Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

programs in All Programs empty after Security Check malware [Closed]

Started by Ndhlp , Mar 16 2012 12:00 PM

  • This topic is locked This topic is locked

#1
Ndhlp
Posted 16 March 2012 - 12:00 PM

Ndhlp

    New Member

  • Member
  • Pip
  • 5 posts
Hello,

My friend's computer was recently infected with the fake Microsoft Security Check malware/mess. I have been trying to help them get it back to normal. Thanks to the terrific assistance of someone on their anti-malware site's forum, I have gotten it clean and mostly recovered but we are having trouble recovering the shortcuts in All Programs. Most of them are empty. The All Programs Accessories and All Programs Administrative Tools were the few shortcuts left intact.

Unfortunately the smtmp folders are empty so we cannot recover the items from there. And to further cause aggravation, despite having Sysyem Restore points galore, System Restore always come up incomplete whether in Safe or Normal mode.

I had seen in another forum on this site (http://www.geekstogo...us/page__st__10) the repair.vbs program and was hoping someone could advise me:

1. If it was ok to run based upon this computers situation prior to my downloading and running it.

2. They only have the Administrator and "owner" as users on this computer. Would I paste the links to C:\Documents and Settings\ Administrator.YOUR-5E03CF73DE\Start Menu or the Owner's start Menu? Does it make a difference?

3. Just paste the links to Start Menu or open it and paste it to programs?

4. Do MBAM and Avira need to be disabled prior to running repair.vbs and pasting the shortcuts?

I cannot open the programs from the C:\Program Files folder either as they are all file folders and if I open a program's folder i.e. Microsoft Works or Works Suite, I see several .exe files and I have no idea which one is the one that opens the program...

This program appears to be their last resort prior to a repair install so I would be really grateful for your help. (I didn't post the link to the other site with the whole history of what we did as I thought the posting rules asked not to).

Here is the OTL log:

OTL logfile created on: 3/16/2012 1:17:34 PM - Run 3
OTL by OldTimer - Version 3.2.37.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 70.81% Memory free
2.29 Gb Paging File | 1.77 Gb Available in Paging File | 77.38% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.28 Gb Total Space | 125.64 Gb Free Space | 84.73% Space Free | Partition Type: NTFS
Drive D: | 5.08 Gb Total Space | 2.70 Gb Free Space | 53.11% Space Free | Partition Type: FAT32

Computer Name: YOUR-5E03CF73DE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/15 13:58:16 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
PRC - [2011/12/12 12:03:40 | 000,290,832 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/10/11 15:00:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/11 15:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 15:00:08 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 15:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/01/23 19:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
PRC - [2010/04/14 16:08:12 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxeccoms.exe
PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2010/01/18 12:27:10 | 000,139,944 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
PRC - [2009/11/18 10:50:40 | 000,668,912 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
PRC - [2009/11/18 10:50:32 | 000,468,208 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
PRC - [2009/11/18 10:50:30 | 004,269,296 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2008/09/29 20:49:00 | 000,054,776 | ---- | M] (Abacast, Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/28 14:17:25 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/05/16 23:15:10 | 000,071,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
PRC - [2004/04/06 15:04:38 | 000,053,248 | ---- | M] (Netscape Communications Corporation) -- C:\Program Files\Netscape Internet Service\ncupdatesvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/15 15:42:56 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
MOD - [2012/03/15 15:42:47 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/03/15 15:27:09 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/03/15 15:23:57 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/03/15 15:23:42 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2012/02/16 21:24:58 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2012/02/16 21:24:45 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2012/02/16 21:24:40 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2011/10/11 15:00:22 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/01/23 19:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
MOD - [2010/04/05 06:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\epwizres.dll
MOD - [2010/04/01 13:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecdrs.dll
MOD - [2010/04/01 13:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecscw.dll
MOD - [2010/01/18 12:27:10 | 000,139,944 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
MOD - [2009/12/16 13:07:29 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark\Pro800-Pro900 Series\lxecdrs.dll
MOD - [2009/12/16 07:42:12 | 000,167,936 | ---- | M] () -- C:\Program Files\Lexmark\Pro800-Pro900 Series\lxecmicro.dll
MOD - [2009/11/26 02:08:23 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\LXECPMON.DLL
MOD - [2009/11/18 10:42:38 | 000,158,208 | ---- | M] () -- C:\Program Files\Verizon\VSP\Windows7Features.dll
MOD - [2009/11/04 09:14:19 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxecdrpp.dll
MOD - [2009/05/27 08:16:50 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxecdatr.dll
MOD - [2009/04/07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\iptk.dll
MOD - [2009/03/30 08:37:47 | 000,094,208 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\epoemdll.dll
MOD - [2009/03/30 08:37:46 | 000,045,056 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\epstring.dll
MOD - [2009/03/30 08:37:28 | 000,708,608 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\epwizard.dll
MOD - [2009/03/30 08:35:40 | 000,159,744 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\customui.dll
MOD - [2009/03/30 08:35:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\epfunct.dll
MOD - [2009/03/30 08:35:17 | 000,118,784 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\eputil.dll
MOD - [2009/03/30 08:35:05 | 000,139,264 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\imagutil.dll
MOD - [2009/03/10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark\Pro800-Pro900 Series\lxeccaps.dll
MOD - [2009/03/10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxeccaps.dll
MOD - [2009/03/02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecptp.dll
MOD - [2009/02/20 04:48:43 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\LXECsmr.dll
MOD - [2009/02/20 04:48:03 | 000,299,008 | ---- | M] () -- C:\WINDOWS\system32\LXECsm.dll
MOD - [2009/01/13 09:15:12 | 004,485,120 | ---- | M] () -- C:\WINDOWS\system32\LXECoem.dll
MOD - [2004/03/11 19:56:30 | 000,081,920 | ---- | M] () -- C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/12/12 12:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/10/11 15:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 15:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/04/14 16:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxeccoms.exe -- (lxec_device)
SRV - [2010/04/14 16:08:05 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV - [2009/11/18 10:50:40 | 000,668,912 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2006/06/28 14:17:25 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2004/04/06 15:04:38 | 000,053,248 | ---- | M] (Netscape Communications Corporation) [Auto | Running] -- C:\Program Files\Netscape Internet Service\ncupdatesvc.exe -- (NCUpdateSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/02/15 12:15:03 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/11 15:00:32 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 15:00:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/02/04 20:26:59 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2006/06/28 14:14:32 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/01/25 15:52:32 | 001,478,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/13 21:13:18 | 004,137,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/07/28 12:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005/07/22 11:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 11:01:10 | 000,231,168 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/07/22 11:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/07/20 22:08:28 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2005/07/20 22:08:26 | 000,327,808 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2001/08/17 16:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www22.verizon...P&CMP=DMC-MVZ00
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GWYF_enUS314
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()



O1 HOSTS File: ([2012/03/02 15:14:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (PBlockHelper Class) - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\pbhelper.dll (planetscott.ca)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4 - HKLM..\Run: [Gateway Extended Warranty] C:\Program Files\Gateway\GWCares\GWCares.exe (BillP Studios)
O4 - HKLM..\Run: [Lexmark Pro800-Pro900 Series Fax Server] C:\Program Files\Lexmark Pro800-Pro900 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxecmon.exe] C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKCU..\Run: [AbacastDistributedOnDemand:11] C:\Documents and Settings\Owner\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe (Abacast, Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll ()
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyds...t Installer.cab (Support.com Configuration Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1285267317328 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C6A64E4-1CC7-4A77-AEAF-23DEA62485B8}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 14:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/15 15:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/03/15 15:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/03/15 13:58:12 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2012/03/14 14:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Audible
[2012/03/14 13:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory
[2012/03/14 13:19:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2012/03/14 13:19:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2012/03/14 13:19:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/03/14 13:19:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/03/12 14:26:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2012/03/12 14:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/12 14:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/03/06 14:28:39 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2012/03/05 16:02:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/05 15:53:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\GrantPerms
[2012/03/02 15:03:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/02 14:58:34 | 004,424,615 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/02/28 14:11:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2012/02/28 14:08:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/02/27 18:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/02/27 18:50:32 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2012/02/27 14:57:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/02/27 14:47:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/27 14:47:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/27 14:47:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/27 14:47:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/27 14:36:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/27 14:20:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/27 11:42:07 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/02/27 11:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\RK_Quarantine
[2012/02/25 18:46:30 | 000,607,260 | R--- | C] (Swearware) -- C:\Program Files\dds.scr
[2012/02/25 14:07:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/25 12:52:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Recent
[2012/02/22 10:14:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\PrivacIE
[2012/02/21 21:38:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2012/02/21 21:18:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/02/21 21:11:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8
[2011/08/23 11:31:36 | 001,284,232 | ---- | C] (Coupons.com Incorporated) -- C:\Program Files\couponprinter.exe
[2011/06/27 18:20:25 | 000,900,384 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\JavaSetup6u26.exe
[2011/06/24 13:19:42 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Program Files\ATF_Cleaner.exe

========== Files - Modified Within 30 Days ==========

[2012/03/16 13:16:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/16 11:16:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/15 17:11:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TempFile
[2012/03/15 17:11:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/15 17:11:39 | 2011,746,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/15 15:30:40 | 000,502,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/15 15:30:40 | 000,087,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/15 15:07:26 | 000,653,000 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-15-2012 03;07;06PM2.JPG
[2012/03/15 15:07:25 | 000,721,628 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-15-2012 03;07;06PM.JPG
[2012/03/15 14:48:53 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/15 13:58:16 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2012/03/13 16:19:11 | 000,502,586 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM13.JPG
[2012/03/13 16:19:11 | 000,413,208 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM17.JPG
[2012/03/13 16:19:11 | 000,253,895 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM14.JPG
[2012/03/13 16:19:11 | 000,182,688 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM15.JPG
[2012/03/13 16:19:11 | 000,143,904 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM16.JPG
[2012/03/13 16:19:10 | 000,302,577 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM9.JPG
[2012/03/13 16:19:10 | 000,234,317 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM8.JPG
[2012/03/13 16:19:10 | 000,159,407 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM11.JPG
[2012/03/13 16:19:10 | 000,157,861 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM10.JPG
[2012/03/13 16:19:10 | 000,150,266 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM12.JPG
[2012/03/13 16:19:09 | 000,611,502 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM5.JPG
[2012/03/13 16:19:09 | 000,607,520 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM6.JPG
[2012/03/13 16:19:09 | 000,597,173 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM4.JPG
[2012/03/13 16:19:09 | 000,182,271 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM7.JPG
[2012/03/13 16:19:08 | 000,589,904 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM3.JPG
[2012/03/13 16:19:08 | 000,460,022 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM.JPG
[2012/03/13 16:19:08 | 000,360,664 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM2.JPG
[2012/03/13 15:40:35 | 000,246,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/13 15:21:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/12 18:05:44 | 000,308,498 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-12-2012 06;05;33PM.JPG
[2012/03/11 10:13:55 | 000,568,802 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-11-2012 10;07;51AM.JPG
[2012/03/06 14:28:38 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2012/03/06 12:38:36 | 001,098,419 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-06-2012 11;38;21AM3.JPG
[2012/03/06 12:38:36 | 000,357,698 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-06-2012 11;38;21AM2.JPG
[2012/03/06 12:38:36 | 000,303,173 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-06-2012 11;38;21AM.JPG
[2012/03/05 15:52:55 | 000,450,985 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\GrantPerms.zip
[2012/03/02 15:14:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/02 15:03:59 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/03/02 14:58:34 | 004,424,615 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/03/02 13:12:23 | 000,597,131 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-02-2012 12;10;40PM.JPG
[2012/03/01 17:26:14 | 000,639,933 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-01-2012 04;25;45PM.JPG
[2012/03/01 15:42:50 | 000,008,076 | ---- | M] () -- C:\PARADOX.NET
[2012/02/27 18:51:36 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2012/02/27 18:50:37 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2012/02/27 18:28:45 | 001,281,024 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RogueKiller.exe
[2012/02/27 14:49:10 | 000,000,327 | ---- | M] () -- C:\Boot.bak
[2012/02/27 11:42:11 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/02/25 18:46:34 | 000,607,260 | R--- | M] (Swearware) -- C:\Program Files\dds.scr
[2012/02/25 18:17:08 | 001,008,141 | ---- | M] () -- C:\Program Files\rkill.exe
[2012/02/24 17:20:12 | 000,551,183 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\02-24-2012 04;20;04PM.JPG
[2012/02/22 11:52:52 | 000,515,074 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\02-22-2012 10;52;27AM2.JPG
[2012/02/22 11:52:51 | 000,099,991 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\02-22-2012 10;52;27AM.JPG
[2012/02/21 18:56:36 | 000,404,138 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\02-21-2012 05;56;30PM.JPG
[2012/02/21 18:56:36 | 000,313,687 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\02-21-2012 05;56;30PM2.JPG
[2012/02/21 18:54:34 | 000,146,623 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\02-21-2012 05;54;28PM.JPG
[2012/02/21 16:16:59 | 000,146,728 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\02-21-2012 03;16;55PM.JPG
[2012/02/21 12:53:13 | 000,279,297 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\02-21-2012 11;52;47AM.JPG
[2012/02/19 18:52:09 | 000,232,642 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\02-19-2012 05;52;04PM.JPG
[2012/02/15 17:53:55 | 000,641,490 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\02-15-2012 04;53;36PM5.JPG
[2012/02/15 17:53:54 | 000,561,469 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\02-15-2012 04;53;36PM3.JPG
[2012/02/15 17:53:54 | 000,294,486 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\02-15-2012 04;53;36PM4.JPG
[2012/02/15 17:53:53 | 000,543,842 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\02-15-2012 04;53;36PM.JPG
[2012/02/15 17:53:53 | 000,509,786 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\02-15-2012 04;53;36PM2.JPG

========== Files Created - No Company Name ==========

[2012/03/15 15:07:26 | 000,653,000 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-15-2012 03;07;06PM2.JPG
[2012/03/15 15:07:25 | 000,721,628 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-15-2012 03;07;06PM.JPG
[2012/03/13 16:19:11 | 000,502,586 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM13.JPG
[2012/03/13 16:19:11 | 000,413,208 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM17.JPG
[2012/03/13 16:19:11 | 000,253,895 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM14.JPG
[2012/03/13 16:19:11 | 000,182,688 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM15.JPG
[2012/03/13 16:19:11 | 000,143,904 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM16.JPG
[2012/03/13 16:19:10 | 000,302,577 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM9.JPG
[2012/03/13 16:19:10 | 000,234,317 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM8.JPG
[2012/03/13 16:19:10 | 000,159,407 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM11.JPG
[2012/03/13 16:19:10 | 000,157,861 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM10.JPG
[2012/03/13 16:19:10 | 000,150,266 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM12.JPG
[2012/03/13 16:19:09 | 000,611,502 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM5.JPG
[2012/03/13 16:19:09 | 000,607,520 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM6.JPG
[2012/03/13 16:19:09 | 000,597,173 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM4.JPG
[2012/03/13 16:19:09 | 000,182,271 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM7.JPG
[2012/03/13 16:19:08 | 000,589,904 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM3.JPG
[2012/03/13 16:19:08 | 000,460,022 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM.JPG
[2012/03/13 16:19:08 | 000,360,664 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM2.JPG
[2012/03/12 18:05:44 | 000,308,498 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-12-2012 06;05;33PM.JPG
[2012/03/12 14:23:39 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2012/03/11 10:13:55 | 000,568,802 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-11-2012 10;07;51AM.JPG
[2012/03/08 14:49:26 | 2011,746,304 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/06 12:38:36 | 001,098,419 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-06-2012 11;38;21AM3.JPG
[2012/03/06 12:38:36 | 000,357,698 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-06-2012 11;38;21AM2.JPG
[2012/03/06 12:38:36 | 000,303,173 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-06-2012 11;38;21AM.JPG
[2012/03/05 15:49:54 | 000,450,985 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\GrantPerms.zip
[2012/03/02 13:12:23 | 000,597,131 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-02-2012 12;10;40PM.JPG
[2012/03/01 17:26:14 | 000,639,933 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-01-2012 04;25;45PM.JPG
[2012/03/01 15:42:45 | 000,008,076 | ---- | C] () -- C:\PARADOX.NET
[2012/02/27 18:51:36 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2012/02/27 18:24:34 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/02/27 18:24:34 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/02/27 18:24:34 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/02/27 14:47:22 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/27 14:47:22 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/27 14:47:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/27 14:47:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/27 14:47:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/27 11:39:01 | 001,281,024 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RogueKiller.exe
[2012/02/25 18:17:01 | 001,008,141 | ---- | C] () -- C:\Program Files\rkill.exe
[2012/02/24 17:20:12 | 000,551,183 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\02-24-2012 04;20;04PM.JPG
[2012/02/22 11:52:52 | 000,515,074 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\02-22-2012 10;52;27AM2.JPG
[2012/02/22 11:52:51 | 000,099,991 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\02-22-2012 10;52;27AM.JPG
[2012/02/21 18:56:36 | 000,404,138 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\02-21-2012 05;56;30PM.JPG
[2012/02/21 18:56:36 | 000,313,687 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\02-21-2012 05;56;30PM2.JPG
[2012/02/21 18:54:34 | 000,146,623 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\02-21-2012 05;54;28PM.JPG
[2012/02/21 16:16:59 | 000,146,728 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\02-21-2012 03;16;55PM.JPG
[2012/02/21 12:53:13 | 000,279,297 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\02-21-2012 11;52;47AM.JPG
[2012/02/19 18:52:09 | 000,232,642 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\02-19-2012 05;52;04PM.JPG
[2012/02/16 01:33:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 01:33:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/15 17:53:55 | 000,641,490 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\02-15-2012 04;53;36PM5.JPG
[2012/02/15 17:53:55 | 000,294,486 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\02-15-2012 04;53;36PM4.JPG
[2012/02/15 17:53:54 | 000,561,469 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\02-15-2012 04;53;36PM3.JPG
[2012/02/15 17:53:53 | 000,543,842 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\02-15-2012 04;53;36PM.JPG
[2012/02/15 17:53:53 | 000,509,786 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\02-15-2012 04;53;36PM2.JPG
[2011/10/24 14:47:03 | 000,260,762 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/23 13:19:47 | 000,684,297 | ---- | C] () -- C:\Program Files\unhide.exe
[2010/09/08 14:47:17 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxecvs.dll
[2010/09/08 14:47:15 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeccoin.dll
[2010/09/08 14:47:08 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxecgcfg.dll
[2010/09/08 14:47:07 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxeccui.dll
[2010/09/08 14:47:07 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxeccuir.dll
[2010/09/08 14:45:19 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\LXECPMON.DLL
[2010/09/08 14:45:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXECFXPU.DLL
[2010/09/08 14:44:59 | 004,485,120 | ---- | C] () -- C:\WINDOWS\System32\LXECoem.dll
[2010/09/08 14:43:17 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxecrwrd.ini
[2010/09/08 14:43:05 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEChcp.dll
[2010/09/08 14:43:05 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXECinst.dll
[2010/09/08 14:43:04 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxecinpa.dll
[2010/09/08 14:43:04 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeciesc.dll
[2010/09/08 14:43:03 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxecserv.dll
[2010/09/08 14:43:03 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxecusb1.dll
[2010/09/08 14:43:03 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxecpmui.dll
[2010/09/08 14:43:03 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeclmpm.dll
[2010/09/08 14:43:02 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxechbn3.dll
[2010/09/08 14:43:02 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxecih.exe
[2010/09/08 14:43:02 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxecins.dll
[2010/09/08 14:43:02 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxecinsb.dll
[2010/09/08 14:43:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxecgrd.dll
[2010/09/08 14:43:02 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxecinsr.dll
[2010/09/08 14:43:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxecjswr.dll
[2010/09/08 14:43:01 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeccomc.dll
[2010/09/08 14:43:01 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeccoms.exe
[2010/09/08 14:43:01 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeccomm.dll
[2010/09/08 14:43:01 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxeccu.dll
[2010/09/08 14:43:01 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxeccub.dll
[2010/09/08 14:43:01 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxeccur.dll
[2010/09/08 14:43:00 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeccfg.exe
[2010/09/08 14:42:19 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXECsm.dll
[2010/09/08 14:42:19 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LXECsmr.dll

========== LOP Check ==========

[2008/02/01 15:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/08/21 11:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark Pro800-Pro900 Series
[2011/05/27 14:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2006/06/28 13:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
[2010/09/08 14:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pro800-Pro900 Series
[2011/04/28 08:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2006/06/28 14:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2012/02/28 14:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2011/09/20 17:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Garmin
[2006/06/28 14:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2011/08/22 10:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pro800-Pro900 Series
[2006/06/28 14:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2010/09/16 13:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2010/07/12 14:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2010/07/13 14:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search

========== Purity Check ==========


< End of report >Thank you for your patience and help!
  • 0

Advertisements

#2
Essexboy
Posted 21 March 2012 - 03:28 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there is this what you mean ? After you have done this I have two small programmes to run that will report on the status of your system and any malware


Run the programme for each user

Restore Accessories Program Files Menu

Please download this tool here.

You will need to unzip the tool first.

Once you've unzipped the tool, please double-click on it to run it.

Ensure that the following check boxes are checked (as seen in this image below):

Posted Image


Once they are, click on the Restore button.



Restore Admin Tools Program Files Menu

Please download this tool here.

You will need to unzip the tool first.

Once you've unzipped the tool, please double-click on it to run it.

Click on the Restore Administrative Tools Items button.

As seen in this image below:

Posted Image


This next one will produce the necessary shortcut links which you can cut and paste into the start menu folder
Download the repair.vbs file to your destop
Run the repair.vbs
It will ask for a folder name call it recovery
The tool will let you know when it is finished
On the desktop will be a recovery folder
Open the folder
Cut and Paste the links that you want to C:\documents and settings\your name\start menu

Posted Image


Posted Image

NEXT

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
Ndhlp
Posted 22 March 2012 - 12:54 PM

Ndhlp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hello and thank you for your help! I did not run the first two programs as
The All Programs Accessories and All Programs Administrative Tools were the few shortcuts left intact. so it is the last part of the instructions that I had the questions about. Or, do those need to be run for the last part to work? Even if the first two parts don't need restoring?

But before I download and run the repair.vbs I had a few questions:

1. If it was ok to run based upon this computers situation prior to my downloading and running it.

2. They only have the Administrator and "owner" as users on this computer. Would I paste the links to C:\Documents and Settings\ Administrator.YOUR-5E03CF73DE\Start Menu or the Owner's start Menu? Does it make a difference?

3. Just paste the links to Start Menu or open it and paste it to programs?

4. Do MBAM and Avira need to be disabled prior to running repair.vbs and pasting the shortcuts?


Forgive me for so many questions but I only know enough to make things more confusing for myself. ;)

Awaiting your instructions and answers before I run repair, OTL, and aswMBR.exe

Also, should Avira anti-virus or firewalls be disabled prior to running any of these programs?

THANK YOU!
  • 0

#4
Essexboy
Posted 22 March 2012 - 01:40 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If the system shortcuts are there then you can skip the first two parts, and as the SMTP folders are gone this is the ony realistic way to restore them

You will need to log in with each users credentials to run the vbs file, so two runs will be required to copy the links back to each user

And it is a basic copy/paste scenario

No real requirement to stop the av programmes as long as they do not stop the VBS script
  • 0

#5
Ndhlp
Posted 24 March 2012 - 03:32 PM

Ndhlp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I'm not sure what I'm doing wrong or if I need to give up and do a repair install but this didn't seem to do the trick. Please see the screen shot of what it looks like for Microsoft Works now...

all programs ms works screenshot.JPG

This is how I did it. I'm hoping you'll see something obvious that I'm doing wrong and point it out to me. Otherwise, I give up.


all programs recovery shot.JPG

I haven't done them all or run OTL yet. Should I just go ahead and run OTL as per your instructions anyway?
You're patience and help is very much appreciated! I probaby won't get back to this computer until Monday. Enjoy the rest of your weekend.

I haven't done them all or run OTL yet. Should I just go ahead and run OTL as per your instructions anyway?
  • 0

#6
Essexboy
Posted 24 March 2012 - 03:43 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes run the other programmes - I will run a quick check on my VM that the instructions work as they should do
  • 0

#7
Ndhlp
Posted 30 March 2012 - 11:47 AM

Ndhlp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I am so sorry for the late reply! I completely missed the e-mail notification.

Here are the scan logs as requested.

OTL logfile created on: 3/30/2012 1:29:30 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 75.28% Memory free
2.29 Gb Paging File | 1.86 Gb Available in Paging File | 81.22% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.28 Gb Total Space | 130.37 Gb Free Space | 87.92% Space Free | Partition Type: NTFS
Drive D: | 5.08 Gb Total Space | 2.70 Gb Free Space | 53.17% Space Free | Partition Type: FAT32

Computer Name: YOUR-5E03CF73DE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/30 13:27:05 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/12/12 12:03:40 | 000,290,832 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/10/11 15:00:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/11 15:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 15:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/04/14 16:08:12 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxeccoms.exe
PRC - [2009/11/18 10:50:40 | 000,668,912 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/28 14:17:25 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2004/04/06 15:04:38 | 000,053,248 | ---- | M] (Netscape Communications Corporation) -- C:\Program Files\Netscape Internet Service\ncupdatesvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/15 17:26:07 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/03/15 17:25:51 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
MOD - [2012/03/15 15:42:56 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
MOD - [2012/03/15 15:42:47 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/03/15 15:27:09 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/03/15 15:23:57 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/03/15 15:23:42 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2012/02/16 21:24:40 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2011/10/11 15:00:22 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009/12/16 13:07:29 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark\Pro800-Pro900 Series\lxecdrs.dll
MOD - [2009/12/16 07:42:12 | 000,167,936 | ---- | M] () -- C:\Program Files\Lexmark\Pro800-Pro900 Series\lxecmicro.dll
MOD - [2009/11/26 02:08:23 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\LXECPMON.DLL
MOD - [2009/11/09 04:06:45 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxecprpr.dll
MOD - [2009/11/04 09:14:38 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxecdrui.dll
MOD - [2009/11/04 09:14:19 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxecdrpp.dll
MOD - [2009/11/04 09:14:06 | 000,236,032 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxecdr.dll
MOD - [2009/10/30 13:47:14 | 001,003,520 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxechpec.dll
MOD - [2009/05/27 08:16:50 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxecdatr.dll
MOD - [2009/05/18 09:29:08 | 000,819,200 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxecptpc.dll
MOD - [2009/05/06 09:04:36 | 000,466,944 | ---- | M] () -- C:\Program Files\Lexmark Toolbar\resource.dll
MOD - [2009/05/06 09:03:44 | 000,372,736 | ---- | M] () -- C:\Program Files\Lexmark Toolbar\toolband.dll
MOD - [2009/03/10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark\Pro800-Pro900 Series\lxeccaps.dll
MOD - [2009/02/20 04:48:43 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\LXECsmr.dll
MOD - [2009/02/20 04:48:03 | 000,299,008 | ---- | M] () -- C:\WINDOWS\system32\LXECsm.dll
MOD - [2009/01/13 09:15:12 | 004,485,120 | ---- | M] () -- C:\WINDOWS\system32\LXECoem.dll
MOD - [2004/03/11 19:56:30 | 000,081,920 | ---- | M] () -- C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/12/12 12:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/10/11 15:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 15:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/04/14 16:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxeccoms.exe -- (lxec_device)
SRV - [2010/04/14 16:08:05 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV - [2009/11/18 10:50:40 | 000,668,912 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2006/06/28 14:17:25 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2004/04/06 15:04:38 | 000,053,248 | ---- | M] (Netscape Communications Corporation) [Auto | Running] -- C:\Program Files\Netscape Internet Service\ncupdatesvc.exe -- (NCUpdateSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/02/15 12:15:03 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/11 15:00:32 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 15:00:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/02/04 20:26:59 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2006/06/28 14:14:32 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/01/25 15:52:32 | 001,478,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/13 21:13:18 | 004,137,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/07/28 12:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005/07/22 11:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 11:01:10 | 000,231,168 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/07/22 11:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/07/20 22:08:28 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2005/07/20 22:08:26 | 000,327,808 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2001/08/17 16:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...ys=DTP&M=DX110S
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...ys=DTP&M=DX110S
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-21-747832287-720386439-3837867810-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www22.verizon...P&CMP=DMC-MVZ00
IE - HKU\S-1-5-21-747832287-720386439-3837867810-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-747832287-720386439-3837867810-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-747832287-720386439-3837867810-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GWYF_enUS314
IE - HKU\S-1-5-21-747832287-720386439-3837867810-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()



O1 HOSTS File: ([2012/03/02 15:14:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (PBlockHelper Class) - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\pbhelper.dll (planetscott.ca)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKU\S-1-5-21-747832287-720386439-3837867810-1003\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-747832287-720386439-3837867810-1003\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4 - HKLM..\Run: [Gateway Extended Warranty] C:\Program Files\Gateway\GWCares\GWCares.exe (BillP Studios)
O4 - HKLM..\Run: [Lexmark Pro800-Pro900 Series Fax Server] C:\Program Files\Lexmark Pro800-Pro900 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxecmon.exe] C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKU\S-1-5-21-747832287-720386439-3837867810-1003..\Run: [AbacastDistributedOnDemand:11] C:\Documents and Settings\Owner\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe (Abacast, Inc.)
O4 - HKU\S-1-5-21-747832287-720386439-3837867810-1003..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-747832287-720386439-3837867810-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-747832287-720386439-3837867810-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-747832287-720386439-3837867810-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-747832287-720386439-3837867810-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sliplsp.dll ()
O15 - HKU\S-1-5-21-747832287-720386439-3837867810-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyds...t Installer.cab (Support.com Configuration Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1285267317328 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C6A64E4-1CC7-4A77-AEAF-23DEA62485B8}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 14:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/30 13:27:01 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/03/23 14:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Picture It! Premium 10
[2012/03/23 14:49:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2012/03/23 14:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\recovery
[2012/03/21 14:23:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IECompatCache
[2012/03/21 13:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2012/03/15 15:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/03/15 15:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/03/14 14:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Audible
[2012/03/14 13:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory
[2012/03/14 13:19:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2012/03/14 13:19:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2012/03/14 13:19:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/03/14 13:19:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/03/12 14:26:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2012/03/12 14:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/12 14:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/03/05 16:02:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/02 15:03:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/25 18:46:30 | 000,607,260 | R--- | C] (Swearware) -- C:\Program Files\dds.scr
[2011/08/23 11:31:36 | 001,284,232 | ---- | C] (Coupons.com Incorporated) -- C:\Program Files\couponprinter.exe
[2011/06/27 18:20:25 | 000,900,384 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\JavaSetup6u26.exe
[2011/06/24 13:19:42 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Program Files\ATF_Cleaner.exe

========== Files - Modified Within 30 Days ==========

[2012/03/30 13:27:05 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/03/30 13:21:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/30 00:21:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/28 13:36:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TempFile
[2012/03/28 13:36:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/28 13:36:23 | 2011,746,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/28 13:36:23 | 000,246,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/24 17:15:43 | 000,010,118 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2012/03/24 17:10:42 | 000,796,160 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\all programs repair.wps
[2012/03/23 14:49:06 | 000,002,258 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Repair.vbs
[2012/03/22 13:22:39 | 000,250,108 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Dunst 3-22-2012.pdf
[2012/03/22 13:22:09 | 000,250,108 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-22-2012 01;22;09PM.PDF
[2012/03/21 17:25:15 | 000,584,436 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-21-2012 05;24;45PM3.JPG
[2012/03/21 17:25:14 | 001,750,333 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-21-2012 05;24;45PM.JPG
[2012/03/21 17:25:14 | 000,620,798 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-21-2012 05;24;45PM2.JPG
[2012/03/21 10:38:16 | 000,382,389 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-21-2012 10;36;27AM.JPG
[2012/03/21 09:11:23 | 000,308,481 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-21-2012 09;11;18AM.JPG
[2012/03/19 13:30:31 | 000,428,834 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Savage Estimate.pdf
[2012/03/19 13:29:55 | 000,428,834 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-19-2012 01;29;55PM.PDF
[2012/03/19 12:17:36 | 000,583,242 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-19-2012 12;14;12PM.JPG
[2012/03/19 12:17:36 | 000,560,525 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-19-2012 12;14;12PM2.JPG
[2012/03/19 11:41:44 | 000,332,581 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-19-2012 11;41;39AM.JPG
[2012/03/19 11:30:36 | 000,461,772 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-19-2012 11;26;08AM.JPG
[2012/03/16 15:59:03 | 000,328,341 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-16-2012 03;58;22PM.JPG
[2012/03/15 15:30:40 | 000,502,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/15 15:30:40 | 000,087,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/15 15:07:26 | 000,653,000 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-15-2012 03;07;06PM2.JPG
[2012/03/15 15:07:25 | 000,721,628 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-15-2012 03;07;06PM.JPG
[2012/03/15 14:48:53 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/13 16:19:11 | 000,502,586 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM13.JPG
[2012/03/13 16:19:11 | 000,413,208 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM17.JPG
[2012/03/13 16:19:11 | 000,253,895 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM14.JPG
[2012/03/13 16:19:11 | 000,182,688 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM15.JPG
[2012/03/13 16:19:11 | 000,143,904 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM16.JPG
[2012/03/13 16:19:10 | 000,302,577 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM9.JPG
[2012/03/13 16:19:10 | 000,234,317 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM8.JPG
[2012/03/13 16:19:10 | 000,159,407 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM11.JPG
[2012/03/13 16:19:10 | 000,157,861 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM10.JPG
[2012/03/13 16:19:10 | 000,150,266 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM12.JPG
[2012/03/13 16:19:09 | 000,611,502 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM5.JPG
[2012/03/13 16:19:09 | 000,607,520 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM6.JPG
[2012/03/13 16:19:09 | 000,597,173 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM4.JPG
[2012/03/13 16:19:09 | 000,182,271 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM7.JPG
[2012/03/13 16:19:08 | 000,589,904 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM3.JPG
[2012/03/13 16:19:08 | 000,460,022 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM.JPG
[2012/03/13 16:19:08 | 000,360,664 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM2.JPG
[2012/03/13 15:21:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/12 18:05:44 | 000,308,498 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-12-2012 06;05;33PM.JPG
[2012/03/11 10:13:55 | 000,568,802 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-11-2012 10;07;51AM.JPG
[2012/03/06 12:38:36 | 001,098,419 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-06-2012 11;38;21AM3.JPG
[2012/03/06 12:38:36 | 000,357,698 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-06-2012 11;38;21AM2.JPG
[2012/03/06 12:38:36 | 000,303,173 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-06-2012 11;38;21AM.JPG
[2012/03/02 15:14:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/02 15:03:59 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/03/02 13:12:23 | 000,597,131 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-02-2012 12;10;40PM.JPG
[2012/03/01 17:26:14 | 000,639,933 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\03-01-2012 04;25;45PM.JPG
[2012/03/01 15:42:50 | 000,008,076 | ---- | M] () -- C:\PARADOX.NET

========== Files Created - No Company Name ==========

[2012/03/24 17:10:42 | 000,796,160 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\all programs repair.wps
[2012/03/23 14:49:11 | 000,002,258 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Repair.vbs
[2012/03/22 13:22:39 | 000,250,108 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Dunst 3-22-2012.pdf
[2012/03/22 13:22:09 | 000,250,108 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-22-2012 01;22;09PM.PDF
[2012/03/21 17:25:15 | 000,584,436 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-21-2012 05;24;45PM3.JPG
[2012/03/21 17:25:14 | 001,750,333 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-21-2012 05;24;45PM.JPG
[2012/03/21 17:25:14 | 000,620,798 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-21-2012 05;24;45PM2.JPG
[2012/03/21 10:38:17 | 000,382,389 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-21-2012 10;36;27AM.JPG
[2012/03/21 09:11:23 | 000,308,481 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-21-2012 09;11;18AM.JPG
[2012/03/19 13:30:31 | 000,428,834 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Savage Estimate.pdf
[2012/03/19 13:29:55 | 000,428,834 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-19-2012 01;29;55PM.PDF
[2012/03/19 12:17:37 | 000,560,525 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-19-2012 12;14;12PM2.JPG
[2012/03/19 12:17:36 | 000,583,242 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-19-2012 12;14;12PM.JPG
[2012/03/19 11:41:44 | 000,332,581 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-19-2012 11;41;39AM.JPG
[2012/03/19 11:30:36 | 000,461,772 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-19-2012 11;26;08AM.JPG
[2012/03/16 15:59:03 | 000,328,341 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-16-2012 03;58;22PM.JPG
[2012/03/15 15:07:26 | 000,653,000 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-15-2012 03;07;06PM2.JPG
[2012/03/15 15:07:25 | 000,721,628 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-15-2012 03;07;06PM.JPG
[2012/03/13 16:19:11 | 000,502,586 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM13.JPG
[2012/03/13 16:19:11 | 000,413,208 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM17.JPG
[2012/03/13 16:19:11 | 000,253,895 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM14.JPG
[2012/03/13 16:19:11 | 000,182,688 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM15.JPG
[2012/03/13 16:19:11 | 000,143,904 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM16.JPG
[2012/03/13 16:19:10 | 000,302,577 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM9.JPG
[2012/03/13 16:19:10 | 000,234,317 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM8.JPG
[2012/03/13 16:19:10 | 000,159,407 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM11.JPG
[2012/03/13 16:19:10 | 000,157,861 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM10.JPG
[2012/03/13 16:19:10 | 000,150,266 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM12.JPG
[2012/03/13 16:19:09 | 000,611,502 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM5.JPG
[2012/03/13 16:19:09 | 000,607,520 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM6.JPG
[2012/03/13 16:19:09 | 000,597,173 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM4.JPG
[2012/03/13 16:19:09 | 000,182,271 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM7.JPG
[2012/03/13 16:19:08 | 000,589,904 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM3.JPG
[2012/03/13 16:19:08 | 000,460,022 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM.JPG
[2012/03/13 16:19:08 | 000,360,664 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-13-2012 04;18;32PM2.JPG
[2012/03/12 18:05:44 | 000,308,498 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-12-2012 06;05;33PM.JPG
[2012/03/12 14:23:39 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2012/03/11 10:13:55 | 000,568,802 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-11-2012 10;07;51AM.JPG
[2012/03/08 14:49:26 | 2011,746,304 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/06 12:38:36 | 001,098,419 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-06-2012 11;38;21AM3.JPG
[2012/03/06 12:38:36 | 000,357,698 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-06-2012 11;38;21AM2.JPG
[2012/03/06 12:38:36 | 000,303,173 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-06-2012 11;38;21AM.JPG
[2012/03/02 13:12:23 | 000,597,131 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-02-2012 12;10;40PM.JPG
[2012/03/01 17:26:14 | 000,639,933 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\03-01-2012 04;25;45PM.JPG
[2012/03/01 15:42:45 | 000,008,076 | ---- | C] () -- C:\PARADOX.NET
[2012/02/25 18:17:01 | 001,008,141 | ---- | C] () -- C:\Program Files\rkill.exe
[2012/02/16 01:33:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/24 14:47:03 | 000,260,762 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/23 13:19:47 | 000,684,297 | ---- | C] () -- C:\Program Files\unhide.exe
[2010/09/08 14:47:17 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxecvs.dll
[2010/09/08 14:47:15 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeccoin.dll
[2010/09/08 14:47:08 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxecgcfg.dll
[2010/09/08 14:47:07 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxeccui.dll
[2010/09/08 14:47:07 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxeccuir.dll
[2010/09/08 14:45:19 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\LXECPMON.DLL
[2010/09/08 14:45:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXECFXPU.DLL
[2010/09/08 14:44:59 | 004,485,120 | ---- | C] () -- C:\WINDOWS\System32\LXECoem.dll
[2010/09/08 14:43:17 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxecrwrd.ini
[2010/09/08 14:43:05 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEChcp.dll
[2010/09/08 14:43:05 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXECinst.dll
[2010/09/08 14:43:04 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxecinpa.dll
[2010/09/08 14:43:04 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeciesc.dll
[2010/09/08 14:43:03 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxecserv.dll
[2010/09/08 14:43:03 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxecusb1.dll
[2010/09/08 14:43:03 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxecpmui.dll
[2010/09/08 14:43:03 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeclmpm.dll
[2010/09/08 14:43:02 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxechbn3.dll
[2010/09/08 14:43:02 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxecih.exe
[2010/09/08 14:43:02 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxecins.dll
[2010/09/08 14:43:02 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxecinsb.dll
[2010/09/08 14:43:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxecgrd.dll
[2010/09/08 14:43:02 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxecinsr.dll
[2010/09/08 14:43:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxecjswr.dll
[2010/09/08 14:43:01 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeccomc.dll
[2010/09/08 14:43:01 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeccoms.exe
[2010/09/08 14:43:01 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeccomm.dll
[2010/09/08 14:43:01 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxeccu.dll
[2010/09/08 14:43:01 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxeccub.dll
[2010/09/08 14:43:01 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxeccur.dll
[2010/09/08 14:43:00 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeccfg.exe
[2010/09/08 14:42:19 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXECsm.dll
[2010/09/08 14:42:19 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LXECsmr.dll

========== LOP Check ==========

[2006/06/28 14:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.YOUR-5E03CF73DE\Application Data\Leadertech
[2006/06/28 14:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.YOUR-5E03CF73DE\Application Data\SampleView
[2012/02/24 18:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.YOUR-5E03CF73DE\Application Data\Windows Search
[2008/02/01 15:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/08/21 11:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark Pro800-Pro900 Series
[2011/05/27 14:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2006/06/28 13:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
[2010/09/08 14:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pro800-Pro900 Series
[2011/04/28 08:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2006/06/28 14:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/06/28 14:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Leadertech
[2006/06/28 14:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2012/02/28 14:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2011/09/20 17:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Garmin
[2006/06/28 14:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2011/08/22 10:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pro800-Pro900 Series
[2006/06/28 14:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2010/09/16 13:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2010/07/12 14:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2010/07/13 14:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2006/07/11 20:05:17 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 15:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 15:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 15:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 15:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: YOUR-5E03CF73DE
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B
Volume 1 D FAT32 Partition 5216 MB Healthy
Volume 2 C NTFS Partition 148 GB Healthy System
Volume 3 G Removeable 0 B

< >

< End of report >

OTL Extras logfile created on: 3/30/2012 1:29:30 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 75.28% Memory free
2.29 Gb Paging File | 1.86 Gb Available in Paging File | 81.22% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.28 Gb Total Space | 130.37 Gb Free Space | 87.92% Space Free | Partition Type: NTFS
Drive D: | 5.08 Gb Total Space | 2.70 Gb Free Space | 53.17% Space Free | Partition Type: FAT32

Computer Name: YOUR-5E03CF73DE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5 -- (SmartSoft Ltd.)
"C:\Documents and Settings\Owner\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe:*:Disabled:Abacast Distributed On-Demand -- (Abacast, Inc.)
"C:\Documents and Settings\Owner\Local Settings\Application Data\Abacast\Abaclient.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Abacast\Abaclient.exe:*:Disabled:Abaclient -- (Abacast, Inc.)
"C:\Documents and Settings\Owner\Local Settings\Application Data\Abacast\Abaclient2.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Abacast\Abaclient2.exe:*:Disabled:Abaclient -- (Abacast, Inc.)
"C:\Program Files\Verizon\VSP\ServicepointService.exe" = C:\Program Files\Verizon\VSP\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)
"C:\WINDOWS\system32\lxeccoms.exe" = C:\WINDOWS\system32\lxeccoms.exe:*:Enabled:Pro800-Pro900 Series Server -- ( )
"C:\Program Files\Abbyy FineReader 6.0 Sprint\scan\scanman6.exe" = C:\Program Files\Abbyy FineReader 6.0 Sprint\scan\scanman6.exe:*:Enabled:ABBYY FineReader -- (ABBYY (BIT Software))


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05410044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Encyclopedia Standard 2005
"{094B8DC6-1B31-46A8-B09F-0CA0E72B2246}" = Product Information Manuals
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{82EF8297-C8B2-4CA8-9430-FF2BC8C40414}" = GWCares
"{859963C1-E908-49E8-9FA3-9E833D717563}" = IHA_MessageCenter
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C169D3BB-9A27-43F5-9979-09A0D65FE95C}" = SmartFTP Client
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D8F0F3F4-D55C-4FBD-A590-B984615D7A6A}" = Vz In Home Agent
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}" = Netscape Internet Service
"{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}" = Netscape Web Accelerator
"AbacastNode:11" = Abacast Distributed On-Demand
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira Free Antivirus
"CADKIT Pricing Kit" = CADKIT Pricing Kit
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Fundamentals of Pricing Kit" = Fundamentals of Pricing Kit
"gtw_logo" = gtw_logo
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Money2005b" = Microsoft Money 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureItPrem_v10" = Microsoft Picture It! Premium 10
"QuickTime" = QuickTime
"RadialpointClientGateway_is1" = Verizon Servicepoint 3.5.10
"RealPlayer 6.0" = RealPlayer Basic
"Shockwave" = Shockwave
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Verizon Help and Support" = Verizon Help and Support Tool
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2005Setup" = Microsoft Works 2005 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-747832287-720386439-3837867810-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Abacast Distributed Live" = Abacast Distributed Live

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/8/2012 2:51:15 PM | Computer Name = YOUR-5E03CF73DE | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\WINDOWS
POWERSHELL 1.0\USER GUIDE.LNK> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 3/8/2012 2:51:15 PM | Computer Name = YOUR-5E03CF73DE | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\WINDOWS
POWERSHELL 1.0\QUICK REFERENCE.LNK> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 3/8/2012 2:51:15 PM | Computer Name = YOUR-5E03CF73DE | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\WINDOWS
POWERSHELL 1.0\QUICK REFERENCE.LNK> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 3/12/2012 2:26:08 PM | Computer Name = YOUR-5E03CF73DE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2002 -- Error 1706. Setup cannot find the
required files. Check your connection to the network, or CD-ROM drive. For other
potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 3/12/2012 2:26:09 PM | Computer Name = YOUR-5E03CF73DE | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Word 2002 - Update '{DA256408-A2E7-41A5-8AD6-62ACB86A0FD7}'
could not be installed. Error code 1603. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error - 3/13/2012 2:42:12 PM | Computer Name = YOUR-5E03CF73DE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/13/2012 2:42:16 PM | Computer Name = YOUR-5E03CF73DE | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 3/20/2012 3:21:48 PM | Computer Name = YOUR-5E03CF73DE | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/21/2012 2:20:40 PM | Computer Name = YOUR-5E03CF73DE | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/21/2012 2:20:42 PM | Computer Name = YOUR-5E03CF73DE | Source = Application Hang | ID = 1001
Description = Fault bucket 734562961.

[ System Events ]
Error - 3/14/2012 1:21:34 PM | Computer Name = YOUR-5E03CF73DE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxecCATSCustConnectService
service to connect.

Error - 3/14/2012 1:21:34 PM | Computer Name = YOUR-5E03CF73DE | Source = Service Control Manager | ID = 7000
Description = The lxecCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 3/15/2012 3:38:26 PM | Computer Name = YOUR-5E03CF73DE | Source = Print | ID = 6161
Description = The document mhtml:mid://00000034/ owned by Owner failed to print
on printer Lexmark Pro900 Series (USB). Data type: LEMF. Size of the spool file
in bytes: 4467217. Number of bytes printed: 0. Total number of pages in the document:
4. Number of pages printed: 3. Client machine: \\YOUR-5E03CF73DE. Win32 error code
returned by the print processor: 0 (0x0).

Error - 3/15/2012 3:50:48 PM | Computer Name = YOUR-5E03CF73DE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxecCATSCustConnectService
service to connect.

Error - 3/15/2012 3:50:48 PM | Computer Name = YOUR-5E03CF73DE | Source = Service Control Manager | ID = 7000
Description = The lxecCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 3/15/2012 5:12:23 PM | Computer Name = YOUR-5E03CF73DE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxecCATSCustConnectService
service to connect.

Error - 3/15/2012 5:12:23 PM | Computer Name = YOUR-5E03CF73DE | Source = Service Control Manager | ID = 7000
Description = The lxecCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 3/28/2012 1:37:03 PM | Computer Name = YOUR-5E03CF73DE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxecCATSCustConnectService
service to connect.

Error - 3/28/2012 1:37:03 PM | Computer Name = YOUR-5E03CF73DE | Source = Service Control Manager | ID = 7000
Description = The lxecCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 3/29/2012 11:41:52 AM | Computer Name = YOUR-5E03CF73DE | Source = DCOM | ID = 10010
Description = The server {FB7199AB-79BF-11D2-8D94-0000F875C541} did not register
with DCOM within the required timeout.


< End of report >

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-30 13:42:29
-----------------------------
13:42:29.562 OS Version: Windows 5.1.2600 Service Pack 3
13:42:29.562 Number of processors: 1 586 0x409
13:42:29.562 ComputerName: YOUR-5E03CF73DE UserName: Owner
13:42:30.500 Initialize success
13:42:56.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-16
13:42:56.359 Disk 0 Vendor: HDT722516DLAT80 V43OA96A Size: 157066MB BusType: 3
13:42:56.375 Disk 0 MBR read successfully
13:42:56.390 Disk 0 MBR scan
13:42:56.406 Disk 0 unknown MBR code
13:42:56.421 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 151840 MB offset 10683225
13:42:56.421 Disk 0 Partition 2 00 0B FAT32 RECOVERY 5216 MB offset 63
13:42:56.437 Disk 0 scanning sectors +321653430
13:42:56.515 Disk 0 scanning C:\WINDOWS\system32\drivers
13:43:06.343 Service scanning
13:43:23.468 Modules scanning
13:43:35.187 Disk 0 trace - called modules:
13:43:35.218 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:43:35.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6fdab8]
13:43:35.593 3 CLASSPNP.SYS[ba168fd7] -> nt!IofCallDriver -> \Device\00000083[0x8a7139e8]
13:43:35.625 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-16[0x8a6fe940]
13:43:35.640 Scan finished successfully
13:43:49.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
13:43:49.171 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
  • 0

#8
Essexboy
Posted 30 March 2012 - 01:09 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm the programme worked as expected on my VM

The only other way, which is a bit longwinded is to open the all programs


Create a new folder with the programme name


Then from program files right click the executable file and select send to desktop


Then finally drag and drop that into the new folder

  • 0

#9
Essexboy
Posted 03 April 2012 - 02:47 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP