BleepingComputer.com: Tidserv Activity!

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Tidserv Activity!

#1 User is offline   aydinmo 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 20-June 11

Posted 20 June 2011 - 05:18 AM

Hi there,

I have been receiving Symantec notifications of SID: 23621 tidserv activity for the last few days.

I originally (and stupidly) ignored it for a few days but it's time to get rid of this monster :).

I downloaded OTL and ran a scan of all users but I am not completely clear of what to do from here.


OTL logfile created on: 20/06/2011 11:05:54 - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Lida\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.97 Gb Total Physical Memory | 0.53 Gb Available Physical Memory | 26.83% Memory free
3.82 Gb Paging File | 2.53 Gb Available in Paging File | 66.15% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 147.50 Gb Total Space | 4.37 Gb Free Space | 2.96% Space Free | Partition Type: NTFS
Drive D: | 3.42 Gb Total Space | 3.42 Gb Free Space | 99.97% Space Free | Partition Type: FAT32

Computer Name: KC-1 | User Name: Lida | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/06/20 11:05:32 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lida\Desktop\OTL.exe
PRC - [2011/01/20 10:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2008/07/30 17:42:20 | 001,227,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\COH\COH32.exe
PRC - [2008/06/12 17:57:18 | 000,991,584 | ---- | M] (Vendio Services, Inc.) -- C:\Program Files\Search Settings\SearchSettings.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/10 21:07:20 | 000,413,696 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/04/05 03:03:18 | 000,624,056 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe
PRC - [2008/04/05 03:01:20 | 002,234,296 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/04/05 02:55:38 | 001,660,288 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/04/05 02:55:36 | 002,475,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/02/01 09:25:38 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/02/01 09:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006/03/01 12:44:38 | 000,094,208 | ---- | M] () -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe


========== Modules (SafeList) ==========

MOD - [2011/06/20 11:05:32 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lida\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/14 01:12:08 | 000,270,336 | ---- | M] () -- C:\WINDOWS\emomizih.dll
MOD - [2008/04/05 02:58:44 | 000,357,760 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\sysfer.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (STacSV)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2008/11/10 21:33:37 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/05 03:01:20 | 002,234,296 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/04/05 02:55:36 | 002,475,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/04/04 10:45:18 | 000,288,136 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/02/01 09:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/02/01 09:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/08/11 21:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2006/03/01 12:44:38 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)


========== Driver Services (SafeList) ==========

DRV - [2011/05/18 09:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110619.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/18 09:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110619.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/10 09:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/10 09:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/03/30 00:47:24 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2009/12/07 12:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/07 12:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/08/18 22:44:55 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/06/07 22:41:13 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/06/03 00:49:50 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/10 21:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/04/05 03:01:46 | 000,091,520 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2008/04/05 02:59:46 | 000,040,832 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2008/03/22 03:14:24 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/03/22 03:14:24 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/03/22 03:14:24 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/03/12 23:19:50 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/01/18 02:24:44 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/10/31 04:55:38 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/10/31 04:55:34 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/07/29 10:20:28 | 000,043,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2005/12/02 17:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rm.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rm.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rm.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rm.com

IE - HKU\S-1-5-21-507921405-1563985344-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-507921405-1563985344-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKU\S-1-5-21-507921405-1563985344-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-507921405-1563985344-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-507921405-1563985344-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A 76 3A 28 48 63 CB 01 [binary data]
IE - HKU\S-1-5-21-507921405-1563985344-839522115-1004\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
IE - HKU\S-1-5-21-507921405-1563985344-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-507921405-1563985344-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/16 18:10:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6B088E4F-EFF2-4C51-B8CE-B0A817EDEFCA}: C:\Documents and Settings\Lida\Local Settings\Application Data\{6B088E4F-EFF2-4C51-B8CE-B0A817EDEFCA}\ [2011/06/15 16:46:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{AC2E6554-F211-4B19-998B-497EDF86CEE8}: C:\Documents and Settings\Lida\Local Settings\Application Data\{AC2E6554-F211-4B19-998B-497EDF86CEE8}\ [2011/06/16 09:36:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{9B91AD20-ED32-45DC-AE76-13CEEE1A62B3}: C:\Documents and Settings\Lida\Local Settings\Application Data\{9B91AD20-ED32-45DC-AE76-13CEEE1A62B3}\ [2011/06/17 12:21:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{31ED4564-A685-400E-99A7-A646199AC8FD}: C:\Documents and Settings\Lida\Local Settings\Application Data\{31ED4564-A685-400E-99A7-A646199AC8FD}\ [2011/06/18 15:27:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{66D78C9E-077D-48F5-B51D-42A2F4561460}: C:\Documents and Settings\Lida\Local Settings\Application Data\{66D78C9E-077D-48F5-B51D-42A2F4561460}\ [2011/06/19 10:33:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{5F2B126C-854D-4787-96B8-E5663A51154D}: C:\Documents and Settings\Lida\Local Settings\Application Data\{5F2B126C-854D-4787-96B8-E5663A51154D}\ [2011/06/20 10:11:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 23:47:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/04/29 23:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lida\Application Data\Mozilla\Extensions
[2011/04/29 23:47:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/14 17:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/01/21 06:09:09 | 000,377,519 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 13011 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
O3 - HKLM\..\Toolbar: (Alexa) - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files\Alexa Toolbar\AlxTB2.9.39.dll (Alexa Internet, Inc.)
O3 - HKU\S-1-5-21-507921405-1563985344-839522115-1004\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Qzutatiwoji] C:\WINDOWS\emomizih.dll ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Vendio Services, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-507921405-1563985344-839522115-1004..\Run: [3FWHZQA3LT] File not found
O4 - HKU\S-1-5-21-507921405-1563985344-839522115-1004..\Run: [configdat700mod.exe] File not found
O4 - HKU\S-1-5-21-507921405-1563985344-839522115-1004..\Run: [CPN Notifier] File not found
O4 - HKU\S-1-5-21-507921405-1563985344-839522115-1004..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-507921405-1563985344-839522115-1004..\Run: [Oriyeqayo] File not found
O4 - HKU\S-1-5-21-507921405-1563985344-839522115-1004..\Run: [Qzutatiwoji] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-507921405-1563985344-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Lida\Application Data\Dealio\kb127\res\DealioSearch.html ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - File not found
O9 - Extra 'Tools' menuitem : EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - File not found
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - File not found
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205515946015 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1238940333445&h=c38247f571faef18218324eb1b58352a/&filename=jinstall-6u13-windows-i586-jc.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Lida\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lida\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/26 09:43:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{16727435-76a4-11dd-ab51-0019d1a99d69}\Shell\AutoRun\command - "" = F:\EXPLORER.EXE
O33 - MountPoints2\{16727435-76a4-11dd-ab51-0019d1a99d69}\Shell\explore\Command - "" = F:\EXPLORER.EXE
O33 - MountPoints2\{16727435-76a4-11dd-ab51-0019d1a99d69}\Shell\open\Command - "" = F:\EXPLORER.EXE
O33 - MountPoints2\{6ba49c3a-3ea3-11e0-affa-0019d1a99d69}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{97fbfb88-06b5-11df-ae26-0019d1a99d69}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{97fbfb88-06b5-11df-ae26-0019d1a99d69}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{db1afcd6-6c33-11dd-ab3a-0019d1a99d69}\Shell\AutoRun\command - "" = H:\setupSNK.exe
O33 - MountPoints2\{fbf1f57c-43d5-11df-ae93-0019d1a99d69}\Shell\AutoRun\command - "" = F:\mybatchfile.bat
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/20 11:05:29 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lida\Desktop\OTL.exe
[2011/06/20 10:40:21 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Lida\Desktop\FixTDSS.exe
[2011/06/20 10:11:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lida\Local Settings\Application Data\{5F2B126C-854D-4787-96B8-E5663A51154D}
[2011/06/20 00:58:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lida\Recent
[2011/06/19 21:40:03 | 000,000,000 | ---D | C] -- C:\New Folder
[2011/06/19 10:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lida\Local Settings\Application Data\{66D78C9E-077D-48F5-B51D-42A2F4561460}
[2011/06/18 15:27:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lida\Local Settings\Application Data\{31ED4564-A685-400E-99A7-A646199AC8FD}
[2011/06/18 15:22:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/06/18 11:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lida\Local Settings\Application Data\{90FE4CBD-7980-4157-9B03-E825B59C49A0}
[2011/06/17 12:21:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lida\Local Settings\Application Data\{9B91AD20-ED32-45DC-AE76-13CEEE1A62B3}
[2011/06/16 09:36:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lida\Local Settings\Application Data\{AC2E6554-F211-4B19-998B-497EDF86CEE8}
[2011/06/15 16:55:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/06/15 16:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/06/15 16:46:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lida\Local Settings\Application Data\{6B088E4F-EFF2-4C51-B8CE-B0A817EDEFCA}
[2011/06/01 15:03:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PokerStars
[2011/06/01 15:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars
[2010/02/09 23:51:04 | 005,811,712 | ---- | C] (reFX) -- C:\Program Files\Nexus.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Lida\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Lida\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/20 11:05:32 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lida\Desktop\OTL.exe
[2011/06/20 10:46:05 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1563985344-839522115-1004UA.job
[2011/06/20 10:43:03 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/20 10:40:23 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Lida\Desktop\FixTDSS.exe
[2011/06/20 10:39:00 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/06/20 10:17:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/20 10:13:09 | 000,466,538 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/20 10:13:09 | 000,080,504 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/20 10:11:51 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ebehaza.dat
[2011/06/20 10:11:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/20 10:11:06 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/20 10:03:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/20 10:03:37 | 2120,192,000 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/20 00:40:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Theju.bin
[2011/06/19 23:00:54 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{04BD50A8-F1D9-4AC7-A266-663370E852B5}.job
[2011/06/19 14:46:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1563985344-839522115-1004Core.job
[2011/06/16 18:19:44 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\Lida\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/14 15:19:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/01 15:03:01 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\Lida\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Lida\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Lida\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/15 16:46:42 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ebehaza.dat
[2011/06/15 16:46:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Theju.bin
[2011/06/01 15:03:01 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\Lida\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
[2011/04/29 23:49:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/06 16:28:21 | 000,153,600 | ---- | C] () -- C:\WINDOWS\System32\AI_ContextMenu.dll
[2011/01/25 02:22:25 | 001,446,960 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/23 20:35:08 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Lida\Application Data\vso_ts_preview.xml
[2010/10/14 20:07:30 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Lida\Local Settings\Application Data\Ebehaza.dat
[2010/10/14 20:07:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Lida\Local Settings\Application Data\Theju.bin
[2010/04/14 18:06:51 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/06 14:12:59 | 000,012,408 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\aPH03i
[2010/02/16 18:08:36 | 000,023,110 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/02/11 11:05:13 | 000,013,876 | -HS- | C] () -- C:\Documents and Settings\Lida\Local Settings\Application Data\R4AlO7HdsW5
[2010/01/12 00:04:39 | 000,077,374 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/12/17 17:28:31 | 000,056,708 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/25 14:17:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2009/08/25 13:07:48 | 000,188,757 | ---- | C] () -- C:\WINDOWS\hpwins22.dat.temp
[2009/08/25 13:07:47 | 000,002,979 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat.temp
[2009/08/25 12:49:27 | 000,188,952 | ---- | C] () -- C:\WINDOWS\hpwins22.dat
[2009/08/25 12:49:27 | 000,002,979 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/03/14 23:30:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/16 18:19:42 | 000,790,190 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/16 17:32:20 | 000,425,040 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/02/16 17:30:30 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/02/16 17:27:28 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/02/16 17:23:50 | 000,145,081 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/02/16 15:49:30 | 000,328,334 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/02/16 15:47:42 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/02/14 16:15:42 | 000,485,888 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/02/09 23:28:18 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/02/09 21:19:18 | 000,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/02/09 21:19:12 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/02/09 21:18:52 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/02/09 21:18:32 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/02/09 21:18:24 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/02/09 21:18:20 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/02/09 20:56:22 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/02/07 15:55:37 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2009/01/10 23:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/01/10 23:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/01/10 23:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/01/10 23:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/01/10 23:16:04 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2009/01/10 23:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/01/10 23:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009/01/10 23:15:36 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2009/01/10 23:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/01/10 23:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/01/10 23:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/01/10 23:15:06 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2009/01/10 23:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/01/10 23:14:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/12/03 23:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/27 00:48:02 | 000,000,056 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsidmv.dat
[2008/11/08 17:39:26 | 000,196,140 | ---- | C] () -- C:\Program Files\Dreamweaver CS4 — Lisez-moi.pdf
[2008/11/08 17:39:26 | 000,186,678 | ---- | C] () -- C:\Program Files\Léame de Dreamweaver CS4.pdf
[2008/11/08 17:39:26 | 000,084,227 | ---- | C] () -- C:\Program Files\Dreamweaver CS4 Read Me.pdf
[2008/10/03 14:06:40 | 000,000,125 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/08/18 22:49:51 | 000,002,731 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2008/07/23 17:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/23 17:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/07/09 09:05:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/03/15 18:38:38 | 000,077,824 | ---- | C] () -- C:\Documents and Settings\Lida\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/14 13:42:34 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/26 12:00:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/09/26 09:45:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/09/26 09:41:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/09/26 09:35:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/09/26 09:35:07 | 000,270,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/07/05 15:12:06 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\authdvd.dll
[1980/01/01 00:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[1980/01/01 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 00:00:00 | 000,466,538 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 00:00:00 | 000,447,120 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[1980/01/01 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 00:00:00 | 000,270,336 | ---- | C] () -- C:\WINDOWS\emomizih.dll
[1980/01/01 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 00:00:00 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll
[1980/01/01 00:00:00 | 000,080,504 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 00:00:00 | 000,004,650 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1980/01/01 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1980/01/01 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1980/01/01 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1980/01/01 00:00:00 | 000,000,675 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[1980/01/01 00:00:00 | 000,000,327 | ---- | C] () -- C:\WINDOWS\WELCOME.INI

< End of report >


OTL Extras logfile created on: 20/06/2011 11:05:54 - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Lida\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.97 Gb Total Physical Memory | 0.53 Gb Available Physical Memory | 26.83% Memory free
3.82 Gb Paging File | 2.53 Gb Available in Paging File | 66.15% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 147.50 Gb Total Space | 4.37 Gb Free Space | 2.96% Space Free | Partition Type: NTFS
Drive D: | 3.42 Gb Total Space | 3.42 Gb Free Space | 99.97% Space Free | Partition Type: FAT32

Computer Name: KC-1 | User Name: Lida | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Aydin\Cake Poker 2.0\PokerClient.exe" = C:\Aydin\Cake Poker 2.0\PokerClient.exe:*:Enabled:Cake Poker 2.0 -- (Cake Gaming N.V.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = M-Audio Series II MIDI
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AEA9A23-D627-4699-8A0F-FC474308C2E6}" = Sony Sound Forge 9.0
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{624E7452-BA43-4f55-B9D5-FC75EEA0808B}" = Officejet Pro 8500 A909 Series
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7604A79D-245D-45BB-AFBB-975DE69FFF80}" = Digidesign M-Audio Keyboard Personality 8.0
"{76B2BC31-2D96-4170-9C44-09E13B5555F3}" = Symantec Endpoint Protection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842C6AFC-7856-4fd9-99AF-8900554ACAA2}_is1" = V-Station 1.50
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007
"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{E1C33B03-3FE9-45BF-91E4-0266F38618C6}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2007
"{90120000-0017-0409-0000-0000000FF1CE}_SharePointDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0017-0409-0000-0000000FF1CE}_SharePointDesignerR_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_SharePointDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_SharePointDesignerR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_SharePointDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_SharePointDesignerR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_SharePointDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_SharePointDesignerR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_SharePointDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_SharePointDesignerR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_SharePointDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_SharePointDesignerR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5FBE07A-E265-4BCF-86C3-4CB3A810F73B}" = IDES4 Music Data Management Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AE3A67EE-0C5D-11E0-BC1D-0013D3D69929}" = Vegas Pro 10.0
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B1924580-0C5D-11E0-B655-0013D3D69929}" = MSVCRT Redists
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C66EEE-7A05-4B11-A0B9-524F917BCE25}" = Sony Sound Forge Audio Studio 9.0
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}" = Search Settings 1.2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D5DEF057-D3BC-499f-99EE-884ED429B6D1}" = 8500A909g
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alexa Toolbar" = Alexa Toolbar
"Cake Poker 2.0" = Cake Poker 2.0
"CCleaner" = CCleaner
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.4.0
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FLV Player" = FLV Player 2.0 (build 25)
"FormatFactory" = FormatFactory 2.60
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Live 7.0.3" = Live 7.0.3
"Live 8.0.4" = Live 8.0.4
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments Massive v1.0.1.008 VSTi DXi RTAS" = Native Instruments Massive v1.0.1.008 VSTi DXi RTAS
"Native Instruments Pro-53" = Native Instruments Pro-53
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PokerStars" = PokerStars
"PROSet" = Intel® PRO Network Connections Drivers
"Reason4_is1" = Reason 4.0
"ReCycle 2.0" = ReCycle 2.0
"ReCycle_is1" = ReCycle 2.1.2
"SharePointDesigner" = Microsoft Office SharePoint Designer 2007
"Shop for HP Supplies" = Shop for HP Supplies
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"Sylenth1_is1" = Sylenth1 v2.20
"Synth1" = Synth1
"Toxic 2.5 DEMO_is1" = Toxic 2.5
"VLC media player" = VLC media player 0.9.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Media Center Edition Screen Saver Screen Saver" = Windows XP Media Center Edition Screen Saver Screen Saver
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"z3ta+_x86_is1" = rgc:audio z3ta+ 1.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-507921405-1563985344-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.8
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/06/2011 10:22:02 | Computer Name = KC-1 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Packed.Mystic!gen4 in File: c:\Documents and Settings\All
Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4d6d68f7.tmp
by: Manual scan. Action: Clean succeeded. Action Description: The file was repaired
successfully.

Error - 16/06/2011 10:22:03 | Computer Name = KC-1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Packed.Mystic!gen4 in File: c:\Documents and Settings\All
Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4d6d68f7.tmp
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully.

Error - 16/06/2011 10:22:03 | Computer Name = KC-1 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Packed.Mystic!gen4 in File: c:\Documents and Settings\All
Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4d6eb028.tmp
by: Manual scan. Action: Clean succeeded. Action Description: The file was repaired
successfully.

Error - 16/06/2011 10:22:04 | Computer Name = KC-1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Packed.Mystic!gen4 in File: c:\Documents and Settings\All
Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4d6eb028.tmp
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully.

Error - 16/06/2011 10:22:05 | Computer Name = KC-1 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Packed.Mystic!gen4 in File: c:\Documents and Settings\All
Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4d7000bf.tmp
by: Manual scan. Action: Clean succeeded. Action Description: The file was repaired
successfully.

Error - 16/06/2011 10:22:05 | Computer Name = KC-1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Packed.Mystic!gen4 in File: c:\Documents and Settings\All
Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4d7000bf.tmp
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully.

Error - 17/06/2011 07:23:08 | Computer Name = KC-1 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module emomizih.dll, version 0.0.0.0, fault address 0x00025e4b.

Error - 17/06/2011 07:23:41 | Computer Name = KC-1 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Trojan.Gen.2 in File: Unavailable by: Auto-Protect
scan. Action: Delete succeeded. Action Description: The file was deleted successfully.



Error - 19/06/2011 05:34:49 | Computer Name = KC-1 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Trojan.Zefarch in File: C:\Documents and Settings\Lida\Local
Settings\Application Data\{66D78C9E-077D-48F5-B51D-42A2F4561460}\chrome\content\overlay.xul
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.

Error - 19/06/2011 17:56:39 | Computer Name = KC-1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 31/03/2010 13:16:48 | Computer Name = KC-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26190
seconds with 180 seconds of active time. This session ended with a crash.

Error - 09/05/2010 11:28:19 | Computer Name = KC-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20502
seconds with 2640 seconds of active time. This session ended with a crash.

Error - 24/10/2010 19:01:51 | Computer Name = KC-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4037
seconds with 2880 seconds of active time. This session ended with a crash.

Error - 24/10/2010 19:02:29 | Computer Name = KC-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 14/03/2011 10:09:39 | Computer Name = KC-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9673
seconds with 660 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 29/05/2011 08:00:42 | Computer Name = KC-1 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000007F'
while processing the file 'desktop.ini' on the volume 'HarddiskVolume1'. It has
stopped monitoring the volume.

Error - 01/06/2011 06:24:23 | Computer Name = KC-1 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000043'
while processing the file 'desktop.ini' on the volume 'HarddiskVolume2'. It has
stopped monitoring the volume.

Error - 01/06/2011 07:01:22 | Computer Name = KC-1 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 02/06/2011 17:12:52 | Computer Name = KC-1 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0019D1A99D69 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 14/06/2011 06:16:05 | Computer Name = KC-1 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0019D1A99D69 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 14/06/2011 07:31:37 | Computer Name = KC-1 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0019D1A99D69 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 16/06/2011 15:48:10 | Computer Name = KC-1 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0019D1A99D69 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 18/06/2011 05:42:56 | Computer Name = KC-1 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 18/06/2011 10:25:42 | Computer Name = KC-1 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 18/06/2011 10:29:41 | Computer Name = KC-1 | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 00000004, parameter2 0000001c, parameter3
00000001, parameter4 804fca05.


< End of report >


Thank you!

So a new popup came up called Web attack black hole toolkit 15.

I ran TDSSKiller and it found 2 items, one suspicious and one malicious I believe.

I don't have the report now because the computer rebooted.

So are they gone now?

I told my mum to speak to her bank and get a new card and I have to speak to mine. But I wanna make sure that the virus has completely gone before we do any online shopping again.

Thanks for your patience.

EDIT: Posts merged ~Budapest

This post has been edited by Budapest: 27 June 2011 - 01:48 AM

#2 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,453
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 27 June 2011 - 01:34 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK

    Do not re-enable these drivers until otherwise instructed.


Download DDS:

    Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt

    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply


Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

information and logs:

    In your next post I need the following

    • .logs from DDS
    • log from RKUnHooker
    • let me know of any problems you may have had


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#3 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,453
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 30 June 2011 - 08:03 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#4 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,453
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 03 July 2011 - 02:42 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

2 User(s) are reading this topic
0 members, 2 guests, 0 anonymous users