Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

File Recovery Virus? And System Restore won't work [Closed]

Started by robertupland , Aug 28 2012 02:22 PM

This topic is locked

#1
robertupland

Posted 28 August 2012 - 02:22 PM

Member

Member
62 posts

Hello Geeks

So here are a few of the issues I'm having:

A program called File Recovery is on my computer and I'm pretty sure it's a virus because it looks just like the ones I've had before.

My sister opened it and the system went wacky then restarted. When it came back up all kinds of things were missing and System Restore is one of them. Also, when I try to go to Accessories/System Tools all that is there now is Internet Explorer (no add-ons) Defrag, System Restore ETC are all gone. I was able to access System Restore from Help but after I select a restore point and click next, nothing happens

After the system rebooted a bunch of programs were gone.

I have ran MalwareBytes but it didn't detect anything. I also tried Kaspersky and nothing. Can anyone help?

Here is the OTL Log ( I also got and Extras.txt log and I will post it below)

OTL logfile created on: 8/28/2012 4:28:01 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\mmbm\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.48 Mb Total Physical Memory | 134.71 Mb Available Physical Memory | 15.04% Memory free
2.12 Gb Paging File | 1.45 Gb Available in Paging File | 68.64% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.95 Gb Total Space | 109.63 Gb Free Space | 76.16% Space Free | Partition Type: NTFS
Drive D: | 5.08 Gb Total Space | 2.58 Gb Free Space | 50.72% Space Free | Partition Type: FAT32

Computer Name: YOUR-BC185A12A1 | User Name: mmbm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/28 16:27:21 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mmbm\Desktop\OTL.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,258,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/03/21 17:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/09 23:51:19 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2007/07/13 20:19:16 | 005,252,936 | ---- | M] (SpareBackup, Inc.) -- C:\Program Files\Spare Backup\SpareBackup.exe
PRC - [2006/02/20 15:23:08 | 000,495,616 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcrcoms.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/13 21:04:56 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/13 17:54:12 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/13 17:54:01 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/13 17:47:50 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/13 17:47:47 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
MOD - [2012/06/13 17:47:41 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/06/13 17:47:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/06/12 18:44:39 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e70343406253e43964f9fe1f42cfbd7c\System.Web.Services.ni.dll
MOD - [2012/05/11 20:30:35 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
MOD - [2012/05/11 20:30:27 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/05/11 20:30:24 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
MOD - [2012/05/11 20:29:05 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\129b15861e200613ff78ae15581f9093\System.Security.ni.dll
MOD - [2012/05/11 20:29:04 | 002,510,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\982b508698278c6ffb3d143bbe1e8bb8\System.Data.SqlXml.ni.dll
MOD - [2012/05/11 20:29:02 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/11 20:28:57 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/11 19:47:11 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/11 19:45:45 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
MOD - [2012/05/11 19:27:41 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/11 19:25:02 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/03/21 17:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 17:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2007/11/10 00:27:20 | 000,708,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Microsoft.Web.Services2\2.0.3.0__31bf3856ad364e35\Microsoft.Web.Services2.dll
MOD - [2007/04/03 11:05:24 | 000,577,096 | ---- | M] () -- C:\Program Files\Spare Backup\System.Data.SQLite.DLL
MOD - [2007/04/03 11:04:54 | 000,183,880 | ---- | M] () -- C:\Program Files\Spare Backup\UberCrypto.dll
MOD - [2006/10/31 03:35:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2006/10/31 03:35:00 | 000,196,608 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
MOD - [2006/02/02 04:24:56 | 000,012,288 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\fxctrstr.dll
MOD - [2006/02/02 04:12:22 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\LXPRMON.DLL
MOD - [2006/02/02 04:10:20 | 000,032,768 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\ipcmt.dll
MOD - [2006/01/12 10:20:04 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxcrpp5c.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/26 19:07:20 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) [Auto | Stopped] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/09/01 16:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2008/12/01 11:59:52 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus®
SRV - [2008/07/15 17:38:32 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/11/09 23:51:19 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2007/08/29 17:58:47 | 000,181,800 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2006/02/20 15:23:08 | 000,495,616 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\system32\lxcrcoms.exe -- (lxcr_device)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\jl2005c.sys -- (JL2005C)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2011/02/15 13:17:12 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2007/10/02 05:32:14 | 004,613,120 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/08/08 23:11:00 | 000,102,400 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2007/07/03 16:59:10 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2006/11/27 05:33:54 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/11/27 05:33:50 | 000,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/07/18 18:16:08 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/07/18 18:15:18 | 000,256,128 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2006/07/18 18:15:10 | 000,728,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/04/05 23:30:16 | 000,026,752 | R--- | M] (ENCORE ELECTRONICS, INC. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfnd51.sys -- (ip100xp)
DRV - [2001/08/17 22:10:58 | 000,069,692 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el575ND5.sys -- (el575nd5)
DRV - [2001/08/17 17:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.amazon.co...&x=18&y=21&rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {74E91244-8EDB-4470-8461-D41D22FBCD5F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{74E91244-8EDB-4470-8461-D41D22FBCD5F}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox...id=80114&lng=en
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120515
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:4.8.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.5.20110120033202
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="
FF - prefs.js..network.proxy.no_proxies_on: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Program Files\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\mmbm\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\mmbm\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/31 03:06:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/17 13:36:41 | 000,000,000 | ---D | M]

[2010/11/22 15:56:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mmbm\Application Data\Mozilla\Extensions
[2012/08/26 19:09:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mmbm\Application Data\Mozilla\Firefox\Profiles\3l37ylta.default\extensions
[2010/12/09 13:24:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mmbm\Application Data\Mozilla\Firefox\Profiles\3l37ylta.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/26 19:01:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\mmbm\Application Data\Mozilla\Firefox\Profiles\3l37ylta.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/03 13:02:26 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\mmbm\Application Data\Mozilla\Firefox\Profiles\3l37ylta.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/08/26 18:54:59 | 000,000,000 | ---D | M] (FastestFox) -- C:\Documents and Settings\mmbm\Application Data\Mozilla\Firefox\Profiles\3l37ylta.default\extensions\[email protected]
[2010/11/23 13:12:12 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\mmbm\Application Data\Mozilla\Firefox\Profiles\3l37ylta.default\searchplugins\conduit.xml
[2012/08/28 06:57:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/23 14:42:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/19 19:15:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012/02/25 10:22:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/25 10:22:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/02/25 10:22:28 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2010/11/23 15:58:05 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eRdWJbaWyBt.exe] C:\Documents and Settings\All Users\Application Data\eRdWJbaWyBt.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LXCRCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.DLL ()
O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [Spare Backup] C:\Program Files\Spare Backup\SpareBackup.exe (SpareBackup, Inc.)
O4 - HKCU..\Run: [Qc4GImDzeDTW5m] C:\Documents and Settings\All Users\Application Data\Qc4GImDzeDTW5m.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: pogo.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://supportcente...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freer...ller.cab?v=1043 (SonyOnlineInstallerX)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} http://download-game...h2.1.0.0.53.cab (CPlayFirstDinerDash2Control Object)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcp...opAntiVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergys...om/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} http://download-game...tg.1.0.0.33.cab (CPlayFirstddfotgControl Object)
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} http://simcity.ea.co...ic/SimCityX.cab (SimCityX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer....r_installer.exe (Virtools WebPlayer Class)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://games.bigfish...inematycoon.cab (TikGames Online Control)
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} http://pogo.oberon-m...sh.1.0.0.47.cab (CPlayFirstWeddingDashControl Object)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{048CBC39-3B32-4C52-B329-1DEE0C053B74}: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\mmbm\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mmbm\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/06 20:38:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/28 16:27:19 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mmbm\Desktop\OTL.exe
[2012/08/27 22:49:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mmbm\Start Menu\Programs\File Recovery
[2012/08/27 22:48:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\mmbm\Recent
[2012/08/17 19:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\3DVista
[2012/08/16 22:57:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2012/08/09 19:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mmbm\Local Settings\Application Data\Deployment
[2012/07/31 03:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mmbm\My Documents\My Google Gadgets
[2012/07/31 03:08:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Desktop

========== Files - Modified Within 30 Days ==========

[2012/08/28 16:27:21 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mmbm\Desktop\OTL.exe
[2012/08/28 16:12:26 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/28 15:54:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/28 07:31:40 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/08/28 07:25:31 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/28 07:25:18 | 000,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/08/28 07:21:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/28 07:21:35 | 939,053,056 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/27 23:03:01 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/08/27 22:49:45 | 000,000,160 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-Qc4GImDzeDTW5mr
[2012/08/27 22:49:45 | 000,000,152 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-Qc4GImDzeDTW5m
[2012/08/27 22:49:44 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\mmbm\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/08/27 22:49:44 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\mmbm\Desktop\File_Recovery.lnk
[2012/08/27 22:49:43 | 000,000,368 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Qc4GImDzeDTW5m
[2012/08/27 22:49:26 | 000,368,640 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Qc4GImDzeDTW5m.exe
[2012/08/27 22:33:53 | 000,466,432 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\eRdWJbaWyBt.exe
[2012/08/27 18:06:06 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2012/08/25 13:41:15 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/24 17:13:32 | 000,000,864 | ---- | M] () -- C:\Documents and Settings\mmbm\Desktop\Shortcut to PlantsVsZombies.lnk
[2012/08/19 04:30:52 | 000,187,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/19 03:13:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/16 22:51:47 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\mmbm\Desktop\Shortcut to WinRAR.lnk
[2012/08/15 20:33:50 | 000,003,030 | ---- | M] () -- C:\Documents and Settings\mmbm\Application Data\wklnhst.dat
[2012/08/03 13:29:28 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\mmbm\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/31 03:08:23 | 000,000,943 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Desktop.lnk

========== Files Created - No Company Name ==========

[2012/08/28 00:04:48 | 939,053,056 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/27 22:49:45 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-Qc4GImDzeDTW5mr
[2012/08/27 22:49:44 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\mmbm\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/08/27 22:49:44 | 000,000,152 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-Qc4GImDzeDTW5m
[2012/08/27 22:49:43 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\mmbm\Desktop\File_Recovery.lnk
[2012/08/27 22:49:27 | 000,000,368 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Qc4GImDzeDTW5m
[2012/08/27 22:49:26 | 000,368,640 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Qc4GImDzeDTW5m.exe
[2012/08/27 22:37:12 | 000,466,432 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\eRdWJbaWyBt.exe
[2012/08/24 17:13:32 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\mmbm\Desktop\Shortcut to PlantsVsZombies.lnk
[2012/08/19 20:14:21 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2012/08/16 22:51:47 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\mmbm\Desktop\Shortcut to WinRAR.lnk
[2012/07/31 03:08:23 | 000,000,943 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Desktop.lnk
[2012/06/16 18:34:29 | 000,037,404 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/05/29 16:56:21 | 000,002,220 | ---- | C] () -- C:\Documents and Settings\mmbm\.recently-used.xbel
[2012/02/16 01:49:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/03/22 15:27:23 | 000,000,117 | ---- | C] () -- C:\Documents and Settings\mmbm\jagex_runescape_preferences2.dat
[2011/03/22 15:26:18 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\mmbm\jagex_runescape_preferences.dat
[2011/02/17 10:57:54 | 000,002,147 | ---- | C] () -- C:\Documents and Settings\mmbm\clipdat2.rdf
[2010/11/21 22:37:53 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\mmbm\Local Settings\Application Data\housecall.guid.cache
[2010/09/03 18:25:38 | 000,003,030 | ---- | C] () -- C:\Documents and Settings\mmbm\Application Data\wklnhst.dat
[2010/05/01 11:55:12 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\mmbm\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2011/07/12 21:40:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2010/05/21 16:37:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Cadsoft
[2012/07/08 10:08:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/08/25 16:08:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MyVirtualHome
[2010/11/22 16:03:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/05/06 22:57:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2012/01/28 12:52:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2012/08/16 22:57:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/03/31 15:33:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/13 13:26:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\VideoConverter
[2009/07/09 16:16:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2011/02/07 21:07:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2007/11/10 00:07:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/06/30 14:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mmbm\Application Data\AnvSoft
[2010/05/26 11:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mmbm\Application Data\Facebook
[2010/04/30 15:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mmbm\Application Data\GetRightToGo
[2012/05/29 16:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mmbm\Application Data\gtk-2.0
[2012/07/08 18:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mmbm\Application Data\IObit
[2010/05/01 11:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mmbm\Application Data\Opera
[2007/11/10 00:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mmbm\Application Data\SampleView
[2011/03/31 15:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mmbm\Application Data\SecondLife
[2012/08/28 07:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mmbm\Application Data\Spare Backup
[2010/09/03 18:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mmbm\Application Data\Template

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C5692E6

< End of report >

Extras log:

OTL Extras logfile created on: 8/28/2012 4:28:01 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\mmbm\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.48 Mb Total Physical Memory | 134.71 Mb Available Physical Memory | 15.04% Memory free
2.12 Gb Paging File | 1.45 Gb Available in Paging File | 68.64% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.95 Gb Total Space | 109.63 Gb Free Space | 76.16% Space Free | Partition Type: NTFS
Drive D: | 5.08 Gb Total Space | 2.58 Gb Free Space | 50.72% Space Free | Partition Type: FAT32

Computer Name: YOUR-BC185A12A1 | User Name: mmbm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"56993:TCP" = 56993:TCP:*:Enabled:Pando Media Booster
"56993:UDP" = 56993:UDP:*:Enabled:Pando Media Booster
"56623:TCP" = 56623:TCP:*:Enabled:Pando Media Booster
"56623:UDP" = 56623:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"56993:TCP" = 56993:TCP:*:Enabled:Pando Media Booster
"56993:UDP" = 56993:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"56623:TCP" = 56623:TCP:*:Enabled:Pando Media Booster
"56623:UDP" = 56623:UDP:*:Enabled:Pando Media Booster
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper -- (Opera Software)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 4.1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A57C6094-FC5A-4DEC-B1E0-1B2F48EEE8F4}" = Spare Backup
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DF86A72C-4585-4D75-B592-968C8C6604A1}" = eMachines Connect
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F8722041-B63A-47FB-82A8-5F0977E1CF45}" = TWC Customer Controls
"7394C7E1FE86ACFE6FB7A2879139A6AEB420EC10" = Windows Driver Package - NVIDIA (NVENETFD) Net (11/27/2006 65.4.8)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon Kindle" = Amazon Kindle
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"D93CE88F69FBAD21C270C82347C084C1411AFF43" = Windows Driver Package - NVIDIA (nvnetbus) NVIDIA Network Bus Enumerator (11/27/2006 65.4.8)
"DivX Setup.divx.com" = DivX Setup
"DVD Flick_is1" = DVD Flick 1.3.0.7
"Google Desktop" = Google Desktop
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Lexmark 2400 Series" = Lexmark 2400 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 12.01.1532" = Opera 12.01
"PhoTagsExpress" = PhoTags Express
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"WGA" = Windows Genuine Advantage Validation Tool
"WildTangent emachines Master Uninstall" = eMachines Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Play89" = Play89
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/12/2012 2:03:28 PM | Computer Name = YOUR-BC185A12A1 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 8/12/2012 5:50:33 PM | Computer Name = YOUR-BC185A12A1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19258, fault address 0x00088fc7.

Error - 8/27/2012 5:15:53 PM | Computer Name = YOUR-BC185A12A1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/27/2012 11:03:03 PM | Computer Name = YOUR-BC185A12A1 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 8/27/2012 11:31:43 PM | Computer Name = YOUR-BC185A12A1 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 8/28/2012 7:01:43 AM | Computer Name = YOUR-BC185A12A1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/28/2012 7:01:43 AM | Computer Name = YOUR-BC185A12A1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/28/2012 7:02:56 AM | Computer Name = YOUR-BC185A12A1 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/28/2012 7:04:56 AM | Computer Name = YOUR-BC185A12A1 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 8/28/2012 2:19:14 PM | Computer Name = YOUR-BC185A12A1 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
P4 4.0.1526.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 8/28/2012 3:05:22 PM | Computer Name = YOUR-BC185A12A1 | Source = nvgts | ID = 262153
Description = The device, \Device\Scsi\nvgts1, did not respond within the timeout
period.

Error - 8/28/2012 3:05:35 PM | Computer Name = YOUR-BC185A12A1 | Source = nvgts | ID = 262153
Description = The device, \Device\Scsi\nvgts1, did not respond within the timeout
period.

Error - 8/28/2012 3:09:47 PM | Computer Name = YOUR-BC185A12A1 | Source = nvgts | ID = 262153
Description = The device, \Device\Scsi\nvgts1, did not respond within the timeout
period.

Error - 8/28/2012 3:10:12 PM | Computer Name = YOUR-BC185A12A1 | Source = nvgts | ID = 262153
Description = The device, \Device\Scsi\nvgts1, did not respond within the timeout
period.

Error - 8/28/2012 3:10:32 PM | Computer Name = YOUR-BC185A12A1 | Source = nvgts | ID = 262153
Description = The device, \Device\Scsi\nvgts1, did not respond within the timeout
period.

Error - 8/28/2012 3:10:52 PM | Computer Name = YOUR-BC185A12A1 | Source = nvgts | ID = 262153
Description = The device, \Device\Scsi\nvgts1, did not respond within the timeout
period.

Error - 8/28/2012 3:11:06 PM | Computer Name = YOUR-BC185A12A1 | Source = nvgts | ID = 262153
Description = The device, \Device\Scsi\nvgts1, did not respond within the timeout
period.

Error - 8/28/2012 3:11:22 PM | Computer Name = YOUR-BC185A12A1 | Source = nvgts | ID = 262153
Description = The device, \Device\Scsi\nvgts1, did not respond within the timeout
period.

Error - 8/28/2012 3:14:08 PM | Computer Name = YOUR-BC185A12A1 | Source = nvgts | ID = 262153
Description = The device, \Device\Scsi\nvgts1, did not respond within the timeout
period.

Error - 8/28/2012 3:32:07 PM | Computer Name = YOUR-BC185A12A1 | Source = nvgts | ID = 262153
Description = The device, \Device\Scsi\nvgts1, did not respond within the timeout
period.

< End of report >

Thanks In Advance,
Robert

Edited by robertupland, 28 August 2012 - 02:40 PM.

#2
Essexboy

Posted 28 August 2012 - 03:25 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi there please do not use any temp file cleaners unitl I say so

Download RogueKiller and save it on your desktop.
Quit all programs
Start RogueKiller.exe.
Wait until Prescan has finished ...
Click on Scan

Wait for the end of the scan.
The report has been created on the desktop.
Click on the Delete button.

The report has been created on the desktop.

Next click on the ShortcutsFix
The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following
Posted Image

:OTL
O4 - HKLM..\Run: [eRdWJbaWyBt.exe] C:\Documents and Settings\All Users\Application Data\eRdWJbaWyBt.exe ()
O4 - HKCU..\Run: [Qc4GImDzeDTW5m] C:\Documents and Settings\All Users\Application Data\Qc4GImDzeDTW5m.exe ()
[2012/08/27 22:49:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mmbm\Start Menu\Programs\File Recovery
[2012/08/27 22:48:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\mmbm\Recent
[2012/08/27 22:49:45 | 000,000,160 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-Qc4GImDzeDTW5mr
[2012/08/27 22:49:45 | 000,000,152 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-Qc4GImDzeDTW5m
[2012/08/27 22:49:44 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\mmbm\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/08/27 22:49:44 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\mmbm\Desktop\File_Recovery.lnk
[2012/08/27 22:49:43 | 000,000,368 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Qc4GImDzeDTW5m
[2012/08/27 22:49:26 | 000,368,640 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Qc4GImDzeDTW5m.exe
[2012/08/27 22:33:53 | 000,466,432 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\eRdWJbaWyBt.exe
[2012/08/27 22:49:45 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-Qc4GImDzeDTW5mr
[2012/08/27 22:49:44 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\mmbm\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/08/27 22:49:44 | 000,000,152 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-Qc4GImDzeDTW5m
[2012/08/27 22:49:43 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\mmbm\Desktop\File_Recovery.lnk
[2012/08/27 22:49:27 | 000,000,368 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Qc4GImDzeDTW5m
[2012/08/27 22:49:26 | 000,368,640 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Qc4GImDzeDTW5m.exe
[2012/08/27 22:37:12 | 000,466,432 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\eRdWJbaWyBt.exe

:Commands
[purity]
[resethosts]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

FINALLY

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

#3
robertupland

Posted 28 August 2012 - 04:14 PM

Member

Topic Starter
Member
62 posts

Here goes

Here are the RKreports. I will post the others in my next reply.

RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : mmbm [Admin rights]
Mode : Scan -- Date : 08/28/2012 17:38:24

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 25 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Qc4GImDzeDTW5m (C:\Documents and Settings\All Users\Application Data\Qc4GImDzeDTW5m.exe) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : eRdWJbaWyBt.exe (C:\Documents and Settings\All Users\Application Data\eRdWJbaWyBt.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1176003562-3045670360-1112249694-1007[...]\Run : Qc4GImDzeDTW5m (C:\Documents and Settings\All Users\Application Data\Qc4GImDzeDTW5m.exe) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Parameters : NameServer (93.188.164.103,93.188.161.136) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{048CBC39-3B32-4C52-B329-1DEE0C053B74} : NameServer (93.188.164.103,93.188.161.136) -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721616PLA SCSI Disk Device +++++
--- User ---
[MBR] a28f8b6c299aa56847d97673e724c6bf
[BSP] 5f382e382e10c6c961231ddb131a30ae : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 10683225 | Size: 147408 Mo
1 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 5216 Mo
2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 312576705 | Size: 2 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : mmbm [Admin rights]
Mode : Remove -- Date : 08/28/2012 17:40:35

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 24 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Qc4GImDzeDTW5m (C:\Documents and Settings\All Users\Application Data\Qc4GImDzeDTW5m.exe) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : eRdWJbaWyBt.exe (C:\Documents and Settings\All Users\Application Data\eRdWJbaWyBt.exe) -> DELETED
[DNS] HKLM\[...]\ControlSet001\Services\Parameters : NameServer (93.188.164.103,93.188.161.136) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{048CBC39-3B32-4C52-B329-1DEE0C053B74} : NameServer (93.188.164.103,93.188.161.136) -> NOT REMOVED, USE DNSFIX
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSearch (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721616PLA SCSI Disk Device +++++
--- User ---
[MBR] a28f8b6c299aa56847d97673e724c6bf
[BSP] 5f382e382e10c6c961231ddb131a30ae : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 10683225 | Size: 147408 Mo
1 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 5216 Mo
2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 312576705 | Size: 2 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : mmbm [Admin rights]
Mode : Shortcuts HJfix -- Date : 08/28/2012 17:46:01

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 26 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 13 / Fail 0
Start menu: Success 41 / Fail 0
User folder: Success 557 / Fail 0
My documents: Success 224 / Fail 224
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 11571 / Fail 0
Backup: [FOUND] Success 148 / Fail 0 / Exists 0

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#4
robertupland

Posted 28 August 2012 - 04:18 PM

Member

Topic Starter
Member
62 posts

OTL log:

OTL logfile created on: 8/28/2012 6:05:42 PM - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\mmbm\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.48 Mb Total Physical Memory | 315.53 Mb Available Physical Memory | 35.24% Memory free
2.12 Gb Paging File | 1.68 Gb Available in Paging File | 79.54% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.95 Gb Total Space | 109.61 Gb Free Space | 76.14% Space Free | Partition Type: NTFS
Drive D: | 5.08 Gb Total Space | 2.58 Gb Free Space | 50.72% Space Free | Partition Type: FAT32

Computer Name: YOUR-BC185A12A1 | User Name: mmbm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/28 16:27:21 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mmbm\Desktop\OTL.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/03/21 17:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011/02/24 21:08:32 | 007,034,272 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2011/02/24 21:08:32 | 001,770,400 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/09 23:51:19 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2007/07/13 20:19:16 | 005,252,936 | ---- | M] (SpareBackup, Inc.) -- C:\Program Files\Spare Backup\SpareBackup.exe
PRC - [2006/03/06 13:48:46 | 000,286,720 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
PRC - [2006/02/20 15:23:08 | 000,495,616 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcrcoms.exe
PRC - [2006/02/07 01:10:34 | 000,098,304 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2400 Series\ezprint.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/13 21:04:56 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/13 17:54:12 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/13 17:54:01 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/13 17:47:50 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/13 17:47:47 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
MOD - [2012/06/13 17:47:41 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/06/13 17:47:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/06/12 18:44:39 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e70343406253e43964f9fe1f42cfbd7c\System.Web.Services.ni.dll
MOD - [2012/05/11 20:30:35 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
MOD - [2012/05/11 20:30:27 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/05/11 20:30:24 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
MOD - [2012/05/11 20:29:05 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\129b15861e200613ff78ae15581f9093\System.Security.ni.dll
MOD - [2012/05/11 20:29:04 | 002,510,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\982b508698278c6ffb3d143bbe1e8bb8\System.Data.SqlXml.ni.dll
MOD - [2012/05/11 20:29:02 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/11 20:28:57 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/11 19:47:11 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/11 19:45:45 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
MOD - [2012/05/11 19:27:41 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/11 19:25:02 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/03/21 17:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 17:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/02/24 21:08:36 | 000,022,944 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2011/02/24 20:39:00 | 000,658,432 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2011/02/15 13:16:44 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2011/02/15 13:15:58 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2011/02/15 13:15:52 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2011/02/15 13:15:52 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2011/02/15 12:25:30 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2007/11/10 00:27:20 | 000,708,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Microsoft.Web.Services2\2.0.3.0__31bf3856ad364e35\Microsoft.Web.Services2.dll
MOD - [2007/04/03 11:05:24 | 000,577,096 | ---- | M] () -- C:\Program Files\Spare Backup\System.Data.SQLite.DLL
MOD - [2007/04/03 11:04:54 | 000,183,880 | ---- | M] () -- C:\Program Files\Spare Backup\UberCrypto.dll
MOD - [2006/10/31 03:35:00 | 000,196,608 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
MOD - [2006/03/06 13:48:46 | 000,286,720 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
MOD - [2006/03/06 13:48:10 | 000,274,432 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrscw.dll
MOD - [2006/02/02 04:24:56 | 000,012,288 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\fxctrstr.dll
MOD - [2006/02/02 04:12:22 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\LXPRMON.DLL
MOD - [2006/02/02 04:10:20 | 000,032,768 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\ipcmt.dll
MOD - [2006/01/25 12:27:42 | 000,241,664 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\iptk.dll
MOD - [2006/01/12 10:20:04 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxcrpp5c.dll
MOD - [2005/12/29 11:34:22 | 000,143,360 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrdrec.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/26 19:07:20 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/09/01 16:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2008/12/01 11:59:52 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus®
SRV - [2008/07/15 17:38:32 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/11/09 23:51:19 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2007/08/29 17:58:47 | 000,181,800 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2006/02/20 15:23:08 | 000,495,616 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\system32\lxcrcoms.exe -- (lxcr_device)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\jl2005c.sys -- (JL2005C)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2012/08/28 17:37:21 | 000,014,080 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/02/15 13:17:12 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2007/10/02 05:32:14 | 004,613,120 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/08/08 23:11:00 | 000,102,400 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2007/07/03 16:59:10 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2006/11/27 05:33:54 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/11/27 05:33:50 | 000,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/07/18 18:16:08 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/07/18 18:15:18 | 000,256,128 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2006/07/18 18:15:10 | 000,728,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/04/05 23:30:16 | 000,026,752 | R--- | M] (ENCORE ELECTRONICS, INC. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfnd51.sys -- (ip100xp)
DRV - [2001/08/17 22:10:58 | 000,069,692 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el575ND5.sys -- (el575nd5)
DRV - [2001/08/17 17:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.amazon.co...&x=18&y=21&rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {74E91244-8EDB-4470-8461-D41D22FBCD5F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{74E91244-8EDB-4470-8461-D41D22FBCD5F}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox...id=80114&lng=en
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120515
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:4.8.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.5.20110120033202
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="
FF - prefs.js..network.proxy.no_proxies_on: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Program Files\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\mmbm\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\mmbm\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/31 03:06:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/17 13:36:41 | 000,000,000 | ---D | M]

[2010/11/22 15:56:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mmbm\Application Data\Mozilla\Extensions
[2012/08/26 19:09:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mmbm\Application Data\Mozilla\Firefox\Profiles\3l37ylta.default\extensions
[2010/12/09 13:24:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mmbm\Application Data\Mozilla\Firefox\Profiles\3l37ylta.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/26 19:01:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\mmbm\Application Data\Mozilla\Firefox\Profiles\3l37ylta.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/03 13:02:26 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\mmbm\Application Data\Mozilla\Firefox\Profiles\3l37ylta.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/08/26 18:54:59 | 000,000,000 | ---D | M] (FastestFox) -- C:\Documents and Settings\mmbm\Application Data\Mozilla\Firefox\Profiles\3l37ylta.default\extensions\[email protected]
[2010/11/23 13:12:12 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\mmbm\Application Data\Mozilla\Firefox\Profiles\3l37ylta.default\searchplugins\conduit.xml
[2012/08/28 06:57:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/23 14:42:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/19 19:15:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012/02/25 10:22:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/25 10:22:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/02/25 10:22:28 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2012/08/28 17:54:40 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LXCRCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.DLL ()
O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [Spare Backup] C:\Program Files\Spare Backup\SpareBackup.exe (SpareBackup, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: pogo.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://supportcente...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freer...ller.cab?v=1043 (SonyOnlineInstallerX)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} http://download-game...h2.1.0.0.53.cab (CPlayFirstDinerDash2Control Object)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcp...opAntiVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergys...om/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} http://download-game...tg.1.0.0.33.cab (CPlayFirstddfotgControl Object)
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} http://simcity.ea.co...ic/SimCityX.cab (SimCityX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer....r_installer.exe (Virtools WebPlayer Class)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://games.bigfish...inematycoon.cab (TikGames Online Control)
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} http://pogo.oberon-m...sh.1.0.0.47.cab (CPlayFirstWeddingDashControl Object)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{048CBC39-3B32-4C52-B329-1DEE0C053B74}: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\mmbm\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mmbm\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/06 20:38:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | --S- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/28 17:54:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/28 17:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mmbm\Desktop\RK_Quarantine
[2012/08/28 16:27:19 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mmbm\Desktop\OTL.exe
[2012/08/27 22:48:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\mmbm\Recent
[2012/08/17 19:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\3DVista
[2012/08/16 22:57:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2012/08/09 19:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mmbm\Local Settings\Application Data\Deployment
[2012/07/31 03:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mmbm\My Documents\My Google Gadgets
[2012/07/31 03:08:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Desktop

========== Files - Modified Within 30 Days ==========

[2012/08/28 18:12:17 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/28 18:07:33 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/08/28 17:57:54 | 000,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/08/28 17:57:47 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/28 17:57:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/28 17:57:28 | 939,053,056 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/28 17:54:40 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/08/28 17:54:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/28 17:37:21 | 000,014,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/08/28 17:36:31 | 001,367,552 | ---- | M] () -- C:\Documents and Settings\mmbm\Desktop\RogueKiller.exe
[2012/08/28 16:27:21 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mmbm\Desktop\OTL.exe
[2012/08/27 23:03:01 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/08/27 18:06:06 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2012/08/25 13:41:15 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/24 17:13:32 | 000,000,864 | ---- | M] () -- C:\Documents and Settings\mmbm\Desktop\Shortcut to PlantsVsZombies.lnk
[2012/08/19 04:30:52 | 000,187,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/19 03:13:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/16 22:51:47 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\mmbm\Desktop\Shortcut to WinRAR.lnk
[2012/08/15 20:33:50 | 000,003,030 | ---- | M] () -- C:\Documents and Settings\mmbm\Application Data\wklnhst.dat
[2012/08/03 13:29:28 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\mmbm\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/31 03:08:23 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Desktop.lnk

========== Files Created - No Company Name ==========

[2012/08/28 17:40:53 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2012/08/28 17:40:53 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/08/28 17:40:53 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/08/28 17:40:52 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/28 17:40:49 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/08/28 17:40:49 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/08/28 17:37:20 | 000,014,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/08/28 17:36:18 | 001,367,552 | ---- | C] () -- C:\Documents and Settings\mmbm\Desktop\RogueKiller.exe
[2012/08/28 00:04:48 | 939,053,056 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/24 17:13:32 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\mmbm\Desktop\Shortcut to PlantsVsZombies.lnk
[2012/08/19 20:14:21 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2012/08/16 22:51:47 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\mmbm\Desktop\Shortcut to WinRAR.lnk
[2012/07/31 03:08:23 | 000,000,943 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Desktop.lnk
[2012/06/16 18:34:29 | 000,037,404 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/05/29 16:56:21 | 000,002,220 | ---- | C] () -- C:\Documents and Settings\mmbm\.recently-used.xbel
[2012/02/16 01:49:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/03/22 15:27:23 | 000,000,117 | ---- | C] () -- C:\Documents and Settings\mmbm\jagex_runescape_preferences2.dat
[2011/03/22 15:26:18 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\mmbm\jagex_runescape_preferences.dat
[2011/02/17 10:57:54 | 000,002,147 | ---- | C] () -- C:\Documents and Settings\mmbm\clipdat2.rdf
[2010/11/21 22:37:53 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\mmbm\Local Settings\Application Data\housecall.guid.cache
[2010/09/03 18:25:38 | 000,003,030 | ---- | C] () -- C:\Documents and Settings\mmbm\Application Data\wklnhst.dat
[2010/05/01 11:55:12 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\mmbm\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2011/07/12 21:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2010/05/21 16:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cadsoft
[2012/07/08 10:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/08/25 16:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyVirtualHome
[2010/11/22 16:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/05/06 22:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2012/01/28 12:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2012/08/16 22:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/03/31 15:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/13 13:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VideoConverter
[2009/07/09 16:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2011/02/07 21:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2007/11/10 00:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/06/30 14:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mmbm\Application Data\AnvSoft
[2010/05/26 11:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mmbm\Application Data\Facebook
[2010/04/30 15:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mmbm\Application Data\GetRightToGo
[2012/05/29 16:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mmbm\Application Data\gtk-2.0
[2012/07/08 18:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mmbm\Application Data\IObit
[2010/05/01 11:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mmbm\Application Data\Opera
[2007/11/10 00:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mmbm\Application Data\SampleView
[2011/03/31 15:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mmbm\Application Data\SecondLife
[2012/08/28 17:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mmbm\Application Data\Spare Backup
[2010/09/03 18:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mmbm\Application Data\Template

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C5692E6

< End of report >

Farbar log:
Farbar Service Scanner Version: 06-08-2012
Ran by mmbm (administrator) on 28-08-2012 at 18:02:05
Running from "C:\Documents and Settings\mmbm\Local Settings\Temporary Internet Files\Content.IE5\O9K709M2"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000005000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

#5
Essexboy

Posted 29 August 2012 - 06:59 AM

GeekU Moderator

Retired Staff
69,964 posts

OK we have a bad MBR sector that needs to be removed as a priority

I need you to download:
gparted-live-0.10.0-3.iso (115.1 MB)

Create a bootable CD, for Gparted from the ISO image.

You can use ImgBurn do this.
Steps described here

Now boot off of the newly created Gparted CD.

You should be here... Press ENTER

Posted Image

By default, "do not touch keymap" is highlighted.

Posted Image

Leave this setting alone and just press ENTER.

Posted Image

Choose your language and press ENTER. English is default [33]

At the mode prompt enter 0, press ENTER

You will now be taken to the main GUI screen below

Posted Image

According to your logs, the partition that you want to delete is 2 MB

Right click this partition and select delete .

Posted Image

The Partition has gone

Now select Apply

Now you should be here:

Posted Image

Select Apply after double checking that the right partition was deleted

Is "boot" next to your OS drive?
If "boot" is not next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags
Posted Image

In the menu that pops up, place a checkmark in boot like the picture below, then close :

Posted Image

Under File select Quit
Posted Image

You will see this small Popup
Posted Image

Choose reboot and then press OK.

THEN

From normal windows re-run RogueKiller

#6
Essexboy

Posted 02 September 2012 - 08:05 AM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.