Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AT&T/FBI DNS CHANGER Problem


  • Please log in to reply

#1
WalterH

WalterH

    Member

  • Member
  • PipPip
  • 11 posts
Got an email from AT&T about the fact one of my computers may be infected with the DNS Changer Trojan. Use the site provided to check and indeed it says I am infected. Tried running McAfee Stinger - found TDSS.C!mem(trojan) found in Susp_IRP_DT_Create - clean failed, but now when I run it, it finds nothing.

My computer was acting really slow too... lots of hard drive thrashing. SVCHOST was using alot of resources. I killed the process.

I tried installing Malwarebytes, but got a code 5, and it wouldn't load.

So I am here now, Ran OTL and I'm including that log. Please help! Thanks.

OTL logfile created on: 4/22/2012 9:20:03 PM - Run 2
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\Walt Henry\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.98 Mb Total Physical Memory | 470.40 Mb Available Physical Memory | 45.98% Memory free
1.90 Gb Paging File | 1.34 Gb Available in Paging File | 70.67% Paging File free
Paging file location(s): C:\pagefile.sys 1022 1222 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 10.01 Gb Free Space | 26.89% Space Free | Partition Type: NTFS

Computer Name: D842SQ31 | User Name: Walt Henry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/22 21:19:10 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Walt Henry\My Documents\Downloads\OTL.exe
PRC - [2012/03/18 17:22:57 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/12 18:40:52 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/12 18:40:47 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 02:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 07:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 21:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/30 05:15:56 | 000,419,328 | ---- | M] () -- C:\Program Files\FreeFrog\FreeFrogUpdt.exe
PRC - [2011/08/15 07:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/12/03 00:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009/07/10 07:06:49 | 000,139,944 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\ezprint.exe
PRC - [2009/07/10 07:06:46 | 000,766,632 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleamon.exe
PRC - [2009/07/01 06:13:31 | 000,602,792 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\dleacoms.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/18 17:22:54 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/03/12 18:40:52 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
MOD - [2012/03/12 18:40:47 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/12/08 22:53:10 | 008,527,008 | ---- | M] () -- C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/30 05:15:56 | 000,419,328 | ---- | M] () -- C:\Program Files\FreeFrog\FreeFrogUpdt.exe
MOD - [2010/06/08 23:37:21 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
MOD - [2010/06/08 23:23:31 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
MOD - [2009/10/14 14:31:50 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
MOD - [2009/07/10 07:06:49 | 000,139,944 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\ezprint.exe
MOD - [2009/07/10 07:06:46 | 000,766,632 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleamon.exe
MOD - [2009/06/22 06:08:44 | 000,196,608 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epoemdll.dll
MOD - [2009/06/22 06:08:43 | 000,045,056 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epstring.dll
MOD - [2009/06/22 06:08:41 | 002,203,648 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epwizres.dll
MOD - [2009/06/22 06:08:27 | 000,708,608 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epwizard.dll
MOD - [2009/06/22 06:06:32 | 000,159,744 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\customui.dll
MOD - [2009/06/22 06:06:09 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epfunct.dll
MOD - [2009/06/22 06:06:03 | 000,114,688 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\eputil.dll
MOD - [2009/06/22 06:05:49 | 000,139,264 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\imagutil.dll
MOD - [2009/06/19 01:58:00 | 000,157,696 | ---- | M] () -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\dleadrpp.dll
MOD - [2009/05/29 07:09:48 | 001,159,168 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleadrs.dll
MOD - [2009/05/29 07:08:53 | 000,389,120 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleascw.dll
MOD - [2009/05/27 05:16:50 | 000,192,512 | ---- | M] () -- C:\WINDOWS\SYSTEM32\dleadatr.dll
MOD - [2009/05/26 13:17:13 | 000,086,118 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\DLEAcfg.dll
MOD - [2009/04/07 12:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\iptk.dll
MOD - [2009/03/09 22:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleacaps.dll
MOD - [2009/03/05 10:55:33 | 000,059,904 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleacnv4.dll
MOD - [2009/03/02 07:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleaptp.dll
MOD - [2009/02/20 01:50:18 | 000,028,672 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DLEAsmr.dll
MOD - [2009/02/20 01:49:37 | 000,299,008 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DLEAsm.dll
MOD - [2008/03/24 21:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\msjetoledb40.dll
MOD - [2002/08/29 04:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\SYSTEM32\TSD32.DLL
MOD - [2002/05/28 15:29:42 | 000,057,428 | ---- | M] () -- C:\WINDOWS\SYSTEM32\mobileV.acm


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (mcupdmgr.exe)
SRV - File not found [Auto | Stopped] -- -- (McTskshd.exe)
SRV - File not found [Auto | Stopped] -- -- (McDetect.exe)
SRV - [2012/03/12 18:40:52 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2009/07/01 06:13:31 | 000,602,792 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\SYSTEM32\dleacoms.exe -- (dlea_device)
SRV - [2009/07/01 06:13:25 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dleaserv.exe -- (dleaCATSCustConnectService)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wdcsam.sys -- (WDC_SAM)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/10/07 07:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 07:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 07:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 07:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 02:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 02:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 02:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/07/11 02:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 23:07:46 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\[email protected] -- (PCI)
DRV - [2004/08/03 22:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 22:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2002/11/08 12:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/11/09 09:29:36 | 000,017,648 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pcx1nd5.sys -- (pcx1nd5)
DRV - [2001/11/09 09:29:30 | 000,069,744 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pcx1unic.sys -- (pcx1unic)
DRV - [2001/08/17 11:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {1A222ABE-0D02-4375-97EF-8DD8886DBBC8}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{1A222ABE-0D02-4375-97EF-8DD8886DBBC8}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-11-24 17:54:00&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..keyword.URL: "http://isearch.avg.c...4:00&sap=ku&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll ( )
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/04 17:55:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.0.0.7\ [2012/01/23 11:12:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 17:22:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/11/24 17:01:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Walt Henry\Application Data\Mozilla\Extensions
[2011/12/19 22:10:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Walt Henry\Application Data\Mozilla\Firefox\Profiles\ptzedt06.default\extensions
[2004/11/27 21:49:18 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Walt Henry\Application Data\Mozilla\Firefox\Profiles\ptzedt06.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/01/15 13:59:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/23 11:12:31 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\10.0.0.7
[2012/03/18 17:22:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/12 18:40:37 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/12 19:23:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/12 19:23:11 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2002/08/29 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (FreeFrog 1.0) - {A229BC5B-E7A2-447B-B015-1E7CA944978D} - C:\Program Files\FreeFrog\FreeFrog1.0.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Dell Toolbar) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dleamon.exe] C:\Program Files\Dell V310-V510 Series\dleamon.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Dell V310-V510 Series\ezprint.exe ()
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [FreeFrogUpdt.exe] C:\Program Files\FreeFrog\FreeFrogUpdt.exe ()
O4 - HKCU..\Run: [Sonic RecordNow!] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://www.costcopho...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcopho...stcoActivia.cab (Snapfish Activia)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink...geUploader5.cab (Image Uploader Control)
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} http://www.sidestep....00719/sb02a.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://longsdrugs.di...ploadClient.cab (FujifilmUploader Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} Reg Error: Value error. (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.costcopho...veX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.165.11,93.188.160.41
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11B69217-AEDA-4514-9FBF-2DB6F2135D7E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11B69217-AEDA-4514-9FBF-2DB6F2135D7E}: NameServer = 93.188.165.11,93.188.160.41
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\rxx5ot: DllName - (rxx5ot.dll) - File not found
O22 - SharedTaskScheduler: {CDEFEE3D-EDCB-4226-931B-90E184C11CAC} - rjgoitr - No CLSID value found.
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 07:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/22 18:56:37 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2012/04/22 18:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[26 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/22 20:58:01 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2012/04/22 20:57:32 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cce7511d7cff00.job
[2012/04/22 20:56:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012/04/22 20:56:35 | 1072,746,496 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/22 20:33:17 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2012/04/22 20:10:12 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/22 17:51:48 | 095,956,543 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/22 17:50:54 | 000,358,811 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/04/18 08:55:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/17 13:04:21 | 000,005,580 | ---- | M] () -- C:\Documents and Settings\Walt Henry\My Documents\Jared.wpd
[2012/03/30 23:02:39 | 000,003,423 | ---- | M] () -- C:\Documents and Settings\Walt Henry\My Documents\Hi Tim.wpd
[3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[26 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/17 13:04:21 | 000,005,580 | ---- | C] () -- C:\Documents and Settings\Walt Henry\My Documents\Jared.wpd
[2011/07/08 22:32:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/07/07 16:48:08 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011/07/07 16:48:07 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/07/07 16:48:07 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011/07/07 16:48:07 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011/07/07 16:48:07 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011/07/07 16:48:07 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/07/07 16:48:07 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/07/07 16:48:07 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/07/07 16:48:07 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/07/07 16:48:07 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/07/07 16:48:07 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011/07/07 16:48:06 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/07/07 16:48:06 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011/07/07 16:48:06 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/07/07 16:48:06 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011/07/07 16:48:06 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/07/07 16:39:18 | 000,000,064 | ---- | C] () -- C:\WINDOWS\EWF520.ini
[2011/05/16 22:40:28 | 000,155,296 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/11/19 12:37:43 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacoin.dll
[2010/11/19 12:37:31 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\dleahcp.dll
[2010/11/19 12:37:31 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dleagcfg.dll
[2010/11/19 12:37:29 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dleacui.dll
[2010/11/19 12:37:29 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\dleacuir.dll
[2010/11/19 12:36:51 | 000,086,118 | ---- | C] () -- C:\WINDOWS\System32\dleacfg.dll
[2010/11/19 12:32:47 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\dleajswr.dll
[2010/11/19 12:32:46 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\dleains.dll
[2010/11/19 12:32:46 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\dleainsb.dll
[2010/11/19 12:32:46 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dleainsr.dll
[2010/11/19 12:32:45 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dleagrd.dll
[2010/11/19 12:32:45 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dleacub.dll
[2010/11/19 12:32:44 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\dleacu.dll
[2010/11/19 12:32:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dleacur.dll
[2010/11/19 12:32:43 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\dleaxmlu.dll
[2010/11/19 12:32:42 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dleausb1.dll
[2010/11/19 12:32:42 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\dleauldr.dll
[2010/11/19 12:32:42 | 000,082,600 | ---- | C] () -- C:\WINDOWS\System32\dleaview.exe
[2010/11/19 12:32:42 | 000,082,600 | ---- | C] () -- C:\WINDOWS\System32\dleaupld.exe
[2010/11/19 12:32:42 | 000,082,600 | ---- | C] () -- C:\WINDOWS\System32\dleatime.exe
[2010/11/19 12:32:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dleavs.dll
[2010/11/19 12:32:41 | 001,056,768 | ---- | C] ( ) -- C:\WINDOWS\System32\dleaserv.dll
[2010/11/19 12:32:41 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\dlearetv.dll
[2010/11/19 12:32:41 | 000,098,984 | ---- | C] () -- C:\WINDOWS\System32\dleaserv.exe
[2010/11/19 12:32:41 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\dleatime.dll
[2010/11/19 12:32:40 | 000,909,992 | ---- | C] () -- C:\WINDOWS\System32\dleapswx.exe
[2010/11/19 12:32:40 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\dleaptpc.dll
[2010/11/19 12:32:40 | 000,548,864 | ---- | C] () -- C:\WINDOWS\System32\dleappx.dll
[2010/11/19 12:32:39 | 000,725,672 | ---- | C] () -- C:\WINDOWS\System32\dleajswx.exe
[2010/11/19 12:32:39 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\dleapmui.dll
[2010/11/19 12:32:39 | 000,581,632 | ---- | C] ( ) -- C:\WINDOWS\System32\dlealmpm.dll
[2010/11/19 12:32:38 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\dleahbn3.dll
[2010/11/19 12:32:38 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dleainpa.dll
[2010/11/19 12:32:38 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\dleaiesc.dll
[2010/11/19 12:32:38 | 000,328,360 | ---- | C] ( ) -- C:\WINDOWS\System32\dleaih.exe
[2010/11/19 12:32:37 | 000,236,032 | ---- | C] () -- C:\WINDOWS\System32\dleadr.dll
[2010/11/19 12:32:37 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\dleadatr.dll
[2010/11/19 12:32:37 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\dleadrui.dll
[2010/11/19 12:32:37 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\dleadrpp.dll
[2010/11/19 12:32:36 | 000,602,792 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacoms.exe
[2010/11/19 12:32:36 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacomm.dll
[2010/11/19 12:32:36 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\dleacomx.dll
[2010/11/19 12:32:35 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacomc.dll
[2010/11/19 12:32:35 | 000,369,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacfg.exe

========== LOP Check ==========

[2008/11/28 09:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/11/28 09:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2012/03/12 19:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/11/24 19:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2006/12/15 17:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2011/11/24 17:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2011/11/14 21:24:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/07/07 17:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/06/23 19:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2012/04/22 17:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/08/10 11:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MVT
[2006/08/10 11:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MVTLogs
[2006/12/15 17:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2008/01/26 09:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/11/24 21:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/07 17:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009/08/05 11:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2004/09/21 10:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt Henry\Application Data\Aim
[2011/11/27 20:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt Henry\Application Data\AVG Secure Search
[2011/11/26 11:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt Henry\Application Data\AVG2012
[2011/07/07 17:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt Henry\Application Data\Epson
[2011/09/26 11:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt Henry\Application Data\Inbox Toolbar
[2004/02/25 13:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt Henry\Application Data\Research In Motion
[2008/09/15 20:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Walt Henry\Application Data\Viewpoint
[2003/11/11 23:18:20 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
If you look at the O17 lines in the OTL log you will see some with IP addresses starting with 93.188.?.?. These are in the Ukraine which indicates you do have a real problem unless of course that's where you live. I don't see any active malware other than the Ukrainian DNS but there are visible traces of broken malware:
O20 - Winlogon\Notify\rxx5ot: DllName - (rxx5ot.dll) - File not found
O22 - SharedTaskScheduler: {CDEFEE3D-EDCB-4226-931B-90E184C11CAC} - rjgoitr - No CLSID value found.

If a step won't work just note the error and go on to the next step:


Download the McAfee Removal tool
http://download.mcaf...atches/MCPR.exe
run the McAfee uninstall tool, reboot.

Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
O2 - BHO: (FreeFrog 1.0) - {A229BC5B-E7A2-447B-B015-1E7CA944978D} - C:\Program Files\FreeFrog\FreeFrog1.0.dll ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKCU..\Run: [FreeFrogUpdt.exe] C:\Program Files\FreeFrog\FreeFrogUpdt.exe ()
O4 - HKCU..\Run: [Sonic RecordNow!] File not found
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} http://www.sidestep....00719/sb02a.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.165.11,93.188.160.41
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11B69217-AEDA-4514-9FBF-2DB6F2135D7E}: NameServer = 93.188.165.11,93.188.160.41
O20 - Winlogon\Notify\rxx5ot: DllName - (rxx5ot.dll) - File not found
O22 - SharedTaskScheduler: {CDEFEE3D-EDCB-4226-931B-90E184C11CAC} - rjgoitr - No CLSID value found.

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Documents and Settings\Todd\Local Settings\Application Data\*.exe
sc config mcupdmgr.exe start= disabled /c
sc config McTskshd.exe start= disabled /c
sc config McDetect.exe start= disabled /c
sc delete mcupdmgr.exe /c
sc delete McTskshd.exe /c
sc delete McDetect.exe /c

:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.


ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Double click aswMBR.exe to Run it
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Copy the text in the code box:

nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#3
WalterH

WalterH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Ok - working on this now.

The McAfee Removal failed in some areas. I continued on as most was removed. Not sure if you want me to run it again?

OTL - ran the fix - here is the log. Will be continuing on to the next items.

========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A229BC5B-E7A2-447B-B015-1E7CA944978D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A229BC5B-E7A2-447B-B015-1E7CA944978D}\ deleted successfully.
C:\Program Files\FreeFrog\FreeFrog1.0.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\FreeFrogUpdt.exe deleted successfully.
C:\Program Files\FreeFrog\FreeFrogUpdt.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Sonic RecordNow! deleted successfully.
Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Starting removal of ActiveX control {640B39C1-D713-464F-92C3-75BD972B95EE}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{640B39C1-D713-464F-92C3-75BD972B95EE}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{640B39C1-D713-464F-92C3-75BD972B95EE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{640B39C1-D713-464F-92C3-75BD972B95EE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{640B39C1-D713-464F-92C3-75BD972B95EE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{640B39C1-D713-464F-92C3-75BD972B95EE}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{11B69217-AEDA-4514-9FBF-2DB6F2135D7E}\\NameServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rxx5ot\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{CDEFEE3D-EDCB-4226-931B-90E184C11CAC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDEFEE3D-EDCB-4226-931B-90E184C11CAC}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CDEFEE3D-EDCB-4226-931B-90E184C11CAC}\ deleted successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Walt Henry\Desktop\Geek2Go\cmd.bat deleted successfully.
C:\Documents and Settings\Walt Henry\Desktop\Geek2Go\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Walt Henry\Desktop\Geek2Go\cmd.bat deleted successfully.
C:\Documents and Settings\Walt Henry\Desktop\Geek2Go\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Walt Henry\Desktop\Geek2Go\cmd.bat deleted successfully.
C:\Documents and Settings\Walt Henry\Desktop\Geek2Go\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Walt Henry\Desktop\Geek2Go\cmd.bat deleted successfully.
C:\Documents and Settings\Walt Henry\Desktop\Geek2Go\cmd.txt deleted successfully.
File\Folder C:\Documents and Settings\Todd\Local Settings\Application Data\*.exe not found.
< sc config mcupdmgr.exe start= disabled /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Documents and Settings\Walt Henry\Desktop\Geek2Go\cmd.bat deleted successfully.
C:\Documents and Settings\Walt Henry\Desktop\Geek2Go\cmd.txt deleted successfully.
< sc config McTskshd.exe start= disabled /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Documents and Settings\Walt Henry\Desktop\Geek2Go\cmd.bat deleted successfully.
C:\Documents and Settings\Walt Henry\Desktop\Geek2Go\cmd.txt deleted successfully.
< sc config McDetect.exe start= disabled /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Documents and Settings\Walt Henry\Desktop\Geek2Go\cmd.bat deleted successfully.
C:\Documents and Settings\Walt Henry\Desktop\Geek2Go\cmd.txt deleted successfully.
< sc delete mcupdmgr.exe /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Documents and Settings\Walt Henry\Desktop\Geek2Go\cmd.bat deleted successfully.
C:\Documents and Settings\Walt Henry\Desktop\Geek2Go\cmd.txt deleted successfully.
< sc delete McTskshd.exe /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Documents and Settings\Walt Henry\Desktop\Geek2Go\cmd.bat deleted successfully.
C:\Documents and Settings\Walt Henry\Desktop\Geek2Go\cmd.txt deleted successfully.
< sc delete McDetect.exe /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Documents and Settings\Walt Henry\Desktop\Geek2Go\cmd.bat deleted successfully.
C:\Documents and Settings\Walt Henry\Desktop\Geek2Go\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: BreAnne's Wine Tasting

User: Christie Henry

User: Default User

User: Diane Henry
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Owner

User: Walt Henry
->Java cache emptied: 60586742 bytes

Total Java Files Cleaned = 58.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: BreAnne's Wine Tasting

User: Christie Henry

User: Default User

User: Diane Henry
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 706 bytes

User: NetworkService

User: Owner

User: Walt Henry
->Flash cache emptied: 98076 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.41.0 log created on 04292012_151740

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#4
WalterH

WalterH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL Scan with All option checked -

OTL logfile created on: 4/29/2012 3:27:13 PM - Run 3
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\Walt Henry\Desktop\Geek2Go
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.98 Mb Total Physical Memory | 642.63 Mb Available Physical Memory | 62.82% Memory free
1.90 Gb Paging File | 1.54 Gb Available in Paging File | 81.11% Paging File free
Paging file location(s): C:\pagefile.sys 1022 1222 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 11.79 Gb Free Space | 31.70% Space Free | Partition Type: NTFS

Computer Name: D842SQ31 | User Name: Walt Henry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/21 21:19:10 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Walt Henry\Desktop\Geek2Go\OTL.EXE
PRC - [2012/03/12 18:40:52 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/12 18:40:47 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 02:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/10 07:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 21:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 07:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/12/03 00:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009/07/10 07:06:49 | 000,139,944 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\ezprint.exe
PRC - [2009/07/10 07:06:46 | 000,766,632 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleamon.exe
PRC - [2009/07/01 06:13:31 | 000,602,792 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\dleacoms.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/12 18:40:52 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
MOD - [2012/03/12 18:40:47 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2010/06/08 23:37:21 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
MOD - [2010/06/08 23:23:31 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
MOD - [2009/10/14 14:31:50 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
MOD - [2009/07/10 07:06:49 | 000,139,944 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\ezprint.exe
MOD - [2009/07/10 07:06:46 | 000,766,632 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleamon.exe
MOD - [2009/06/22 06:08:44 | 000,196,608 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epoemdll.dll
MOD - [2009/06/22 06:08:43 | 000,045,056 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epstring.dll
MOD - [2009/06/22 06:08:41 | 002,203,648 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epwizres.dll
MOD - [2009/06/22 06:08:27 | 000,708,608 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epwizard.dll
MOD - [2009/06/22 06:06:32 | 000,159,744 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\customui.dll
MOD - [2009/06/22 06:06:09 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epfunct.dll
MOD - [2009/06/22 06:06:03 | 000,114,688 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\eputil.dll
MOD - [2009/06/22 06:05:49 | 000,139,264 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\imagutil.dll
MOD - [2009/06/19 01:58:00 | 000,157,696 | ---- | M] () -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\dleadrpp.dll
MOD - [2009/05/29 07:09:48 | 001,159,168 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleadrs.dll
MOD - [2009/05/29 07:08:53 | 000,389,120 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleascw.dll
MOD - [2009/05/27 05:16:50 | 000,192,512 | ---- | M] () -- C:\WINDOWS\SYSTEM32\dleadatr.dll
MOD - [2009/05/26 13:17:13 | 000,086,118 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\DLEAcfg.dll
MOD - [2009/04/07 12:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\iptk.dll
MOD - [2009/03/09 22:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleacaps.dll
MOD - [2009/03/05 10:55:33 | 000,059,904 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleacnv4.dll
MOD - [2009/03/02 07:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleaptp.dll
MOD - [2009/02/20 01:50:18 | 000,028,672 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DLEAsmr.dll
MOD - [2009/02/20 01:49:37 | 000,299,008 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DLEAsm.dll
MOD - [2008/03/24 21:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\msjetoledb40.dll
MOD - [2002/08/29 04:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\SYSTEM32\TSD32.DLL
MOD - [2002/05/28 15:29:42 | 000,057,428 | ---- | M] () -- C:\WINDOWS\SYSTEM32\mobileV.acm


========== Win32 Services (SafeList) ==========

SRV - [2012/04/25 07:31:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/12 18:40:52 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [On_Demand | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2009/07/01 06:13:31 | 000,602,792 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\SYSTEM32\dleacoms.exe -- (dlea_device)
SRV - [2009/07/01 06:13:25 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dleaserv.exe -- (dleaCATSCustConnectService)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wdcsam.sys -- (WDC_SAM)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/10/07 07:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 07:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 07:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 07:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 02:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 02:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 02:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/07/11 02:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 23:07:46 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\[email protected] -- (PCI)
DRV - [2004/08/03 22:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 22:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2002/11/08 12:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/11/09 09:29:36 | 000,017,648 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pcx1nd5.sys -- (pcx1nd5)
DRV - [2001/11/09 09:29:30 | 000,069,744 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pcx1unic.sys -- (pcx1unic)
DRV - [2001/08/17 11:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {1A222ABE-0D02-4375-97EF-8DD8886DBBC8}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{1A222ABE-0D02-4375-97EF-8DD8886DBBC8}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-11-24 17:54:00&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..keyword.URL: "http://isearch.avg.c...4:00&sap=ku&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYState.dll ( )
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/04 17:55:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.0.0.7\ [2012/01/23 11:12:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/25 07:31:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/11/24 17:01:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Walt Henry\Application Data\Mozilla\Extensions
[2012/04/26 16:56:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Walt Henry\Application Data\Mozilla\Firefox\Profiles\ptzedt06.default\extensions
[2004/11/27 21:49:18 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Walt Henry\Application Data\Mozilla\Firefox\Profiles\ptzedt06.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/01/15 13:59:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/23 11:12:31 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\10.0.0.7
[2012/04/25 07:31:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/12 18:40:37 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/12 19:23:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/12 19:23:11 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/29 15:18:54 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Dell Toolbar) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dleamon.exe] C:\Program Files\Dell V310-V510 Series\dleamon.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Dell V310-V510 Series\ezprint.exe ()
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://www.costcopho...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcopho...stcoActivia.cab (Snapfish Activia)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink...geUploader5.cab (Image Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://longsdrugs.di...ploadClient.cab (FujifilmUploader Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.costcopho...veX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11B69217-AEDA-4514-9FBF-2DB6F2135D7E}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 07:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/29 15:14:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/25 07:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/04/25 07:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/04/22 21:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Walt Henry\Desktop\Geek2Go
[2012/04/22 18:56:37 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2012/04/22 18:56:25 | 000,068,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\[email protected]
[2012/04/22 18:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[26 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/29 15:23:08 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2012/04/29 15:22:59 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cce7511d7cff00.job
[2012/04/29 15:21:56 | 1072,746,496 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/29 15:21:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012/04/29 15:18:54 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2012/04/29 15:10:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/29 09:01:10 | 096,579,315 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/28 17:47:47 | 000,359,400 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/04/28 15:11:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/25 08:55:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/24 14:40:20 | 000,003,661 | ---- | M] () -- C:\Documents and Settings\Walt Henry\My Documents\A couple of things grabbed my attention when Cory was teaching.wpd
[2012/04/24 13:22:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Walt Henry\My Documents\1 Samuel 9
[2012/04/23 14:04:05 | 000,000,190 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/04/22 20:33:17 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2012/04/17 13:04:21 | 000,005,580 | ---- | M] () -- C:\Documents and Settings\Walt Henry\My Documents\Jared.wpd
[2012/03/30 23:02:39 | 000,003,423 | ---- | M] () -- C:\Documents and Settings\Walt Henry\My Documents\Hi Tim.wpd
[3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[26 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/24 14:40:20 | 000,003,661 | ---- | C] () -- C:\Documents and Settings\Walt Henry\My Documents\A couple of things grabbed my attention when Cory was teaching.wpd
[2012/04/24 13:22:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Walt Henry\My Documents\1 Samuel 9
[2012/04/17 13:04:21 | 000,005,580 | ---- | C] () -- C:\Documents and Settings\Walt Henry\My Documents\Jared.wpd
[2011/07/08 22:32:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/07/07 16:48:08 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011/07/07 16:48:07 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/07/07 16:48:07 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011/07/07 16:48:07 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011/07/07 16:48:07 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011/07/07 16:48:07 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/07/07 16:48:07 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/07/07 16:48:07 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/07/07 16:48:07 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/07/07 16:48:07 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/07/07 16:48:07 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011/07/07 16:48:06 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/07/07 16:48:06 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011/07/07 16:48:06 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/07/07 16:48:06 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011/07/07 16:48:06 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/07/07 16:39:18 | 000,000,064 | ---- | C] () -- C:\WINDOWS\EWF520.ini
[2011/05/16 22:40:28 | 000,155,296 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/11/19 12:37:43 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacoin.dll
[2010/11/19 12:37:31 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\dleahcp.dll
[2010/11/19 12:37:31 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dleagcfg.dll
[2010/11/19 12:37:29 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dleacui.dll
[2010/11/19 12:37:29 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\dleacuir.dll
[2010/11/19 12:36:51 | 000,086,118 | ---- | C] () -- C:\WINDOWS\System32\dleacfg.dll
[2010/11/19 12:32:47 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\dleajswr.dll
[2010/11/19 12:32:46 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\dleains.dll
[2010/11/19 12:32:46 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\dleainsb.dll
[2010/11/19 12:32:46 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dleainsr.dll
[2010/11/19 12:32:45 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dleagrd.dll
[2010/11/19 12:32:45 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dleacub.dll
[2010/11/19 12:32:44 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\dleacu.dll
[2010/11/19 12:32:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dleacur.dll
[2010/11/19 12:32:43 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\dleaxmlu.dll
[2010/11/19 12:32:42 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dleausb1.dll
[2010/11/19 12:32:42 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\dleauldr.dll
[2010/11/19 12:32:42 | 000,082,600 | ---- | C] () -- C:\WINDOWS\System32\dleaview.exe
[2010/11/19 12:32:42 | 000,082,600 | ---- | C] () -- C:\WINDOWS\System32\dleaupld.exe
[2010/11/19 12:32:42 | 000,082,600 | ---- | C] () -- C:\WINDOWS\System32\dleatime.exe
[2010/11/19 12:32:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dleavs.dll
[2010/11/19 12:32:41 | 001,056,768 | ---- | C] ( ) -- C:\WINDOWS\System32\dleaserv.dll
[2010/11/19 12:32:41 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\dlearetv.dll
[2010/11/19 12:32:41 | 000,098,984 | ---- | C] () -- C:\WINDOWS\System32\dleaserv.exe
[2010/11/19 12:32:41 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\dleatime.dll
[2010/11/19 12:32:40 | 000,909,992 | ---- | C] () -- C:\WINDOWS\System32\dleapswx.exe
[2010/11/19 12:32:40 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\dleaptpc.dll
[2010/11/19 12:32:40 | 000,548,864 | ---- | C] () -- C:\WINDOWS\System32\dleappx.dll
[2010/11/19 12:32:39 | 000,725,672 | ---- | C] () -- C:\WINDOWS\System32\dleajswx.exe
[2010/11/19 12:32:39 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\dleapmui.dll
[2010/11/19 12:32:39 | 000,581,632 | ---- | C] ( ) -- C:\WINDOWS\System32\dlealmpm.dll
[2010/11/19 12:32:38 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\dleahbn3.dll
[2010/11/19 12:32:38 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dleainpa.dll
[2010/11/19 12:32:38 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\dleaiesc.dll
[2010/11/19 12:32:38 | 000,328,360 | ---- | C] ( ) -- C:\WINDOWS\System32\dleaih.exe
[2010/11/19 12:32:37 | 000,236,032 | ---- | C] () -- C:\WINDOWS\System32\dleadr.dll
[2010/11/19 12:32:37 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\dleadatr.dll
[2010/11/19 12:32:37 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\dleadrui.dll
[2010/11/19 12:32:37 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\dleadrpp.dll
[2010/11/19 12:32:36 | 000,602,792 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacoms.exe
[2010/11/19 12:32:36 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacomm.dll
[2010/11/19 12:32:36 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\dleacomx.dll
[2010/11/19 12:32:35 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacomc.dll
[2010/11/19 12:32:35 | 000,369,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacfg.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >
  • 0

#5
WalterH

WalterH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is the Extra's Log from the OTL Scan -

OTL Extras logfile created on: 4/29/2012 3:27:13 PM - Run 3
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\Walt Henry\Desktop\Geek2Go
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.98 Mb Total Physical Memory | 642.63 Mb Available Physical Memory | 62.82% Memory free
1.90 Gb Paging File | 1.54 Gb Available in Paging File | 81.11% Paging File free
Paging file location(s): C:\pagefile.sys 1022 1222 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 11.79 Gb Free Space | 31.70% Space Free | Partition Type: NTFS

Computer Name: D842SQ31 | User Name: Walt Henry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- C:\WINDOWS\notepad.exe %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{069C1AD7-AC72-40E0-A156-7442EA6A48D7}" = AVG 2012
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 29
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{464FC5BE-1FED-4D8E-906A-E1F3350E1625}" = Artista Data eXchange (ADX) for Artista Designer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{570B96D1-70D3-4B48-93EF-029440FA1BCE}" = Camera Window
"{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{64116298-93C5-401D-B06C-39D8E3338508}" = DAO
"{6710FE30-27F7-492B-A660-D31D4A898A43}" = MSN Toolbar
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{744F6CCF-9F56-40A0-A33D-2A45D53B6046}" = Hoyle Card Games 2004
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78E59435-A150-4C50-9B4B-370D9C15D1E5}" = DV NETWORK SOLUTION DISK
"{7B7044AE-6D1F-456D-B2BA-28BFFFAF3F71}" = Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{863DCE5B-D6CA-4DC5-9F95-7DCFED15DE8F}" = The Print Shop 20
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9B79DCB0-AAD7-456B-8D07-433C936FA24B}" = DS21Patch
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}" = PhotoStitch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1A0A3F9-C302-4A18-A2E0-71C927D24652}" = Epson Easy Photo Print 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE94AA8F-E907-4068-8533-C8D9C3C6CDEE}" = e-Sword
"{D3440743-FCC9-4BFC-B630-4EFC0C1A8D44}" = MyProfessionalBusinessCards
"{D68C0E11-A4F1-47C5-B6FA-9382716F6B31}" = Canon Camera WIA Driver
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AOL Instant Messenger" = AOL Instant Messenger
"AVG" = AVG 2012
"Canon Camera WIA Driver PowerShot A40" = Canon PowerShot A40 WIA Driver
"Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1
"Canon Utilities RAW Image Converter" = Canon Utilities RAW Image Converter
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702" = Conexant SmartHSFi V92 56K DF PCI Modem
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Dell V310-V510 Series" = Dell V310-V510 Series
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 520 Series" = EPSON WorkForce 520 Series Printer Uninstall
"FreeFrog" = FreeFrog 1.0
"GENViewerLite_is1" = GENViewer Lite 1.14
"InstallShield_{570B96D1-70D3-4B48-93EF-029440FA1BCE}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{78E59435-A150-4C50-9B4B-370D9C15D1E5}" = DV NETWORK SOLUTION DISK
"InstallShield_{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"InstallShield_{D68C0E11-A4F1-47C5-B6FA-9382716F6B31}" = Canon ZR65 MC WIA Driver
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PhotoRecord" = Canon PhotoRecord
"PROSet" = Intel® PRO Network Adapters and Drivers
"RemoteCapture" = Canon Utilities RemoteCapture 2.2
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"Windows CE Services" = Microsoft ActiveSync 3.6
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Internet Mail" = Yahoo! Internet Mail

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/20/2012 10:40:51 AM | Computer Name = D842SQ31 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x001a624b.

Error - 4/20/2012 10:41:44 AM | Computer Name = D842SQ31 | Source = Application Error | ID = 1001
Description = Fault bucket 2057691551.

Error - 4/20/2012 3:16:17 PM | Computer Name = D842SQ31 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x001a624b.

Error - 4/20/2012 3:16:32 PM | Computer Name = D842SQ31 | Source = Application Error | ID = 1001
Description = Fault bucket 2057691551.

Error - 4/21/2012 10:53:15 AM | Computer Name = D842SQ31 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x001a624b.

Error - 4/21/2012 10:53:25 AM | Computer Name = D842SQ31 | Source = Application Error | ID = 1001
Description = Fault bucket 2057691551.

Error - 4/22/2012 10:20:53 AM | Computer Name = D842SQ31 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 4/22/2012 10:11:37 PM | Computer Name = D842SQ31 | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/22/2012 10:12:26 PM | Computer Name = D842SQ31 | Source = Application Error | ID = 1001
Description = Fault bucket 07918338.

Error - 4/29/2012 6:17:30 PM | Computer Name = D842SQ31 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.EXE, version 3.2.41.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/29/2012 6:14:14 PM | Computer Name = D842SQ31 | Source = Service Control Manager | ID = 7034
Description = The dlea_device service terminated unexpectedly. It has done this
1 time(s).

Error - 4/29/2012 6:17:41 PM | Computer Name = D842SQ31 | Source = Service Control Manager | ID = 7031
Description = The AVG WatchDog service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 4/29/2012 6:17:41 PM | Computer Name = D842SQ31 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Driver Helper Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/29/2012 6:17:41 PM | Computer Name = D842SQ31 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/29/2012 6:17:41 PM | Computer Name = D842SQ31 | Source = Service Control Manager | ID = 7034
Description = The SupportSoft Sprocket Service (dellsupportcenter) service terminated
unexpectedly. It has done this 1 time(s).

Error - 4/29/2012 6:17:42 PM | Computer Name = D842SQ31 | Source = Service Control Manager | ID = 7034
Description = The Viewpoint Manager Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 4/29/2012 6:17:42 PM | Computer Name = D842SQ31 | Source = Service Control Manager | ID = 7034
Description = The vToolbarUpdater10.2.0 service terminated unexpectedly. It has
done this 1 time(s).

Error - 4/29/2012 6:23:08 PM | Computer Name = D842SQ31 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the dleaCATSCustConnectService
service to connect.

Error - 4/29/2012 6:23:08 PM | Computer Name = D842SQ31 | Source = Service Control Manager | ID = 7000
Description = The dleaCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 4/29/2012 6:27:17 PM | Computer Name = D842SQ31 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460


< End of report >
  • 0

#6
WalterH

WalterH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
combo fix log -

ComboFix 12-04-29.02 - Walt Henry 04/29/2012 17:35:22.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.658 [GMT -7:00]
Running from: c:\documents and settings\Walt Henry\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\SPL116.tmp
c:\documents and settings\All Users\SPL207.tmp
c:\documents and settings\All Users\SPLE0.tmp
c:\documents and settings\Diane Henry\WINDOWS
c:\documents and settings\Walt Henry\Application Data\Mozilla\Firefox\Profiles\ptzedt06.default\weave\toFetch
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\a41834536c829639.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\c5aa5619c1217523.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f6751e8b1cc36a31.fb
c:\windows\system32\CID
c:\windows\system32\Temp
c:\windows\system32\Temp\aawfhriejlcmbvbhxjui.list
c:\windows\system32\Temp\svsheimgvhmdwhuzmxva.list
c:\windows\system32\uninstall.exe
c:\windows\system32\urttemp
c:\windows\system32\urttemp\fusion.dll
c:\windows\system32\urttemp\mscoree.dll
c:\windows\system32\urttemp\mscoree.dll.local
c:\windows\system32\urttemp\mscorsn.dll
c:\windows\system32\urttemp\mscorwks.dll
c:\windows\system32\urttemp\msvcr71.dll
c:\windows\system32\urttemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-30 )))))))))))))))))))))))))))))))
.
.
2012-04-29 22:14 . 2012-04-29 22:14 -------- d-----w- C:\_OTL
2012-04-25 14:31 . 2012-04-25 14:31 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-25 14:31 . 2012-04-25 14:31 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 14:31 . 2012-04-25 14:31 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-23 01:56 . 2012-04-23 03:33 14664 ----a-w- c:\windows\stinger.sys
2012-04-23 01:55 . 2012-04-23 03:47 -------- d-----w- c:\program files\stinger
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-25 14:31 . 2011-11-24 23:59 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-13 01:40 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-14 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"dleamon.exe"="c:\program files\Dell V310-V510 Series\dleamon.exe" [2009-07-10 766632]
"EzPrint"="c:\program files\Dell V310-V510 Series\ezprint.exe" [2009-07-10 139944]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-13 982880]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-23 928096]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2003-08-13 16:27 28672 ----a-w- c:\windows\SYSTEM32\DSentry.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-02-23 23:45 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-27 00:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
2003-02-13 07:01 155648 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
2005-03-29 01:24 28616 ----a-w- c:\program files\WildTangent\Apps\CDA\GameDrvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2006-06-16 21:37 3334144 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"\\??\\c:\\WINDOWS\\system32\\winlogon.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\SYSTEM32\DRIVERS\AVGIDSEH.sys [7/11/2011 2:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [9/13/2011 7:30 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [10/7/2011 7:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [7/11/2011 2:14 AM 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 7:09 AM 192776]
R2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe -service --> c:\windows\system32\dleacoms.exe -service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/28/2008 9:41 AM 24652]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [3/12/2012 6:40 PM 918880]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\dleaserv.exe [11/19/2010 12:37 PM 98984]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/14/2010 11:52 PM 135664]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 7:25 AM 4433248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\SYSTEM32\DRIVERS\AVGIDSDriver.sys [7/11/2011 2:14 AM 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\SYSTEM32\DRIVERS\AVGIDSFilter.sys [7/11/2011 2:14 AM 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\SYSTEM32\DRIVERS\AVGIDSShim.sys [10/4/2011 7:21 AM 16720]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/14/2010 11:52 PM 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 7:31 AM 129976]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cce7511d7cff00.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 06:52]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 06:52]
.
2003-11-12 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 07:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
FF - ProfilePath - c:\documents and settings\Walt Henry\Application Data\Mozilla\Firefox\Profiles\ptzedt06.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc1f986d5-0911-47b0-9032-78cd56bc3599%7D&mid=e30974fe014047d18ccdd145b790d1c6-39ccebe56c5a0eadb164457169b2351eed0736c2&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2011-11-24%2017%3A54%3A00&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-29 17:46
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCI]
"ImagePath"="System32\DRIVERS\[email protected]"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{10AF3945-2E81-4C59-AF6E-B8B428E34074}\ProgID]
@DACL=(02 0000)
@="AOLEE.EESvcMgrGate.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{10AF3945-2E81-4C59-AF6E-B8B428E34074}\VersionIndependentProgID]
@DACL=(02 0000)
@="AOLEE.EESvcMgrGate.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{18EC6138-8174-4C2B-9DE5-E84AECC0C4BF}\ProgID]
@DACL=(02 0000)
@="abrowser.HtmlDlgHelper.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{18EC6138-8174-4C2B-9DE5-E84AECC0C4BF}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{18EC6138-8174-4C2B-9DE5-E84AECC0C4BF}\TypeLib]
@DACL=(02 0000)
@="{FBEA7461-07B2-4C4C-9103-474CED43B7D2}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{18EC6138-8174-4C2B-9DE5-E84AECC0C4BF}\VersionIndependentProgID]
@DACL=(02 0000)
@="abrowser.HtmlDlgHelper"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4D491EB7-1914-FA42-C2E0-6CBEAE70DF65}\Control]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4D491EB7-1914-FA42-C2E0-6CBEAE70DF65}\Implemented Categories]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4D491EB7-1914-FA42-C2E0-6CBEAE70DF65}\InprocServer32]
@DACL=(02 0000)
@="c:\\Documents and Settings\\All Users\\Application Data\\MVT\\mvt.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4D491EB7-1914-FA42-C2E0-6CBEAE70DF65}\Insertable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4D491EB7-1914-FA42-C2E0-6CBEAE70DF65}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4D491EB7-1914-FA42-C2E0-6CBEAE70DF65}\ProgID]
@DACL=(02 0000)
@="MVT.MVTControl.3100"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4D491EB7-1914-FA42-C2E0-6CBEAE70DF65}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4D491EB7-1914-FA42-C2E0-6CBEAE70DF65}\ToolboxBitmap32]
@DACL=(02 0000)
@="c:\\Documents and Settings\\All Users\\Application Data\\MVT\\mvt.dll, 101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4D491EB7-1914-FA42-C2E0-6CBEAE70DF65}\TypeLib]
@DACL=(02 0000)
@="{D1E1E55C-AF3B-444b-A4BF-2BD00995F90D}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4D491EB7-1914-FA42-C2E0-6CBEAE70DF65}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4D491EB7-1914-FA42-C2E0-6CBEAE70DF65}\VersionIndependentProgID]
@DACL=(02 0000)
@="MVT.MVTControl"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CEBFBDF9-DBE4-4167-8BCA-DF9281AF6A1B}\Control]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CEBFBDF9-DBE4-4167-8BCA-DF9281AF6A1B}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CEBFBDF9-DBE4-4167-8BCA-DF9281AF6A1B}\ProgID]
@DACL=(02 0000)
@="abrowser.Browser.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CEBFBDF9-DBE4-4167-8BCA-DF9281AF6A1B}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CEBFBDF9-DBE4-4167-8BCA-DF9281AF6A1B}\TypeLib]
@DACL=(02 0000)
@="{FBEA7461-07B2-4C4C-9103-474CED43B7D2}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CEBFBDF9-DBE4-4167-8BCA-DF9281AF6A1B}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CEBFBDF9-DBE4-4167-8BCA-DF9281AF6A1B}\VersionIndependentProgID]
@DACL=(02 0000)
@="abrowser.Browser"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E750691E-1E0C-4d21-BB24-3F417D0C4AF8}\Control]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E750691E-1E0C-4d21-BB24-3F417D0C4AF8}\MiscStatus]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E750691E-1E0C-4d21-BB24-3F417D0C4AF8}\ProgID]
@DACL=(02 0000)
@="abrowser.MiniBrowser.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E750691E-1E0C-4d21-BB24-3F417D0C4AF8}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E750691E-1E0C-4d21-BB24-3F417D0C4AF8}\TypeLib]
@DACL=(02 0000)
@="{FBEA7461-07B2-4C4C-9103-474CED43B7D2}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E750691E-1E0C-4d21-BB24-3F417D0C4AF8}\Version]
@DACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E750691E-1E0C-4d21-BB24-3F417D0C4AF8}\VersionIndependentProgID]
@DACL=(02 0000)
@="abrowser.MiniBrowser"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E89BBA4B-2B04-42F9-A576-6AB105FB1F0D}\ProgID]
@DACL=(02 0000)
@="abrowser.BrowserManager.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E89BBA4B-2B04-42F9-A576-6AB105FB1F0D}\Programmable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E89BBA4B-2B04-42F9-A576-6AB105FB1F0D}\TypeLib]
@DACL=(02 0000)
@="{FBEA7461-07B2-4C4C-9103-474CED43B7D2}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E89BBA4B-2B04-42F9-A576-6AB105FB1F0D}\VersionIndependentProgID]
@DACL=(02 0000)
@="abrowser.BrowserManager"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{00CEDBF1-864D-11D3-908D-00C0F03B3EDC}\1.0]
@DACL=(02 0000)
@="ierjplug 1.0 Type Library"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{06645894-E73C-413B-8704-71823A9C39B5}\1.0]
@DACL=(02 0000)
@="Cerberus 1.0 Type Library"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{09101CA1-D527-11D6-AD30-0050DAD88A02}\1.0]
@DACL=(02 0000)
@="ESCom 1.0 Type Library"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{0B54F548-639F-462F-BCDE-9557B8AB378F}\1.0]
@DACL=(02 0000)
@="AOL CETCtrl 1.0 Type Library"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{12D56325-94E3-4E74-A91B-586982151C2F}\1.0]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{1D8D8275-8778-4BD4-AF35-27453BBE9750}\1.0]
@DACL=(02 0000)
@="RIM DesktopApi 1.0 Type Library"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{2293FA8E-8FE7-4147-9706-BC1688C339A2}\1.0]
@DACL=(02 0000)
@="QDiag 1.0 Type Library"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{229B78B8-38F5-11D5-9001-00C04F4C3B9F}\1.0]
@DACL=(02 0000)
@="CDDBControl(AOL) 1.0 Type Library"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{2499388C-3A64-11D0-BFAB-080000185165}\1.0]
@DACL=(02 0000)
@="atlbutn 1.0 Type Library"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{296802FE-345A-4CA4-B941-692B8622CC69}\1.0]
@DACL=(02 0000)
@="AxTrack 1.0 Type Library"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{307DE02D-679A-49B9-B582-6E623BE9386F}\1.0]
@DACL=(02 0000)
@="CoachDM 1.0 Type Library"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{3F8E02B4-6601-41A2-95E7-6BD102935C55}\1.0]
@DACL=(02 0000)
@="Phobos 1.0 Type Library"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{405DE7B2-E7DD-11D2-92C5-00C0F01F77C1}\1.0]
@DACL=(02 0000)
@="rpautostream 1.0 Type Library"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{53FCF357-5323-11D0-A864-0000B43699FC}\2.8]
@DACL=(02 0000)
@="BackWeb Type Library (v2.8)"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{57B2FD05-64D4-4AD7-A92A-7C32FE50A0F4}\1.0]
@DACL=(02 0000)
@="AOL UPFCtrl 1.0 Type Library"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{79C10055-C1B5-4754-AC44-003784AA3A44}\1.0]
@DACL=(02 0000)
@="YGPPicInfo 1.0 Type Library"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{81EBC6E0-D805-11D3-8920-00104B9876B8}\1.0]
@DACL=(02 0000)
@="KodakOneTouch 1.0 Type Library"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{87099223-C7AF-11D0-B225-00C04FB6C2F5}\1.0]
@DACL=(02 0000)
@="faxcom 1.0 Type Library"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{8D66A700-5DF0-4706-9ACA-FEB467A7A853}\1.0]
@DACL=(02 0000)
@="Ares 1.0 Type Library"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}\1.0\0]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}\1.0\Flags]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{A67004E0-8362-42F9-B186-88706C346DD9}\1.0]
@DACL=(02 0000)
@="ierpplug 1.0 Type Library"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{A73B6F3D-FD35-4992-AB4B-4AD729BB20E7}\1.0\0]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{A73B6F3D-FD35-4992-AB4B-4AD729BB20E7}\1.0\FLAGS]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{BB9EF4CE-09E6-44C5-A6E9-AD9A471B4025}\1.0]
@DACL=(02 0000)
@="AolCalSvr 1.0 Type Library"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{DCCAF17F-7581-4C86-9867-56D9405FAC3F}\1.0]
@DACL=(02 0000)
@="Pathfinder 1.0 Type Library"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{E3852602-B619-11D6-94EC-00047521F020}\1.0]
@DACL=(02 0000)
@="WinAmpXChat 1.0 Type Library"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{ECAD18F1-CA65-11D6-8A1B-00E029570A3E}\1.0]
@DACL=(02 0000)
@="SAMgr 1.0 Type Library"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{FBEA7461-07B2-4C4C-9103-474CED43B7D2}\1.0]
@DACL=(02 0000)
@="abrowser 1.0 Type Library"
.
[HKEY_LOCAL_MACHINE\software\Clients\Media\MUSICMATCH Jukebox\DefaultIcon]
@DACL=(02 0000)
@="c:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmjblaunch.exe,1"
.
[HKEY_LOCAL_MACHINE\software\Clients\Media\MUSICMATCH Jukebox\InstallInfo]
@DACL=(02 0000)
"HideIconsCommand"="\"c:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\refreshicon.exe\" /h"
"ShowIconsCommand"="\"c:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\refreshicon.exe\" /s"
"ReinstallCommand"="\"c:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\refreshicon.exe\" /i"
"IconsVisible"=dword:00000001
"OEMShowIcons"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Clients\Media\MUSICMATCH Jukebox\shell]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Clients\Media\QuickTime Player\DefaultIcon]
@DACL=(02 0000)
@="c:\\PROGRA~1\\QUICKT~1\\QuickTimePlayer.exe,-APPLICATION_ICON"
.
[HKEY_LOCAL_MACHINE\software\Clients\Media\QuickTime Player\InstallInfo]
@DACL=(02 0000)
"ReinstallCommand"="c:\\WINDOWS\\system32\\QuickTime\\QuickTimeUpdateHelper.exe -QTReinstallDefaultMediaPlayerSetting"
"HideIconsCommand"="c:\\WINDOWS\\system32\\QuickTime\\QuickTimeUpdateHelper.exe -QTHideIconsDefaultMediaPlayerSetting"
"ShowIconsCommand"="c:\\WINDOWS\\system32\\QuickTime\\QuickTimeUpdateHelper.exe -QTShowIconsDefaultMediaPlayerSetting"
"IconsVisible"=dword:00000001
"OEMShowIcons"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Clients\Media\QuickTime Player\shell]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{13A7995E-7D8F-45B4-9C77-819265225763}]
@DACL=(02 0000)
"Priority"=dword:00000001
"AutoInsert"=dword:00000001
"Name"="WMPlayer Spectrum Analyzer DMO"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{95037DA1-6ED9-4B27-8CFF-9AD3DFB0B2F2}]
@DACL=(02 0000)
"Priority"=dword:fffffffb
"AutoInsert"=dword:00000001
"Name"="WMPlayer SRSWow DMO"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{974BF3BF-C9AE-4476-8003-5FE544DF458C}]
@DACL=(02 0000)
"Priority"=dword:fffffffe
"AutoInsert"=dword:00000001
"Name"="WMPlayer Video Processing DMO"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{B2DBA270-9F49-4513-AC13-76496D6EBA3A}]
@DACL=(02 0000)
"Priority"=dword:00000002
"AutoInsert"=dword:00000000
"Name"="Speaker Enhancement DMO"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{D01BC8E2-70AD-4976-9612-21B37ED5C8E8}]
@DACL=(02 0000)
"Priority"=dword:00000003
"AutoInsert"=dword:00000001
"Name"="WMPlayer Equalizer DMO"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Money\Investor\{4FF03E77-ECE6-43EA-AFFA-A47F987F00B2}\1]
@DACL=(02 0000)
"Data"=hex:79,56,34,52,d8,bb,e2,40
"Properties"=hex:79,56,34,52,d8,bb,e2,40
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Money\Investor\{7196C90C-B650-493A-BDBA-08137EBFDDA6}\1]
@DACL=(02 0000)
"Data"=hex:9a,99,99,99,8b,8f,e2,40
"Properties"=hex:9a,99,99,99,8b,8f,e2,40
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\AppLogLevels]
@DACL=(02 0000)
"MasterInstaller"=dword:00000000
"IEngine"=dword:00000000
"SetupEngine"=dword:00000000
"SetupMSI"=dword:00000000
"cmLock"=dword:00000000
"cmlib"=dword:00000000
"REGISTER_DLL"=dword:00000000
"REGISTRATION"=dword:00000000
"SetupError"=dword:00000000
"vistaact"=dword:00000000
"RetainIni"=dword:00000000
"ptswia"=dword:00000000
"pjObj"=dword:00000000
"Atlas"=dword:00000000
"AblumCat"=dword:00000000
"AtlasManager"=dword:00000000
"bragbook"=dword:00000000
"PCDADDIN"=dword:00000000
"OTTBPVER"=dword:00000000
"opt_act"=dword:00000000
"ccsstop"=dword:00000000
"unin_act"=dword:00000000
"CheckReboot"=dword:00000000
"KodakShx"=dword:00000000
"KodakDCCameraManager"=dword:00000000
"inst_act"=dword:00000000
"KMACustAction"=dword:00000000
"ksustop"=dword:00000000
"esbwclntext"=dword:00000000
"acqmod"=dword:00000000
"acqmodSources"=dword:00000000
"hydrahelper"=dword:00000000
"bragbookhowfile"=dword:00000000
"dpofinfo"=dword:00000000
"CVistaImage"=dword:00000000
"CVistaDirector"=dword:00000000
"VistaCollection"=dword:00000000
"ofotoXMI"=dword:00000000
"CThumbView"=dword:00000000
"VistaPrint"=dword:00000000
"VpolHelper"=dword:00000000
"VPrintOnlineLocale"=dword:00000000
"VPol"=dword:00000000
"VPOLView"=dword:00000000
"KEmail"=dword:00000000
"\"VistaEmail\""=dword:00000000
"KODAK_REMAILER"=dword:00000000
"FACTORY"=dword:00000000
"OFOTO_REMAILER"=dword:00000000
"cameratodos"=dword:00000000
"PCDSysX"=dword:00000000
"Tester"=dword:00000000
"KSU_NOTIFIER"=dword:00000000
"NOTIFIER_KSU_DATA"=dword:00000000
"tcConfigFileData"=dword:00000000
"NOTIFIER_ARBITER"=dword:00000000
"NOTIFIER_UTILITY"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
@DACL=(02 0000)
"FriendlyName"="DirectX"
"ComponentGUID"="{44BBA855-CC51-11CF-AAFA-00AA00B6015C}"
"Version"=dword:00040009
"Sub-Version"=dword:00000385
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\\dxxp.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\\dxxp.cat"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AA936DF4-2B08-4B1F-B071-72192E287704}]
@DACL=(02 0000)
"FriendlyName"="DirectX BDA"
"ComponentGUID"="{AA936DF4-2B08-4B1F-B071-72192E287704}"
"Version"=dword:00040009
"Sub-Version"=dword:00000385
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AA936DF4-2B08-4B1F-B071-72192E287704}\\dxbda.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AA936DF4-2B08-4B1F-B071-72192E287704}\\dx9bda.cat"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwDir]
@DACL=(02 0000)
"Installed"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwFlash]
@DACL=(02 0000)
"Installed"="1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\AVGAntiSpyware75]
@DACL=(02 0000)
"DisplayName"="AVG Anti-Spyware 7.5"
"UninstallString"="c:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\Uninstall.exe"
"InstallLocation"="c:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5"
"DisplayIcon"="c:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe"
"Publisher"="Grisoft Ltd."
"HelpLink"="http://www.grisoft.com"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Burn4Free_is1]
@DACL=(02 0000)
"Inno Setup: Setup Version"="3.0.6"
"Inno Setup: App Path"="c:\\Program Files\\AOL\\Burn4Free"
"Inno Setup: Icon Group"="Burn4Free"
"Inno Setup: User"="Christie Henry"
"Inno Setup: Selected Tasks"="desktopicon,quicklaunchicon"
"Inno Setup: Deselected Tasks"=""
"DisplayName"="Burn4Free 1.0.0.568"
"UninstallString"="\"c:\\Program Files\\AOL\\Burn4Free\\unins000.exe\""
"Publisher"="Simone Tasselli"
"URLInfoAbout"="http://www.burn4free.com"
"HelpLink"="http://www.burn4free.com"
"URLUpdateInfo"="http://www.burn4free.com"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{570B96D1-70D3-4B48-93EF-029440FA1BCE}]
@DACL=(02 0000)
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{570B96D1-70D3-4B48-93EF-029440FA1BCE}\\Setup.ilg"
"StatusText"="Camera Window Setup is preparing the InstallShield Wizard, which will guide you through the program setup process. Please wait."
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{78E59435-A150-4C50-9B4B-370D9C15D1E5}]
@DACL=(02 0000)
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{78E59435-A150-4C50-9B4B-370D9C15D1E5}\\Setup.ilg"
"StatusText"=""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}]
@DACL=(02 0000)
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}\\Setup.ilg"
"StatusText"="PhotoStitch Setup is preparing the InstallShield Wizard, which will guide you through the program setup process. Please wait."
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}]
@DACL=(02 0000)
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}\\Setup.ilg"
"StatusText"="QuickTime Setup is preparing the InstallShield Wizard, which will guide you through the program setup process. Please wait."
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{D68C0E11-A4F1-47C5-B6FA-9382716F6B31}]
@DACL=(02 0000)
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{D68C0E11-A4F1-47C5-B6FA-9382716F6B31}\\Setup.ilg"
"StatusText"="Canon Camera WIA Driver Setup is preparing the InstallShield Wizard, which will guide you through the program setup process. Please wait."
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\KB922819]
@DACL=(02 0000)
"DisplayName"="Security Update for Windows XP (KB922819)"
"UninstallString"="\"c:\\WINDOWS\\$NtUninstallKB922819$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20061104"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=922819"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB922819"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\KB923191]
@DACL=(02 0000)
"DisplayName"="Security Update for Windows XP (KB923191)"
"UninstallString"="\"c:\\WINDOWS\\$NtUninstallKB923191$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20061104"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=923191"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB923191"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\KB923414]
@DACL=(02 0000)
"DisplayName"="Security Update for Windows XP (KB923414)"
"UninstallString"="\"c:\\WINDOWS\\$NtUninstallKB923414$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20061104"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=923414"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB923414"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\KB924191]
@DACL=(02 0000)
"DisplayName"="Security Update for Windows XP (KB924191)"
"UninstallString"="\"c:\\WINDOWS\\$NtUninstallKB924191$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20061104"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=924191"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB924191"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\KB924496]
@DACL=(02 0000)
"DisplayName"="Security Update for Windows XP (KB924496)"
"UninstallString"="\"c:\\WINDOWS\\$NtUninstallKB924496$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20061104"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=924496"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB924496"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\KB925486]
@DACL=(02 0000)
"DisplayName"="Security Update for Windows XP (KB925486)"
"UninstallString"="\"c:\\WINDOWS\\$NtUninstallKB925486$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20061104"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=925486"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB925486"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Shockwave]
@DACL=(02 0000)
"DisplayName"="Shockwave"
"UninstallString"="c:\\WINDOWS\\SYSTEM32\\Macromed\\SHOCKW~1\\UNWISE.EXE c:\\WINDOWS\\SYSTEM32\\Macromed\\SHOCKW~1\\Install.log"
"QuietDisplayName"="Shockwave Director 9.0"
"QuietUninstallString"="RunDll32 advpack.dll,LaunchINFSection c:\\WINDOWS\\\\INF\\\\swdir.inf,DefaultUninstall,5"
"RequiresIESysFile"="4.70.0.1155"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent CDA]
@DACL=(02 0000)
"DisplayName"="WildTangent Web Driver"
"UninstallString"="c:\\Program Files\\WildTangent\\Apps\\CDA\\CDAUninstall.exe"
"DisplayIcon"="\"c:\\Program Files\\WildTangent\\Apps\\CDA\\wt.ico\""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{2637C347-9DAD-11D6-9EA2-00055D0CA761}]
@DACL=(02 0000)
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\\setup.exe\" -uninstall"
"DisplayName"="Dell Media Experience"
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\\setup.ilg"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}]
@DACL=(02 0000)
"UninstallString"="RunDll32 c:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"c:\\Program Files\\InstallShield Installation Information\\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\\setup.exe\" -uninstall"
"DisplayName"="PowerDVD"
"LogFile"="c:\\Program Files\\InstallShield Installation Information\\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\\setup.ilg"
.
[HKEY_LOCAL_MACHINE\software\Xing Technology Corp.\SharedDlls]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\l3codeca.acm
c:\windows\system32\mobilev.acm
.
Completion time: 2012-04-29 17:48:42
ComboFix-quarantined-files.txt 2012-04-30 00:48
.
Pre-Run: 12,581,707,776 bytes free
Post-Run: 13,189,517,312 bytes free
.
- - End Of File - - 61E0A65D584D5007C981FF7305D14A3D
  • 0

#7
WalterH

WalterH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
aswmbr log -

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-29 17:54:18
-----------------------------
17:54:18.281 OS Version: Windows 5.1.2600 Service Pack 2
17:54:18.281 Number of processors: 1 586 0x209
17:54:18.281 ComputerName: D842SQ31 UserName:
17:54:18.875 Initialize success
17:56:02.671 AVAST engine defs: 12042901
17:56:23.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:56:23.687 Disk 0 Vendor: WDC_WD400BB-75DEA0 05.03E05 Size: 38146MB BusType: 3
17:56:23.703 Disk 0 MBR read successfully
17:56:23.703 Disk 0 MBR scan
17:56:23.750 Disk 0 Windows XP default MBR code
17:56:23.750 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 39 MB offset 63
17:56:23.765 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 38099 MB offset 80325
17:56:23.781 Disk 0 scanning sectors +78108030
17:56:23.859 Disk 0 scanning C:\WINDOWS\system32\drivers
17:56:32.687 File: C:\WINDOWS\system32\drivers\pci.sys **INFECTED** Win32:Alureon-FZ
17:56:38.156 AVAST engine scan C:\WINDOWS
17:56:43.703 AVAST engine scan C:\WINDOWS\system32
17:59:21.437 AVAST engine scan C:\WINDOWS\system32\drivers
17:59:32.140 File: C:\WINDOWS\system32\drivers\pci.sys **INFECTED** Win32:Alureon-FZ
17:59:39.281 AVAST engine scan C:\Documents and Settings\Walt Henry
18:02:08.500 AVAST engine scan C:\Documents and Settings\All Users
18:03:49.718 Scan finished successfully
18:05:09.796 Fixing ... C:\WINDOWS\system32\drivers\pci.sys
18:05:10.625 Backup ... C:\DOCUME~1\WALTHE~1\LOCALS~1\Temp\pci.sys
18:05:12.828 File C:\WINDOWS\system32\drivers\pci.sys fixed successfully - please reboot ASAP
18:05:41.406 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Walt Henry\Desktop\MBR.dat"
18:05:41.406 The log file has been saved successfully to "C:\Documents and Settings\Walt Henry\Desktop\aswMBR.txt"
  • 0

#8
WalterH

WalterH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
TDSS Killer Log -

18:13:41.0562 3740 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
18:13:42.0031 3740 ============================================================
18:13:42.0031 3740 Current date / time: 2012/04/29 18:13:42.0031
18:13:42.0031 3740 SystemInfo:
18:13:42.0031 3740
18:13:42.0031 3740 OS Version: 5.1.2600 ServicePack: 2.0
18:13:42.0031 3740 Product type: Workstation
18:13:42.0031 3740 ComputerName: D842SQ31
18:13:42.0031 3740 UserName: Walt Henry
18:13:42.0031 3740 Windows directory: C:\WINDOWS
18:13:42.0031 3740 System windows directory: C:\WINDOWS
18:13:42.0031 3740 Processor architecture: Intel x86
18:13:42.0031 3740 Number of processors: 1
18:13:42.0031 3740 Page size: 0x1000
18:13:42.0031 3740 Boot type: Normal boot
18:13:42.0031 3740 ============================================================
18:13:45.0078 3740 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:13:45.0078 3740 ============================================================
18:13:45.0078 3740 \Device\Harddisk0\DR0:
18:13:45.0078 3740 MBR partitions:
18:13:45.0078 3740 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x4A69BB9
18:13:45.0078 3740 ============================================================
18:13:45.0296 3740 C: <-> \Device\Harddisk0\DR0\Partition0
18:13:45.0328 3740 ============================================================
18:13:45.0328 3740 Initialize success
18:13:45.0328 3740 ============================================================
18:14:55.0265 3988 ============================================================
18:14:55.0265 3988 Scan started
18:14:55.0265 3988 Mode: Manual; SigCheck; TDLFS;
18:14:55.0265 3988 ============================================================
18:14:55.0890 3988 Abiosdsk - ok
18:14:55.0953 3988 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
18:14:57.0859 3988 abp480n5 - ok
18:14:58.0015 3988 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:14:58.0187 3988 ACPI - ok
18:14:58.0234 3988 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:14:58.0406 3988 ACPIEC - ok
18:14:58.0468 3988 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
18:14:58.0656 3988 adpu160m - ok
18:14:58.0671 3988 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
18:14:58.0734 3988 aeaudio - ok
18:14:58.0890 3988 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
18:14:59.0390 3988 aec - ok
18:14:59.0531 3988 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
18:14:59.0593 3988 AFD - ok
18:14:59.0687 3988 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
18:14:59.0796 3988 AFS2K - ok
18:14:59.0906 3988 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\System32\DRIVERS\agp440.sys
18:15:00.0078 3988 agp440 - ok
18:15:00.0109 3988 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
18:15:00.0265 3988 agpCPQ - ok
18:15:00.0296 3988 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
18:15:00.0390 3988 Aha154x - ok
18:15:00.0421 3988 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
18:15:00.0578 3988 aic78u2 - ok
18:15:00.0625 3988 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
18:15:00.0812 3988 aic78xx - ok
18:15:00.0843 3988 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
18:15:01.0015 3988 Alerter - ok
18:15:01.0062 3988 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
18:15:01.0187 3988 ALG - ok
18:15:01.0218 3988 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
18:15:01.0390 3988 AliIde - ok
18:15:01.0406 3988 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\System32\DRIVERS\alim1541.sys
18:15:01.0593 3988 alim1541 - ok
18:15:01.0656 3988 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\System32\DRIVERS\amdagp.sys
18:15:01.0843 3988 amdagp - ok
18:15:01.0875 3988 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
18:15:01.0984 3988 amsint - ok
18:15:01.0984 3988 AppMgmt - ok
18:15:02.0031 3988 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
18:15:02.0203 3988 asc - ok
18:15:02.0218 3988 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
18:15:02.0312 3988 asc3350p - ok
18:15:02.0343 3988 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
18:15:02.0500 3988 asc3550 - ok
18:15:02.0687 3988 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:15:02.0843 3988 aspnet_state - ok
18:15:02.0906 3988 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:15:03.0093 3988 AsyncMac - ok
18:15:03.0125 3988 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:15:03.0296 3988 atapi - ok
18:15:03.0312 3988 Atdisk - ok
18:15:03.0328 3988 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:15:03.0500 3988 Atmarpc - ok
18:15:03.0531 3988 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
18:15:03.0718 3988 AudioSrv - ok
18:15:03.0765 3988 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:15:03.0921 3988 audstub - ok
18:15:06.0234 3988 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
18:15:08.0093 3988 AVGIDSAgent - ok
18:15:08.0296 3988 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
18:15:08.0328 3988 AVGIDSDriver - ok
18:15:08.0390 3988 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
18:15:08.0390 3988 AVGIDSEH - ok
18:15:08.0421 3988 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
18:15:08.0437 3988 AVGIDSFilter - ok
18:15:08.0453 3988 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
18:15:08.0468 3988 AVGIDSShim - ok
18:15:08.0515 3988 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
18:15:08.0531 3988 Avgldx86 - ok
18:15:08.0546 3988 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
18:15:08.0546 3988 Avgmfx86 - ok
18:15:08.0640 3988 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
18:15:08.0640 3988 Avgrkx86 - ok
18:15:08.0687 3988 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
18:15:08.0703 3988 Avgtdix - ok
18:15:08.0906 3988 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
18:15:08.0921 3988 avgwd - ok
18:15:08.0984 3988 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:15:09.0140 3988 Beep - ok
18:15:09.0234 3988 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
18:15:09.0515 3988 BITS - ok
18:15:09.0609 3988 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
18:15:09.0781 3988 Browser - ok
18:15:09.0921 3988 catchme - ok
18:15:09.0968 3988 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
18:15:10.0125 3988 cbidf - ok
18:15:10.0140 3988 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:15:10.0281 3988 cbidf2k - ok
18:15:10.0328 3988 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
18:15:10.0421 3988 cd20xrnt - ok
18:15:10.0453 3988 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:15:10.0609 3988 Cdaudio - ok
18:15:10.0687 3988 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
18:15:10.0859 3988 Cdfs - ok
18:15:10.0890 3988 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:15:11.0062 3988 Cdrom - ok
18:15:11.0062 3988 Changer - ok
18:15:11.0125 3988 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
18:15:11.0296 3988 CiSvc - ok
18:15:11.0312 3988 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
18:15:11.0484 3988 ClipSrv - ok
18:15:11.0671 3988 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:15:11.0906 3988 clr_optimization_v2.0.50727_32 - ok
18:15:11.0937 3988 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
18:15:12.0109 3988 CmdIde - ok
18:15:12.0125 3988 COMSysApp - ok
18:15:12.0171 3988 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
18:15:12.0359 3988 Cpqarray - ok
18:15:12.0390 3988 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
18:15:12.0562 3988 CryptSvc - ok
18:15:12.0593 3988 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
18:15:12.0750 3988 dac2w2k - ok
18:15:12.0781 3988 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
18:15:12.0937 3988 dac960nt - ok
18:15:13.0109 3988 DcomLaunch (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
18:15:13.0265 3988 DcomLaunch - ok
18:15:13.0296 3988 Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\WINDOWS\System32\dhcpcsvc.dll
18:15:13.0937 3988 Dhcp - ok
18:15:14.0031 3988 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
18:15:14.0187 3988 Disk - ok
18:15:14.0328 3988 dleaCATSCustConnectService (39451bda4cb6d7217d61fc053c2281d2) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dleaserv.exe
18:15:14.0359 3988 dleaCATSCustConnectService - ok
18:15:14.0359 3988 dlea_device - ok
18:15:14.0375 3988 dmadmin - ok
18:15:14.0468 3988 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
18:15:14.0703 3988 dmboot - ok
18:15:14.0750 3988 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
18:15:14.0921 3988 dmio - ok
18:15:14.0953 3988 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:15:15.0109 3988 dmload - ok
18:15:15.0171 3988 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
18:15:15.0328 3988 dmserver - ok
18:15:15.0359 3988 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
18:15:15.0546 3988 DMusic - ok
18:15:15.0593 3988 Dnscache (aac8ffbfd61e784fa3bac851d4a0bd5f) C:\WINDOWS\System32\dnsrslvr.dll
18:15:16.0187 3988 Dnscache - ok
18:15:16.0218 3988 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
18:15:16.0390 3988 dpti2o - ok
18:15:16.0421 3988 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
18:15:16.0609 3988 drmkaud - ok
18:15:16.0640 3988 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys
18:15:16.0671 3988 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
18:15:16.0671 3988 drvmcdb - detected UnsignedFile.Multi.Generic (1)
18:15:16.0703 3988 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys
18:15:16.0718 3988 drvnddm ( UnsignedFile.Multi.Generic ) - warning
18:15:16.0718 3988 drvnddm - detected UnsignedFile.Multi.Generic (1)
18:15:16.0812 3988 DSBrokerService (fe80901578e7e3da70299a5aeb2b7fbd) C:\Program Files\DellSupport\brkrsvc.exe
18:15:16.0828 3988 DSBrokerService - ok
18:15:16.0890 3988 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
18:15:16.0906 3988 DSproct ( UnsignedFile.Multi.Generic ) - warning
18:15:16.0906 3988 DSproct - detected UnsignedFile.Multi.Generic (1)
18:15:16.0953 3988 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
18:15:17.0000 3988 dsunidrv - ok
18:15:17.0140 3988 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:15:17.0187 3988 E100B - ok
18:15:17.0218 3988 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
18:15:17.0390 3988 EL90XBC - ok
18:15:17.0453 3988 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
18:15:17.0625 3988 ERSvc - ok
18:15:17.0656 3988 Eventlog (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
18:15:17.0750 3988 Eventlog - ok
18:15:17.0921 3988 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\System32\es.dll
18:15:17.0984 3988 EventSystem - ok
18:15:18.0078 3988 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
18:15:18.0250 3988 Fastfat - ok
18:15:18.0312 3988 FastUserSwitchingCompatibility (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
18:15:18.0906 3988 FastUserSwitchingCompatibility - ok
18:15:18.0953 3988 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:15:19.0109 3988 Fdc - ok
18:15:19.0203 3988 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
18:15:19.0343 3988 Fips - ok
18:15:19.0359 3988 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:15:19.0515 3988 Flpydisk - ok
18:15:19.0671 3988 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
18:15:20.0296 3988 FltMgr - ok
18:15:20.0421 3988 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:15:20.0453 3988 FontCache3.0.0.0 - ok
18:15:20.0468 3988 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:15:20.0625 3988 Fs_Rec - ok
18:15:20.0796 3988 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:15:20.0953 3988 Ftdisk - ok
18:15:20.0984 3988 GEARAspiWDM (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
18:15:21.0000 3988 GEARAspiWDM - ok
18:15:21.0031 3988 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:15:21.0187 3988 Gpc - ok
18:15:21.0375 3988 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:15:21.0390 3988 gupdate - ok
18:15:21.0406 3988 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:15:21.0421 3988 gupdatem - ok
18:15:21.0531 3988 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:15:21.0546 3988 gusvc - ok
18:15:21.0609 3988 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:15:21.0750 3988 helpsvc - ok
18:15:21.0765 3988 HidServ - ok
18:15:21.0828 3988 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:15:21.0984 3988 HidUsb - ok
18:15:22.0031 3988 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
18:15:22.0187 3988 hpn - ok
18:15:22.0234 3988 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
18:15:22.0312 3988 HSFHWBS2 - ok
18:15:22.0390 3988 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
18:15:22.0546 3988 HSF_DP - ok
18:15:22.0593 3988 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
18:15:22.0703 3988 HTTP - ok
18:15:22.0750 3988 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
18:15:22.0921 3988 HTTPFilter - ok
18:15:22.0984 3988 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:15:23.0156 3988 i2omgmt - ok
18:15:23.0171 3988 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\System32\DRIVERS\i2omp.sys
18:15:23.0328 3988 i2omp - ok
18:15:23.0359 3988 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:15:23.0500 3988 i8042prt - ok
18:15:23.0546 3988 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
18:15:23.0718 3988 i81x - ok
18:15:23.0765 3988 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
18:15:23.0921 3988 iAimFP0 - ok
18:15:23.0953 3988 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
18:15:24.0125 3988 iAimFP1 - ok
18:15:24.0140 3988 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
18:15:24.0281 3988 iAimFP2 - ok
18:15:24.0328 3988 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
18:15:24.0484 3988 iAimFP3 - ok
18:15:24.0515 3988 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
18:15:24.0687 3988 iAimFP4 - ok
18:15:24.0703 3988 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
18:15:24.0859 3988 iAimTV0 - ok
18:15:24.0921 3988 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
18:15:25.0078 3988 iAimTV1 - ok
18:15:25.0078 3988 iAimTV2 - ok
18:15:25.0125 3988 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
18:15:25.0281 3988 iAimTV3 - ok
18:15:25.0312 3988 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
18:15:25.0500 3988 iAimTV4 - ok
18:15:25.0718 3988 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:15:25.0750 3988 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:15:25.0750 3988 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:15:26.0031 3988 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:15:26.0140 3988 idsvc - ok
18:15:26.0156 3988 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:15:26.0312 3988 Imapi - ok
18:15:26.0375 3988 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
18:15:26.0562 3988 ImapiService - ok
18:15:26.0625 3988 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
18:15:26.0781 3988 ini910u - ok
18:15:26.0812 3988 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\System32\DRIVERS\intelide.sys
18:15:26.0968 3988 IntelIde - ok
18:15:27.0031 3988 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:15:27.0171 3988 intelppm - ok
18:15:27.0203 3988 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
18:15:27.0359 3988 ip6fw - ok
18:15:27.0437 3988 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:15:27.0593 3988 IpFilterDriver - ok
18:15:27.0625 3988 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:15:27.0765 3988 IpInIp - ok
18:15:27.0812 3988 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:15:28.0453 3988 IpNat - ok
18:15:28.0593 3988 iPodService (962bc769d1008d83f6a00b9de887eef4) C:\Program Files\iPod\bin\iPodService.exe
18:15:28.0625 3988 iPodService ( UnsignedFile.Multi.Generic ) - warning
18:15:28.0625 3988 iPodService - detected UnsignedFile.Multi.Generic (1)
18:15:28.0671 3988 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:15:28.0843 3988 IPSec - ok
18:15:28.0890 3988 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:15:29.0000 3988 IRENUM - ok
18:15:29.0062 3988 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:15:29.0218 3988 isapnp - ok
18:15:29.0546 3988 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
18:15:29.0593 3988 JavaQuickStarterService - ok
18:15:29.0609 3988 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:15:29.0765 3988 Kbdclass - ok
18:15:29.0859 3988 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
18:15:30.0515 3988 kmixer - ok
18:15:30.0562 3988 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
18:15:30.0640 3988 KSecDD - ok
18:15:30.0687 3988 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll
18:15:31.0343 3988 lanmanserver - ok
18:15:31.0375 3988 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll
18:15:31.0484 3988 lanmanworkstation - ok
18:15:31.0484 3988 lbrtfdc - ok
18:15:31.0531 3988 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
18:15:31.0671 3988 LmHosts - ok
18:15:31.0718 3988 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:15:31.0734 3988 mdmxsdk - ok
18:15:31.0781 3988 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
18:15:31.0937 3988 Messenger - ok
18:15:32.0015 3988 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:15:32.0171 3988 mnmdd - ok
18:15:32.0203 3988 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\System32\mnmsrvc.exe
18:15:32.0359 3988 mnmsrvc - ok
18:15:32.0437 3988 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
18:15:32.0625 3988 Modem - ok
18:15:32.0656 3988 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:15:32.0796 3988 MODEMCSA - ok
18:15:32.0812 3988 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:15:32.0968 3988 Mouclass - ok
18:15:33.0031 3988 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
18:15:33.0187 3988 MountMgr - ok
18:15:33.0281 3988 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:15:33.0296 3988 MozillaMaintenance - ok
18:15:33.0328 3988 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
18:15:33.0468 3988 mraid35x - ok
18:15:33.0562 3988 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:15:34.0187 3988 MRxDAV - ok
18:15:34.0328 3988 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:15:34.0453 3988 MRxSmb - ok
18:15:34.0484 3988 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\System32\msdtc.exe
18:15:34.0640 3988 MSDTC - ok
18:15:34.0718 3988 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
18:15:34.0859 3988 Msfs - ok
18:15:34.0859 3988 MSIServer - ok
18:15:34.0890 3988 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:15:35.0062 3988 MSKSSRV - ok
18:15:35.0078 3988 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:15:35.0218 3988 MSPCLOCK - ok
18:15:35.0250 3988 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
18:15:35.0406 3988 MSPQM - ok
18:15:35.0468 3988 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:15:35.0625 3988 mssmbios - ok
18:15:35.0687 3988 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
18:15:35.0843 3988 Mup - ok
18:15:35.0937 3988 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
18:15:36.0109 3988 NDIS - ok
18:15:36.0156 3988 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:15:36.0328 3988 NdisTapi - ok
18:15:36.0359 3988 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:15:36.0500 3988 Ndisuio - ok
18:15:36.0546 3988 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:15:36.0718 3988 NdisWan - ok
18:15:36.0765 3988 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
18:15:36.0921 3988 NDProxy - ok
18:15:36.0937 3988 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:15:37.0093 3988 NetBIOS - ok
18:15:37.0125 3988 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:15:37.0328 3988 NetBT - ok
18:15:37.0390 3988 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
18:15:37.0546 3988 NetDDE - ok
18:15:37.0546 3988 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
18:15:37.0703 3988 NetDDEdsdm - ok
18:15:37.0718 3988 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
18:15:37.0875 3988 Netlogon - ok
18:15:38.0015 3988 Netman (36739b39267914ba69ad0610a0299732) C:\WINDOWS\System32\netman.dll
18:15:38.0640 3988 Netman - ok
18:15:38.0812 3988 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:15:38.0828 3988 NetTcpPortSharing - ok
18:15:38.0890 3988 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll
18:15:39.0000 3988 Nla - ok
18:15:39.0078 3988 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
18:15:39.0234 3988 Npfs - ok
18:15:39.0406 3988 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
18:15:40.0078 3988 Ntfs - ok
18:15:40.0078 3988 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\System32\lsass.exe
18:15:40.0234 3988 NtLmSsp - ok
18:15:40.0328 3988 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
18:15:40.0531 3988 NtmsSvc - ok
18:15:40.0578 3988 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:15:40.0765 3988 Null - ok
18:15:40.0937 3988 nv (5d701fca6f7db7a8a7d21f80a84d291a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:15:41.0078 3988 nv - ok
18:15:41.0125 3988 NVSvc (26712cf8be48bc767854927435c0b6a9) C:\WINDOWS\System32\nvsvc32.exe
18:15:41.0171 3988 NVSvc - ok
18:15:41.0281 3988 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:15:41.0421 3988 NwlnkFlt - ok
18:15:41.0468 3988 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:15:41.0609 3988 NwlnkFwd - ok
18:15:41.0656 3988 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
18:15:41.0687 3988 omci ( UnsignedFile.Multi.Generic ) - warning
18:15:41.0687 3988 omci - detected UnsignedFile.Multi.Generic (1)
18:15:41.0781 3988 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys
18:15:41.0953 3988 P3 - ok
18:15:42.0031 3988 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
18:15:42.0203 3988 Parport - ok
18:15:42.0250 3988 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
18:15:42.0390 3988 PartMgr - ok
18:15:42.0437 3988 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:15:42.0593 3988 ParVdm - ok
18:15:42.0687 3988 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\[email protected]
18:15:42.0843 3988 PCI - ok
18:15:42.0859 3988 PCIDump - ok
18:15:42.0921 3988 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:15:43.0062 3988 PCIIde - ok
18:15:43.0125 3988 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:15:43.0296 3988 Pcmcia - ok
18:15:43.0343 3988 pcx1nd5 (411841b524183c658072091b4bedd85d) C:\WINDOWS\system32\DRIVERS\pcx1nd5.sys
18:15:43.0437 3988 pcx1nd5 - ok
18:15:43.0453 3988 pcx1unic (07512de713bf5e45e0ceec79cf295bfa) C:\WINDOWS\system32\DRIVERS\pcx1unic.sys
18:15:43.0500 3988 pcx1unic - ok
18:15:43.0515 3988 PDCOMP - ok
18:15:43.0515 3988 PDFRAME - ok
18:15:43.0531 3988 PDRELI - ok
18:15:43.0531 3988 PDRFRAME - ok
18:15:43.0578 3988 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
18:15:43.0734 3988 perc2 - ok
18:15:43.0781 3988 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
18:15:43.0953 3988 perc2hib - ok
18:15:44.0015 3988 PlugPlay (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
18:15:44.0109 3988 PlugPlay - ok
18:15:44.0156 3988 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
18:15:44.0296 3988 PolicyAgent - ok
18:15:44.0359 3988 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:15:44.0515 3988 PptpMiniport - ok
18:15:44.0531 3988 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
18:15:44.0671 3988 Processor - ok
18:15:44.0687 3988 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
18:15:44.0828 3988 ProtectedStorage - ok
18:15:44.0906 3988 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
18:15:45.0062 3988 PSched - ok
18:15:45.0093 3988 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:15:45.0250 3988 Ptilink - ok
18:15:45.0265 3988 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
18:15:45.0281 3988 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
18:15:45.0281 3988 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
18:15:45.0328 3988 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
18:15:45.0484 3988 ql1080 - ok
18:15:45.0500 3988 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
18:15:45.0656 3988 Ql10wnt - ok
18:15:45.0703 3988 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
18:15:45.0859 3988 ql12160 - ok
18:15:45.0906 3988 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
18:15:46.0062 3988 ql1240 - ok
18:15:46.0093 3988 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
18:15:46.0250 3988 ql1280 - ok
18:15:46.0296 3988 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:15:46.0437 3988 RasAcd - ok
18:15:46.0500 3988 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
18:15:46.0656 3988 RasAuto - ok
18:15:46.0671 3988 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:15:46.0843 3988 Rasl2tp - ok
18:15:47.0015 3988 RasMan (d4bd2eeab07fef323f0a0ceecc954f51) C:\WINDOWS\System32\rasmans.dll
18:15:47.0078 3988 RasMan ( UnsignedFile.Multi.Generic ) - warning
18:15:47.0078 3988 RasMan - detected UnsignedFile.Multi.Generic (1)
18:15:47.0093 3988 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:15:47.0250 3988 RasPppoe - ok
18:15:47.0265 3988 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:15:47.0406 3988 Raspti - ok
18:15:47.0468 3988 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:15:48.0093 3988 Rdbss - ok
18:15:48.0125 3988 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:15:48.0281 3988 RDPCDD - ok
18:15:48.0312 3988 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:15:48.0484 3988 rdpdr - ok
18:15:48.0531 3988 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
18:15:49.0156 3988 RDPWD - ok
18:15:49.0250 3988 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
18:15:49.0406 3988 RDSessMgr - ok
18:15:49.0515 3988 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:15:49.0687 3988 redbook - ok
18:15:49.0765 3988 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
18:15:49.0921 3988 RemoteAccess - ok
18:15:49.0921 3988 RimUsb - ok
18:15:49.0984 3988 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\System32\locator.exe
18:15:50.0156 3988 RpcLocator - ok
18:15:50.0500 3988 RpcSs (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\System32\rpcss.dll
18:15:50.0593 3988 RpcSs - ok
18:15:50.0687 3988 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
18:15:50.0828 3988 RSVP - ok
18:15:50.0859 3988 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
18:15:51.0000 3988 SamSs - ok
18:15:51.0078 3988 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
18:15:51.0234 3988 SCardSvr - ok
18:15:51.0343 3988 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
18:15:51.0515 3988 Schedule - ok
18:15:51.0562 3988 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:15:52.0203 3988 Secdrv - ok
18:15:52.0234 3988 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
18:15:52.0390 3988 seclogon - ok
18:15:52.0421 3988 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
18:15:52.0578 3988 SENS - ok
18:15:52.0609 3988 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:15:52.0765 3988 serenum - ok
18:15:52.0812 3988 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
18:15:52.0953 3988 Serial - ok
18:15:53.0015 3988 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:15:53.0187 3988 Sfloppy - ok
18:15:53.0328 3988 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
18:15:53.0546 3988 SharedAccess - ok
18:15:53.0609 3988 ShellHWDetection (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
18:15:54.0250 3988 ShellHWDetection - ok
18:15:54.0265 3988 Simbad - ok
18:15:54.0312 3988 SimpTcp (32933b07fc16d9f778bee12545fa1b1a) C:\WINDOWS\System32\tcpsvcs.exe
18:15:54.0468 3988 SimpTcp - ok
18:15:54.0500 3988 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\System32\DRIVERS\sisagp.sys
18:15:54.0656 3988 sisagp - ok
18:15:54.0796 3988 smwdm (39f9595d2f6f7eb93f45a466789a6f49) C:\WINDOWS\system32\drivers\smwdm.sys
18:15:54.0875 3988 smwdm - ok
18:15:54.0921 3988 SNMP (6feb04de6288f5466391e29057dc5b0e) C:\WINDOWS\System32\snmp.exe
18:15:55.0562 3988 SNMP - ok
18:15:55.0609 3988 SNMPTRAP (6f591dbefd11f7697042907b516f1212) C:\WINDOWS\System32\snmptrap.exe
18:15:55.0765 3988 SNMPTRAP - ok
18:15:55.0812 3988 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
18:15:55.0968 3988 SONYPVU1 - ok
18:15:56.0015 3988 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
18:15:56.0109 3988 Sparrow - ok
18:15:56.0140 3988 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
18:15:56.0718 3988 splitter - ok
18:15:56.0796 3988 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
18:15:57.0437 3988 Spooler - ok
18:15:57.0562 3988 sprtsvc_dellsupportcenter - ok
18:15:57.0609 3988 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
18:15:57.0718 3988 sr - ok
18:15:57.0781 3988 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
18:15:57.0906 3988 srservice - ok
18:15:57.0984 3988 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
18:15:58.0109 3988 Srv - ok
18:15:58.0156 3988 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys
18:15:58.0171 3988 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
18:15:58.0171 3988 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
18:15:58.0250 3988 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
18:15:58.0359 3988 SSDPSRV - ok
18:15:58.0375 3988 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys
18:15:58.0390 3988 ssrtln ( UnsignedFile.Multi.Generic ) - warning
18:15:58.0390 3988 ssrtln - detected UnsignedFile.Multi.Generic (1)
18:15:58.0453 3988 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll
18:15:59.0109 3988 stisvc - ok
18:15:59.0156 3988 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:15:59.0312 3988 swenum - ok
18:15:59.0359 3988 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
18:15:59.0531 3988 swmidi - ok
18:15:59.0546 3988 SwPrv - ok
18:15:59.0578 3988 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
18:15:59.0734 3988 symc810 - ok
18:15:59.0765 3988 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
18:15:59.0921 3988 symc8xx - ok
18:15:59.0968 3988 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
18:16:00.0109 3988 sym_hi - ok
18:16:00.0125 3988 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
18:16:00.0265 3988 sym_u3 - ok
18:16:00.0312 3988 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
18:16:00.0468 3988 sysaudio - ok
18:16:00.0531 3988 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
18:16:00.0703 3988 SysmonLog - ok
18:16:00.0812 3988 TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\WINDOWS\System32\tapisrv.dll
18:16:01.0484 3988 TapiSrv - ok
18:16:01.0718 3988 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:16:01.0843 3988 Tcpip - ok
18:16:01.0906 3988 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:16:02.0062 3988 TDPIPE - ok
18:16:02.0093 3988 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
18:16:02.0250 3988 TDTCP - ok
18:16:02.0265 3988 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:16:02.0421 3988 TermDD - ok
18:16:02.0578 3988 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
18:16:02.0734 3988 TermService - ok
18:16:02.0796 3988 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys
18:16:02.0812 3988 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
18:16:02.0812 3988 tfsnboio - detected UnsignedFile.Multi.Generic (1)
18:16:02.0875 3988 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys
18:16:02.0906 3988 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
18:16:02.0906 3988 tfsncofs - detected UnsignedFile.Multi.Generic (1)
18:16:02.0953 3988 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys
18:16:02.0984 3988 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
18:16:02.0984 3988 tfsndrct - detected UnsignedFile.Multi.Generic (1)
18:16:03.0031 3988 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\WINDOWS\system32\dla\tfsndres.sys
18:16:03.0062 3988 tfsndres ( UnsignedFile.Multi.Generic ) - warning
18:16:03.0062 3988 tfsndres - detected UnsignedFile.Multi.Generic (1)
18:16:03.0093 3988 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys
18:16:03.0140 3988 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
18:16:03.0140 3988 tfsnifs - detected UnsignedFile.Multi.Generic (1)
18:16:03.0187 3988 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys
18:16:03.0203 3988 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
18:16:03.0203 3988 tfsnopio - detected UnsignedFile.Multi.Generic (1)
18:16:03.0250 3988 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys
18:16:03.0265 3988 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
18:16:03.0265 3988 tfsnpool - detected UnsignedFile.Multi.Generic (1)
18:16:03.0296 3988 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys
18:16:03.0296 3988 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
18:16:03.0296 3988 tfsnudf - detected UnsignedFile.Multi.Generic (1)
18:16:03.0328 3988 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys
18:16:03.0343 3988 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
18:16:03.0343 3988 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
18:16:03.0390 3988 Themes (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
18:16:04.0046 3988 Themes - ok
18:16:04.0109 3988 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
18:16:04.0265 3988 TosIde - ok
18:16:04.0312 3988 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
18:16:04.0453 3988 TrkWks - ok
18:16:04.0531 3988 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
18:16:04.0687 3988 Udfs - ok
18:16:04.0734 3988 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
18:16:04.0828 3988 ultra - ok
18:16:04.0906 3988 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
18:16:05.0593 3988 Update - ok
18:16:05.0781 3988 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll
18:16:06.0468 3988 upnphost - ok
18:16:06.0531 3988 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
18:16:06.0687 3988 UPS - ok
18:16:06.0718 3988 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:16:06.0875 3988 usbccgp - ok
18:16:06.0968 3988 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:16:07.0125 3988 usbehci - ok
18:16:07.0171 3988 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:16:07.0312 3988 usbhub - ok
18:16:07.0343 3988 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:16:07.0500 3988 usbprint - ok
18:16:07.0546 3988 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:16:07.0703 3988 usbscan - ok
18:16:07.0703 3988 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:16:07.0859 3988 USBSTOR - ok
18:16:07.0921 3988 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:16:08.0078 3988 usbuhci - ok
18:16:08.0109 3988 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
18:16:08.0250 3988 VgaSave - ok
18:16:08.0312 3988 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\System32\DRIVERS\viaagp.sys
18:16:08.0468 3988 viaagp - ok
18:16:08.0500 3988 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys
18:16:08.0656 3988 ViaIde - ok
18:16:08.0734 3988 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe
18:16:08.0734 3988 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - warning
18:16:08.0734 3988 Viewpoint Manager Service - detected UnsignedFile.Multi.Generic (1)
18:16:08.0875 3988 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
18:16:09.0031 3988 VolSnap - ok
18:16:09.0125 3988 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
18:16:09.0250 3988 VSS - ok
18:16:09.0718 3988 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
18:16:09.0812 3988 vToolbarUpdater10.2.0 - ok
18:16:09.0859 3988 w32time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
18:16:10.0015 3988 w32time - ok
18:16:10.0234 3988 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:16:10.0375 3988 Wanarp - ok
18:16:10.0390 3988 wanatw - ok
18:16:10.0390 3988 WDC_SAM - ok
18:16:10.0406 3988 WDICA - ok
18:16:10.0546 3988 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
18:16:11.0218 3988 wdmaud - ok
18:16:11.0250 3988 WebClient (265f534ef76832435afbf771ec97176d) C:\WINDOWS\System32\webclnt.dll
18:16:11.0937 3988 WebClient - ok
18:16:12.0406 3988 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:16:12.0578 3988 winachsf - ok
18:16:12.0671 3988 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:16:12.0828 3988 winmgmt - ok
18:16:12.0937 3988 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:16:13.0015 3988 WmdmPmSN - ok
18:16:13.0156 3988 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
18:16:13.0312 3988 WmiApSrv - ok
18:16:13.0578 3988 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:16:13.0656 3988 WMPNetworkSvc - ok
18:16:13.0750 3988 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:16:13.0921 3988 WS2IFSL - ok
18:16:13.0968 3988 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
18:16:14.0140 3988 wscsvc - ok
18:16:14.0187 3988 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
18:16:14.0359 3988 wuauserv - ok
18:16:14.0406 3988 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:16:14.0515 3988 WudfPf - ok
18:16:14.0546 3988 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:16:14.0578 3988 WudfRd - ok
18:16:14.0625 3988 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:16:14.0656 3988 WudfSvc - ok
18:16:14.0703 3988 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
18:16:14.0906 3988 WZCSVC - ok
18:16:15.0000 3988 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
18:16:15.0171 3988 xmlprov - ok
18:16:15.0203 3988 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:16:15.0421 3988 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:16:15.0421 3988 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:16:15.0421 3988 Boot (0x1200) (0834c29f1899932df2bc9f70e8fbc2d1) \Device\Harddisk0\DR0\Partition0
18:16:15.0421 3988 \Device\Harddisk0\DR0\Partition0 - ok
18:16:15.0421 3988 ============================================================
18:16:15.0421 3988 Scan finished
18:16:15.0421 3988 ============================================================
18:16:15.0546 3980 Detected object count: 21
18:16:15.0546 3980 Actual detected object count: 21
18:17:21.0406 3980 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:21.0406 3980 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:21.0406 3980 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:21.0406 3980 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:21.0421 3980 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:21.0421 3980 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:21.0421 3980 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:21.0421 3980 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:21.0421 3980 iPodService ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:21.0421 3980 iPodService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:21.0421 3980 omci ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:21.0421 3980 omci ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:21.0421 3980 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:21.0421 3980 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:21.0421 3980 RasMan ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:21.0421 3980 RasMan ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:21.0437 3980 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:21.0437 3980 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:21.0437 3980 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:21.0437 3980 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:21.0437 3980 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:21.0437 3980 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:21.0437 3980 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:21.0437 3980 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:21.0437 3980 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:21.0437 3980 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:21.0453 3980 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:21.0453 3980 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:21.0453 3980 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:21.0453 3980 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:21.0453 3980 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:21.0453 3980 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:21.0453 3980 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:21.0453 3980 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:21.0453 3980 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:21.0453 3980 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:21.0453 3980 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:21.0453 3980 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:21.0468 3980 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:21.0468 3980 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:17:21.0500 3980 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
18:17:21.0500 3980 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
18:17:21.0515 3980 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
18:17:21.0609 3980 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
18:17:21.0609 3980 \Device\Harddisk0\DR0\TDLFS - deleted
18:17:21.0609 3980 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
  • 0

#9
WalterH

WalterH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I uninstalled mbam (actually ran the mbam clean program. Then used the link to download the latest and ran it. i got an error message which I've attached, but basically it says the following -

Error creating registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebyets'Anit-Malware_is1

RegCreateKeyEx failed, code 5.
Access is denied.

So i hit ok and posted this. I didn't want to proceed unless you told me so. Waiting your direction.

Thanks.

Attached Files


  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Not sure why MBAM should have problems accessing the key. I assume your login has admin rights. I wonder if the previous uninstall did not remove the key?

Start, Run, regedit, ok

then navigate to

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\

see if the MalwareBytes'Anti-Malware_is1 key is already there. If so right click on it and Delete. Did it let you delete it?

If the key is not there then right click on Uninstall and select Security. Verify that Administrators have full control.

Combofix, aswMBR and TDSSKiller all found and removed infections so we are probably OK but just in case let's run ESET:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).
  • 0

#11
WalterH

WalterH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I ran regedit, found the line, but got an error - cannot open malwarbytes... error while opening key.

This account is the administrator also.

So not sure what this is.

Ran eset next - found 12 virus's - Log follows:

C:\backedup data\Program Files\Hotbar\bin\4.2.9.0\dBenderC.dll Win32/Adware.HotBar application cleaned by deleting - quarantined
C:\backedup data\Program Files\Hotbar\bin\4.3.1.0\dbenderc.dll Win32/Adware.HotBar application cleaned by deleting - quarantined
C:\backedup data\Program Files\Hotbar\bin\4.3.5.0\dbenderc.dll Win32/Adware.HotBar application cleaned by deleting - quarantined
C:\Documents and Settings\Walt Henry\My Documents\Downloads\EpicPlaySetup.exe Win32/Adware.Gamevance application cleaned by deleting - quarantined
C:\Program Files\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application deleted - quarantined
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll probably a variant of Win32/Adware.Toolbar.Visicom.AB application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2496\A0249397.dll Win32/Adware.HotBar application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2496\A0249398.dll Win32/Adware.HotBar application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2496\A0249399.dll Win32/Adware.HotBar application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2496\A0249402.EXE Win32/Adware.WBug.A application deleted - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2496\A0249403.dll probably a variant of Win32/Adware.Toolbar.Visicom.AB application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.04.2012_18.13.42\tdlfs0000\tsk0003.dta a variant of Win32/Olmarik.ART trojan cleaned by deleting - quarantined


After that I ran the bitdefender, or whatever it was called - no virus found, report follows -


QuickScan 32-bit v0.9.9.114
---------------------------
Scan date: Tue May 01 17:17:13 2012
Machine ID: 478151C



No infection found.
-------------------



Processes
---------
AVG Internet Security 628 C:\Program Files\AVG\AVG2012\avgcsrvx.exe
AVG Internet Security 2160 C:\Program Files\AVG\AVG2012\avgemcx.exe
AVG Internet Security 2120 C:\Program Files\AVG\AVG2012\avgnsx.exe
AVG Internet Security 3344 C:\Program Files\AVG\AVG2012\avgtray.exe
AVG Internet Security 1816 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
AVG Internet Security 596 C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
Dell Support 3400 C:\Program Files\DellSupport\DSAgnt.exe
Dell Support Center Updates 3368 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
EEventManager Application 3324 C:\Program Files\Epson Software\Event Manager\EEventManager.exe
EPSON PC-FAX SOFTWARE 3336 C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
ezprint.exe 3308 C:\Program Files\Dell V310-V510 Series\ezprint.exe
Firefox 444 C:\Program Files\Mozilla Firefox\firefox.exe
Firefox 3892 C:\Program Files\Mozilla Firefox\plugin-container.exe
Java™ Platform SE 6 U29 2036 C:\Program Files\Java\jre6\bin\jqs.exe
Java™ Platform SE Auto Updater 2 0 3356 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Microsoft® Windows® Operating System 3012 C:\WINDOWS\explorer.exe
Microsoft® Windows® Operating System 2196 C:\WINDOWS\SYSTEM32\alg.exe
Microsoft® Windows® Operating System 820 C:\WINDOWS\SYSTEM32\csrss.exe
Microsoft® Windows® Operating System 3456 C:\WINDOWS\SYSTEM32\ctfmon.exe
Microsoft® Windows® Operating System 900 C:\WINDOWS\SYSTEM32\lsass.exe
Microsoft® Windows® Operating System 888 C:\WINDOWS\SYSTEM32\services.exe
Microsoft® Windows® Operating System 548 C:\WINDOWS\SYSTEM32\smss.exe
Microsoft® Windows® Operating System 388 C:\WINDOWS\SYSTEM32\snmp.exe
Microsoft® Windows® Operating System 1648 C:\WINDOWS\SYSTEM32\spoolsv.exe
Microsoft® Windows® Operating System 484 C:\WINDOWS\SYSTEM32\svchost.exe
Microsoft® Windows® Operating System 1992 C:\WINDOWS\SYSTEM32\svchost.exe
Microsoft® Windows® Operating System 1520 C:\WINDOWS\SYSTEM32\svchost.exe
Microsoft® Windows® Operating System 1784 C:\WINDOWS\SYSTEM32\svchost.exe
Microsoft® Windows® Operating System 1324 C:\WINDOWS\SYSTEM32\svchost.exe
Microsoft® Windows® Operating System 1092 C:\WINDOWS\SYSTEM32\svchost.exe
Microsoft® Windows® Operating System 1156 C:\WINDOWS\SYSTEM32\svchost.exe
Microsoft® Windows® Operating System 1252 C:\WINDOWS\SYSTEM32\svchost.exe
Microsoft® Windows® Operating System 324 C:\WINDOWS\SYSTEM32\TCPSVCS.EXE
Microsoft® Windows® Operating System 844 C:\WINDOWS\SYSTEM32\winlogon.exe
Microsoft® Windows® Operating System 3220 C:\WINDOWS\SYSTEM32\wscntfy.exe
NVIDIA Driver Helper Service, Version 4 216 C:\WINDOWS\SYSTEM32\nvsvc32.exe
Printer Communication System 1860 C:\WINDOWS\SYSTEM32\dleacoms.exe
Printer Device Monitor 3300 C:\Program Files\Dell V310-V510 Series\dleamon.exe
SupportSoft sprtsvc 420 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
ToolbarU Application 816 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
Viewpoint Manager 564 C:\Program Files\Viewpoint\Common\ViewpointService.exe
VProtect Application 3376 C:\Program Files\AVG Secure Search\vprot.exe
(verified) GoogleToolbarNotifier 3436 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) Microsoft® Windows® Operating System 1360 C:\Program Files\Windows Media Player\wmpnetwk.exe
(verified) Microsoft® Windows® Operating System 2920 C:\WINDOWS\SYSTEM32\wuauclt.exe
(verified) Windows Installer - Unicode 3904 C:\WINDOWS\SYSTEM32\msiexec.exe


Network activity
----------------
Process firefox.exe (444) connected on port 80 (HTTP) --> 74.125.224.72
Process firefox.exe (444) connected on port 443 (HTTP over SSL) --> 74.125.224.35

Process TCPSVCS.EXE (324) listens on ports: 7 (Echo), 9 (Discard), 13 (Daytime), 17 (Quotd), 19 (Chargen)
Process svchost.exe (1156) listens on ports: 135 (RPC)
Process EEventManager.exe (3324) listens on ports: 2968


Autoruns and critical files
---------------------------
Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
AVG Internet Security C:\Program Files\AVG\AVG2012\avgtray.exe
Dell Support C:\Program Files\DellSupport\DSAgnt.exe
Dell Support Center Updates C:\Program Files\Dell Support Center\bin\sprtcmd.exe
EEventManager Application C:\Program Files\Epson Software\Event Manager\EEventManager.exe
EPSON PC-FAX SOFTWARE C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
ezprint.exe C:\Program Files\Dell V310-V510 Series\ezprint.exe
Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\SYSTEM32\ctfmon.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
Microsoft® Windows® Operating System C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\SSSTARS.SCR
Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
NVIDIA Compatible Windows 2000 Display C:\WINDOWS\System32\NvCpl.dll
Printer Device Monitor C:\Program Files\Dell V310-V510 Series\dleamon.exe
QuickTime C:\Program Files\QuickTime\qttask.exe
ROC_roc_dec12.exe C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe
VProtect Application C:\Program Files\AVG Secure Search\vprot.exe
Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
AcroIEHelper Library c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
AIM Toolbar for Internet Explorer c:\program files\aim toolbar\aimtb.dll
AOL IE Toolbar c:\program files\aol\aol toolbar 2.0\aoltb.dll
AOL Instant Messenger C:\Program Files\AIM\aim.exe
AOL Search c:\program files\aim search\aolsearch.dll
AVG Internet Security c:\program files\avg\avg2012\avgssie.dll
AVG Secure Search c:\program files\avg secure search\10.2.0.3\avg secure search_toolbar.dll
Bitdefender QuickScan C:\Documents and Settings\Walt Henry\Application Data\Mozilla\Firefox\Profiles\ptzedt06.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Broderbund Upload C:\Program Files\Internet Explorer\plugins\NPExpFTP.dll
Drive Letter Access Component c:\windows\system32\dla\tfswshx.dll
Epson Easy Photo Print (TBL) c:\program files\epson software\easy photo print\eptbl.dll
Google Toolbar for Internet Explorer c:\program files\google\google toolbar\googletoolbar_32.dll
Google Update C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
Graphics Display Plugin C:\Program Files\Internet Explorer\plugins\NPEvery.dll
IE Services c:\program files\yahoo!\common\yiesrvc.dll
Inbox Toolbar c:\program files\inbox toolbar\inbox.dll
InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll
InterTrust Redemption Wizard C:\Program Files\Internet Explorer\plugins\NPDocBox.dll
Java™ Platform SE 6 U29 c:\program files\java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U29 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Java™ Platform SE 6 U29 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
MediaForge ~Mirage Plugin C:\Program Files\Internet Explorer\plugins\npmirage.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
MetaStream 3 Plugin C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
MSN® Toolbar c:\program files\msn\toolbar\3.0.0983.0\msneshellx.dll
NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
toolband.dll c:\program files\dell toolbar\toolband.dll
Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
Yahoo Application State Plugin C:\Program Files\Yahoo!\Shared\npYState.dll
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
(verified) QuickTime Plug-in 7.6.2 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(verified) QuickTime Plug-in 7.6.2 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(verified) QuickTime Plug-in 7.6.2 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(verified) QuickTime Plug-in 7.6.2 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(verified) QuickTime Plug-in 7.6.2 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(verified) QuickTime Plug-in 7.6.2 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(verified) QuickTime Plug-in 7.6.2 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
(verified) QuickTime Plug-in 7.6.2 C:\Program Files\Internet Explorer\plugins\npqtplugin8.dll


Scan
----
MD5: 1570f1e976e042c833f736e3cfe03d96 C:\Documents and Settings\Walt Henry\Application Data\Mozilla\Firefox\Profiles\ptzedt06.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: b57b260d244b2d1339b99887ec787017 c:\program files\aim search\aolsearch.dll
MD5: 4bd0311f7e4f1a6010ccc1d263128443 c:\program files\aim toolbar\aimtb.dll
MD5: 92be69a36a9504edba2cab34a32b97b3 C:\Program Files\AIM\aim.exe
MD5: e9419cbe1260d5c38ae67f7a8efa768f c:\program files\aol\aol toolbar 2.0\aoltb.dll
MD5: 7b43567b4c32ad7aded537cd3b1342b9 C:\Program Files\Apple Software Update\SoftwareUpdate.exe
MD5: a18da6077a095266e7ac7aa45b048478 c:\program files\avg secure search\10.2.0.3\avg secure search_toolbar.dll
MD5: d29046dc1d22561f3ce08dac22bbb17b C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe
MD5: 20c8014d81a08f0bc8abd1db6cf0c70b C:\Program Files\AVG Secure Search\vprot.exe
MD5: cf109aa996155b94980bec67896e4d6c C:\Program Files\AVG\AVG2012\avgcclix.dll
MD5: 5e6f508618023f398097c080a413d681 C:\Program Files\AVG\AVG2012\avgcertx.dll
MD5: cd45d6a98124b372b325ba230d0023fb C:\Program Files\AVG\AVG2012\avgcfgx.dll
MD5: 6dd1938711903d46ac3a82d4aa12bbec C:\Program Files\AVG\AVG2012\avgchclx.dll
MD5: f37ec91e5d8c51c86dc0337cb84a15b8 C:\Program Files\AVG\AVG2012\avgchjwx.dll
MD5: cfc932d4a910be89f2107e9f26e83fe3 C:\Program Files\AVG\AVG2012\avgclitx.dll
MD5: 53c00f570d1423942cb9fa0f614b5d57 C:\Program Files\AVG\AVG2012\avgcorex.dll
MD5: b4866ba452702eb04fde2959e6f429ef C:\Program Files\AVG\AVG2012\avgcslx.dll
MD5: 7713613deef6cb1185c5ece19cb3651a C:\Program Files\AVG\AVG2012\avgcsrvx.exe
MD5: cac5ec89703f3fb7ef0c172c56bdc9f0 C:\Program Files\AVG\AVG2012\avgemcx.exe
MD5: 283328b17265f6424d2c6686dba4ade1 C:\Program Files\AVG\AVG2012\avgidpmx.dll
MD5: 9f6d24345734fb2413c1a7dbc4bb9913 C:\Program Files\AVG\AVG2012\avgidpsdkx.dll
MD5: 3e94ff7d1a2d973f7527fc6b6b70f5e7 C:\Program Files\AVG\AVG2012\avglngx.dll
MD5: 343e039c305c967478a37270209216e9 C:\Program Files\AVG\AVG2012\avglogx.dll
MD5: 10b0cdf6c807cabaec3fc33c639a7d6e C:\Program Files\AVG\AVG2012\avgnsx.exe
MD5: 776bdda6c1bcca99b456a4bec953013c C:\Program Files\AVG\AVG2012\avgntopensslx.dll
MD5: 49107ec6feade60caa539fcba6397eff C:\Program Files\AVG\AVG2012\avgopensslx.dll
MD5: 5f6135229bea89cf61fdff0ea506a00d C:\Program Files\AVG\AVG2012\avgrsx.exe
MD5: aabdfbf51a5b0310caa9d2e2e4b85982 C:\Program Files\AVG\AVG2012\avgsched.dll
MD5: d17a93d6a4facede137c32650fe5a902 C:\Program Files\AVG\AVG2012\avgsrmx.dll
MD5: 973e131dec4e14804c5b4e1ba04b0115 c:\program files\avg\avg2012\avgssie.dll
MD5: bd608b43aa4f152de1d5667ee973f9e3 C:\Program Files\AVG\AVG2012\avgsysx.dll
MD5: 9f280f1f38fc6b73d35cb77917e6d89e C:\Program Files\AVG\AVG2012\avgtray.exe
MD5: 922ff22e37b61dab5e4352c3c527baf4 C:\Program Files\AVG\AVG2012\avguires.dll
MD5: 7dab06426a345073e1fba88e100c1cfb C:\Program Files\AVG\AVG2012\avgwd.dll
MD5: 6699ece24fe4b3f752a66c66a602ee86 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
MD5: 7d3d2dbf2c3224d43a19443e73ccfa86 C:\Program Files\AVG\AVG2012\avgwdwsc.dll
MD5: 7e639f6e87ef2e1122097b95ab4b889b C:\Program Files\AVG\AVG2012\avgxpl.dll
MD5: c11f6a1f61481e24be3fdc06ea6f7d2a c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
MD5: 3080f1f093869a19fb3d1f0226c73809 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
MD5: 6e3245df783e58375b3465f03274743e C:\Program Files\Common Files\Java\Java Update\jusched.exe
MD5: 846d4038c21491585fdb4038cac41144 C:\Program Files\Common Files\System\ado\msadrh15.dll
MD5: ade4b6227d22df66b94c69d13574ec45 C:\Program Files\Common Files\System\Ole DB\oledb32.dll
MD5: 48720d81d0d22372f8f12cf05a19e0d0 C:\Program Files\Common Files\System\Ole DB\OLEDB32R.DLL
MD5: 5c5209b04b1942a534259c2ab7bb1eea C:\Program Files\Dell Support Center\bin\LIBEAY32.dll
MD5: 0547af400ae6b4f8646148739e0f24fa C:\Program Files\Dell Support Center\bin\sprtevent.dll
MD5: 0ab6629467d8f073b762fca1d416bf2d C:\Program Files\Dell Support Center\bin\sprtfod.dll
MD5: 1409eb2c3cb92d612e124d52ed766359 C:\Program Files\Dell Support Center\bin\sprtmessage.dll
MD5: 8e8d1251c52de0256c076caaa79af327 C:\Program Files\Dell Support Center\bin\sprtsched.dll
MD5: 777115c9cc675bd98127660712d2f784 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
MD5: e4d3f600cff1e76950abb0d790f2a1ef C:\Program Files\Dell Support Center\bin\sprtupdate.dll
MD5: 5fb486db877dfbb52828d77f110eba9d C:\Program Files\Dell Support Center\bin\SupportSoft.Agent.Sprocket.dll
MD5: 01b46beece252636a678e9312e6031fd C:\Program Files\Dell Support Center\bin\SupportSoft.Agent.Sprocket.SupportMessage.dll
MD5: b2553363fd3da02036c628dc62431c25 c:\program files\dell toolbar\toolband.dll
MD5: 224578e2f25e0fd4b3b7db1c6df235e2 C:\Program Files\Dell V310-V510 Series\customui.dll
MD5: cc3570cc65aabbab1801ab9e75f02fc3 C:\Program Files\Dell V310-V510 Series\dleacaps.dll
MD5: a7d914c91848b66d83c69e632ccdffb9 C:\Program Files\Dell V310-V510 Series\dleacfg.dll
MD5: ba210b3e2fdceffd800fa3625f5e0aa9 C:\Program Files\Dell V310-V510 Series\dleacnv4.dll
MD5: 586e9a13b09ee8f695fc4b5f518a3dea C:\Program Files\Dell V310-V510 Series\dleacomc.dll
MD5: d5664c0d1acb263993411d6ca86fa29d C:\Program Files\Dell V310-V510 Series\dleaDRS.dll
MD5: 6f41d4838ad99804044a9bcf2a316ea6 C:\Program Files\Dell V310-V510 Series\dleamon.exe
MD5: 046e4103ed25becc0f010bd27a24f407 C:\Program Files\Dell V310-V510 Series\dleamonr.dll
MD5: 572c6429a5508e8c2639bdbe5c282991 C:\Program Files\Dell V310-V510 Series\dleaptp.dll
MD5: e9bc4b385dd1b58519932406efb9c26a C:\Program Files\Dell V310-V510 Series\dleascw.dll
MD5: a29c926672e80ccba154cee7c46261bf C:\Program Files\Dell V310-V510 Series\Epfunct.DLL
MD5: 78ee9f0922eb666dcf00a8a92dca6fda C:\Program Files\Dell V310-V510 Series\EPOEMDll.dll
MD5: 0faad1cd3a19843ebde3026a8bf323c2 C:\Program Files\Dell V310-V510 Series\epstring.dll
MD5: 2a5566592fd8b23cb4b2663067c21f6e C:\Program Files\Dell V310-V510 Series\Eputil.DLL
MD5: 249a0b6c55703fb7fe34cfd8acdd00ae C:\Program Files\Dell V310-V510 Series\Epwizard.DLL
MD5: 00d82d3ac6b915c76bf7d19072077a9b C:\Program Files\Dell V310-V510 Series\EPWizRes.dll
MD5: af14e7084a2d46399e1a2c45a585f80f C:\Program Files\Dell V310-V510 Series\ezprint.exe
MD5: a20f745d153d28390021ba5ab1983675 C:\Program Files\Dell V310-V510 Series\Imagutil.DLL
MD5: 8ba16887c3e15f735d81f6470eb3c49f C:\Program Files\Dell V310-V510 Series\iptk.dll
MD5: 80505248ebd079cb692fc2ff0bf5d754 C:\Program Files\Dell V310-V510 Series\Ltdis15u.dll
MD5: 8edace1d540666e2909dbbda5e07b40e C:\Program Files\Dell V310-V510 Series\LTEFX15U.DLL
MD5: 44491323891ee2cdedd31e96449b9e78 C:\Program Files\Dell V310-V510 Series\Ltfil15u.dll
MD5: 3271a2285738336d273cb0e850c4f9cc C:\Program Files\Dell V310-V510 Series\Ltimgclr15u.dll
MD5: 5bf0bfda62dd7a3a512f09a9ee31e8bb C:\Program Files\Dell V310-V510 Series\LTIMGCOR15U.DLL
MD5: cd9704754c0160eeb636bf3e340cab9a C:\Program Files\Dell V310-V510 Series\LTIMGEFX15U.DLL
MD5: 695c32d334146ad25a2e6305dd3175a2 C:\Program Files\Dell V310-V510 Series\LTIMGSFX15U.DLL
MD5: d1514e24d2ce523f3d4deafdec50de9f C:\Program Files\Dell V310-V510 Series\Ltimgutl15u.dll
MD5: 75de43a4302967c786a0da65c649f1a0 C:\Program Files\Dell V310-V510 Series\Ltkrn15u.dll
MD5: fecc6977944fc212772173c86aa9b0c0 C:\Program Files\Dell V310-V510 Series\Ltwvc215u.dll
MD5: c10d6a7784e12bf0be4799f675f614c2 C:\Program Files\Dell V310-V510 Series\PdfLib.dll
MD5: 4235107caa0bce7e872c4355329fc06e C:\Program Files\DellSupport\ActMgr.dll
MD5: 9a1ed0b28ad9cfb5e506bd51439f3f17 C:\Program Files\DellSupport\CfgData.DLL
MD5: b75fdbf14073d72c50624cc8338dd534 C:\Program Files\DellSupport\DSAgnt.exe
MD5: 5f616095b1bb1142eda228e6d8238f24 C:\Program Files\DellSupport\gdql_d.dll
MD5: f2533d0a9c2f344b9dafedf9ed3be754 c:\Program Files\DellSupport\GTAction\handlers\brkrsvch.dll
MD5: 896f1dae48558ce96af012c7e594ccc6 c:\Program Files\DellSupport\GTAction\handlers\grouph.dll
MD5: f61eff66eedefeaad0601eb701ccea12 c:\Program Files\DellSupport\GTAction\handlers\pnph.dll
MD5: a8a5453f6daa4bcacd02fbf2ef3f7c1f c:\Program Files\DellSupport\GTAction\handlers\qdiagh.dll
MD5: 755ad13d0042329925e2faf3d070326d c:\Program Files\DellSupport\GTAction\handlers\trgloadh.dll
MD5: 6472d141970830f856778de71eb93319 c:\Program Files\DellSupport\GTAction\handlers\trgregh.dll
MD5: 448452164af599409ffb40139873e5f9 C:\Program Files\DellSupport\GTAction\triggers\DSproct.dll
MD5: 3d293e0dfdfd4c17ab7e5d4e6065c0e7 C:\Program Files\DellSupport\GTAction\triggers\DSWnHnt.dll
MD5: b303a962e751f50f82e4d183bb90c775 C:\Program Files\DellSupport\GTAction\triggers\filet.dll
MD5: 02ef2c66653d28d964b03ef44a942bf0 C:\Program Files\DellSupport\GTAction\triggers\timert.dll
MD5: 81322f09e392689b2af50c65714175d6 C:\Program Files\DellSupport\GTAgnt.dll
MD5: 7d1913e59c79ab565a73020f8bd13b40 C:\Program Files\DellSupport\TrgMgr.DLL
MD5: ea3329e06d7c794b788ceada90ab7000 c:\program files\epson software\easy photo print\eptbl.dll
MD5: 1568ff282e268082c67cf0c3ebcc9179 C:\Program Files\Epson Software\Event Manager\EEventManager.exe
MD5: fb8b3e6bf6445c22f30dfc26b200e569 C:\Program Files\Epson Software\Event Manager\epnsm.dll
MD5: 637124cdbff5819cb8a8478838a33048 C:\Program Files\Epson Software\Event Manager\ESPSUTL.dll
MD5: 2031dcc0083a134af9451cd1402ffce3 C:\Program Files\Epson Software\Event Manager\LcMgr.dll
MD5: 4956c57498ad08724ae41920a81b6963 C:\Program Files\Epson Software\Event Manager\ScanEngine30.dll
MD5: 17386c6e17a26bb0c9765577e446e7d9 C:\Program Files\Epson Software\Event Manager\ScnMgr10.dll
MD5: 3bdd9e0105254f161783cbf260424223 C:\Program Files\Epson Software\FAX Utility\EbpD4Fax.dll
MD5: c87369b9cc03e0a35493d5fe5b81fffa C:\Program Files\Epson Software\FAX Utility\FUADRFIL.dll
MD5: c4d597818006feabd48782f47e5477f6 C:\Program Files\Epson Software\FAX Utility\FUFAXCFG.dll
MD5: 5243c11b1f5ddccbd47863a1fbe5b798 C:\Program Files\Epson Software\FAX Utility\FUFAXCSR.DLL
MD5: 3760f9063d5f3afac23fe9f120ecddbb C:\Program Files\Epson Software\FAX Utility\FUFAXLDB.dll
MD5: f80ffd4517c0b8025ecc54fbb30f88c4 C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
MD5: 0783550457ee1ad211086538a941c575 C:\Program Files\Epson Software\FAX Utility\FUFAXTIF.dll
MD5: c872062d371aebfbe88c8f60cb84ee18 C:\Program Files\Epson Software\FAX Utility\FUIMGCDC.dll
MD5: 23f9a42ffeda413acf28593e71c6ff49 C:\Program Files\Epson Software\FAX Utility\FUSTMMSG.dll
MD5: ccedefba1645a5806484731846e29877 C:\Program Files\Epson Software\FAX Utility\FUSVCCLT.dll
MD5: eee49de32144a313550a4438bc81a23e C:\Program Files\Epson Software\FAX Utility\FUUSBHLP.dll
MD5: 61a2c38402d3edf4bc35f9ad2d81e0a8 C:\Program Files\Epson Software\FAX Utility\FUVERDLG.dll
MD5: 4641da1f5ef8a2c68af4b20cedb6297b C:\Program Files\Epson Software\FAX Utility\Library\ENCM.dll
MD5: 8c0f0b722864f2d139de7e5922063f33 C:\Program Files\Epson Software\FAX Utility\Library\ENNW.dll
MD5: 11dfc66a5b97a561b35328f75b997443 C:\Program Files\Epson Software\FAX Utility\Library\ENUTIL.dll
MD5: 67b3549f33e8bec8b67eae42b124789c C:\Program Files\Epson Software\FAX Utility\Library\FUDEVCOM.dll
MD5: af1477e04a3be501ce263be68da7d9c2 C:\Program Files\Epson Software\FAX Utility\Library\FUDRVUTL.dll
MD5: 3bddd476e42c19fc895c0f9b8ff9fd8e C:\Program Files\Epson Software\FAX Utility\Library\FUPRBDEV.dll
MD5: f173b50366db1028a8f6cbe6a029a204 C:\Program Files\Epson Software\FAX Utility\Library\FUSNMPUT.dll
MD5: 5cc018909101824a267f82e91467e00c C:\Program Files\Epson Software\FAX Utility\Resource\FUCMNMSG.dll
MD5: e5a97b3d75580123ced37e04ea0e8b57 C:\Program Files\Epson Software\FAX Utility\Resource\FUFAXCFGRes.dll
MD5: ea9166a15b74a02a15a1a360b65ec236 C:\Program Files\Epson Software\FAX Utility\Resource\FUFAXSTM.dll
MD5: 04bc8f4b434c637f8984e1229264084a C:\Program Files\Epson Software\FAX Utility\Resource\FUPRBDEVRes.dll
MD5: 5b97ab550022b2783894c558fa2e1310 c:\program files\google\google toolbar\googletoolbar_32.dll
MD5: e460233208906ecc0e8f057b25562f13 C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\gtn.dll
MD5: ab3668c159e1cfea184f72650bd66807 C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
MD5: 1e6b52abdf4082374de9d43cbd2f7e08 C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
MD5: d4947909096144446fbb0920eedf935d c:\program files\inbox toolbar\inbox.dll
MD5: 9d63f257e9cc6367692b92da4cb4ddac C:\Program Files\Internet Explorer\plugins\NPDocBox.dll
MD5: b6c33bc5e5497a5834202eaa69f2bb4d C:\Program Files\Internet Explorer\plugins\NPEvery.dll
MD5: dd165f4302b987948610d258f891f8b7 C:\Program Files\Internet Explorer\plugins\NPExpFTP.dll
MD5: 2ebec4cb943637f85bdd4ecdbd0c0158 C:\Program Files\Internet Explorer\plugins\npmirage.dll
MD5: dc365b6e595683f67bc21a203432e336 c:\program files\java\jre6\bin\jp2ssv.dll
MD5: 381b25dc8e958d905b33130d500bbf29 C:\Program Files\Java\jre6\bin\jqs.exe
MD5: 1e96525ae85d402f9f8047f8caef5f06 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: e3a7850421a4ab8b15fc174eb587bc6b c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259 C:\Program Files\Messenger\msmsgs.exe
MD5: ed327201724ea05d509b7939abe49e98 c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
MD5: bd5fc9f3ef6ce0e4e149e9825285974d C:\Program Files\Mozilla Firefox\components\browsercomps.dll
MD5: 4f69aabb5d82aa4ef6dff7871212adf6 C:\Program Files\Mozilla Firefox\firefox.exe
MD5: 2c83614ca5c79d7f75c65e79fcabb257 C:\Program Files\Mozilla Firefox\freebl3.dll
MD5: 3817d77e8371f2b8bfab4653fb23230c C:\Program Files\Mozilla Firefox\mozalloc.dll
MD5: 0993ab4dc534b208c5557d0586195589 C:\Program Files\Mozilla Firefox\mozglue.dll
MD5: 97258f0898f8e3f3d154ce1dd71fd50b C:\Program Files\Mozilla Firefox\mozjs.dll
MD5: f8d269cb2edd02963adab1065352487d C:\Program Files\Mozilla Firefox\mozsqlite3.dll
MD5: 1200b011ad494a9e41d882143deb9d68 C:\Program Files\Mozilla Firefox\nspr4.dll
MD5: 6d8f7647f8eadb1f0d003b13ac7aff8b C:\Program Files\Mozilla Firefox\nss3.dll
MD5: 4eb7702ea671448197af4ca2b0d6f7d0 C:\Program Files\Mozilla Firefox\nssckbi.dll
MD5: 77685eccd3cc603c49fb6df510f2d191 C:\Program Files\Mozilla Firefox\nssdbm3.dll
MD5: cbbaa8d5109e5c51c241482be107d1b2 C:\Program Files\Mozilla Firefox\nssutil3.dll
MD5: e52f9b31aea7458e415616b88f41d6b6 C:\Program Files\Mozilla Firefox\plc4.dll
MD5: 65d434a6ead6152acffca952121b8fa2 C:\Program Files\Mozilla Firefox\plds4.dll
MD5: a7b6857b7503d9ca4f40d17a7ebb67fb C:\Program Files\Mozilla Firefox\plugin-container.exe
MD5: 25a86a8d2a66b599800d3530dc8ca4af C:\Program Files\Mozilla Firefox\smime3.dll
MD5: 9a0f86431a4304985a6a32356d8a1e5a C:\Program Files\Mozilla Firefox\softokn3.dll
MD5: 49c2a8dbd535ec9ff202aca627c3ec6a C:\Program Files\Mozilla Firefox\ssl3.dll
MD5: ed866bd9b4f737c4e798eb92dca30931 C:\Program Files\Mozilla Firefox\xpcom.dll
MD5: cbe42bf86e34fbb1ca197da60b024792 C:\Program Files\Mozilla Firefox\xul.dll
MD5: 6574f8e5aecdfab0c80a2b0fd6dffc42 c:\program files\msn\toolbar\3.0.0983.0\msneshellx.dll
MD5: 6caad84e67a4c29efede6c7cdc369158 C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll
MD5: 0c79e141a79474c8b6631b1a4796e6fe C:\Program Files\OpenOffice.org 2.4\program\stlport_vc7145.dll
MD5: fabad2bfd44661d8cc627e5485bfafaf C:\Program Files\QuickTime\qttask.exe
MD5: 5f974fde801c73952770736becde11e7 C:\Program Files\Viewpoint\Common\ViewpointService.exe
MD5: b49a14eb7fdd597dc4cf8160ba4be245 C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
MD5: 90aae04c4c2f05981fb7bf24e70ac0aa c:\program files\yahoo!\common\yiesrvc.dll
MD5: 852235573e8287f3b9f6bd880fa2d6fc C:\Program Files\Yahoo!\Shared\npYState.dll
MD5: 5f6135229bea89cf61fdff0ea506a00d C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
MD5: fb537f29a827d78f756154cf397a113f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: fc6427ffb3d95cf1bb9babe68baa8385 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
MD5: 121d3e27e960a65e82a9acf16dca01c9 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
MD5: 3bfe3d86bb8101acf59e532e612ec4c6 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
MD5: 5002991ada7920b35e46e7ea80c134fe C:\WINDOWS\Downloaded Program Files\isusweb.dll
MD5: 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: cebed017c4965fc4407ccd986ae0a528 C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
MD5: 875d770f477e0ae0088be1810d537b23 C:\WINDOWS\System32\ACTIVEDS.dll
MD5: 13510490bea0997db625daa0178cbfca C:\WINDOWS\system32\actxprxy.dll
MD5: 1081c185aed0660b2b5f173c3e023b23 C:\WINDOWS\system32\ADVAPI32.dll
MD5: f1958fbf86d5c004cf19a5951a9514b7 C:\WINDOWS\SYSTEM32\alg.exe
MD5: eca24ab73fcffa754d4070cdb03529e3 C:\WINDOWS\system32\appHelp.dll
MD5: 5c3df25926729ebeef5cc7ff1933b360 C:\WINDOWS\system32\AUTHZ.dll
MD5: 01cfa88f8dee91ec9f8e0988f49d106e C:\WINDOWS\system32\AVICAP32.dll
MD5: 8c91e1252dcae14e28443d3d8a7402b1 C:\WINDOWS\System32\bitsprx2.dll
MD5: 4c04d0d0f6f480832a2e336c61f18850 C:\WINDOWS\system32\browselc.dll
MD5: e3cfccdda4edd1d0dc9168b2e18f27b8 c:\windows\system32\browser.dll
MD5: 826a299b3c08df1301a8bf35c07b00ff C:\WINDOWS\system32\BROWSEUI.dll
MD5: 08f0190ae201ec331b4ca3b0fa2d2cce C:\WINDOWS\System32\Cabinet.dll
MD5: 1cdc42965c6991c97c32f927ba540320 C:\WINDOWS\System32\catsrv.dll
MD5: e3909eafbdc020052965dec63e632507 C:\WINDOWS\System32\catsrvut.dll
MD5: ad44c5bc21213f394f6afcb55cc39293 c:\windows\system32\certcli.dll
MD5: 0fcb11b39af688035e1cde754684ee5c c:\windows\system32\CFGMGR32.dll
MD5: ec8a848fc4f17f3b3d9da4a0c43fb930 C:\WINDOWS\system32\CLBCATQ.DLL
MD5: 98c1ff6676e02d43da208802286a6ee7 C:\WINDOWS\System32\CLUSAPI.DLL
MD5: 01a04fb59e76697c9171b6327274d371 C:\WINDOWS\system32\colbact.DLL
MD5: b0124cb21d28b1c9f678b566b6b57d92 C:\WINDOWS\system32\COMCTL32.dll
MD5: 6728270cb7dbb776ed086f5ac4c82310 C:\WINDOWS\system32\COMRes.dll
MD5: 75deb92422d955373825a11f9f74ec6a C:\WINDOWS\system32\comsvcs.dll
MD5: 1ecb753d7ceec8f5a94c9781ca64ec44 c:\windows\system32\credui.dll
MD5: cad4aa32e7eca00c23cc39c0eb833f9d C:\WINDOWS\system32\cryptnet.dll
MD5: 10654f9ddcea9c46cfb77554231be73b c:\windows\system32\cryptsvc.dll
MD5: 587729679b4fe04ce06a5c61d6c56dcd C:\WINDOWS\system32\cscdll.dll
MD5: f12b178b1678d778cfd3ff1fc38c71fb C:\WINDOWS\SYSTEM32\csrss.exe
MD5: 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\SYSTEM32\ctfmon.exe
MD5: 6479a184873f7ca797ff0375d711e9a6 C:\WINDOWS\system32\dbghelp.dll
MD5: ef545e1a4b043da4c84e230dd471c55f c:\windows\system32\dhcpcsvc.dll
MD5: 15f6f27916a2d2af3abf029f6cf3037b c:\windows\system32\dla\tfswshx.dll
MD5: 586e9a13b09ee8f695fc4b5f518a3dea C:\WINDOWS\system32\dleacomc.dll
MD5: 36b897274099df8087efb5c6ce09414d C:\WINDOWS\SYSTEM32\dleacoms.exe
MD5: 2317588da43635e4acbe58aa91aff152 C:\WINDOWS\system32\dleadatr.dll
MD5: db89ae1e06b9dbd29b9072cabbba6e9f C:\WINDOWS\system32\dleahbn3.dll
MD5: f2919a4ab2b8b71236be687329692887 C:\WINDOWS\system32\dleaiesc.dll
MD5: 2b301296bb4bbefcadc2dc9cfb86710d C:\WINDOWS\system32\dleainpa.dll
MD5: 792018fcab07d9a255ecb577c2105a13 C:\WINDOWS\system32\dlealmpm.dll
MD5: 0a390aa8edee684e39f44595be4afe7f C:\WINDOWS\system32\dleaserv.dll
MD5: 68422130f843a88b4d4bdd40493d5e0b C:\WINDOWS\system32\dleasm.dll
MD5: c78973ad87fe43d6016d8ab98821ada3 C:\WINDOWS\system32\dleasmr.dll
MD5: b7e03f5e5ffed903f97c0cb375c7b8f3 C:\WINDOWS\system32\dleausb1.dll
MD5: aac8ffbfd61e784fa3bac851d4a0bd5f c:\windows\system32\dnsrslvr.dll
MD5: cacd2c63a79268d131ea37e85524cc44 C:\WINDOWS\system32\dssenh.dll
MD5: ed7e847905dd2797565b4b695e92f42b C:\WINDOWS\system32\DUSER.dll
MD5: f4f3eae16ae6fd93e1f22df295e2a7fc C:\WINDOWS\system32\E_FLBGIA.DLL
MD5: 50de118da580208b914b40dd47c90d52 c:\windows\system32\ESENT.dll
MD5: 53886bd63b137aaff945353239cb60cb C:\WINDOWS\system32\eswiaud.dll
MD5: c7f69894e6c2a9b2159e8bbc2c6dcff5 C:\WINDOWS\System32\evntagnt.dll
MD5: 7695224003dda59bfb9bdd62edac169f C:\WINDOWS\system32\expsrv.dll
MD5: f0af09b4781f4935fdb49afa87c90fa9 C:\WINDOWS\system32\faultrep.dll
MD5: bf941d4aa1db64828fe5498d12f11213 C:\WINDOWS\system32\feclient.dll
MD5: 765b30c776a1780b46b479fe614f707c C:\WINDOWS\System32\hnetcfg.dll
MD5: 35c1f6ca4fa6ef9822d9e9912426b2c5 C:\WINDOWS\System32\hostmib.dll
MD5: db03982b3e2c045990cacb3f11931519 C:\WINDOWS\system32\HTTPAPI.dll
MD5: 6580e3ec7593c0621a91387aab419524 C:\WINDOWS\system32\iac25_32.ax
MD5: c13b8585bdc134a4988e0328cce73057 C:\WINDOWS\System32\igmpagnt.dll
MD5: ae01989028765de3b3f3750dc3e7a1b6 C:\WINDOWS\system32\imaadp32.acm
MD5: 5afce94e8286b2f57a04da37f01bf21a C:\WINDOWS\system32\IMAGEHLP.dll
MD5: 87ca7ce6469577f059297b9d6556d66d C:\WINDOWS\system32\IMM32.DLL
MD5: abbb064336dc11194e2341ad06b8314e C:\WINDOWS\System32\inetmib1.dll
MD5: f14a6bd840e4d7cd4c0535cb3cef2887 C:\WINDOWS\system32\inetpp.dll
MD5: 011eacf9153ef90e6cbce2987acae411 C:\WINDOWS\System32\iphlpapi.dll
MD5: 36cc8c01b5e50163037bef56cb96deff c:\windows\system32\ipnathlp.dll
MD5: b6acaed7588295129791e0e6a2b0fade C:\WINDOWS\system32\kernel32.dll
MD5: a1a688ee56cf3bbd24edeb815d48e9ba C:\WINDOWS\system32\LINKINFO.dll
MD5: 745c69bf7ed3374833b8535e7895dce5 C:\WINDOWS\System32\lmmib2.dll
MD5: 2e632f071817ad3758c386571cbd9858 C:\WINDOWS\system32\localspl.dll
MD5: 7db59fff2af32c27eb2276424fa5eddb C:\WINDOWS\system32\logonui.exe
MD5: 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\SYSTEM32\lsass.exe
MD5: de3745a51b7ac7fedc356a83f76c8023 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MD5: 39f32be798462a491f502bdb9cb31ae9 C:\WINDOWS\System32\mcastmib.dll
MD5: 4602907535fd682195dfff9117365826 C:\WINDOWS\system32\MFC42.DLL
MD5: a82a8c77f419938408881feb29e83f74 C:\WINDOWS\System32\MfcSubs.dll
MD5: 0346da24de3c85909717d5997510a31f C:\WINDOWS\system32\MLANG.dll
MD5: a49ad2cac7685b2a9e1a86ac8bc8ece5 C:\WINDOWS\system32\mobilev.acm
MD5: 5eb4b3a7f2f736df61206982a8a1f694 C:\WINDOWS\system32\modemui.dll
MD5: 2cfe80aa3428c09e6de67fac50da65cf C:\WINDOWS\system32\MPR.dll
MD5: 9f78f329b1858e845087b923b4dba0f3 C:\WINDOWS\System32\MPRAPI.dll
MD5: 5637038012870fda20650e07d6476d02 C:\WINDOWS\system32\msadp32.acm
MD5: dbae41a1fd05c66f820875816d49d02a C:\WINDOWS\system32\msaud32.acm
MD5: 2b6d3630eb32b562e6763370ce35d730 C:\WINDOWS\system32\MSCTF.dll
MD5: 80ee5efb436aba67d3f0688d0e5f9d72 C:\WINDOWS\system32\MSDART.DLL
MD5: 33271a2667334b9a8842c65a079ef375 C:\WINDOWS\system32\msg711.acm
MD5: b87f759738c52e8d6fbcdaaa84c6486f C:\WINDOWS\system32\msg723.acm
MD5: 3a9846e207dafc13009c048a2f6f8c2a C:\WINDOWS\system32\msgsm32.acm
MD5: 892f4bc54d486feb4df03e4e2ecb14e0 C:\WINDOWS\system32\msi.dll
MD5: 9e70016c950b1f8fdeaa6f067e2e25a8 C:\WINDOWS\System32\msjet40.dll
MD5: 077f067c69073d1ebc84984e7fe5ba44 C:\WINDOWS\System32\msjetoledb40.dll
MD5: 92f7261f2182aa32c1c247c6ddfef90c C:\WINDOWS\System32\MSJINT40.DLL
MD5: e5de87dddb8cbe4687eadf296e58452a C:\WINDOWS\System32\msjtes40.dll
MD5: f5ee7cacd1784241f138a5e55b715897 c:\windows\system32\mstlsapi.dll
MD5: 9eea0ca999a33c9d2eabe82e4c624cc3 C:\WINDOWS\system32\MSUTB.dll
MD5: 1f57eb5b92b2ac7f9d71a77d184d8c13 C:\WINDOWS\System32\MSVCP60.dll
MD5: b0fefa816d61ec66aa765ddf534eab5e C:\WINDOWS\system32\msvcrt.dll
MD5: 9cab732c554bc1191e68d1efb102da45 C:\WINDOWS\system32\MSVFW32.dll
MD5: afdc647d16b285b9ae6140335b3b3255 C:\WINDOWS\System32\mswstr10.dll
MD5: 99f43b9b76c88acead42fe84744f8c87 C:\WINDOWS\system32\MTXCLU.DLL
MD5: e3ae8dc04643850d2dfd431443558b28 c:\windows\system32\netcfgx.dll
MD5: 36739b39267914ba69ad0610a0299732 c:\windows\system32\netman.dll
MD5: bf52a4d4eb4cfb3109667e429b93e21a c:\windows\system32\netshell.dll
MD5: 01520b46830c8178e1b2c05a4f3f6c16 C:\WINDOWS\System32\NETUI0.dll
MD5: 88b918e7fb3b09595dd8a0fd09a35b8f C:\WINDOWS\System32\NETUI1.dll
MD5: c06986b55981b355090dd34de809e4bb C:\WINDOWS\system32\ntdll.dll
MD5: 6201bacf384292a5fe94ce73364ae53a C:\WINDOWS\system32\NTDSAPI.dll
MD5: daa91b358e685fc6cca9aca72be6fe85 C:\WINDOWS\system32\NTMARTA.DLL
MD5: 385e9aec6e100dbebee5bd1f27a55e1d C:\WINDOWS\system32\ntshrui.dll
MD5: a33821b1c6094da5a6371c97c4a102f7 C:\WINDOWS\System32\NvCpl.dll
MD5: 26712cf8be48bc767854927435c0b6a9 C:\WINDOWS\SYSTEM32\nvsvc32.exe
MD5: f79d7d98cd764499eccbaaf3f800d349 C:\WINDOWS\system32\ODBC32.dll
MD5: c237fb08f52f27823c4e4e6705ecd196 C:\WINDOWS\system32\odbcint.dll
MD5: ab8231d13692ac5088eb9c226b0c0576 C:\WINDOWS\system32\ole32.dll
MD5: 0144abc4c4a624b583d432ee478a711c C:\WINDOWS\system32\OLEAUT32.dll
MD5: a37d7208c3d5dba0a603953a5b232af7 C:\WINDOWS\system32\oledlg.dll
MD5: d623276c3c72c8226ef4afc5eb12dab1 C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
MD5: db963459bea73867e50bc92d3a3f61bc C:\WINDOWS\system32\pdh.dll
MD5: 4d3ccdf22d2b4bae229ba73b81d13e26 C:\WINDOWS\system32\psbase.dll
MD5: 037438a305f1eff51af788c32eff4360 C:\WINDOWS\System32\qmgrprxy.dll
MD5: 5f098bd2ae6b03044b085decffdf91ec C:\WINDOWS\system32\rasadhlp.dll
MD5: cd1f7ed9842138beadf9ecbf37818bef C:\WINDOWS\system32\RASAPI32.dll
MD5: ba5d5fd3cca6f64a429e2e0e1a1a0917 C:\WINDOWS\System32\RASDLG.dll
MD5: 30e244a707e6ce0a4b099cd6384ec6ca C:\WINDOWS\system32\rasman.dll
MD5: d4bd2eeab07fef323f0a0ceecc954f51 c:\windows\system32\rasmans.dll
MD5: 04ecec0447f79419ad25227205b8277d C:\WINDOWS\System32\rasppp.dll
MD5: 1d536bebc30dd8d0d3b6ff3b0cd2d32b C:\WINDOWS\System32\rastapi.dll
MD5: 899ed710fdc37eb7d0115c2932c2b1eb C:\WINDOWS\system32\REGAPI.dll
MD5: 2738c8a33ff07dd3c99c7c8f0a85da72 C:\WINDOWS\System32\RESUTILS.DLL
MD5: 461b6e2f04112e659280314b7a414f30 C:\WINDOWS\system32\RPCRT4.dll
MD5: 01095febf33beea00c2a0730b9b3ec28 c:\windows\system32\rpcss.dll
MD5: 26acbd865f8cff730f1791c4d0854352 C:\WINDOWS\system32\rsaenh.dll
MD5: eb6dbf63a06590aa75ed58fcb58784de C:\WINDOWS\System32\rtipxmib.dll
MD5: ebe12f403fde45e7312e7bf764bfb6c6 C:\WINDOWS\System32\SAMLIB.dll
MD5: e15154e7fda8a580a8f74c7cc16b1ffe C:\WINDOWS\system32\SAMSRV.dll
MD5: 0f78e27f563f2aaf74b91a49e2abf19a C:\WINDOWS\system32\scecli.dll
MD5: 9a42c1f3154545a4d32e5043038b01fa C:\WINDOWS\system32\SCESRV.dll
MD5: 92360854316611f6cc471612213c3d92 c:\windows\system32\schedsvc.dll
MD5: d636fa41e50671160d838ea2dace3330 C:\WINDOWS\system32\sclgntfy.dll
MD5: 214577b79cf59e2fc9addd9598c0aeb8 C:\WINDOWS\system32\ScrRun.dll
MD5: 37561f8d4160d62da86d24ae41fae8de C:\WINDOWS\SYSTEM32\services.exe
MD5: e73f18195ccf4aaaa87b2d22e83f791c C:\WINDOWS\System32\serwvdrv.dll
MD5: 9858cc4d73a4ccf2f852fae07c11a0b5 C:\WINDOWS\system32\sfc_os.dll
MD5: 458054bbc817f6088e1b4d87e2b6aa6d C:\WINDOWS\system32\shdocvw.dll
MD5: 06da8c5383aaf17127fc4b1658ba3f4f C:\WINDOWS\system32\SHELL32.dll
MD5: 43da983415ea533f9e667fdb415f4655 C:\WINDOWS\System32\ShimEng.dll
MD5: 7c972c7f0e3ce48503e1e9fbe9890009 C:\WINDOWS\system32\SHLWAPI.dll
MD5: 6815def9b810aefac107eeaf72da6f82 C:\WINDOWS\system32\SHSVCS.dll
MD5: 9c454cd857b4c0ccf7a614b047616503 C:\WINDOWS\system32\simptcp.dll
MD5: 059fcd11a8f067650abf6426e1cb43d3 C:\WINDOWS\system32\sl_anet.acm
MD5: bd7fb0957c716f1a60333aee04de2178 C:\WINDOWS\SYSTEM32\smss.exe
MD5: 6feb04de6288f5466391e29057dc5b0e C:\WINDOWS\SYSTEM32\snmp.exe
MD5: 0484c838adfc880b74b0e9d2d97738e2 C:\WINDOWS\System32\snmpapi.dll
MD5: 3ca0a12df02108e3186dc355ed74b3b2 C:\WINDOWS\System32\snmpmib.dll
MD5: 57757aba5266e103b1ce56bffba6cc3c C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\acpdfui210.dll
MD5: a7d914c91848b66d83c69e632ccdffb9 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dleaCFG.dll
MD5: 696326e6a5e8d097bd8e16bb04e917d2 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\dleadrpp.dll
MD5: 87b85bc1e1f6e0228876204a20a9c24c C:\WINDOWS\system32\SPOOLSS.DLL
MD5: da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\SYSTEM32\spoolsv.exe
MD5: 60106b27fcce3e71ec8c8c757cc243e4 C:\WINDOWS\system32\SRCLIENT.DLL
MD5: 92bdf74f12d6cbec43c94d4b7f804838 c:\windows\system32\srsvc.dll
MD5: 0cb3af149a0bac0836022ca307c7a0f8 c:\windows\system32\srvsvc.dll
MD5: 4b8d61792f7175bed48859cc18ce4e38 c:\windows\system32\ssdpsrv.dll
MD5: b7d61243ab22f27d059030499ec791f5 C:\WINDOWS\System32\SSSTARS.SCR
MD5: 297101a925ecffdcdf7f6341ffbb6c1a C:\WINDOWS\system32\stobject.dll
MD5: 375b121a06c6034463af593f784be9e9 C:\WINDOWS\System32\strmfilt.dll
MD5: 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\SYSTEM32\svchost.exe
MD5: 0ff9fa27706fbe9048990c108c0d62f0 C:\WINDOWS\system32\sxs.dll
MD5: 9c28b09c8757065d74e662e5a3503c89 C:\WINDOWS\system32\t2embed.dll
MD5: 6307a1b82f6ca87d7e0cdf49e6e7bc00 C:\WINDOWS\system32\TAPI32.dll
MD5: fb78839b36025aa286a51289ed28b73e c:\windows\system32\tapisrv.dll
MD5: 32933b07fc16d9f778bee12545fa1b1a C:\WINDOWS\SYSTEM32\TCPSVCS.EXE
MD5: e6796d51ced309e46d29c0b787735615 C:\WINDOWS\System32\themeui.dll
MD5: 6d9ac544b30f96c57f8206566c1fb6a1 c:\windows\system32\trkwks.dll
MD5: 735f504deefe4e2ad06360fce2842dd4 C:\WINDOWS\system32\tsd32.dll
MD5: e8cd0d7e169ecce2d4fd829daab786ed C:\WINDOWS\system32\tssoft32.acm
MD5: ec2ad9ac452e0a8d976fb1b1718517ce C:\WINDOWS\System32\umdmxfrm.dll
MD5: 586211f4ff4bc49cc215c956919cd33b C:\WINDOWS\system32\umpnpmgr.dll
MD5: 2dbfbd419c332e4361e35528e611b0a0 C:\WINDOWS\System32\unimdmat.dll
MD5: 339089d6c3fc3bc5ced8d9049c4d2101 C:\WINDOWS\System32\upnp.dll
MD5: aca5d98663d879c6baafcea7e2f1b710 c:\windows\system32\upnphost.dll
MD5: b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\USER32.dll
MD5: 2b9b56a89a8a42e917511972a6db36e3 C:\WINDOWS\system32\USERENV.dll
MD5: 39b1ffb03c2296323832acbae50d2aff c:\windows\system32\userinit.exe
MD5: 2cde496666a975a2ce8f969f3042c8db C:\WINDOWS\system32\uxtheme.dll
MD5: 1db86ae1a9bab2b68ba04fe28df9245b C:\WINDOWS\system32\VBAJET32.DLL
MD5: 2b281958f5d0cf99ed626e3ef39d5c8d C:\WINDOWS\system32\w32time.dll
MD5: de578e4e6844954823fc7688625f00c8 C:\WINDOWS\system32\wbem\esscli.dll
MD5: 950df6295d3c6b5f2d508dcb1b275b87 C:\WINDOWS\system32\wbem\FastProx.dll
MD5: 05cb782f2c7024aa92b1722a926bbd3a C:\WINDOWS\system32\wbem\framedyn.dll
MD5: 9a66728efe501d855d0ffe3de023ce32 C:\WINDOWS\system32\wbem\repdrvfs.dll
MD5: 4e39c36213e95fb971a61a247bde2f61 C:\WINDOWS\System32\wbem\wbemcomn.dll
MD5: 36360b625d7290bba2cd03ad4975e1bc C:\WINDOWS\system32\wbem\wbemcore.dll
MD5: 62c4b597f01fa18ed0d08a09a8b59ed6 C:\WINDOWS\System32\wbem\wbemdisp.dll
MD5: 6708e1ddf12cab2d5b5a2b66b76e0038 C:\WINDOWS\System32\wbem\wbemess.dll
MD5: 80b1aa84cd23724c284ad5988f208eb3 C:\WINDOWS\System32\wbem\wmiprvsd.dll
MD5: 0a1161db4fccf7821736c70d70a0f5a3 C:\WINDOWS\System32\wbem\wmiutils.dll
MD5: 265f534ef76832435afbf771ec97176d c:\windows\system32\webclnt.dll
MD5: d7dcfb4d0c58ffb569de93e1681fd37a C:\WINDOWS\system32\WgaLogon.dll
MD5: b6763f8534ac547cf1af98afdff2edc8 c:\windows\system32\wiaservc.dll
MD5: a1c10f87248529173f39f4b4734df14b C:\WINDOWS\system32\win32spl.dll
MD5: 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\SYSTEM32\winlogon.exe
MD5: 90fdaa22f38d9e911f91fa3b8a1f7e5d C:\WINDOWS\System32\WINMM.dll
MD5: 2c8fdb176f22629ea5342db474fac391 C:\WINDOWS\System32\winrnr.dll
MD5: 7bcb23fa39ce266af4347a6beab60f8c C:\WINDOWS\system32\WINSCARD.DLL
MD5: 3d21b3be0c5768e76fd9780e9cf9e07c C:\WINDOWS\system32\winsrv.dll
MD5: 7bc4ba4c33adf3ef5cd370d99bc60b04 c:\windows\system32\WINSTA.dll
MD5: 10f36fa092d7a309a0647fcdc764ae6c C:\WINDOWS\system32\WLDAP32.dll
MD5: a599e5e366c1408e48aa5d37882d4e3e C:\WINDOWS\system32\WlNotify.dll
MD5: e8885a533a3d46209851433e3b9b3bc4 C:\WINDOWS\system32\wmploc.dll
MD5: 3b8cfda90efaa65901ecc2edcad4d1ef C:\WINDOWS\system32\wmpmde.dll
MD5: 5ccb54a9cf8fc5e3251374e0dc9c45bb C:\WINDOWS\system32\wmpps.dll
MD5: 49911dd39e023bb6c45e4e436cfbd297 C:\WINDOWS\SYSTEM32\wscntfy.exe
MD5: 4d59daa66c60858cdf4f67a900f42d4a c:\windows\system32\wscsvc.dll
MD5: 45a87dbbfb14ff12b81e166147799c81 C:\WINDOWS\system32\wshom.ocx
MD5: 310b84ed9452d97b408589ed28860902 C:\WINDOWS\system32\wsnmp32.dll
MD5: 9a9bbc71d0ebcd400a33abcd5f0ab39c c:\windows\system32\WZCSAPI.DLL
MD5: 5a91e6feab9f901302fa7ff768c0120f c:\windows\system32\wzcsvc.dll
MD5: edd916d97c229ed9f3ea037de9352635 C:\WINDOWS\System32\XPOB2RES.DLL
MD5: 1320aea7057a26a671d9548cc7bebda5 C:\WINDOWS\system32\xpsp2res.dll
MD5: c4e80875c1cf1222fc5efd0314ae5c01 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


No file uploaded.

Scan finished - communication took 4 sec
Total traffic - 0.01 MB sent, 1.65 KB recvd
Scanned 571 files and modules - 403 seconds

==============================================================================

What next?
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
ESET just found some adware and one of the malware that Combofix had removed.

Go back into regedit.

then right click on Uninstall and select Permissions.

Click Advanced, and then click the Owner tab.

Under Change owner to,
Select Administrators then click OK.

You should be back at the Permissions page. Click on Administrators then verify that Full Control is checked in the Allow column at the bottom. There should be a little box to check that says you want this to apply to the subkeys. You want that box checked.

See if you can now delete the mbam key
  • 0

#13
WalterH

WalterH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
was out of town, wont be able to try this til later today. Will update you on if there was any issues. Thanks.
  • 0

#14
WalterH

WalterH

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
was able to update the regedit by loggin in as the original user that installed it. Then went back as me and installed and updated MBAM... ran a scan and this is the log. Whats next?

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.28.04

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Walt Henry :: D842SQ31 [administrator]

5/28/2012 3:18:00 PM
mbam-log-2012-05-28 (15-18-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 251774
Time elapsed: 8 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
If there are no other problems then I think we are done.

You really ought to update to SP3:

Running SP2 you will get a lot more of these infections.

If this is an AMD CPU then you need to get KB953356:
http://www.microsoft...ang=en&id=23751
and install it first.


You should be offered the SP3 update from MS Updates but if not you can get it from:

http://technet.micro...indows/bb794714

We need to clean up System Restore.

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP