Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cannot Open Programs in Safe Mode ('Open With' virus).....

Started by ogam5 , Jun 05 2012 07:11 PM

  • This topic is locked This topic is locked

#106
ogam5
Posted 19 June 2012 - 11:30 AM

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Thanks AGAIN for all your assistance (and patience!) CompCav - and RKinner, thanks for taking over.....will wait to hear your recommendations based upon what CompCav has already told you and your understanding of the situation.....Jim
  • 0

Advertisements

#107
RKinner
Posted 19 June 2012 - 03:51 PM

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
This is Ron.

I'm going to take some time to read through your posts to see where we are but while I am doing that:

Let's look at your environmental variables:

Start, Run, cmd, OK to bring up a black command window. Type (with an Enter after each line):

set  >  \junk.txt

notepad  \junk.txt

(I use two spaces in the code box so you will be sure to see where 1 space goes. Copy and paste the text from notepad into your next reply.)
  • 0

#108
ogam5
Posted 19 June 2012 - 03:59 PM

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Hi, Ron - thanks again for assisting me! Attempted to enter the code as instructed(set > \junk.txt) but no recognition of command, it appears (?) Upon entering, just repeats 'C\Documents and Settings\User'.....
  • 0

#109
RKinner
Posted 19 June 2012 - 04:21 PM

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
Assuming you have the black command screen up:

Try just typing

set

(followed by Enter)

Does that work? If so (right click on the window then hit Mark and ) select the output then hit Enter. Move to a reply and then Ctrl + v and then Add Reply.


The last OTL log I saw showed that your malware proxy stuff came back. Let's manually turn off the proxy:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.

Now let's run a new OTL:


Copy the text in the code box:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
/md5start
ati1rvxx.sys 
ati2mtaa.sys
atinxsxx.sys
cdfs.sys
fltmgr.sys
mf.sys
mtlstrm.sys
nic1394.sys
nv4_mini.sys
nwlnknb.sys
serial.sys
slnt7554.sys 
iphlpsvc.dll
tcpipcfg.dll
/md5stop

Run OTL

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#110
ogam5
Posted 19 June 2012 - 04:27 PM

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
.....don't know exactly what you mean by 'and ) select the output then hit Enter. Move to a reply and then Ctrl + v and then Add Reply.' Recognize the Paste process but NO clue about what leads up to it.....will change Proxy settings as instructed and run OTL again in the meantime.....
  • 0

#111
ogam5
Posted 19 June 2012 - 05:16 PM

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
OK, Ron - here is both the Command/Set and OTL reports as requested:

Command/Set:

Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\User> set > \junk.txt

C:\Documents and Settings\User>set
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\User\Application Data
asl.log=Destination=file;OnFirstLog=command,environment
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=USER-2LHZ6LTLSL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\User
LOGONSERVER=\\USER-2LHZ6LTLSL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Co
mmon Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=080a
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\User\LOCALS~1\Temp
TMP=C:\DOCUME~1\User\LOCALS~1\Temp
USERDOMAIN=USER-2LHZ6LTLSL
USERNAME=User
USERPROFILE=C:\Documents and Settings\User
windir=C:\WINDOWS

C:\Documents and Settings\User>


OTL:


OTL logfile created on: 6/19/2012 6:29:46 PM - Run 3
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\User\Desktop\Spyware & Virus tools\GtGCompCavtools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.30 Mb Total Physical Memory | 352.15 Mb Available Physical Memory | 69.01% Memory free
673.00 Mb Paging File | 423.26 Mb Available in Paging File | 62.89% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 2.69 Gb Free Space | 14.42% Space Free | Partition Type: NTFS
Drive E: | 74.52 Gb Total Space | 2.09 Gb Free Space | 2.80% Space Free | Partition Type: NTFS

Computer Name: USER-2LHZ6LTLSL | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/12 15:29:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\Spyware & Virus tools\GtGCompCavtools\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 20:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %ProgramFiles%\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/09/03 11:53:00 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/06/16 01:00:35 | 000,032,072 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2004/08/04 01:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 01:29:45 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv10nt.sys -- (iAimTV5)
DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 01:29:44 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv06nt.sys -- (iAimTV6)
DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 01:29:40 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv09nt.sys -- (iAimFP7)
DRV - [2004/08/04 01:29:39 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv08nt.sys -- (iAimFP6)
DRV - [2004/08/04 01:29:38 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv07nt.sys -- (iAimFP5)
DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2002/06/03 11:18:32 | 000,040,832 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001/08/17 09:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/17 02:56:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/08 19:01:04 | 000,000,000 | ---D | M]

[2008/10/27 18:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2012/06/12 21:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\extensions
[2012/05/20 07:11:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/09/10 08:16:13 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012/06/04 15:34:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/12 21:17:49 | 000,525,301 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2DX88MY5.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/06/17 02:56:46 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/17 02:56:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/17 02:56:30 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/17 16:29:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: streamwrhu.net ([live] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0988B9E-1F28-41A8-A972-714885C819B3}: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/05 14:02:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2012/06/19 03:17:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\User\IETldCache
[2012/06/18 23:36:29 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/06/18 23:30:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/06/18 23:28:28 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/06/18 23:23:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/06/18 20:05:03 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2012/06/18 19:32:13 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2012/06/18 19:29:25 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2012/06/18 19:22:23 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2012/06/18 19:22:15 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012/06/18 19:08:17 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2012/06/18 19:01:04 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2012/06/18 08:06:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2012/06/17 21:12:26 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2012/06/17 21:11:33 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2012/06/17 21:11:23 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2012/06/17 21:09:59 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2012/06/17 21:09:59 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2012/06/17 21:09:47 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2012/06/17 21:09:40 | 002,148,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2012/06/17 21:09:34 | 002,192,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2012/06/17 21:09:23 | 002,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2012/06/17 21:00:28 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2012/06/17 20:49:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/06/17 19:22:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/06/17 19:22:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2012/06/17 19:21:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/06/17 17:12:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/17 16:45:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/06/14 20:04:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/06/14 19:54:14 | 004,560,591 | R--- | C] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2012/06/13 20:27:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/02 01:28:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/06/02 01:26:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Skype
[2012/06/02 01:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2012/05/31 09:22:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/29 07:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2012/05/29 05:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\IObit
[2012/05/29 05:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/19 12:28:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/19 12:28:39 | 535,154,688 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/19 12:23:26 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/19 11:50:32 | 000,148,531 | ---- | M] () -- C:\Documents and Settings\User\Desktop\PageCapture TU 6-19-12.JPG
[2012/06/19 03:17:18 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/19 03:03:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/19 02:48:44 | 000,122,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/18 23:01:07 | 000,432,778 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/18 23:01:07 | 000,067,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/18 08:09:40 | 000,040,020 | ---- | M] () -- C:\Documents and Settings\User\My Documents\CCleaner Registry Backup file 6-18-12.reg
[2012/06/17 20:50:29 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/17 18:59:06 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/06/17 16:29:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/17 16:01:42 | 004,560,591 | R--- | M] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2012/06/16 01:00:35 | 000,032,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/06/15 15:25:31 | 000,053,570 | ---- | M] () -- C:\WINDOWS\System32\Defrag Report filepath name details F 6-15-12
[2012/06/14 20:05:00 | 000,000,420 | RHS- | M] () -- C:\boot.ini
[2012/06/12 15:26:35 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2012/06/11 20:40:47 | 001,557,759 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Islanders '98 alternative logo design.jpg
[2012/06/08 19:08:20 | 000,228,864 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/06 08:34:14 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\User\Desktop\linkfile_fix.zip
[2012/06/06 08:32:48 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\User\Desktop\xp_exe_fix.zip
[2012/06/05 14:00:10 | 001,801,855 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Hot Pants - Salvage.mp3
[2012/06/05 10:43:40 | 003,471,184 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Out Of Mind Out Of Sight - Models, The.mp3
[2012/06/05 08:14:52 | 002,554,547 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Can't Sleep - Rockets, The.mp3
[2012/06/05 07:51:34 | 004,300,415 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Mama Let Him Play - Doucette.mp3
[2012/06/05 01:21:46 | 005,043,590 | ---- | M] () -- C:\Documents and Settings\User\Desktop\The Joker - Snail.mp3
[2012/06/05 01:04:54 | 003,875,068 | ---- | M] () -- C:\Documents and Settings\User\Desktop\City Slicker - James 'JY' Young with Jan Hammer.mp3
[2012/06/04 21:28:55 | 003,456,182 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut To Somewhere [from 'Quicksilver'] - Fish with Tony Banks.mp3
[2012/06/04 21:19:02 | 002,705,109 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Two Buffaloes - Rolf Harris.mp3
[2012/06/04 21:16:07 | 003,735,378 | ---- | M] () -- C:\Documents and Settings\User\Desktop\It's Really You - Tarney Spencer Band.mp3
[2012/06/04 20:58:57 | 003,948,955 | ---- | M] () -- C:\Documents and Settings\User\Desktop\On the Run - Lake.mp3
[2012/06/04 20:54:31 | 005,892,883 | ---- | M] () -- C:\Documents and Settings\User\Desktop\A Smile Is Diamond - A Band Called O (10-11!).mp3
[2012/06/04 20:47:24 | 003,763,695 | ---- | M] () -- C:\Documents and Settings\User\Desktop\I Want You To Be Mine [ USA Version ] - Kayak.mp3
[2012/06/04 18:29:23 | 002,392,118 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Hold On To The Night - Starz.mp3
[2012/06/04 18:21:48 | 004,059,670 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Coming Home - Ian Thomas.mp3
[2012/06/04 18:08:50 | 002,907,357 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Northern Lights - Renaissance.mp3
[2012/06/04 17:50:25 | 004,253,185 | ---- | M] () -- C:\Documents and Settings\User\Desktop\She Loves To Be In Love - Charlie.mp3
[2012/06/04 17:38:27 | 006,439,530 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Superstar - Bob McGilpin.mp3
[2012/06/04 17:31:31 | 004,484,317 | ---- | M] () -- C:\Documents and Settings\User\Desktop\I'm Mandy, Fly Me - 10cc.mp3
[2012/05/31 09:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/20 20:26:12 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/19 12:28:39 | 535,154,688 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/19 11:50:31 | 000,148,531 | ---- | C] () -- C:\Documents and Settings\User\Desktop\PageCapture TU 6-19-12.JPG
[2012/06/18 21:38:10 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/06/18 19:07:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/06/18 19:07:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/06/18 08:09:33 | 000,040,020 | ---- | C] () -- C:\Documents and Settings\User\My Documents\CCleaner Registry Backup file 6-18-12.reg
[2012/06/16 01:00:35 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/06/15 15:25:22 | 000,053,570 | ---- | C] () -- C:\WINDOWS\System32\Defrag Report filepath name details F 6-15-12
[2012/06/14 20:05:00 | 000,000,304 | ---- | C] () -- C:\Boot.bak
[2012/06/14 20:04:55 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/06/12 15:26:35 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2012/06/11 20:40:57 | 001,557,759 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Islanders '98 alternative logo design.jpg
[2012/06/06 08:34:18 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\User\Desktop\linkfile_fix.zip
[2012/06/06 08:33:09 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\User\Desktop\xp_exe_fix.zip
[2012/06/05 13:59:16 | 001,801,855 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Hot Pants - Salvage.mp3
[2012/06/05 10:40:56 | 003,471,184 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Out Of Mind Out Of Sight - Models, The.mp3
[2012/06/05 08:11:49 | 002,554,547 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Can't Sleep - Rockets, The.mp3
[2012/06/05 07:45:43 | 004,300,415 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Mama Let Him Play - Doucette.mp3
[2012/06/05 00:56:30 | 003,875,068 | ---- | C] () -- C:\Documents and Settings\User\Desktop\City Slicker - James 'JY' Young with Jan Hammer.mp3
[2012/06/04 18:28:18 | 002,392,118 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Hold On To The Night - Starz.mp3
[2012/06/04 18:23:48 | 005,043,590 | ---- | C] () -- C:\Documents and Settings\User\Desktop\The Joker - Snail.mp3
[2012/06/04 18:19:53 | 004,059,670 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Coming Home - Ian Thomas.mp3
[2012/06/04 18:16:29 | 003,763,695 | ---- | C] () -- C:\Documents and Settings\User\Desktop\I Want You To Be Mine [ USA Version ] - Kayak.mp3
[2012/06/04 18:07:47 | 002,907,357 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Northern Lights - Renaissance.mp3
[2012/06/04 18:02:13 | 003,735,378 | ---- | C] () -- C:\Documents and Settings\User\Desktop\It's Really You - Tarney Spencer Band.mp3
[2012/06/04 17:48:21 | 004,253,185 | ---- | C] () -- C:\Documents and Settings\User\Desktop\She Loves To Be In Love - Charlie.mp3
[2012/06/04 17:35:37 | 006,439,530 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Superstar - Bob McGilpin.mp3
[2012/06/04 17:29:24 | 004,484,317 | ---- | C] () -- C:\Documents and Settings\User\Desktop\I'm Mandy, Fly Me - 10cc.mp3
[2012/06/04 17:22:07 | 003,948,955 | ---- | C] () -- C:\Documents and Settings\User\Desktop\On the Run - Lake.mp3
[2012/06/04 17:16:55 | 005,892,883 | ---- | C] () -- C:\Documents and Settings\User\Desktop\A Smile Is Diamond - A Band Called O (10-11!).mp3
[2012/06/01 21:15:16 | 003,456,182 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut To Somewhere [from 'Quicksilver'] - Fish with Tony Banks.mp3
[2012/05/31 00:16:26 | 002,705,109 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Two Buffaloes - Rolf Harris.mp3
[2012/03/17 12:42:40 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\User\Application Data\mcs.rma
[2011/06/04 09:18:39 | 000,000,022 | --S- | C] () -- C:\Documents and Settings\User\Application Data\Sys2662.Config.Repository.bin
[2010/12/12 15:10:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/12 15:10:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/12 15:10:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/12 15:10:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/12 15:10:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/29 23:37:57 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2007/10/05 14:02:31 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/03/30 16:39:44 | 000,000,304 | ---- | M] () -- C:\Boot.bak
[2012/06/14 20:05:00 | 000,000,420 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/06/17 16:44:53 | 000,006,501 | ---- | M] () -- C:\ComboFix.txt
[2007/10/05 14:02:31 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/04/21 07:30:25 | 000,000,062 | ---- | M] () -- C:\cxnotes.txt
[2012/06/19 12:28:39 | 535,154,688 | -HS- | M] () -- C:\hiberfil.sys
[2007/10/05 14:02:31 | 000,000,000 | R-S- | M] () -- C:\IO.SYS
[2012/06/19 18:01:42 | 000,001,198 | ---- | M] () -- C:\junk.txt
[2010/12/02 16:00:00 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\mb
[2007/10/05 14:02:31 | 000,000,000 | R-S- | M] () -- C:\MSDOS.SYS
[2007/10/05 16:18:34 | 000,047,564 | R-S- | M] () -- C:\NTDETECT.COM
[2012/06/17 18:59:06 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/06/19 12:28:32 | 201,326,592 | -HS- | M] () -- C:\pagefile.sys
[2008/12/23 08:03:07 | 000,000,268 | ---- | M] () -- C:\sqmdata00.sqm
[2008/12/24 08:04:38 | 000,000,268 | ---- | M] () -- C:\sqmdata01.sqm
[2008/12/26 15:39:46 | 000,000,268 | ---- | M] () -- C:\sqmdata02.sqm
[2008/12/27 08:00:43 | 000,000,268 | ---- | M] () -- C:\sqmdata03.sqm
[2008/12/28 09:11:55 | 000,000,268 | ---- | M] () -- C:\sqmdata04.sqm
[2008/12/29 07:58:38 | 000,000,268 | ---- | M] () -- C:\sqmdata05.sqm
[2008/12/30 07:54:09 | 000,000,268 | ---- | M] () -- C:\sqmdata06.sqm
[2008/12/30 21:43:44 | 000,000,268 | ---- | M] () -- C:\sqmdata07.sqm
[2008/12/31 08:08:04 | 000,000,268 | ---- | M] () -- C:\sqmdata08.sqm
[2009/01/01 10:57:51 | 000,000,268 | ---- | M] () -- C:\sqmdata09.sqm
[2008/12/25 14:31:42 | 000,000,268 | ---- | M] () -- C:\sqmdata10.sqm
[2008/12/22 07:30:28 | 000,000,268 | ---- | M] () -- C:\sqmdata11.sqm
[2008/12/24 16:00:54 | 000,000,268 | ---- | M] () -- C:\sqmdata12.sqm
[2008/12/19 08:14:06 | 000,000,268 | ---- | M] () -- C:\sqmdata13.sqm
[2008/12/23 07:37:28 | 000,000,268 | ---- | M] () -- C:\sqmdata14.sqm
[2008/12/25 14:14:08 | 000,000,268 | ---- | M] () -- C:\sqmdata15.sqm
[2008/12/18 19:51:08 | 000,000,268 | ---- | M] () -- C:\sqmdata16.sqm
[2008/12/20 08:07:32 | 000,000,268 | ---- | M] () -- C:\sqmdata17.sqm
[2008/12/21 08:04:44 | 000,000,268 | ---- | M] () -- C:\sqmdata18.sqm
[2008/12/22 07:53:23 | 000,000,268 | ---- | M] () -- C:\sqmdata19.sqm
[2008/12/22 07:53:22 | 000,000,244 | ---- | M] () -- C:\sqmnoopt00.sqm
[2008/12/23 08:03:06 | 000,000,244 | ---- | M] () -- C:\sqmnoopt01.sqm
[2008/12/24 08:04:38 | 000,000,244 | ---- | M] () -- C:\sqmnoopt02.sqm
[2008/12/26 15:39:45 | 000,000,244 | ---- | M] () -- C:\sqmnoopt03.sqm
[2008/12/27 08:00:41 | 000,000,244 | ---- | M] () -- C:\sqmnoopt04.sqm
[2008/12/28 09:11:54 | 000,000,244 | ---- | M] () -- C:\sqmnoopt05.sqm
[2008/12/29 07:58:37 | 000,000,244 | ---- | M] () -- C:\sqmnoopt06.sqm
[2008/12/30 07:54:09 | 000,000,244 | ---- | M] () -- C:\sqmnoopt07.sqm
[2008/12/30 21:43:43 | 000,000,244 | ---- | M] () -- C:\sqmnoopt08.sqm
[2008/12/31 08:08:04 | 000,000,244 | ---- | M] () -- C:\sqmnoopt09.sqm
[2009/01/01 10:57:50 | 000,000,244 | ---- | M] () -- C:\sqmnoopt10.sqm
[2008/12/25 14:31:42 | 000,000,244 | ---- | M] () -- C:\sqmnoopt11.sqm
[2008/12/22 07:30:28 | 000,000,244 | ---- | M] () -- C:\sqmnoopt12.sqm
[2008/12/24 16:00:53 | 000,000,244 | ---- | M] () -- C:\sqmnoopt13.sqm
[2008/12/19 08:14:05 | 000,000,244 | ---- | M] () -- C:\sqmnoopt14.sqm
[2008/12/23 07:37:26 | 000,000,244 | ---- | M] () -- C:\sqmnoopt15.sqm
[2008/12/25 14:14:07 | 000,000,244 | ---- | M] () -- C:\sqmnoopt16.sqm
[2008/12/18 19:51:07 | 000,000,244 | ---- | M] () -- C:\sqmnoopt17.sqm
[2008/12/20 08:07:31 | 000,000,244 | ---- | M] () -- C:\sqmnoopt18.sqm
[2008/12/21 08:04:44 | 000,000,244 | ---- | M] () -- C:\sqmnoopt19.sqm
[2012/05/08 03:14:22 | 000,000,126 | ---- | M] () -- C:\user.js
[2008/02/02 23:39:50 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< MD5 for: ATI1RVXX.SYS >
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:ati1rvxx.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:ati1rvxx.sys
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:ati1rvxx.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:ati1rvxx.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:ati1rvxx.sys
[2004/08/04 01:29:30 | 000,063,663 | ---- | M] (ATI Technologies Inc.) MD5=BCAF267B10620F8C93F6E87AB726E145 -- C:\WINDOWS\ServicePackFiles\i386\ati1rvxx.sys
[2004/08/04 01:29:30 | 000,063,663 | ---- | M] (ATI Technologies Inc.) MD5=BCAF267B10620F8C93F6E87AB726E145 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ati1rvxx.sys
[2004/08/04 01:29:30 | 000,063,663 | ---- | M] (ATI Technologies Inc.) MD5=BCAF267B10620F8C93F6E87AB726E145 -- C:\WINDOWS\system32\dllcache\ati1rvxx.sys
[2004/08/04 01:29:30 | 000,063,663 | ---- | M] (ATI Technologies Inc.) MD5=BCAF267B10620F8C93F6E87AB726E145 -- C:\WINDOWS\system32\drivers\ati1rvxx.sys

< MD5 for: ATI2MTAA.SYS >
[2003/03/31 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:ati2mtaa.sys
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:ati2mtaa.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:ati2mtaa.sys
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:ati2mtaa.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:ati2mtaa.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:ati2mtaa.sys
[2004/08/04 01:29:26 | 000,327,040 | ---- | M] (ATI Technologies Inc.) MD5=2D030C2F6B036CA0BC243E1B16D924D1 -- C:\WINDOWS\ServicePackFiles\i386\ati2mtaa.sys
[2004/08/04 01:29:26 | 000,327,040 | ---- | M] (ATI Technologies Inc.) MD5=2D030C2F6B036CA0BC243E1B16D924D1 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ati2mtaa.sys
[2004/08/04 01:29:26 | 000,327,040 | ---- | M] (ATI Technologies Inc.) MD5=2D030C2F6B036CA0BC243E1B16D924D1 -- C:\WINDOWS\system32\dllcache\ati2mtaa.sys
[2004/08/04 01:29:26 | 000,327,040 | ---- | M] (ATI Technologies Inc.) MD5=2D030C2F6B036CA0BC243E1B16D924D1 -- C:\WINDOWS\system32\drivers\ati2mtaa.sys

< MD5 for: ATINXSXX.SYS >
[2003/03/31 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atinxsxx.sys
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atinxsxx.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atinxsxx.sys
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atinxsxx.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atinxsxx.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:atinxsxx.sys
[2004/08/04 01:29:31 | 000,063,488 | ---- | M] (ATI Technologies Inc.) MD5=77B575D7AAB35D5908AE6CE681608D62 -- C:\WINDOWS\ServicePackFiles\i386\atinxsxx.sys
[2004/08/04 01:29:31 | 000,063,488 | ---- | M] (ATI Technologies Inc.) MD5=77B575D7AAB35D5908AE6CE681608D62 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atinxsxx.sys
[2004/08/04 01:29:31 | 000,063,488 | ---- | M] (ATI Technologies Inc.) MD5=77B575D7AAB35D5908AE6CE681608D62 -- C:\WINDOWS\system32\dllcache\atinxsxx.sys
[2004/08/04 01:29:31 | 000,063,488 | ---- | M] (ATI Technologies Inc.) MD5=77B575D7AAB35D5908AE6CE681608D62 -- C:\WINDOWS\system32\drivers\atinxsxx.sys

< MD5 for: CDFS.SYS >
[2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) MD5=C885B02847F5D2FD45A24E219ED93B32 -- C:\WINDOWS\ServicePackFiles\i386\cdfs.sys
[2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) MD5=C885B02847F5D2FD45A24E219ED93B32 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\cdfs.sys
[2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) MD5=C885B02847F5D2FD45A24E219ED93B32 -- C:\WINDOWS\system32\drivers\cdfs.sys
[2004/08/04 02:14:10 | 000,063,744 | ---- | M] (Microsoft Corporation) MD5=CD7D5152DF32B47F4E36F710B35AAE02 -- C:\WINDOWS\$NtServicePackUninstall$\cdfs.sys

< MD5 for: FLTMGR.SYS >
[2004/08/04 02:01:19 | 000,124,800 | ---- | M] (Microsoft Corporation) MD5=157754F0DF355A9E0A6F54721914F9C6 -- C:\WINDOWS\$NtUninstallKB922582$\fltmgr.sys
[2006/08/21 05:14:58 | 000,128,896 | ---- | M] (Microsoft Corporation) MD5=3D234FB6D6EE875EB009864A299BEA29 -- C:\WINDOWS\$NtServicePackUninstall$\fltmgr.sys
[2006/08/21 05:43:32 | 000,128,768 | ---- | M] (Microsoft Corporation) MD5=5A85CD3D07273E3F6FE72EE9C6431632 -- C:\WINDOWS\$hf_mig$\KB922582\SP2QFE\fltmgr.sys
[2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) MD5=B2CF4B0786F8212CB92ED2B50C6DB6B0 -- C:\WINDOWS\ServicePackFiles\i386\fltmgr.sys
[2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) MD5=B2CF4B0786F8212CB92ED2B50C6DB6B0 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\fltmgr.sys
[2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) MD5=B2CF4B0786F8212CB92ED2B50C6DB6B0 -- C:\WINDOWS\system32\drivers\fltmgr.sys

< MD5 for: MF.SYS >
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:mf.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:mf.sys
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:mf.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:mf.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:mf.sys
[2004/08/04 02:07:44 | 000,063,744 | ---- | M] (Microsoft Corporation) MD5=729D83E56C29C510258A6E9E79FFDDC3 -- C:\WINDOWS\$NtServicePackUninstall$\mf.sys
[2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) MD5=A7DA20AB18A1BDAE28B0F349E57DA0D1 -- C:\WINDOWS\ServicePackFiles\i386\mf.sys
[2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) MD5=A7DA20AB18A1BDAE28B0F349E57DA0D1 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mf.sys
[2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) MD5=A7DA20AB18A1BDAE28B0F349E57DA0D1 -- C:\WINDOWS\system32\drivers\mf.sys

< MD5 for: MTLSTRM.SYS >
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:mtlstrm.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:mtlstrm.sys
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:mtlstrm.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:mtlstrm.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:mtlstrm.sys
[2004/08/04 01:41:37 | 001,309,184 | ---- | M] (Smart Link) MD5=54886A652BF5685192141DF304E923FD -- C:\WINDOWS\ServicePackFiles\i386\mtlstrm.sys
[2004/08/04 01:41:37 | 001,309,184 | ---- | M] (Smart Link) MD5=54886A652BF5685192141DF304E923FD -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mtlstrm.sys
[2004/08/04 01:41:37 | 001,309,184 | ---- | M] (Smart Link) MD5=54886A652BF5685192141DF304E923FD -- C:\WINDOWS\system32\dllcache\mtlstrm.sys
[2004/08/04 01:41:37 | 001,309,184 | ---- | M] (Smart Link) MD5=54886A652BF5685192141DF304E923FD -- C:\WINDOWS\system32\drivers\mtlstrm.sys

< MD5 for: NIC1394.SYS >
[2003/03/31 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:nic1394.sys
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:nic1394.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:nic1394.sys
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:nic1394.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:nic1394.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:nic1394.sys
[2004/08/04 01:58:29 | 000,061,824 | ---- | M] (Microsoft Corporation) MD5=5C5C53DB4FEF16CF87B9911C7E8C6FBC -- C:\WINDOWS\$NtServicePackUninstall$\nic1394.sys
[2008/04/13 14:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) MD5=E9E47CFB2D461FA0FC75B7A74C6383EA -- C:\WINDOWS\ServicePackFiles\i386\nic1394.sys
[2008/04/13 14:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) MD5=E9E47CFB2D461FA0FC75B7A74C6383EA -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\nic1394.sys
[2008/04/13 14:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) MD5=E9E47CFB2D461FA0FC75B7A74C6383EA -- C:\WINDOWS\system32\drivers\nic1394.sys

< MD5 for: NV4_MINI.SYS >
[2003/03/31 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:nv4_mini.sys
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:nv4_mini.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:nv4_mini.sys
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:nv4_mini.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:nv4_mini.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:nv4_mini.sys
[2004/08/04 01:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) MD5=2B298519EDBFCF451D43E0F1E8F1006D -- C:\WINDOWS\ServicePackFiles\i386\nv4_mini.sys
[2004/08/04 01:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) MD5=2B298519EDBFCF451D43E0F1E8F1006D -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\nv4_mini.sys
[2004/08/04 01:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) MD5=2B298519EDBFCF451D43E0F1E8F1006D -- C:\WINDOWS\system32\dllcache\nv4_mini.sys
[2004/08/04 01:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) MD5=2B298519EDBFCF451D43E0F1E8F1006D -- C:\WINDOWS\system32\drivers\nv4_mini.sys

< MD5 for: NWLNKNB.SYS >
[2003/03/31 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) MD5=56D34A67C05E94E16377C60609741FF8 -- C:\WINDOWS\system32\dllcache\nwlnknb.sys
[2003/03/31 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) MD5=56D34A67C05E94E16377C60609741FF8 -- C:\WINDOWS\system32\drivers\nwlnknb.sys

< MD5 for: SERIAL.SYS >
[2003/03/31 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:serial.sys
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:serial.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:serial.sys
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:serial.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:serial.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:serial.sys
[2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=CCA207A8896D4C6A0C9CE29A4AE411A7 -- C:\WINDOWS\ServicePackFiles\i386\serial.sys
[2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=CCA207A8896D4C6A0C9CE29A4AE411A7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\serial.sys
[2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=CCA207A8896D4C6A0C9CE29A4AE411A7 -- C:\WINDOWS\system32\drivers\serial.sys
[2004/08/04 02:15:52 | 000,064,896 | ---- | M] (Microsoft Corporation) MD5=CD9404D115A00D249F70A371B46D5A26 -- C:\WINDOWS\$NtServicePackUninstall$\serial.sys

< MD5 for: SLNT7554.SYS >
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:slnt7554.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:slnt7554.sys
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:slnt7554.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:slnt7554.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:slnt7554.sys
[2004/08/04 01:41:40 | 000,129,535 | ---- | M] (Smart Link) MD5=D9673011648A71ED1E1F77B831BC85E6 -- C:\WINDOWS\ServicePackFiles\i386\slnt7554.sys
[2004/08/04 01:41:40 | 000,129,535 | ---- | M] (Smart Link) MD5=D9673011648A71ED1E1F77B831BC85E6 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\slnt7554.sys
[2004/08/04 01:41:40 | 000,129,535 | ---- | M] (Smart Link) MD5=D9673011648A71ED1E1F77B831BC85E6 -- C:\WINDOWS\system32\dllcache\slnt7554.sys
[2004/08/04 01:41:40 | 000,129,535 | ---- | M] (Smart Link) MD5=D9673011648A71ED1E1F77B831BC85E6 -- C:\WINDOWS\system32\drivers\slnt7554.sys

< End of report >

Edited by ogam5, 19 June 2012 - 06:22 PM.

  • 0

#112
RKinner
Posted 19 June 2012 - 07:15 PM

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
Did you not get an Extras log this time?
  • 0

#113
ogam5
Posted 19 June 2012 - 09:14 PM

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
No, it appears not - nothing on my Desktop that accompanied the primary OTL report.....
  • 0

#114
RKinner
Posted 19 June 2012 - 10:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
Did you

Select the All option in the Extra Registry group

before hitting Run Scan?

Let's verify that none of your add-ons is causing the problem.

First fire up IE and click on Tools, Internet Options, Security then click on Internet and change the security level back to default. (Do that for the others too.) Click on Restricted and then Sites. IF you see any sites in Restricted, remove them. Now go to Advanced. There should be a RESET button at the bottom. Hit it. (We do this because most browsers will read and follow IE's setting by default.)

Start Firefox in Safe Mode:

Hold down the Shift key and start Firefox or click the Help menu and select Restart with Add-ons Disabled.

When the Safe Mode window comes up click on Continue in Safe Mode

Now Tools -> Options (or in my version Options, Options) then under "General / Downloads" click on "Save files to" and choose a different download folder - let's use your desktop, then OK

Now try a download. Let's do something quick like HostsXpert from http://www.funkytoad.../HostsXpert.zip

Where exactly does the download fail? Do you get the Opening HostsXpert.zip window? Make sure you click on Save then OK. If you try a longer download you can switch to the desktop and watch it. It will create a filename.part and a filename.exe or filename.zip and when it finishes it should erase the .part one.

Ron
  • 0

#115
ogam5
Posted 19 June 2012 - 10:53 PM

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
.....was able to change the setting son IE8 (automatically updated it seems despite my deferring to the 'later' option) but now I can't even access the General tab in Firefox, SafeMode or otherwise - froze up every attempt I made and wouldn't close, Options window OR browser window, almost as if something knew what I was trying to do (?) Going to try downloading to Desktop from Internet Explorer since the settings were successfully changed, then re-run OTL with the Extras Registry box checked this time - sorry I missed it! UPDATE: WAS able to download HostXpert executable to Desktop - as well as the SuperAntiSpyware setup executable; did NOT install so as to avoid conflict with OTL and other scanning/cleaning executables.....am now re-running OTL as stated above, with Extras box checked this time.....a question: where is the option to have view as added,as opposed to separate/new windows every time I access a new site, and is there a feature as with Firefox which will allow me to save the settings?

Edited by ogam5, 19 June 2012 - 11:16 PM.

  • 0

Advertisements

#116
ogam5
Posted 19 June 2012 - 11:40 PM

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
OTL Report (WITH Extras Log)


OTL:

OTL logfile created on: 6/20/2012 1:17:40 AM - Run 4
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\User\Desktop\Spyware & Virus tools\GtGCompCavtools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.30 Mb Total Physical Memory | 321.94 Mb Available Physical Memory | 63.09% Memory free
860.00 Mb Paging File | 607.43 Mb Available in Paging File | 70.63% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 2.49 Gb Free Space | 13.38% Space Free | Partition Type: NTFS
Drive E: | 74.52 Gb Total Space | 2.09 Gb Free Space | 2.80% Space Free | Partition Type: NTFS

Computer Name: USER-2LHZ6LTLSL | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/12 15:29:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\Spyware & Virus tools\GtGCompCavtools\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %ProgramFiles%\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/09/03 11:53:00 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/06/16 01:00:35 | 000,032,072 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2004/08/04 01:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 01:29:45 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv10nt.sys -- (iAimTV5)
DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 01:29:44 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv06nt.sys -- (iAimTV6)
DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 01:29:40 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv09nt.sys -- (iAimFP7)
DRV - [2004/08/04 01:29:39 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv08nt.sys -- (iAimFP6)
DRV - [2004/08/04 01:29:38 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv07nt.sys -- (iAimFP5)
DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2002/06/03 11:18:32 | 000,040,832 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001/08/17 09:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 9E 5C DB A0 4E CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/17 02:56:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/08 19:01:04 | 000,000,000 | ---D | M]

[2008/10/27 18:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2012/06/12 21:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\extensions
[2012/05/20 07:11:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/09/10 08:16:13 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012/06/04 15:34:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/17 02:56:46 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/17 02:56:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/17 02:56:30 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/17 16:29:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: streamwrhu.net ([live] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0988B9E-1F28-41A8-A972-714885C819B3}: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/05 14:02:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2012/06/20 01:00:57 | 017,246,464 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\User\Desktop\SUPERAntiSpyware.exe
[2012/06/20 00:21:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\User\PrivacIE
[2012/06/19 03:17:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\User\IETldCache
[2012/06/18 23:36:29 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/06/18 23:30:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/06/18 23:28:28 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/06/18 23:23:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/06/18 20:05:03 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2012/06/18 19:32:13 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2012/06/18 19:29:25 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2012/06/18 19:22:23 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2012/06/18 19:22:15 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012/06/18 19:08:17 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2012/06/18 19:01:04 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2012/06/18 08:06:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2012/06/17 21:12:26 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2012/06/17 21:11:33 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2012/06/17 21:11:23 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2012/06/17 21:09:59 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2012/06/17 21:09:59 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2012/06/17 21:09:47 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2012/06/17 21:09:40 | 002,148,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2012/06/17 21:09:34 | 002,192,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2012/06/17 21:09:23 | 002,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2012/06/17 21:00:28 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2012/06/17 20:49:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/06/17 19:22:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/06/17 19:22:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2012/06/17 19:21:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/06/17 17:12:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/17 16:45:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/06/14 20:04:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/06/14 19:54:14 | 004,560,591 | R--- | C] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2012/06/13 20:27:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/02 01:28:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/06/02 01:26:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Skype
[2012/06/02 01:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2012/05/31 09:22:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/29 07:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2012/05/29 05:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\IObit
[2012/05/29 05:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/20 01:08:58 | 000,357,766 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HostsXpert.zip
[2012/06/20 01:00:57 | 017,246,464 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\User\Desktop\SUPERAntiSpyware.exe
[2012/06/19 12:28:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/19 12:28:39 | 535,154,688 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/19 12:23:26 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/19 11:50:32 | 000,148,531 | ---- | M] () -- C:\Documents and Settings\User\Desktop\PageCapture TU 6-19-12.JPG
[2012/06/19 03:17:18 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/19 03:03:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/19 02:48:44 | 000,122,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/18 23:01:07 | 000,432,778 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/18 23:01:07 | 000,067,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/18 08:09:40 | 000,040,020 | ---- | M] () -- C:\Documents and Settings\User\My Documents\CCleaner Registry Backup file 6-18-12.reg
[2012/06/17 20:50:29 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/17 18:59:06 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/06/17 16:29:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/17 16:01:42 | 004,560,591 | R--- | M] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2012/06/16 01:00:35 | 000,032,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/06/15 15:25:31 | 000,053,570 | ---- | M] () -- C:\WINDOWS\System32\Defrag Report filepath name details F 6-15-12
[2012/06/14 20:05:00 | 000,000,420 | RHS- | M] () -- C:\boot.ini
[2012/06/12 15:26:35 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2012/06/11 20:40:47 | 001,557,759 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Islanders '98 alternative logo design.jpg
[2012/06/08 19:08:20 | 000,228,864 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/06 08:34:14 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\User\Desktop\linkfile_fix.zip
[2012/06/06 08:32:48 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\User\Desktop\xp_exe_fix.zip
[2012/06/05 14:00:10 | 001,801,855 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Hot Pants - Salvage.mp3
[2012/06/05 10:43:40 | 003,471,184 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Out Of Mind Out Of Sight - Models, The.mp3
[2012/06/05 08:14:52 | 002,554,547 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Can't Sleep - Rockets, The.mp3
[2012/06/05 07:51:34 | 004,300,415 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Mama Let Him Play - Doucette.mp3
[2012/06/05 01:21:46 | 005,043,590 | ---- | M] () -- C:\Documents and Settings\User\Desktop\The Joker - Snail.mp3
[2012/06/05 01:04:54 | 003,875,068 | ---- | M] () -- C:\Documents and Settings\User\Desktop\City Slicker - James 'JY' Young with Jan Hammer.mp3
[2012/06/04 21:28:55 | 003,456,182 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Shortcut To Somewhere [from 'Quicksilver'] - Fish with Tony Banks.mp3
[2012/06/04 21:19:02 | 002,705,109 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Two Buffaloes - Rolf Harris.mp3
[2012/06/04 21:16:07 | 003,735,378 | ---- | M] () -- C:\Documents and Settings\User\Desktop\It's Really You - Tarney Spencer Band.mp3
[2012/06/04 20:58:57 | 003,948,955 | ---- | M] () -- C:\Documents and Settings\User\Desktop\On the Run - Lake.mp3
[2012/06/04 20:54:31 | 005,892,883 | ---- | M] () -- C:\Documents and Settings\User\Desktop\A Smile Is Diamond - A Band Called O (10-11!).mp3
[2012/06/04 20:47:24 | 003,763,695 | ---- | M] () -- C:\Documents and Settings\User\Desktop\I Want You To Be Mine [ USA Version ] - Kayak.mp3
[2012/06/04 18:29:23 | 002,392,118 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Hold On To The Night - Starz.mp3
[2012/06/04 18:21:48 | 004,059,670 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Coming Home - Ian Thomas.mp3
[2012/06/04 18:08:50 | 002,907,357 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Northern Lights - Renaissance.mp3
[2012/06/04 17:50:25 | 004,253,185 | ---- | M] () -- C:\Documents and Settings\User\Desktop\She Loves To Be In Love - Charlie.mp3
[2012/06/04 17:38:27 | 006,439,530 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Superstar - Bob McGilpin.mp3
[2012/06/04 17:31:31 | 004,484,317 | ---- | M] () -- C:\Documents and Settings\User\Desktop\I'm Mandy, Fly Me - 10cc.mp3
[2012/05/31 09:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/20 01:08:57 | 000,357,766 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HostsXpert.zip
[2012/06/19 12:28:39 | 535,154,688 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/19 11:50:31 | 000,148,531 | ---- | C] () -- C:\Documents and Settings\User\Desktop\PageCapture TU 6-19-12.JPG
[2012/06/18 21:38:10 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/06/18 19:07:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/06/18 19:07:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/06/18 08:09:33 | 000,040,020 | ---- | C] () -- C:\Documents and Settings\User\My Documents\CCleaner Registry Backup file 6-18-12.reg
[2012/06/16 01:00:35 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/06/15 15:25:22 | 000,053,570 | ---- | C] () -- C:\WINDOWS\System32\Defrag Report filepath name details F 6-15-12
[2012/06/14 20:05:00 | 000,000,304 | ---- | C] () -- C:\Boot.bak
[2012/06/14 20:04:55 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/06/12 15:26:35 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2012/06/11 20:40:57 | 001,557,759 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Islanders '98 alternative logo design.jpg
[2012/06/06 08:34:18 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\User\Desktop\linkfile_fix.zip
[2012/06/06 08:33:09 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\User\Desktop\xp_exe_fix.zip
[2012/06/05 13:59:16 | 001,801,855 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Hot Pants - Salvage.mp3
[2012/06/05 10:40:56 | 003,471,184 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Out Of Mind Out Of Sight - Models, The.mp3
[2012/06/05 08:11:49 | 002,554,547 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Can't Sleep - Rockets, The.mp3
[2012/06/05 07:45:43 | 004,300,415 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Mama Let Him Play - Doucette.mp3
[2012/06/05 00:56:30 | 003,875,068 | ---- | C] () -- C:\Documents and Settings\User\Desktop\City Slicker - James 'JY' Young with Jan Hammer.mp3
[2012/06/04 18:28:18 | 002,392,118 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Hold On To The Night - Starz.mp3
[2012/06/04 18:23:48 | 005,043,590 | ---- | C] () -- C:\Documents and Settings\User\Desktop\The Joker - Snail.mp3
[2012/06/04 18:19:53 | 004,059,670 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Coming Home - Ian Thomas.mp3
[2012/06/04 18:16:29 | 003,763,695 | ---- | C] () -- C:\Documents and Settings\User\Desktop\I Want You To Be Mine [ USA Version ] - Kayak.mp3
[2012/06/04 18:07:47 | 002,907,357 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Northern Lights - Renaissance.mp3
[2012/06/04 18:02:13 | 003,735,378 | ---- | C] () -- C:\Documents and Settings\User\Desktop\It's Really You - Tarney Spencer Band.mp3
[2012/06/04 17:48:21 | 004,253,185 | ---- | C] () -- C:\Documents and Settings\User\Desktop\She Loves To Be In Love - Charlie.mp3
[2012/06/04 17:35:37 | 006,439,530 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Superstar - Bob McGilpin.mp3
[2012/06/04 17:29:24 | 004,484,317 | ---- | C] () -- C:\Documents and Settings\User\Desktop\I'm Mandy, Fly Me - 10cc.mp3
[2012/06/04 17:22:07 | 003,948,955 | ---- | C] () -- C:\Documents and Settings\User\Desktop\On the Run - Lake.mp3
[2012/06/04 17:16:55 | 005,892,883 | ---- | C] () -- C:\Documents and Settings\User\Desktop\A Smile Is Diamond - A Band Called O (10-11!).mp3
[2012/06/01 21:15:16 | 003,456,182 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Shortcut To Somewhere [from 'Quicksilver'] - Fish with Tony Banks.mp3
[2012/05/31 00:16:26 | 002,705,109 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Two Buffaloes - Rolf Harris.mp3
[2012/03/17 12:42:40 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\User\Application Data\mcs.rma
[2011/06/04 09:18:39 | 000,000,022 | --S- | C] () -- C:\Documents and Settings\User\Application Data\Sys2662.Config.Repository.bin
[2010/12/12 15:10:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/12 15:10:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/12 15:10:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/12 15:10:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/12 15:10:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/29 23:37:57 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2007/10/05 14:02:31 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/03/30 16:39:44 | 000,000,304 | ---- | M] () -- C:\Boot.bak
[2012/06/14 20:05:00 | 000,000,420 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/06/17 16:44:53 | 000,006,501 | ---- | M] () -- C:\ComboFix.txt
[2007/10/05 14:02:31 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/04/21 07:30:25 | 000,000,062 | ---- | M] () -- C:\cxnotes.txt
[2012/06/19 12:28:39 | 535,154,688 | -HS- | M] () -- C:\hiberfil.sys
[2007/10/05 14:02:31 | 000,000,000 | R-S- | M] () -- C:\IO.SYS
[2012/06/19 18:01:42 | 000,001,198 | ---- | M] () -- C:\junk.txt
[2010/12/02 16:00:00 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\mb
[2007/10/05 14:02:31 | 000,000,000 | R-S- | M] () -- C:\MSDOS.SYS
[2007/10/05 16:18:34 | 000,047,564 | R-S- | M] () -- C:\NTDETECT.COM
[2012/06/17 18:59:06 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/06/20 00:31:31 | 397,410,304 | -HS- | M] () -- C:\pagefile.sys
[2008/12/23 08:03:07 | 000,000,268 | ---- | M] () -- C:\sqmdata00.sqm
[2008/12/24 08:04:38 | 000,000,268 | ---- | M] () -- C:\sqmdata01.sqm
[2008/12/26 15:39:46 | 000,000,268 | ---- | M] () -- C:\sqmdata02.sqm
[2008/12/27 08:00:43 | 000,000,268 | ---- | M] () -- C:\sqmdata03.sqm
[2008/12/28 09:11:55 | 000,000,268 | ---- | M] () -- C:\sqmdata04.sqm
[2008/12/29 07:58:38 | 000,000,268 | ---- | M] () -- C:\sqmdata05.sqm
[2008/12/30 07:54:09 | 000,000,268 | ---- | M] () -- C:\sqmdata06.sqm
[2008/12/30 21:43:44 | 000,000,268 | ---- | M] () -- C:\sqmdata07.sqm
[2008/12/31 08:08:04 | 000,000,268 | ---- | M] () -- C:\sqmdata08.sqm
[2009/01/01 10:57:51 | 000,000,268 | ---- | M] () -- C:\sqmdata09.sqm
[2008/12/25 14:31:42 | 000,000,268 | ---- | M] () -- C:\sqmdata10.sqm
[2008/12/22 07:30:28 | 000,000,268 | ---- | M] () -- C:\sqmdata11.sqm
[2008/12/24 16:00:54 | 000,000,268 | ---- | M] () -- C:\sqmdata12.sqm
[2008/12/19 08:14:06 | 000,000,268 | ---- | M] () -- C:\sqmdata13.sqm
[2008/12/23 07:37:28 | 000,000,268 | ---- | M] () -- C:\sqmdata14.sqm
[2008/12/25 14:14:08 | 000,000,268 | ---- | M] () -- C:\sqmdata15.sqm
[2008/12/18 19:51:08 | 000,000,268 | ---- | M] () -- C:\sqmdata16.sqm
[2008/12/20 08:07:32 | 000,000,268 | ---- | M] () -- C:\sqmdata17.sqm
[2008/12/21 08:04:44 | 000,000,268 | ---- | M] () -- C:\sqmdata18.sqm
[2008/12/22 07:53:23 | 000,000,268 | ---- | M] () -- C:\sqmdata19.sqm
[2008/12/22 07:53:22 | 000,000,244 | ---- | M] () -- C:\sqmnoopt00.sqm
[2008/12/23 08:03:06 | 000,000,244 | ---- | M] () -- C:\sqmnoopt01.sqm
[2008/12/24 08:04:38 | 000,000,244 | ---- | M] () -- C:\sqmnoopt02.sqm
[2008/12/26 15:39:45 | 000,000,244 | ---- | M] () -- C:\sqmnoopt03.sqm
[2008/12/27 08:00:41 | 000,000,244 | ---- | M] () -- C:\sqmnoopt04.sqm
[2008/12/28 09:11:54 | 000,000,244 | ---- | M] () -- C:\sqmnoopt05.sqm
[2008/12/29 07:58:37 | 000,000,244 | ---- | M] () -- C:\sqmnoopt06.sqm
[2008/12/30 07:54:09 | 000,000,244 | ---- | M] () -- C:\sqmnoopt07.sqm
[2008/12/30 21:43:43 | 000,000,244 | ---- | M] () -- C:\sqmnoopt08.sqm
[2008/12/31 08:08:04 | 000,000,244 | ---- | M] () -- C:\sqmnoopt09.sqm
[2009/01/01 10:57:50 | 000,000,244 | ---- | M] () -- C:\sqmnoopt10.sqm
[2008/12/25 14:31:42 | 000,000,244 | ---- | M] () -- C:\sqmnoopt11.sqm
[2008/12/22 07:30:28 | 000,000,244 | ---- | M] () -- C:\sqmnoopt12.sqm
[2008/12/24 16:00:53 | 000,000,244 | ---- | M] () -- C:\sqmnoopt13.sqm
[2008/12/19 08:14:05 | 000,000,244 | ---- | M] () -- C:\sqmnoopt14.sqm
[2008/12/23 07:37:26 | 000,000,244 | ---- | M] () -- C:\sqmnoopt15.sqm
[2008/12/25 14:14:07 | 000,000,244 | ---- | M] () -- C:\sqmnoopt16.sqm
[2008/12/18 19:51:07 | 000,000,244 | ---- | M] () -- C:\sqmnoopt17.sqm
[2008/12/20 08:07:31 | 000,000,244 | ---- | M] () -- C:\sqmnoopt18.sqm
[2008/12/21 08:04:44 | 000,000,244 | ---- | M] () -- C:\sqmnoopt19.sqm
[2012/05/08 03:14:22 | 000,000,126 | ---- | M] () -- C:\user.js
[2008/02/02 23:39:50 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< MD5 for: ATI1RVXX.SYS >
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:ati1rvxx.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:ati1rvxx.sys
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:ati1rvxx.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:ati1rvxx.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:ati1rvxx.sys
[2004/08/04 01:29:30 | 000,063,663 | ---- | M] (ATI Technologies Inc.) MD5=BCAF267B10620F8C93F6E87AB726E145 -- C:\WINDOWS\ServicePackFiles\i386\ati1rvxx.sys
[2004/08/04 01:29:30 | 000,063,663 | ---- | M] (ATI Technologies Inc.) MD5=BCAF267B10620F8C93F6E87AB726E145 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ati1rvxx.sys
[2004/08/04 01:29:30 | 000,063,663 | ---- | M] (ATI Technologies Inc.) MD5=BCAF267B10620F8C93F6E87AB726E145 -- C:\WINDOWS\system32\dllcache\ati1rvxx.sys
[2004/08/04 01:29:30 | 000,063,663 | ---- | M] (ATI Technologies Inc.) MD5=BCAF267B10620F8C93F6E87AB726E145 -- C:\WINDOWS\system32\drivers\ati1rvxx.sys

< MD5 for: ATI2MTAA.SYS >
[2003/03/31 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:ati2mtaa.sys
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:ati2mtaa.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:ati2mtaa.sys
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:ati2mtaa.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:ati2mtaa.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:ati2mtaa.sys
[2004/08/04 01:29:26 | 000,327,040 | ---- | M] (ATI Technologies Inc.) MD5=2D030C2F6B036CA0BC243E1B16D924D1 -- C:\WINDOWS\ServicePackFiles\i386\ati2mtaa.sys
[2004/08/04 01:29:26 | 000,327,040 | ---- | M] (ATI Technologies Inc.) MD5=2D030C2F6B036CA0BC243E1B16D924D1 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ati2mtaa.sys
[2004/08/04 01:29:26 | 000,327,040 | ---- | M] (ATI Technologies Inc.) MD5=2D030C2F6B036CA0BC243E1B16D924D1 -- C:\WINDOWS\system32\dllcache\ati2mtaa.sys
[2004/08/04 01:29:26 | 000,327,040 | ---- | M] (ATI Technologies Inc.) MD5=2D030C2F6B036CA0BC243E1B16D924D1 -- C:\WINDOWS\system32\drivers\ati2mtaa.sys

< MD5 for: ATINXSXX.SYS >
[2003/03/31 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atinxsxx.sys
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atinxsxx.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atinxsxx.sys
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atinxsxx.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atinxsxx.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:atinxsxx.sys
[2004/08/04 01:29:31 | 000,063,488 | ---- | M] (ATI Technologies Inc.) MD5=77B575D7AAB35D5908AE6CE681608D62 -- C:\WINDOWS\ServicePackFiles\i386\atinxsxx.sys
[2004/08/04 01:29:31 | 000,063,488 | ---- | M] (ATI Technologies Inc.) MD5=77B575D7AAB35D5908AE6CE681608D62 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atinxsxx.sys
[2004/08/04 01:29:31 | 000,063,488 | ---- | M] (ATI Technologies Inc.) MD5=77B575D7AAB35D5908AE6CE681608D62 -- C:\WINDOWS\system32\dllcache\atinxsxx.sys
[2004/08/04 01:29:31 | 000,063,488 | ---- | M] (ATI Technologies Inc.) MD5=77B575D7AAB35D5908AE6CE681608D62 -- C:\WINDOWS\system32\drivers\atinxsxx.sys

< MD5 for: CDFS.SYS >
[2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) MD5=C885B02847F5D2FD45A24E219ED93B32 -- C:\WINDOWS\ServicePackFiles\i386\cdfs.sys
[2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) MD5=C885B02847F5D2FD45A24E219ED93B32 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\cdfs.sys
[2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) MD5=C885B02847F5D2FD45A24E219ED93B32 -- C:\WINDOWS\system32\drivers\cdfs.sys
[2004/08/04 02:14:10 | 000,063,744 | ---- | M] (Microsoft Corporation) MD5=CD7D5152DF32B47F4E36F710B35AAE02 -- C:\WINDOWS\$NtServicePackUninstall$\cdfs.sys

< MD5 for: FLTMGR.SYS >
[2004/08/04 02:01:19 | 000,124,800 | ---- | M] (Microsoft Corporation) MD5=157754F0DF355A9E0A6F54721914F9C6 -- C:\WINDOWS\$NtUninstallKB922582$\fltmgr.sys
[2006/08/21 05:14:58 | 000,128,896 | ---- | M] (Microsoft Corporation) MD5=3D234FB6D6EE875EB009864A299BEA29 -- C:\WINDOWS\$NtServicePackUninstall$\fltmgr.sys
[2006/08/21 05:43:32 | 000,128,768 | ---- | M] (Microsoft Corporation) MD5=5A85CD3D07273E3F6FE72EE9C6431632 -- C:\WINDOWS\$hf_mig$\KB922582\SP2QFE\fltmgr.sys
[2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) MD5=B2CF4B0786F8212CB92ED2B50C6DB6B0 -- C:\WINDOWS\ServicePackFiles\i386\fltmgr.sys
[2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) MD5=B2CF4B0786F8212CB92ED2B50C6DB6B0 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\fltmgr.sys
[2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) MD5=B2CF4B0786F8212CB92ED2B50C6DB6B0 -- C:\WINDOWS\system32\drivers\fltmgr.sys

< MD5 for: MF.SYS >
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:mf.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:mf.sys
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:mf.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:mf.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:mf.sys
[2004/08/04 02:07:44 | 000,063,744 | ---- | M] (Microsoft Corporation) MD5=729D83E56C29C510258A6E9E79FFDDC3 -- C:\WINDOWS\$NtServicePackUninstall$\mf.sys
[2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) MD5=A7DA20AB18A1BDAE28B0F349E57DA0D1 -- C:\WINDOWS\ServicePackFiles\i386\mf.sys
[2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) MD5=A7DA20AB18A1BDAE28B0F349E57DA0D1 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mf.sys
[2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) MD5=A7DA20AB18A1BDAE28B0F349E57DA0D1 -- C:\WINDOWS\system32\drivers\mf.sys

< MD5 for: MTLSTRM.SYS >
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:mtlstrm.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:mtlstrm.sys
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:mtlstrm.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:mtlstrm.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:mtlstrm.sys
[2004/08/04 01:41:37 | 001,309,184 | ---- | M] (Smart Link) MD5=54886A652BF5685192141DF304E923FD -- C:\WINDOWS\ServicePackFiles\i386\mtlstrm.sys
[2004/08/04 01:41:37 | 001,309,184 | ---- | M] (Smart Link) MD5=54886A652BF5685192141DF304E923FD -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mtlstrm.sys
[2004/08/04 01:41:37 | 001,309,184 | ---- | M] (Smart Link) MD5=54886A652BF5685192141DF304E923FD -- C:\WINDOWS\system32\dllcache\mtlstrm.sys
[2004/08/04 01:41:37 | 001,309,184 | ---- | M] (Smart Link) MD5=54886A652BF5685192141DF304E923FD -- C:\WINDOWS\system32\drivers\mtlstrm.sys

< MD5 for: NIC1394.SYS >
[2003/03/31 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:nic1394.sys
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:nic1394.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:nic1394.sys
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:nic1394.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:nic1394.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:nic1394.sys
[2004/08/04 01:58:29 | 000,061,824 | ---- | M] (Microsoft Corporation) MD5=5C5C53DB4FEF16CF87B9911C7E8C6FBC -- C:\WINDOWS\$NtServicePackUninstall$\nic1394.sys
[2008/04/13 14:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) MD5=E9E47CFB2D461FA0FC75B7A74C6383EA -- C:\WINDOWS\ServicePackFiles\i386\nic1394.sys
[2008/04/13 14:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) MD5=E9E47CFB2D461FA0FC75B7A74C6383EA -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\nic1394.sys
[2008/04/13 14:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) MD5=E9E47CFB2D461FA0FC75B7A74C6383EA -- C:\WINDOWS\system32\drivers\nic1394.sys

< MD5 for: NV4_MINI.SYS >
[2003/03/31 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:nv4_mini.sys
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:nv4_mini.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:nv4_mini.sys
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:nv4_mini.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:nv4_mini.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:nv4_mini.sys
[2004/08/04 01:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) MD5=2B298519EDBFCF451D43E0F1E8F1006D -- C:\WINDOWS\ServicePackFiles\i386\nv4_mini.sys
[2004/08/04 01:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) MD5=2B298519EDBFCF451D43E0F1E8F1006D -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\nv4_mini.sys
[2004/08/04 01:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) MD5=2B298519EDBFCF451D43E0F1E8F1006D -- C:\WINDOWS\system32\dllcache\nv4_mini.sys
[2004/08/04 01:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) MD5=2B298519EDBFCF451D43E0F1E8F1006D -- C:\WINDOWS\system32\drivers\nv4_mini.sys

< MD5 for: NWLNKNB.SYS >
[2003/03/31 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) MD5=56D34A67C05E94E16377C60609741FF8 -- C:\WINDOWS\system32\dllcache\nwlnknb.sys
[2003/03/31 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) MD5=56D34A67C05E94E16377C60609741FF8 -- C:\WINDOWS\system32\drivers\nwlnknb.sys

< MD5 for: SERIAL.SYS >
[2003/03/31 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:serial.sys
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:serial.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:serial.sys
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:serial.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:serial.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:serial.sys
[2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=CCA207A8896D4C6A0C9CE29A4AE411A7 -- C:\WINDOWS\ServicePackFiles\i386\serial.sys
[2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=CCA207A8896D4C6A0C9CE29A4AE411A7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\serial.sys
[2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=CCA207A8896D4C6A0C9CE29A4AE411A7 -- C:\WINDOWS\system32\drivers\serial.sys
[2004/08/04 02:15:52 | 000,064,896 | ---- | M] (Microsoft Corporation) MD5=CD9404D115A00D249F70A371B46D5A26 -- C:\WINDOWS\$NtServicePackUninstall$\serial.sys

< MD5 for: SLNT7554.SYS >
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:slnt7554.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:slnt7554.sys
[2007/10/05 16:13:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:slnt7554.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:slnt7554.sys
[2012/06/17 18:41:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:slnt7554.sys
[2004/08/04 01:41:40 | 000,129,535 | ---- | M] (Smart Link) MD5=D9673011648A71ED1E1F77B831BC85E6 -- C:\WINDOWS\ServicePackFiles\i386\slnt7554.sys
[2004/08/04 01:41:40 | 000,129,535 | ---- | M] (Smart Link) MD5=D9673011648A71ED1E1F77B831BC85E6 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\slnt7554.sys
[2004/08/04 01:41:40 | 000,129,535 | ---- | M] (Smart Link) MD5=D9673011648A71ED1E1F77B831BC85E6 -- C:\WINDOWS\system32\dllcache\slnt7554.sys
[2004/08/04 01:41:40 | 000,129,535 | ---- | M] (Smart Link) MD5=D9673011648A71ED1E1F77B831BC85E6 -- C:\WINDOWS\system32\drivers\slnt7554.sys

< >

< End of report >


Extras:


OTL Extras logfile created on: 6/20/2012 1:17:40 AM - Run 4
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\User\Desktop\Spyware & Virus tools\GtGCompCavtools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.30 Mb Total Physical Memory | 321.94 Mb Available Physical Memory | 63.09% Memory free
860.00 Mb Paging File | 607.43 Mb Available in Paging File | 70.63% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 2.49 Gb Free Space | 13.38% Space Free | Partition Type: NTFS
Drive E: | 74.52 Gb Total Space | 2.09 Gb Free Space | 2.80% Space Free | Partition Type: NTFS

Computer Name: USER-2LHZ6LTLSL | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Rhapsody\rhapsody.exe" = C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:RealNetworks Rhapsody -- (Rhapsody International Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{659314FA-F336-482D-B094-C3FCA68BB60B}" = GEAR driver installer for x86 and x64
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"7-Zip" = 7-Zip 9.22beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"CCleaner" = CCleaner
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Rhapsody" = Rhapsody
"Star Trek: The Game Show" = Star Trek: The Game Show
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"YInstHelper" = Yahoo! Install Manager
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/18/2012 8:23:09 PM | Computer Name = USER-2LHZ6LTLSL | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 13.0.1.4548, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/18/2012 9:34:51 PM | Computer Name = USER-2LHZ6LTLSL | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 13.0.1.4548, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/19/2012 3:27:50 AM | Computer Name = USER-2LHZ6LTLSL | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 13.0.1.4548, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/19/2012 9:31:43 AM | Computer Name = USER-2LHZ6LTLSL | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 13.0.1.4548, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/19/2012 11:59:51 AM | Computer Name = USER-2LHZ6LTLSL | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 13.0.1.4548, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/20/2012 12:27:51 AM | Computer Name = USER-2LHZ6LTLSL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/20/2012 12:42:19 AM | Computer Name = USER-2LHZ6LTLSL | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 13.0.1.4548, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/20/2012 12:44:57 AM | Computer Name = USER-2LHZ6LTLSL | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 13.0.1.4548, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/20/2012 12:46:54 AM | Computer Name = USER-2LHZ6LTLSL | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 13.0.1.4548, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/20/2012 12:48:53 AM | Computer Name = USER-2LHZ6LTLSL | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 13.0.1.4548, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 6/18/2012 8:28:34 PM | Computer Name = USER-2LHZ6LTLSL | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 6/19/2012 2:49:18 AM | Computer Name = USER-2LHZ6LTLSL | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 6/19/2012 3:07:55 AM | Computer Name = USER-2LHZ6LTLSL | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 6/19/2012 9:25:07 AM | Computer Name = USER-2LHZ6LTLSL | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 6/19/2012 9:34:52 AM | Computer Name = USER-2LHZ6LTLSL | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 6/19/2012 12:22:18 PM | Computer Name = USER-2LHZ6LTLSL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/19/2012 12:22:58 PM | Computer Name = USER-2LHZ6LTLSL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips P3

Error - 6/19/2012 12:27:11 PM | Computer Name = USER-2LHZ6LTLSL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/19/2012 12:29:05 PM | Computer Name = USER-2LHZ6LTLSL | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 6/20/2012 1:04:14 AM | Computer Name = USER-2LHZ6LTLSL | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).


< End of report >

Edited by ogam5, 19 June 2012 - 11:42 PM.

  • 0

#117
RKinner
Posted 20 June 2012 - 01:01 AM

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
Sounds like we are making progress if you can now download in IE. (You can delete the downloaded HostsXpert file. We don't need it.) I think what you are asking for is the Ttabs option page under Internet Options, General. (Or at least that's where it is under IE 9).

When FF won't run then we usually remove the existing profile first to see if something in it is the problem. It's at: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default. I would just move it to a different folder. Then when you start FF it will create a new one. (You may want to right click on the clock and select Task Manager then Processes and make sure that firefox.exe is not running. I've seen it get stuck in a strange state where it shows up in Processes but not on the task bar.

Can you download in Safari or Chrome now?
  • 0

#118
ogam5
Posted 20 June 2012 - 04:57 AM

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Haven't ever had anything to do with Chrome - and given my capacity issues, not gonna anytime soon.....will try to do what you've explained with Firefox and, as for Safari, can't download from there either - although maybe if do whatever I did to IE8 and tried to with FF, it might work - can you give me instructions with Safari? As for moving the default to a different folder, what exactly do you mean? Need some counsel with that.....and I usually bring up Task Manager by pressing 'Ctrl/Alt/Delete' all at once - same exact operation you're speaking of by the right-click on the clock?

Edited by ogam5, 20 June 2012 - 05:02 AM.

  • 0

#119
RKinner
Posted 20 June 2012 - 09:08 AM

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
Somehow I thought you had Chrome already too but I don't see it so forget that. Just try Safari and see if it is downloading now.
  • 0

#120
ogam5
Posted 20 June 2012 - 10:05 AM

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
.....oKAY; think some potential clues are beginning to reveal themselves as to the downloading/uploading/saving/attaching issues - which are now solely in Firefox, it appears; was able to successfully download first an MP3 file my friend had sent me yesterday, with IE8 this morning, and one of the alternative MP3 conversion programs recommended by CompCav earlier in this thread, with Safari (which is from where I'm posting this reply.....) Something ELSE I noticed and which may be of some importance, is that the YouTube video I posted to Facebook while on Firefox returned a notice that I needed Flash (the latest version?) to play it, but in Safari it played with NO problem......wondering whether there some serious glitches with FF13 (which I just upgraded to late last week) but, that said, have had numerous prompts for quite some time to (re)install Flash, and there are still questions as to where my Java functions are at in terms of full operability/potential.....any idea what's prompting the 'Open With' in Safe Mode yet based upon all the scan reports already generated? As I also said earlier on, find it interesting that I WAS able to access Firefox in SM for the first time since the 'OW' issue arose last year, upon changing the settings for Microsoft.NET.assistant.....also, my yellow MS Updates shield is showing, but with my space considerations, I WON'T blindly follow though with those - any way of determining which updates/upgrades are pending and selecting them separately, as I see fit and according to what I see my needs as being?

Edited by ogam5, 20 June 2012 - 10:08 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP