 8:04 PM 12856]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2/20/2012 6:39 PM 224920]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 9:09 PM 11032]
R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [2/27/2012 11:41 AM 2016504]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2/27/2012 11:41 AM 11496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 ATICDSDr;ATICDSDr; [x]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [8/20/2010 10:36 AM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [8/20/2010 10:36 AM 8456]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 11:09 PM 267568]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
TCP: Interfaces\{B0C754E3-253F-4332-9262-B3E9D5901E6B}: NameServer = 66.51.205.100,66.51.206.100
FF - ProfilePath - c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\uvk7uhp5.Default User\
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
------- File Associations -------
.
.txt=UltraEdit.txt
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mhtcwqe
SafeBoot-redbook
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-15 09:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"v5Licence0"="15-D3B3-T282-7E18-N3DU-U8TZ-SANPJD1"
"Activated"="N"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,6d,d5,cb,14,61,da,4c,8a,1a,78,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,6d,d5,cb,14,61,da,4c,8a,1a,78,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(492)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(2908)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\program files\Salamander 2.5\plugins\salamext.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\netdde.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-03-15 10:05:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-15 17:04
.
Pre-Run: 97,401,552,896 bytes free
Post-Run: 97,308,778,496 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 382915F29B091A5E79EBD9111DBDD317
  • 0

#4
docfxit

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ec531e7-09f9-11de-a0e2-001a6b46c013}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ec531e7-09f9-11de-a0e2-001a6b46c013}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ec531e7-09f9-11de-a0e2-001a6b46c013}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ec531e7-09f9-11de-a0e2-001a6b46c013}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ec531e7-09f9-11de-a0e2-001a6b46c013}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ec531e7-09f9-11de-a0e2-001a6b46c013}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64f45ced-b9a0-11dd-839b-b7880dc09edf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64f45ced-b9a0-11dd-839b-b7880dc09edf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64f45ced-b9a0-11dd-839b-b7880dc09edf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64f45ced-b9a0-11dd-839b-b7880dc09edf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64f45ced-b9a0-11dd-839b-b7880dc09edf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64f45ced-b9a0-11dd-839b-b7880dc09edf}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a40f2a0-9b34-11de-a0f6-001a6b46c013}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a40f2a0-9b34-11de-a0f6-001a6b46c013}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a40f2a0-9b34-11de-a0f6-001a6b46c013}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a40f2a0-9b34-11de-a0f6-001a6b46c013}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a40f2a0-9b34-11de-a0f6-001a6b46c013}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a40f2a0-9b34-11de-a0f6-001a6b46c013}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9609108-ee23-11e0-bc33-001a6b46c013}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9609108-ee23-11e0-bc33-001a6b46c013}\ not found.
File G:\SecureII\Windows\SecureII.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Dnload\SpywarePreventers\cmd.bat deleted successfully.
C:\Dnload\SpywarePreventers\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.36.1 log created on 03152012_094357
  • 0

#5
docfxit

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Just an update.

The download manager problem showing starting with no progress until it's finished has been fixed. That's really great.
The strange IP addresses that are dropped are still showing up and the System error 5 during net view is still occurring.

Thank you for working on this.

Docfxit
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi docfxit,

Step 1

The strange IP addresses that are dropped are still showing up


Does this IP dropping causing you any problems or you are just concerned about it?

Step 2

System error 5 during net view is still occurring


There are a lot of things that can cause this but let's try something.

Open My Computer
In address bar type (change MyOtherPC with name of your network PC)

\\MyOtherPC

mycomp.PNG

Press enter and wait few seconds. Tell me what do you see now?

Step 3

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Step 4


Please don't forget to include these items in your reply:

  • VRT log
It would be helpful if you could post each log in separate post
  • 0

#7
docfxit

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
I'm getting a number of BSOD
Everytime when windows starts up I get a Windows Installer window then I get another window saying Please run setup.exe to install quickbooks.
This PC takes a long time to open web pages.
It takes a long time to download any file.
My router is seeing strange IP addresses that are being dropped.

Running:
XP Pro sp3 with all current updates.
Bitdefender
I have uninstalled ZoneAlarm for testing.

========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ec531e7-09f9-11de-a0e2-001a6b46c013}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ec531e7-09f9-11de-a0e2-001a6b46c013}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ec531e7-09f9-11de-a0e2-001a6b46c013}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ec531e7-09f9-11de-a0e2-001a6b46c013}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ec531e7-09f9-11de-a0e2-001a6b46c013}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ec531e7-09f9-11de-a0e2-001a6b46c013}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64f45ced-b9a0-11dd-839b-b7880dc09edf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64f45ced-b9a0-11dd-839b-b7880dc09edf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64f45ced-b9a0-11dd-839b-b7880dc09edf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64f45ced-b9a0-11dd-839b-b7880dc09edf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64f45ced-b9a0-11dd-839b-b7880dc09edf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64f45ced-b9a0-11dd-839b-b7880dc09edf}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a40f2a0-9b34-11de-a0f6-001a6b46c013}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a40f2a0-9b34-11de-a0f6-001a6b46c013}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a40f2a0-9b34-11de-a0f6-001a6b46c013}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a40f2a0-9b34-11de-a0f6-001a6b46c013}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a40f2a0-9b34-11de-a0f6-001a6b46c013}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a40f2a0-9b34-11de-a0f6-001a6b46c013}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9609108-ee23-11e0-bc33-001a6b46c013}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9609108-ee23-11e0-bc33-001a6b46c013}\ not found.
File G:\SecureII\Windows\SecureII.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Dnload\SpywareRemovers\cmd.bat deleted successfully.
C:\Dnload\SpywareRemovers\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.29.1 log created on 03152012_224413


Please help me remove any Malware/Virus/Trogens

Thank you,

Docfxit
  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Do steps from my last post and let me know results.
  • 0

#9
docfxit

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts

Hi docfxit,

Step 1

The strange IP addresses that are dropped are still showing up


Does this IP dropping causing you any problems or you are just concerned about it?


I'm just concerned about it. I feel if this computer is trying to get to IP addresses that are being blocked by something on my network or ISP it must be some program that is bad running on this PC.

Step 2

System error 5 during net view is still occurring


There are a lot of things that can cause this but let's try something.

Open My Computer
In address bar type (change MyOtherPC with name of your network PC)

\\MyOtherPC

mycomp.PNG

Press enter and wait few seconds. Tell me what do you see now?


This brought up a UserName/Password screen. After entering the same user name and password that was on both this PC and the other PC it totally fixed the problem.

Step 3

Download Virus Removal Tool from Here to your desktop

Run the programe you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


I forgot to save the log. I'm sorry. Is there some way I can see the log again? There was only one file it found in c:\Qoobox a quarantined file from combofix.

Step 4


Please don't forget to include these items in your reply:

  • VRT log
It would be helpful if you could post each log in separate post


I started a new thread relating to a different PC #2. Somehow it was merged into this thread. It is post #7. That has nothing to do with this PC #1. I don't know if you can separate them again.

This PC is working much better now. The only issue I am still worried about is this PC trying to access IP addresses that are being blocked.

Thank you very much for the help.

Docfxit
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi docfxi,

I checked a lot of similar issues with IP dropping and it could be from all sort of problems. Basically don't worry if it don't causing you internet browsing problems.

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP