Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Win32.Generic!BT need help removing, IE redirects, weird fo

Started by ChrissyE. , May 04 2012 11:04 AM

  • This topic is locked This topic is locked

#1
ChrissyE.
Posted 04 May 2012 - 11:04 AM

ChrissyE.

    New Member

  • Member
  • Pip
  • 7 posts
Hey guys! I am heving a huge issue getting rid of this: Trojan.Win32.Generic!BT this pops up being blocked by VIPRE. I have run Superantispyware and Malwarebytes antimalware. Neither show anything. For instance as I was typing, this popped up: VIPRE notification: On File Access, a known bad file was blocked from opening, Program:TMP4C2.tmp(trojan) This happens all day. I was logging into school and a weird text (looked like formatting?) popped up. I can click to get rid of it. Can anyone help me get rid of this. After researching and attempting this alone, it has me worried and I don't want to screw up my PC. Any help would be much appreciated!!!! (I am great at follow instructions)
Below is the OTL log. Have a great weekend :)
Chrissy

OTL logfile created on: 5/4/2012 10:18:57 AM - Run 2
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 44.69% Memory free
3.81 Gb Paging File | 2.95 Gb Available in Paging File | 77.35% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 103.73 Gb Free Space | 69.64% Space Free | Partition Type: NTFS

Computer Name: DDWBDVK1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/03 09:10:46 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/05/01 10:48:04 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/02/14 17:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/01/19 17:31:46 | 003,050,352 | ---- | M] (GFI Software) -- C:\Program Files\GFI Software\VIPRE\SBAMTray.exe
PRC - [2012/01/19 17:12:10 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
PRC - [2012/01/19 17:11:20 | 000,173,424 | ---- | M] (GFI Software) -- C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
PRC - [2011/11/10 07:32:18 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/05/17 12:03:06 | 000,254,464 | ---- | M] (Ryan Conrad) -- C:\Program Files\Droid Explorer\DroidExplorer.Service.exe
PRC - [2009/05/05 10:57:16 | 000,068,888 | ---- | M] (AT&T) -- C:\Program Files\AT&T Global Network Client\NetLogSvc.exe
PRC - [2009/05/05 10:57:14 | 000,437,528 | ---- | M] (AT&T) -- C:\Program Files\AT&T Global Network Client\netcfgsvr.exe
PRC - [2009/05/05 10:57:10 | 000,336,152 | ---- | M] (AT&T) -- C:\Program Files\AT&T Global Network Client\NetClientSvc.exe
PRC - [2009/02/11 15:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 15:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/02/04 19:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/26 14:15:30 | 000,909,312 | ---- | M] (Realtek) -- C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/04 07:56:28 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/05/04 07:56:28 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/04/12 07:27:42 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e433394df8d44e43690a855e403555\System.ServiceProcess.ni.dll
MOD - [2012/04/11 23:11:44 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll
MOD - [2012/04/11 23:11:30 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll
MOD - [2012/02/22 06:48:34 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll
MOD - [2012/02/22 06:47:00 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/22 06:46:55 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/22 06:46:47 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Program Files\GFI Software\VIPRE\Definitions\libMachoUniv.dll
MOD - [2012/02/05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Program Files\GFI Software\VIPRE\Definitions\libBase64.dll
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/13 02:06:28 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2008/06/20 10:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 10:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/14 06:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 06:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/07/23 13:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
MOD - [2005/12/22 17:28:40 | 000,160,768 | ---- | M] () -- C:\Program Files\GFI Software\VIPRE\unrar.dll
MOD - [2003/02/25 17:19:56 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\OVT511Plus.dll -- (ZSMC211)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nv_agp.dll -- (zpcollector)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ilicensesvc.dll -- (win32sl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZSMC211.dll -- (vmparport)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CdaC15BA.dll -- (TNaviSrv)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxrsii1s.dll -- (smbusp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\delldmi.dll -- (RSAFAL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\clr_optimization_v2.0.50215_32.dll -- (pensup)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\db2licd.dll -- (NdisFilt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cmigameport.dll -- (mpfirewl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\agentsrv.dll -- (ikfileflt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\KR10I.dll -- (iAimFP7)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Dmdfl.dll -- (dpc_srv_webcast)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NWDHCP.dll -- (digictrl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\svchost.dll -- (bdfsfltr)
SRV - [2012/01/19 17:12:10 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012/01/19 17:11:20 | 000,173,424 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/05/17 12:03:06 | 000,254,464 | ---- | M] (Ryan Conrad) [Auto | Running] -- C:\Program Files\Droid Explorer\DroidExplorer.Service.exe -- (DroidExplorerService)
SRV - [2009/05/05 10:57:16 | 000,068,888 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Global Network Client\NetLogSvc.exe -- (NetLogSvc)
SRV - [2009/05/05 10:57:14 | 000,437,528 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Global Network Client\netcfgsvr.exe -- (netcfgsvr)
SRV - [2009/05/05 10:57:10 | 000,336,152 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Global Network Client\NetClientSvc.exe -- (NetClientSvc)
SRV - [2009/02/11 15:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/12/12 16:18:18 | 000,032,768 | ---- | M] (Inter-Tel (Delaware), Inc) [Disabled | Stopped] -- C:\Documents and Settings\Administrator\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe -- (LkWebLink)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/01/17 10:24:04 | 000,217,976 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (SbTis)
DRV - [2011/11/29 07:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/11/29 07:59:48 | 000,021,240 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2011/10/26 15:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/08 09:41:48 | 000,220,112 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/05/05 10:59:52 | 000,019,328 | R--- | M] (AT&T) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\agnwifi.sys -- (agnwifi)
DRV - [2009/05/05 10:59:28 | 000,011,392 | R--- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avpnnic.sys -- (avpnnic)
DRV - [2009/05/05 10:42:52 | 000,219,648 | ---- | M] (AT&T) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\agnfilt.sys -- (agnfilt)
DRV - [2008/08/18 16:21:20 | 000,110,080 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/08/18 16:20:06 | 004,752,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/12/03 09:13:48 | 000,011,264 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\diag69xp.sys -- (Diag69xp)
DRV - [2007/11/19 23:14:08 | 000,016,640 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
DRV - [2007/11/19 23:04:50 | 000,008,960 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt)
DRV - [2007/07/23 13:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 13:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 13:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 13:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 13:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 13:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 13:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 13:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 12:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 12:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 C7 C2 F2 81 CF CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - SOFTWARE\Classes\CLSID\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4A3FEB75-AC1B-490A-BC75-D79889C3C880}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/06 10:42:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/10 07:33:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/06 10:42:21 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\pdf.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\gears.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.2_0\

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyn0.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [8169Diag] C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe (Realtek)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\GFI Software\VIPRE\SBAMTray.exe (GFI Software)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [NetSP - restore settings on power failure] C:\Program Files\AT&T Global Network Client\NetSP.exe (AT&T)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {037790A6-1576-11D6-903D-00105AABADD3} https://limeportal.i...ls/sglw2hcm.ocx (BlueZone Web-to-Host Control Module v5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7626FDF9-97DB-4455-AFE1-1BA00A213FDC}: DhcpNameServer = 192.168.0.1 205.171.3.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 15:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/03 18:26:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\3521 Galapago Englewood CO
[2012/05/03 18:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\10600 W Weaver Dr Littleton Co
[2012/05/03 09:10:35 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/05/02 23:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\539 13th trail Cotopaxi CO
[2012/05/02 18:07:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012/05/02 06:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/05/02 06:46:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2012/05/01 21:31:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/05/01 21:30:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/05/01 21:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012/05/01 20:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2012/05/01 20:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/05/01 20:57:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/01 17:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\how-to-remove-heurtrojanwin32generic-which-kaspersky-is-unable-to-do_files
[2012/05/01 14:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2012/05/01 13:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/05/01 13:11:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8(2)
[2012/05/01 08:46:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2012/05/01 08:46:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/05/01 08:46:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox(2)
[2012/05/01 05:44:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/04/30 22:19:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/04/30 14:13:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/04/30 14:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/04/27 22:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Copy of 283 Brookside Dr Bailey CO IS training
[2012/04/25 02:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder(2)
[2012/04/25 02:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\6330 W 45th PL Wheat Ridge CO mowing spares 1
[2012/04/25 02:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder(3)
[2012/04/25 02:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder(4)
[2012/04/25 02:17:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder(5)
[2012/04/25 02:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder(6)
[2012/04/25 02:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\6142 Lincoln St Frederick CO mowing spare 2
[2012/04/25 02:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\6142 Lincoln St Frederick CO mowing spare 1
[2012/04/24 07:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder(7)
[2012/04/24 07:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder(8)
[2012/04/24 07:53:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder(9)
[2012/04/24 07:44:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder (3)(2)
[2012/04/24 07:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder (2)(2)
[2012/04/24 07:37:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder (3)
[2012/04/24 07:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder (2)
[2012/04/24 07:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder(10)
[2012/04/24 07:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder(11)
[2012/04/20 13:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2012/04/17 22:17:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2012/04/17 22:09:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Skype
[2012/04/17 22:09:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2012/04/15 00:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Lawsuit
[2012/04/14 23:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\FootHills Construction
[2012/04/12 18:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\WINDOWS
[2012/04/12 18:32:27 | 004,890,137 | ---- | C] (PKWARE, Inc.) -- C:\Documents and Settings\Administrator\Desktop\mederr.exe
[2012/04/12 18:29:47 | 000,000,000 | ---D | C] -- C:\Program Files\medware programs
[2012/04/10 18:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\MMAPA
[2012/04/05 21:44:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\Dropbox
[2012/04/05 21:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Dropbox
[2012/04/05 21:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Dropbox
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/04 10:25:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/04 09:49:02 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/04 09:31:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat
[2012/05/04 09:28:51 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4123500295-1941741378-996180815-500.job
[2012/05/04 09:28:51 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4123500295-1941741378-996180815-500.job
[2012/05/04 09:02:23 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2012/05/04 08:10:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/04 07:55:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/04 07:55:05 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/04 07:54:33 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/05/04 07:54:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/04 07:54:31 | 2110,767,104 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/03 09:10:46 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/05/02 06:46:34 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/01 17:02:29 | 000,071,178 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\how-to-remove-heurtrojanwin32generic-which-kaspersky-is-unable-to-do.htm
[2012/05/01 07:09:24 | 000,000,045 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\mbam.context.scan
[2012/04/23 02:00:48 | 000,000,564 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/20 13:58:32 | 000,001,917 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2012/04/17 18:40:25 | 000,001,054 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk
[2012/04/15 03:57:06 | 000,089,585 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\palliative care kit.jpg
[2012/04/12 18:32:36 | 004,890,137 | ---- | M] (PKWARE, Inc.) -- C:\Documents and Settings\Administrator\Desktop\mederr.exe
[2012/04/11 23:10:15 | 000,468,484 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/11 23:10:15 | 000,080,938 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/05 21:44:24 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Pauls Dropbox.lnk
[2012/04/04 17:33:58 | 000,037,216 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\chrissys info.rtf
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/04 09:31:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2012/05/04 07:54:33 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/05/02 06:46:34 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/01 21:24:36 | 2110,767,104 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/01 17:02:26 | 000,071,178 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\how-to-remove-heurtrojanwin32generic-which-kaspersky-is-unable-to-do.htm
[2012/05/01 07:09:10 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\mbam.context.scan
[2012/04/20 13:58:32 | 000,001,917 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2012/04/15 03:57:06 | 000,089,585 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\palliative care kit.jpg
[2012/04/05 21:44:24 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Pauls Dropbox.lnk
[2012/04/05 21:36:10 | 000,001,054 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/21 21:36:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/06/06 10:33:00 | 000,229,173 | ---- | C] () -- C:\WINDOWS\hpwins23.dat
[2011/06/06 10:33:00 | 000,002,075 | ---- | C] () -- C:\WINDOWS\hpwmdl23.dat
[2011/03/19 19:56:48 | 000,016,190 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8q1gjv45b1b2ny58w4voq16g4u2
[2011/03/19 19:56:48 | 000,016,190 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\8q1gjv45b1b2ny58w4voq16g4u2
[2010/12/29 09:15:11 | 000,217,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\sbtis.sys
[2010/12/28 17:11:36 | 000,518,472 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/17 19:37:53 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB35769$] -> -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Administrator\Desktop\HOSPICE SERVER.RDP:SummaryInformation

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 04 May 2012 - 01:19 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I can see the meanie, we will clear that first and then look at the residue

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
ChrissyE.
Posted 04 May 2012 - 04:18 PM

ChrissyE.

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hey! Thank you for replying so quickly! Here is the ComboFix log. The computer seems to be signifigantly faster and prior to running combofix the computer moniter went dim? But it was fine after I ran combofix. I just want to make sure this "meanie" as you call it is gone :) Thank you again!
Chrissy

ComboFix 12-05-04.03 - Administrator 05/04/2012 15:50:44.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1555 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: GFI Software VIPRE *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Adobe\plugs
c:\documents and settings\Administrator\Application Data\Adobe\shed
c:\documents and settings\Administrator\g2mdlhlpx.exe
c:\documents and settings\Administrator\My Documents\~WRL2174.tmp
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\AMMYY
c:\documents and settings\All Users\Application Data\AMMYY\hr
c:\documents and settings\All Users\Application Data\AMMYY\settings.bin
c:\program files\Object
c:\program files\Object\config.ini
c:\program files\Shared
c:\windows\$NtUninstallKB35769$\1135898719
c:\windows\$NtUninstallKB35769$\3413197000\@
c:\windows\$NtUninstallKB35769$\3413197000\cfg.ini
c:\windows\$NtUninstallKB35769$\3413197000\Desktop.ini
c:\windows\$NtUninstallKB35769$\3413197000\L\rohepcid
c:\windows\$NtUninstallKB35769$\3413197000\oemid
c:\windows\$NtUninstallKB35769$\3413197000\U\00000001.@
c:\windows\$NtUninstallKB35769$\3413197000\U\00000002.@
c:\windows\$NtUninstallKB35769$\3413197000\U\00000004.@
c:\windows\$NtUninstallKB35769$\3413197000\U\80000000.@
c:\windows\$NtUninstallKB35769$\3413197000\U\80000004.@
c:\windows\$NtUninstallKB35769$\3413197000\U\80000032.@
c:\windows\$NtUninstallKB35769$\3413197000\version
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\ndisfilt.dll
c:\windows\system32\SET1178.tmp
c:\windows\system32\SET1179.tmp
c:\windows\system32\SET117B.tmp
c:\windows\system32\SET117F.tmp
c:\windows\system32\SET1187.tmp
c:\windows\system32\Thumbs.db
c:\windows\$NtUninstallKB35769$ . . . . Failed to delete
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LPDSVC
-------\Service_LPDSVC
.
.
((((((((((((((((((((((((( Files Created from 2012-04-04 to 2012-05-04 )))))))))))))))))))))))))))))))
.
.
2012-05-02 12:46 . 2012-05-02 12:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERSetup
2012-05-02 03:33 . 2012-05-02 03:33 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-30 20:13 . 2012-04-30 20:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-04-18 04:17 . 2012-04-20 00:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\TeamViewer
2012-04-18 04:09 . 2012-05-03 00:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2012-04-18 04:09 . 2012-05-03 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2012-04-13 00:29 . 2012-04-13 00:29 -------- d-----w- c:\program files\medware programs
2012-04-06 03:35 . 2012-05-04 21:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 14:40 . 2011-09-18 02:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-25 16:16 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-25 16:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-25 16:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-25 16:16 385024 ------w- c:\windows\system32\html.iec
2012-02-07 17:02 . 2012-02-07 17:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"NetSP - restore settings on power failure"="c:\program files\AT&T Global Network Client\NetSP.exe" [2009-05-05 53528]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-01 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-18 16806912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040]
"8169Diag"="c:\program files\Realtek\Diagnostics Utility\8169Diag.exe" [2008-02-26 909312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-10 273528]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"SBAMTray"="c:\program files\GFI Software\VIPRE\SBAMTray.exe" [2012-01-19 3050352]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AT&T Global Network Client\\NetClient.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\BlueZone\\bzftp.pro"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [3/6/2012 6:58 PM 21240]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/26/2011 3:23 PM 101112]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [12/29/2010 9:15 AM 217976]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608]
R2 DroidExplorerService;DroidExplorer Service;c:\program files\Droid Explorer\DroidExplorer.Service.exe [5/17/2011 12:03 PM 254464]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [9/3/2009 5:31 AM 8960]
R2 NetClientSvc;AT&T Global Network Client Service;c:\program files\AT&T Global Network Client\NetClientSvc.exe [5/5/2009 10:57 AM 336152]
R2 NetLogSvc;AT&T Global Network Client Logging Service;c:\program files\AT&T Global Network Client\NetLogSvc.exe [5/5/2009 10:57 AM 68888]
R2 SBAMSvc;VIPRE Antivirus;c:\program files\GFI Software\VIPRE\SBAMSvc.exe [1/19/2012 5:12 PM 3289032]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [3/6/2012 6:58 PM 77816]
R2 SBPIMSvc;SB Recovery Service;c:\program files\GFI Software\VIPRE\SBPIMSvc.exe [1/19/2012 5:11 PM 173424]
R3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [9/3/2009 5:31 AM 11264]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [9/3/2009 9:16 AM 110080]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/30/2010 12:27 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/30/2010 12:27 PM 136176]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [9/3/2009 5:31 AM 16640]
S4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\documents and settings\Administrator\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe [12/12/2007 4:18 PM 32768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
win32sl
NdisFilt
vmparport
mpfirewl
iAimFP7
digictrl
TNaviSrv
RSAFAL
ccispwdsvc
VX1000
avgmfx86
odclientservice
sentinel
atirage3
sleepy
CAM1210
ati2mtaa
eelogsvc
us30sys
LPDSVC
w800mdm
ilicensesvc
pdlndtdl
axsaki
AsIO
pavdrv
tosporte
oracleorahomedatagatherer
elnkupdateservice
ehstart
screadspool
stylexpservice
ikfileflt
smbusp
pensup
bdfsfltr
dpc_srv_webcast
zpcollector
ZSMC211
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-30 18:27]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-30 18:27]
.
2012-04-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2012-05-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4123500295-1941741378-996180815-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 19:40]
.
2012-05-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4123500295-1941741378-996180815-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 19:40]
.
2012-05-04 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
DPF: {037790A6-1576-11D6-903D-00105AABADD3} - hxxps://limeportal.ivans.com/controls/sglw2hcm.ocx
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\Zynga\tbZyn0.dll
BHO-{7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\Zynga\tbZyn0.dll
Toolbar-{7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\Zynga\tbZyn0.dll
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - c:\program files\Zynga\tbZyn0.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-04 16:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4123500295-1941741378-996180815-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,eb,b3,ea,c8,36,e3,49,a2,c7,39,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,eb,b3,ea,c8,36,e3,49,a2,c7,39,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,89,7f,f7,57,09,d7,a8,45,8a,e8,b1,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(988)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2916)
c:\windows\system32\WININET.dll
c:\program files\GFI Software\VIPRE\oehook.dll
c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AT&T Global Network Client\netcfgsvr.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2012-05-04 16:10:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-04 22:09
.
Pre-Run: 110,853,910,528 bytes free
Post-Run: 111,693,115,392 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 6652CB128A08D8E018E2DEDC50EE2D25
  • 0

#4
Essexboy
Posted 04 May 2012 - 04:22 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Aye we maramlised the big bad boy, now it is time to look for any hangers on. To this end we will get a fresh OTL scan. There will be just one log this time

  • Double click OTL. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    i8042prt.*
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#5
ChrissyE.
Posted 04 May 2012 - 04:46 PM

ChrissyE.

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
You are AWESOME!!! :) When the scan completed only one window popped up. There is a saved Extra icon on my desktop however the log that it includes is from yesterday 5/3/12??? So I will include both. Sorry if I misunderstood something...
Chrissy

OTL logfile created on: 5/4/2012 4:28:02 PM - Run 3
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 70.31% Memory free
3.81 Gb Paging File | 3.27 Gb Available in Paging File | 85.86% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 104.06 Gb Free Space | 69.86% Space Free | Partition Type: NTFS

Computer Name: DDWBDVK1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/03 09:10:46 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/05/01 10:48:04 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/02/14 17:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/01/19 17:31:46 | 003,050,352 | ---- | M] (GFI Software) -- C:\Program Files\GFI Software\VIPRE\SBAMTray.exe
PRC - [2012/01/19 17:12:10 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
PRC - [2012/01/19 17:11:20 | 000,173,424 | ---- | M] (GFI Software) -- C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
PRC - [2011/11/10 07:32:18 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/05/17 12:03:06 | 000,254,464 | ---- | M] (Ryan Conrad) -- C:\Program Files\Droid Explorer\DroidExplorer.Service.exe
PRC - [2009/05/05 10:57:16 | 000,068,888 | ---- | M] (AT&T) -- C:\Program Files\AT&T Global Network Client\NetLogSvc.exe
PRC - [2009/05/05 10:57:14 | 000,437,528 | ---- | M] (AT&T) -- C:\Program Files\AT&T Global Network Client\netcfgsvr.exe
PRC - [2009/05/05 10:57:10 | 000,336,152 | ---- | M] (AT&T) -- C:\Program Files\AT&T Global Network Client\NetClientSvc.exe
PRC - [2009/02/11 15:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 15:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/02/04 19:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/26 14:15:30 | 000,909,312 | ---- | M] (Realtek) -- C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/04 16:06:11 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/05/04 16:06:10 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/04/12 07:27:42 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e433394df8d44e43690a855e403555\System.ServiceProcess.ni.dll
MOD - [2012/04/11 23:11:44 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll
MOD - [2012/04/11 23:11:30 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll
MOD - [2012/02/22 06:48:34 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll
MOD - [2012/02/22 06:47:00 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/22 06:46:55 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/22 06:46:47 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Program Files\GFI Software\VIPRE\Definitions\libMachoUniv.dll
MOD - [2012/02/05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Program Files\GFI Software\VIPRE\Definitions\libBase64.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/13 02:06:28 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2007/07/23 13:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
MOD - [2005/12/22 17:28:40 | 000,160,768 | ---- | M] () -- C:\Program Files\GFI Software\VIPRE\unrar.dll
MOD - [2003/02/25 17:19:56 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\OVT511Plus.dll -- (ZSMC211)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nv_agp.dll -- (zpcollector)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ilicensesvc.dll -- (win32sl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cdaudio.dll -- (w800mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Wbutton.dll -- (VX1000)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZSMC211.dll -- (vmparport)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sfman.dll -- (us30sys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aec.dll -- (tosporte)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CdaC15BA.dll -- (TNaviSrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\psdistributionagent.dll -- (stylexpservice)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxrsii1s.dll -- (smbusp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sscdmdfl.dll -- (sleepy)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ar5211.dll -- (sentinel)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\delldmi.dll -- (RSAFAL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\clr_optimization_v2.0.50215_32.dll -- (pensup)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WmaCDriverV32.dll -- (pdlndtdl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symlcbrd.dll -- (pavdrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zpsc.dll -- (oracleorahomedatagatherer)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\teefer2.dll -- (odclientservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\db2licd.dll -- (NdisFilt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cmigameport.dll -- (mpfirewl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AmdLLD.dll -- (ilicensesvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\agentsrv.dll -- (ikfileflt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\KR10I.dll -- (iAimFP7)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aaksrv.dll -- (elnkupdateservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ATKGFNEXSrv.dll -- (ehstart)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlbx_device.dll -- (eelogsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Dmdfl.dll -- (dpc_srv_webcast)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NWDHCP.dll -- (digictrl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mpfservice.dll -- (ccispwdsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ipodservice.dll -- (CAM1210)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\svchost.dll -- (bdfsfltr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RMSvc.dll -- (axsaki)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndasscsi.dll -- (avgmfx86)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HWIONT.dll -- (atirage3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\shuttleengine.dll -- (ati2mtaa)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupclientsvc.dll -- (AsIO)
SRV - [2012/01/19 17:12:10 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012/01/19 17:11:20 | 000,173,424 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/05/17 12:03:06 | 000,254,464 | ---- | M] (Ryan Conrad) [Auto | Running] -- C:\Program Files\Droid Explorer\DroidExplorer.Service.exe -- (DroidExplorerService)
SRV - [2009/05/05 10:57:16 | 000,068,888 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Global Network Client\NetLogSvc.exe -- (NetLogSvc)
SRV - [2009/05/05 10:57:14 | 000,437,528 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Global Network Client\netcfgsvr.exe -- (netcfgsvr)
SRV - [2009/05/05 10:57:10 | 000,336,152 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Global Network Client\NetClientSvc.exe -- (NetClientSvc)
SRV - [2009/02/11 15:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/04/14 06:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\simptcp.dll -- (screadspool)
SRV - [2007/12/12 16:18:18 | 000,032,768 | ---- | M] (Inter-Tel (Delaware), Inc) [Disabled | Stopped] -- C:\Documents and Settings\Administrator\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe -- (LkWebLink)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/01/17 10:24:04 | 000,217,976 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (SbTis)
DRV - [2011/11/29 07:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/11/29 07:59:48 | 000,021,240 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2011/10/26 15:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/08 09:41:48 | 000,220,112 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/05/05 10:59:52 | 000,019,328 | R--- | M] (AT&T) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\agnwifi.sys -- (agnwifi)
DRV - [2009/05/05 10:59:28 | 000,011,392 | R--- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avpnnic.sys -- (avpnnic)
DRV - [2009/05/05 10:42:52 | 000,219,648 | ---- | M] (AT&T) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\agnfilt.sys -- (agnfilt)
DRV - [2008/08/18 16:21:20 | 000,110,080 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/08/18 16:20:06 | 004,752,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/12/03 09:13:48 | 000,011,264 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\diag69xp.sys -- (Diag69xp)
DRV - [2007/11/19 23:14:08 | 000,016,640 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
DRV - [2007/11/19 23:04:50 | 000,008,960 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt)
DRV - [2007/07/23 13:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 13:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 13:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 13:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 13:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 13:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 13:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 13:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 12:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 12:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 C7 C2 F2 81 CF CA 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4A3FEB75-AC1B-490A-BC75-D79889C3C880}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/06 10:42:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/10 07:33:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/06 10:42:21 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\pdf.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\gears.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.2_0\

O1 HOSTS File: ([2012/05/04 16:05:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [8169Diag] C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe (Realtek)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\GFI Software\VIPRE\SBAMTray.exe (GFI Software)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [NetSP - restore settings on power failure] C:\Program Files\AT&T Global Network Client\NetSP.exe (AT&T)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {037790A6-1576-11D6-903D-00105AABADD3} https://limeportal.i...ls/sglw2hcm.ocx (BlueZone Web-to-Host Control Module v5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7626FDF9-97DB-4455-AFE1-1BA00A213FDC}: DhcpNameServer = 192.168.0.1 205.171.3.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 15:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: win32sl - %systemroot%\system32\ilicensesvc.dll File not found
NetSvcs: NdisFilt - %systemroot%\system32\db2licd.dll File not found
NetSvcs: vmparport - %systemroot%\system32\ZSMC211.dll File not found
NetSvcs: mpfirewl - %systemroot%\system32\cmigameport.dll File not found
NetSvcs: iAimFP7 - %systemroot%\system32\KR10I.dll File not found
NetSvcs: digictrl - %systemroot%\system32\NWDHCP.dll File not found
NetSvcs: TNaviSrv - %systemroot%\system32\CdaC15BA.dll File not found
NetSvcs: RSAFAL - %systemroot%\system32\delldmi.dll File not found
NetSvcs: ccispwdsvc - %systemroot%\system32\mpfservice.dll File not found
NetSvcs: VX1000 - %systemroot%\system32\Wbutton.dll File not found
NetSvcs: avgmfx86 - %systemroot%\system32\ndasscsi.dll File not found
NetSvcs: odclientservice - %systemroot%\system32\teefer2.dll File not found
NetSvcs: sentinel - %systemroot%\system32\ar5211.dll File not found
NetSvcs: atirage3 - %systemroot%\system32\HWIONT.dll File not found
NetSvcs: sleepy - %systemroot%\system32\sscdmdfl.dll File not found
NetSvcs: CAM1210 - %systemroot%\system32\ipodservice.dll File not found
NetSvcs: ati2mtaa - %systemroot%\system32\shuttleengine.dll File not found
NetSvcs: eelogsvc - %systemroot%\system32\dlbx_device.dll File not found
NetSvcs: us30sys - %systemroot%\system32\sfman.dll File not found
NetSvcs: LPDSVC - File not found
NetSvcs: w800mdm - %systemroot%\system32\cdaudio.dll File not found
NetSvcs: ilicensesvc - %systemroot%\system32\AmdLLD.dll File not found
NetSvcs: pdlndtdl - %systemroot%\system32\WmaCDriverV32.dll File not found
NetSvcs: axsaki - %systemroot%\system32\RMSvc.dll File not found
NetSvcs: AsIO - %systemroot%\system32\backupclientsvc.dll File not found
NetSvcs: pavdrv - %systemroot%\system32\symlcbrd.dll File not found
NetSvcs: tosporte - %systemroot%\system32\aec.dll File not found
NetSvcs: oracleorahomedatagatherer - %systemroot%\system32\zpsc.dll File not found
NetSvcs: elnkupdateservice - %systemroot%\system32\aaksrv.dll File not found
NetSvcs: ehstart - %systemroot%\system32\ATKGFNEXSrv.dll File not found
NetSvcs: screadspool - C:\WINDOWS\system32\simptcp.dll (Microsoft Corporation)
NetSvcs: stylexpservice - %systemroot%\system32\psdistributionagent.dll File not found
NetSvcs: ikfileflt - %systemroot%\system32\agentsrv.dll File not found
NetSvcs: smbusp - %systemroot%\system32\lxrsii1s.dll File not found
NetSvcs: pensup - %systemroot%\system32\clr_optimization_v2.0.50215_32.dll File not found
NetSvcs: bdfsfltr - %systemroot%\system32\svchost.dll File not found
NetSvcs: dpc_srv_webcast - %systemroot%\system32\SE2Dmdfl.dll File not found
NetSvcs: zpcollector - %systemroot%\system32\nv_agp.dll File not found
NetSvcs: ZSMC211 - %systemroot%\system32\OVT511Plus.dll File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1056

========== Files/Folders - Created Within 30 Days ==========

[2012/05/04 15:41:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/05/04 15:34:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/04 15:34:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/04 15:34:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/04 15:34:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/04 15:34:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/05/04 15:34:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/04 15:34:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2012/05/04 15:28:20 | 004,484,016 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/05/04 10:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2012/05/03 18:26:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\3521 Galapago Englewood CO
[2012/05/03 18:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\10600 W Weaver Dr Littleton Co
[2012/05/03 09:10:35 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/05/02 23:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\539 13th trail Cotopaxi CO
[2012/05/02 18:07:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012/05/02 06:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/05/02 06:46:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2012/05/01 21:31:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/05/01 21:30:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/05/01 21:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012/05/01 20:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2012/05/01 20:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/05/01 20:57:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/01 17:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\how-to-remove-heurtrojanwin32generic-which-kaspersky-is-unable-to-do_files
[2012/05/01 14:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2012/05/01 13:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/05/01 13:11:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8(2)
[2012/05/01 08:46:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2012/05/01 08:46:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/05/01 08:46:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox(2)
[2012/05/01 05:44:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/04/30 22:19:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/04/30 14:13:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/04/30 14:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/04/27 22:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Copy of 283 Brookside Dr Bailey CO IS training
[2012/04/25 02:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder(2)
[2012/04/25 02:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\6330 W 45th PL Wheat Ridge CO mowing spares 1
[2012/04/25 02:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder(3)
[2012/04/25 02:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder(4)
[2012/04/25 02:17:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder(5)
[2012/04/25 02:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder(6)
[2012/04/25 02:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\6142 Lincoln St Frederick CO mowing spare 2
[2012/04/25 02:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\6142 Lincoln St Frederick CO mowing spare 1
[2012/04/24 07:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder(7)
[2012/04/24 07:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder(8)
[2012/04/24 07:53:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder(9)
[2012/04/24 07:44:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder (3)(2)
[2012/04/24 07:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder (2)(2)
[2012/04/24 07:37:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder (3)
[2012/04/24 07:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder (2)
[2012/04/24 07:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder(10)
[2012/04/24 07:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder(11)
[2012/04/20 13:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2012/04/17 22:17:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2012/04/17 22:09:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Skype
[2012/04/17 22:09:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2012/04/15 00:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Lawsuit
[2012/04/14 23:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\FootHills Construction
[2012/04/12 18:32:27 | 004,890,137 | ---- | C] (PKWARE, Inc.) -- C:\Documents and Settings\Administrator\Desktop\mederr.exe
[2012/04/12 18:29:47 | 000,000,000 | ---D | C] -- C:\Program Files\medware programs
[2012/04/10 18:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\MMAPA
[2012/04/05 21:44:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\Dropbox
[2012/04/05 21:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Dropbox
[2012/04/05 21:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Dropbox
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/04 16:27:40 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4123500295-1941741378-996180815-500.job
[2012/05/04 16:27:40 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4123500295-1941741378-996180815-500.job
[2012/05/04 16:05:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/04 16:05:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/04 16:05:18 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/04 16:04:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/04 16:04:27 | 2110,767,104 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/04 15:43:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/04 15:41:24 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/05/04 15:28:28 | 004,484,016 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/05/04 14:49:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/04 09:02:23 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2012/05/04 08:10:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/03 09:10:46 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/05/02 06:46:34 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/01 17:02:29 | 000,071,178 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\how-to-remove-heurtrojanwin32generic-which-kaspersky-is-unable-to-do.htm
[2012/05/01 07:09:24 | 000,000,045 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\mbam.context.scan
[2012/04/23 02:00:48 | 000,000,564 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/20 13:58:32 | 000,001,917 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2012/04/17 18:40:25 | 000,001,054 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk
[2012/04/15 03:57:06 | 000,089,585 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\palliative care kit.jpg
[2012/04/12 18:32:36 | 004,890,137 | ---- | M] (PKWARE, Inc.) -- C:\Documents and Settings\Administrator\Desktop\mederr.exe
[2012/04/11 23:10:15 | 000,468,484 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/11 23:10:15 | 000,080,938 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/05 21:44:24 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Pauls Dropbox.lnk
[2012/04/04 17:33:58 | 000,037,216 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\chrissys info.rtf
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/04 15:41:24 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/05/04 15:41:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/05/04 15:34:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/04 15:34:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/04 15:34:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/04 15:34:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/04 15:34:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/02 06:46:34 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/01 21:24:36 | 2110,767,104 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/01 17:02:26 | 000,071,178 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\how-to-remove-heurtrojanwin32generic-which-kaspersky-is-unable-to-do.htm
[2012/05/01 07:09:10 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\mbam.context.scan
[2012/04/20 13:58:32 | 000,001,917 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2012/04/15 03:57:06 | 000,089,585 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\palliative care kit.jpg
[2012/04/05 21:44:24 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Pauls Dropbox.lnk
[2012/04/05 21:36:10 | 000,001,054 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/21 21:36:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/06/06 10:33:00 | 000,229,173 | ---- | C] () -- C:\WINDOWS\hpwins23.dat
[2011/06/06 10:33:00 | 000,002,075 | ---- | C] () -- C:\WINDOWS\hpwmdl23.dat
[2011/03/19 19:56:48 | 000,016,190 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8q1gjv45b1b2ny58w4voq16g4u2
[2011/03/19 19:56:48 | 000,016,190 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\8q1gjv45b1b2ny58w4voq16g4u2
[2010/12/29 09:15:11 | 000,217,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\sbtis.sys
[2010/12/28 17:11:36 | 000,518,472 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/17 19:37:53 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/01/25 13:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BlueZone
[2011/01/26 13:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BlueZone Web
[2011/01/03 13:02:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Cache
[2010/03/17 08:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/30 12:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DroidExplorer
[2012/05/04 16:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dropbox
[2011/11/15 11:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GFI Software
[2010/12/15 10:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PCDr
[2012/04/19 18:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2009/09/03 05:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2009/11/23 13:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2009/10/12 13:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AGNS
[2012/03/06 18:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011/11/15 11:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GFI Software
[2010/12/15 11:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/05/02 06:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2009/09/03 05:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/04/20 11:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/27 16:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/04/23 02:00:48 | 000,000,564 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/05/04 09:02:23 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

< MD5 for: I8042PRT.SY_ >
[2008/04/14 06:00:00 | 000,026,045 | ---- | M] () MD5=154711EFD90752614F99C49A17B4F821 -- C:\I386\I8042PRT.SY_
[2008/04/14 03:00:00 | 000,026,045 | ---- | M] () MD5=154711EFD90752614F99C49A17B4F821 -- C:\Program Files\Dell\DBRM\osmedia\I386\I8042PRT.SY_
[2004/08/03 23:14:38 | 000,026,025 | ---- | M] () MD5=819D427AB9DBE6AC2960A585087CB766 -- C:\cmdcons\I8042PRT.SY_

< MD5 for: SVCHOST.EXE >
[2008/04/14 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 06:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 06:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 06:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 06:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Administrator\Desktop\HOSPICE SERVER.RDP:SummaryInformation

< End of report >

OTL Extras logfile created on: 5/3/2012 9:11:51 AM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 45.33% Memory free
3.81 Gb Paging File | 2.95 Gb Available in Paging File | 77.42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 103.78 Gb Free Space | 69.67% Space Free | Partition Type: NTFS

Computer Name: DDWBDVK1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AT&T Global Network Client\NetClient.exe" = C:\Program Files\AT&T Global Network Client\NetClient.exe:*:Enabled:AT&T Global Network Client -- (AT&T)
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\Administrator\Application Data\BlueZone\bzftp.pro" = C:\Documents and Settings\Administrator\Application Data\BlueZone\bzftp.pro:*:Enabled:BlueZone FTP -- (Rocket Software, Inc. )
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{0dff3440-a901-11dc-8314-0800200c9a66}" = Inter-Tel Collaboration Client 2.0
"{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FD9325C-04E3-4914-AACE-0BD4E2AFEED0}" = Easy Phone Tunes
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BE02281-FCCF-44BB-8413-AC4A633059EB}" = BPDSoftware
"{433657FC-710A-4A06-85FD-709C3F98D3DB}" = IVANS Remote Access
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{58D79E62-CFC8-4331-8469-3A1B16E1769C}" = HP Officejet 6500 E709 Series
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{68654483-9629-4CF5-88FF-9FB70B3BECDE}" = ProductContext
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{88253B77-33C9-4A9D-9E4C-4579E39D9158}" = Diagnostics Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99F67894-9486-413F-94E1-8B12B1606EAB}" = BPDSoftware_Ini
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A575685D-B473-43C8-8644-196A2642A832}" = VIPRE Antivirus
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA787E05-E835-4812-AA3D-4048C8A46587}" = 6500_E709_eDocs
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AE60F600-FD60-40C4-A990-72F9BFEE475C}" = Dell Backup and Recovery Manager
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BB558CDC-C7BE-44D0-9260-B810D66702C4}" = 6500_E709n
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" = VIPRE Antivirus
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22E395E-F463-4F0A-8946-4D91914BD46D}" = Droid Explorer 0.8.8.2 (x86)
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F53B432E-BD19-4400-BFA0-2BBD16410F8F}" = 6500_E709_Help
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Support Center" = Dell Support Center
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"RealPlayer 12.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/30/2012 11:14:57 PM | Computer Name = DDWBDVK1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 4/30/2012 11:14:57 PM | Computer Name = DDWBDVK1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 4/30/2012 11:14:57 PM | Computer Name = DDWBDVK1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 4/30/2012 11:16:39 PM | Computer Name = DDWBDVK1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 4/30/2012 11:16:39 PM | Computer Name = DDWBDVK1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 4/30/2012 11:16:39 PM | Computer Name = DDWBDVK1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 4/30/2012 11:16:39 PM | Computer Name = DDWBDVK1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 4/30/2012 11:16:39 PM | Computer Name = DDWBDVK1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 5/1/2012 1:52:53 PM | Computer Name = DDWBDVK1 | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.60.0.80, faulting module
ntdll.dll, version 5.1.2600.6055, fault address 0x00036822.

Error - 5/2/2012 5:40:21 PM | Computer Name = DDWBDVK1 | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 10.1.2.45, faulting module
acrord32.dll, version 10.1.2.45, fault address 0x0045896f.

[ OSession Events ]
Error - 4/28/2011 4:22:44 PM | Computer Name = DDWBDVK1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 256706
seconds with 15240 seconds of active time. This session ended with a crash.

Error - 9/8/2011 12:04:48 PM | Computer Name = DDWBDVK1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 63281
seconds with 360 seconds of active time. This session ended with a crash.

Error - 1/6/2012 12:08:25 PM | Computer Name = DDWBDVK1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 160
seconds with 120 seconds of active time. This session ended with a crash.

Error - 1/20/2012 12:40:37 AM | Computer Name = DDWBDVK1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1094
seconds with 780 seconds of active time. This session ended with a crash.

Error - 2/26/2012 3:07:16 PM | Computer Name = DDWBDVK1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 90742
seconds with 2100 seconds of active time. This session ended with a crash.

Error - 2/26/2012 3:26:53 PM | Computer Name = DDWBDVK1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1130
seconds with 600 seconds of active time. This session ended with a crash.

Error - 2/26/2012 4:12:47 PM | Computer Name = DDWBDVK1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2690
seconds with 1260 seconds of active time. This session ended with a crash.

Error - 2/26/2012 4:27:55 PM | Computer Name = DDWBDVK1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 877
seconds with 420 seconds of active time. This session ended with a crash.

Error - 4/12/2012 8:07:47 PM | Computer Name = DDWBDVK1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3467
seconds with 2160 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/2/2012 8:19:40 AM | Computer Name = DDWBDVK1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 5/2/2012 9:28:58 AM | Computer Name = DDWBDVK1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 5/2/2012 11:13:47 AM | Computer Name = DDWBDVK1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 5/2/2012 4:06:19 PM | Computer Name = DDWBDVK1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 5/2/2012 4:51:48 PM | Computer Name = DDWBDVK1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 5/2/2012 11:25:47 PM | Computer Name = DDWBDVK1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 5/3/2012 9:52:47 AM | Computer Name = DDWBDVK1 | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 5/3/2012 10:24:36 AM | Computer Name = DDWBDVK1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 5/3/2012 10:25:48 AM | Computer Name = DDWBDVK1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 5/3/2012 10:25:57 AM | Computer Name = DDWBDVK1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >
  • 0

#6
Essexboy
Posted 05 May 2012 - 05:33 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets now replace the missing file and remove the hangers on... Once done could you let me know how the computer is behaving

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    [2011/03/19 19:56:48 | 000,016,190 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8q1gjv45b1b2ny58w4voq16g4u2
    [2011/03/19 19:56:48 | 000,016,190 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\8q1gjv45b1b2ny58w4voq16g4u2

    :Files
    ipconfig /flushdns /c
    C:\I386\I8042PRT.SY_ /E
    c:\windows\system32\drivers\i8042prt.sys|C:\I8042PRT.SYS /replace

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#7
ChrissyE.
Posted 05 May 2012 - 01:44 PM

ChrissyE.

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Good afternoon :) Computer seems to be acting fine...I have absolutely no complaints or concerns :) Thank you again!!! I included the OTL log.
Chrissy

OTL logfile created on: 5/5/2012 1:35:09 PM - Run 4
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 63.03% Memory free
3.81 Gb Paging File | 3.24 Gb Available in Paging File | 85.05% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 104.06 Gb Free Space | 69.86% Space Free | Partition Type: NTFS

Computer Name: DDWBDVK1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/03 09:10:46 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/05/01 10:48:04 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/04/03 23:53:56 | 000,035,736 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
PRC - [2012/02/14 17:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/01/19 17:31:46 | 003,050,352 | ---- | M] (GFI Software) -- C:\Program Files\GFI Software\VIPRE\SBAMTray.exe
PRC - [2012/01/19 17:12:10 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
PRC - [2012/01/19 17:11:20 | 000,173,424 | ---- | M] (GFI Software) -- C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
PRC - [2011/11/10 07:32:18 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/05/17 12:03:06 | 000,254,464 | ---- | M] (Ryan Conrad) -- C:\Program Files\Droid Explorer\DroidExplorer.Service.exe
PRC - [2009/05/05 10:57:16 | 000,068,888 | ---- | M] (AT&T) -- C:\Program Files\AT&T Global Network Client\NetLogSvc.exe
PRC - [2009/05/05 10:57:14 | 000,437,528 | ---- | M] (AT&T) -- C:\Program Files\AT&T Global Network Client\netcfgsvr.exe
PRC - [2009/05/05 10:57:10 | 000,336,152 | ---- | M] (AT&T) -- C:\Program Files\AT&T Global Network Client\NetClientSvc.exe
PRC - [2009/02/11 15:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 15:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/02/04 19:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/26 14:15:30 | 000,909,312 | ---- | M] (Realtek) -- C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/05 13:34:44 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/05/05 13:34:44 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/04/12 07:27:42 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e433394df8d44e43690a855e403555\System.ServiceProcess.ni.dll
MOD - [2012/04/11 23:11:44 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll
MOD - [2012/04/11 23:11:30 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll
MOD - [2012/02/22 06:48:34 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll
MOD - [2012/02/22 06:47:00 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/22 06:46:55 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/22 06:46:47 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Program Files\GFI Software\VIPRE\Definitions\libMachoUniv.dll
MOD - [2012/02/05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Program Files\GFI Software\VIPRE\Definitions\libBase64.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/13 02:06:28 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2005/12/22 17:28:40 | 000,160,768 | ---- | M] () -- C:\Program Files\GFI Software\VIPRE\unrar.dll
MOD - [2003/02/25 17:19:56 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\OVT511Plus.dll -- (ZSMC211)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nv_agp.dll -- (zpcollector)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ilicensesvc.dll -- (win32sl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cdaudio.dll -- (w800mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Wbutton.dll -- (VX1000)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZSMC211.dll -- (vmparport)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sfman.dll -- (us30sys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aec.dll -- (tosporte)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CdaC15BA.dll -- (TNaviSrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\psdistributionagent.dll -- (stylexpservice)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxrsii1s.dll -- (smbusp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sscdmdfl.dll -- (sleepy)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ar5211.dll -- (sentinel)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\delldmi.dll -- (RSAFAL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\clr_optimization_v2.0.50215_32.dll -- (pensup)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WmaCDriverV32.dll -- (pdlndtdl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symlcbrd.dll -- (pavdrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zpsc.dll -- (oracleorahomedatagatherer)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\teefer2.dll -- (odclientservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\db2licd.dll -- (NdisFilt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cmigameport.dll -- (mpfirewl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AmdLLD.dll -- (ilicensesvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\agentsrv.dll -- (ikfileflt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\KR10I.dll -- (iAimFP7)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aaksrv.dll -- (elnkupdateservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ATKGFNEXSrv.dll -- (ehstart)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlbx_device.dll -- (eelogsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Dmdfl.dll -- (dpc_srv_webcast)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NWDHCP.dll -- (digictrl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mpfservice.dll -- (ccispwdsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ipodservice.dll -- (CAM1210)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\svchost.dll -- (bdfsfltr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RMSvc.dll -- (axsaki)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndasscsi.dll -- (avgmfx86)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HWIONT.dll -- (atirage3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\shuttleengine.dll -- (ati2mtaa)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupclientsvc.dll -- (AsIO)
SRV - [2012/01/19 17:12:10 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012/01/19 17:11:20 | 000,173,424 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/05/17 12:03:06 | 000,254,464 | ---- | M] (Ryan Conrad) [Auto | Running] -- C:\Program Files\Droid Explorer\DroidExplorer.Service.exe -- (DroidExplorerService)
SRV - [2009/05/05 10:57:16 | 000,068,888 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Global Network Client\NetLogSvc.exe -- (NetLogSvc)
SRV - [2009/05/05 10:57:14 | 000,437,528 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Global Network Client\netcfgsvr.exe -- (netcfgsvr)
SRV - [2009/05/05 10:57:10 | 000,336,152 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Global Network Client\NetClientSvc.exe -- (NetClientSvc)
SRV - [2009/02/11 15:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/04/14 06:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\simptcp.dll -- (screadspool)
SRV - [2007/12/12 16:18:18 | 000,032,768 | ---- | M] (Inter-Tel (Delaware), Inc) [Disabled | Stopped] -- C:\Documents and Settings\Administrator\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe -- (LkWebLink)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/01/17 10:24:04 | 000,217,976 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (SbTis)
DRV - [2011/11/29 07:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/11/29 07:59:48 | 000,021,240 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2011/10/26 15:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/08 09:41:48 | 000,220,112 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/05/05 10:59:52 | 000,019,328 | R--- | M] (AT&T) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\agnwifi.sys -- (agnwifi)
DRV - [2009/05/05 10:59:28 | 000,011,392 | R--- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avpnnic.sys -- (avpnnic)
DRV - [2009/05/05 10:42:52 | 000,219,648 | ---- | M] (AT&T) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\agnfilt.sys -- (agnfilt)
DRV - [2008/08/18 16:21:20 | 000,110,080 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/08/18 16:20:06 | 004,752,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/12/03 09:13:48 | 000,011,264 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\diag69xp.sys -- (Diag69xp)
DRV - [2007/11/19 23:14:08 | 000,016,640 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
DRV - [2007/11/19 23:04:50 | 000,008,960 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt)
DRV - [2007/07/23 13:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 13:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 13:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 13:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 13:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 13:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 13:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 13:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 12:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 12:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 C7 C2 F2 81 CF CA 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4A3FEB75-AC1B-490A-BC75-D79889C3C880}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/06 10:42:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/10 07:33:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/06 10:42:21 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\pdf.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\gears.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.2_0\

O1 HOSTS File: ([2012/05/05 13:29:18 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [8169Diag] C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe (Realtek)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\GFI Software\VIPRE\SBAMTray.exe (GFI Software)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [NetSP - restore settings on power failure] C:\Program Files\AT&T Global Network Client\NetSP.exe (AT&T)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {037790A6-1576-11D6-903D-00105AABADD3} https://limeportal.i...ls/sglw2hcm.ocx (BlueZone Web-to-Host Control Module v5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7626FDF9-97DB-4455-AFE1-1BA00A213FDC}: DhcpNameServer = 192.168.0.1 205.171.3.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 15:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/05 13:29:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/04 21:18:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/04 15:41:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/05/04 15:34:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/04 15:34:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/04 15:34:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/04 15:34:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/04 15:34:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/05/04 15:34:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/04 15:34:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2012/05/04 15:28:20 | 004,484,016 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/05/04 10:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2012/05/03 09:10:35 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/05/02 18:07:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012/05/02 06:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/05/02 06:46:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2012/05/01 21:31:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/05/01 21:30:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/05/01 21:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012/05/01 20:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2012/05/01 20:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/05/01 20:57:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/01 17:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\how-to-remove-heurtrojanwin32generic-which-kaspersky-is-unable-to-do_files
[2012/05/01 14:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2012/05/01 13:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/05/01 13:11:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8(2)
[2012/05/01 08:46:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2012/05/01 08:46:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/05/01 08:46:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox(2)
[2012/05/01 05:44:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/04/30 22:19:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/04/30 14:13:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/04/30 14:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/04/24 07:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder(7)
[2012/04/20 13:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2012/04/18 18:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\7651 Berwick Ct Boulder CO spare mow 1
[2012/04/17 22:17:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2012/04/17 22:09:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Skype
[2012/04/17 22:09:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2012/04/15 00:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Lawsuit
[2012/04/14 23:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\FootHills Construction
[2012/04/12 18:32:27 | 004,890,137 | ---- | C] (PKWARE, Inc.) -- C:\Documents and Settings\Administrator\Desktop\mederr.exe
[2012/04/12 18:29:47 | 000,000,000 | ---D | C] -- C:\Program Files\medware programs
[2012/04/10 18:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\MMAPA
[2012/04/05 21:44:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\Dropbox
[2012/04/05 21:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Dropbox
[2012/04/05 21:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Dropbox

========== Files - Modified Within 30 Days ==========

[2012/05/05 13:34:01 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4123500295-1941741378-996180815-500.job
[2012/05/05 13:34:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/05 13:34:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4123500295-1941741378-996180815-500.job
[2012/05/05 13:33:57 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/05 13:33:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/05 13:33:24 | 2110,767,104 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/05 13:29:18 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/05/05 12:49:25 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/05 09:01:50 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2012/05/04 15:43:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/04 15:41:24 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/05/04 15:28:28 | 004,484,016 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/05/04 08:10:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/03 09:10:46 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/05/02 06:46:34 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/01 17:02:29 | 000,071,178 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\how-to-remove-heurtrojanwin32generic-which-kaspersky-is-unable-to-do.htm
[2012/05/01 07:09:24 | 000,000,045 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\mbam.context.scan
[2012/04/23 02:00:48 | 000,000,564 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/20 13:58:32 | 000,001,917 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2012/04/17 18:40:25 | 000,001,054 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk
[2012/04/15 03:57:06 | 000,089,585 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\palliative care kit.jpg
[2012/04/12 18:32:36 | 004,890,137 | ---- | M] (PKWARE, Inc.) -- C:\Documents and Settings\Administrator\Desktop\mederr.exe
[2012/04/11 23:10:15 | 000,468,484 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/11 23:10:15 | 000,080,938 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/05 21:44:24 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Pauls Dropbox.lnk

========== Files Created - No Company Name ==========

[2012/05/04 15:41:24 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/05/04 15:41:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/05/04 15:34:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/04 15:34:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/04 15:34:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/04 15:34:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/04 15:34:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/02 06:46:34 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/01 21:24:36 | 2110,767,104 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/01 17:02:26 | 000,071,178 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\how-to-remove-heurtrojanwin32generic-which-kaspersky-is-unable-to-do.htm
[2012/05/01 07:09:10 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\mbam.context.scan
[2012/04/20 13:58:32 | 000,001,917 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2012/04/15 03:57:06 | 000,089,585 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\palliative care kit.jpg
[2012/04/05 21:44:24 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Pauls Dropbox.lnk
[2012/04/05 21:36:10 | 000,001,054 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/21 21:36:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/06/06 10:33:00 | 000,229,173 | ---- | C] () -- C:\WINDOWS\hpwins23.dat
[2011/06/06 10:33:00 | 000,002,075 | ---- | C] () -- C:\WINDOWS\hpwmdl23.dat
[2010/12/29 09:15:11 | 000,217,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\sbtis.sys
[2010/12/28 17:11:36 | 000,518,472 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/17 19:37:53 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/01/25 13:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BlueZone
[2011/01/26 13:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BlueZone Web
[2011/01/03 13:02:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Cache
[2010/03/17 08:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/30 12:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DroidExplorer
[2012/05/05 13:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dropbox
[2011/11/15 11:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GFI Software
[2010/12/15 10:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PCDr
[2012/04/19 18:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2009/09/03 05:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2009/11/23 13:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2009/10/12 13:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AGNS
[2012/03/06 18:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011/11/15 11:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GFI Software
[2010/12/15 11:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/05/02 06:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2009/09/03 05:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/04/20 11:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/27 16:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/04/23 02:00:48 | 000,000,564 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/05/05 09:01:50 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Administrator\Desktop\HOSPICE SERVER.RDP:SummaryInformation

< End of report >
  • 0

#8
Essexboy
Posted 05 May 2012 - 03:52 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#9
ChrissyE.
Posted 05 May 2012 - 07:42 PM

ChrissyE.

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you very much :-) you saved me a ton of time and frustration! Have a great Night.
.Chrissy
  • 0

#10
Essexboy
Posted 06 May 2012 - 04:40 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements

#11
Essexboy
Posted 06 May 2012 - 09:47 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned
  • 0

#12
ChrissyE.
Posted 07 May 2012 - 10:57 AM

ChrissyE.

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hey :) Sorry it took me a minute to get back to you...newborn and full time student lol. Pkay, so I "cleaned-up" and followed all your instructions, when I awoke yesterday, VIPRE had run a scheduled scan and detected this: Rootkit O,C:\WINDOWS\system32\drivers\sbtis.sys when I attempted to remove it, a warning popped up stating it could NOT be removed. It kicked me out of VIPRE so I restarted it and checked the quarentine log and attempted to delete it...it stated VIPRE was successful. HOWEVER(lol) I went to work on a school paper and my school folder located in 'My Documents' has about 9 microsoft word files that start like this: ~$ at the beginning of the file name. Example: ~$C article.docx . I cannot open them because "there are problems with the contents" When I click on the details it states "the file is corrupt and cannot open" All these files are similar in name to actual files that I use for school. When I attempt to delete them to the recycle bin it acts like it deletes them and after restarting the computer they pop back up again. One was even on my desktop as an icon??? I am super confused!! Any advice would be SO appreciated! Tahnk you for reopening this topic :)
  • 0

#13
Essexboy
Posted 07 May 2012 - 11:33 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem at all


Vipre is hitting on a Sunbelt driver (part of Vipre ?) , so that is a false positive and not a problem. It is running from this start key :

O4 - HKLM..\Run: [SBAMTray] C:\Program Files\GFI Software\VIPRE\SBAMTray.exe (GFI Software)


Reference the corrupted doc folders

MS has a little help note here

Start at this point :

Open and repair a file

If that does not work then move on to this part :

Use the file recovery converter

Let me know how that goes and we will progress from there :)
  • 0

#14
ChrissyE.
Posted 07 May 2012 - 01:51 PM

ChrissyE.

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you!!! You were a huge help :-) I think things are okay...vipre doesn't seem to be showing anything which is great. :-) and so I suppose if I have any problems in the future I will start a new topic... thanks again...you'really a lifesaver!!!
Chrissy
  • 0

#15
Essexboy
Posted 07 May 2012 - 02:12 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure - keep safe :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP