Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed Trojan Virus and still having problems


  • This topic is locked This topic is locked
31 replies to this topic

#1 tazmi

tazmi

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 01 September 2009 - 09:00 PM

I cannot use the Google search field in my Google tool bar or on the Google home page to search for anything. The page comes up blank and says done on the bottom right. Since my browser is acting weird on this site to, I do not see where I can upload the Attach.txt and Ark.txt files.


DDS (Ver_09-07-30.01) - NTFSx86
Run by Tazmi at 18:30:05.47 on Tue 09/01/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3030.1552 [GMT -7:00]

AV: Windows Protection Suite *On-access scanning enabled* (Updated) {007D190B-F8BB-48D0-8220-A5727C8DE79B}
AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Live OneCare *enabled* (Updated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B}
FW: Windows Protection Suite *enabled* {6AD657EC-685E-4F12-BC33-3B16B9031F13}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

============== Running Processes ===============

C:Windowssystem32wininit.exe
C:Windowssystem32lsm.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32svchost.exe -k rpcss
C:Program FilesMicrosoft Windows OneCare LiveAntivirusMsMpEng.exe
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k netsvcs
C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_ae0b52e0STacSV.exe
C:Windowssystem32svchost.exe -k GPSvcGroup
C:Windowssystem32SLsvc.exe
C:Windowssystem32svchost.exe -k LocalService
C:Program FilesDellDellDockDockLogin.exe
C:Windowssystem32svchost.exe -k NetworkService
C:WindowsSystem32WLTRYSVC.EXE
C:Windowssystem32WLANExt.exe
C:WindowsSystem32bcmwltry.exe
C:WindowsSystem32spoolsv.exe
C:Windowssystem32svchost.exe -k LocalServiceNoNetwork
C:Program FilesCommon FilesEPSONeEBAPIeEBSVC.exe
C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_ae0b52e0aestsrv.exe
C:Windowssystem32taskeng.exe
C:Program FilesCommon FilesDellapachebinhttpd.exe
C:Program FilesCommon FilesDellMySQLbinmysqld.exe
C:Program FilesCommon FilesDellRemote Access File Sync Servicedsl_fs_sync.exe
C:Program FilesCommon FilesDellapachebinhttpd.exe
C:Program FilesCommon FilesDellAdvanced Networking Servicehnm_svc.exe
C:Windowssystem32lxcgcoms.exe
C:Program FilesMicrosoft Windows OneCare LiveOcHealthMon.exe
C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted
C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
C:Windowssystem32svchost.exe -k imgsvc
C:ProgramDataUltraVNCwinvnc.exe
C:WindowsSystem32svchost.exe -k WerSvcGroup
C:Windowssystem32SearchIndexer.exe
C:Program FilesMicrosoft Windows OneCare LiveFirewallmsfwsvc.exe
C:Program FilesMicrosoft Windows OneCare Livewinss.exe
C:Windowssystem32wbemwmiprvse.exe
C:Windowssystem32wbemwmiprvse.exe
C:ProgramDataUltraVNCwinvnc.exe
C:Windowssystem32taskeng.exe
C:Program FilesMicrosoft Windows OneCare Livewinssnotify.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesDellDellDockDellDock.exe
C:Program FilesDellTPadApoint.exe
C:Program FilesDellTPadApMsgFwd.exe
C:WindowsSystem32igfxpers.exe
C:WindowsSystem32WLTRAY.EXE
C:Windowssystem32igfxsrvc.exe
C:Program FilesDellMediaDirectPCMService.exe
C:Program FilesDell DataSafe OnlineDataSafeOnline.exe
C:Program FilesLexmark 2300 Serieslxcgmon.exe
C:Program FilesLexmark 2300 Seriesezprint.exe
C:Program FilesIDTWDMsttray.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesYahoo!MessengerYahooMessenger.exe
C:Windowsehomeehtray.exe
C:Program FilesWindows Media Playerwmpnetwk.exe
C:Program FilesWindows LiveSyncWindowsLiveSync.exe
C:Program FilesRingCentralRingCentral Call ControllerRCHotKey.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Program FilesDellQuickSetquickset.exe
C:Windowsehomeehmsas.exe
C:Program FilesDellTPadApntex.exe
C:Program FilesDellTPadHidFind.exe
C:Program FilesDell Support Centerbinsprtsvc.exe
C:WindowsSystem32notepad.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE
C:Windowssystem32SearchProtocolHost.exe
C:Windowssystem32SearchFilterHost.exe
C:Windowssystem32DllHost.exe
C:Windowssystem32DllHost.exe
C:UsersTazmiDownloadsdds.scr

============== Pseudo HJT Report ===============

uStart Page = https://na3.salesforce.com/50050000005u8PC/...50050000005u8PC
uWindow Title = Internet Explorer provided by Dell
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:progra~1yahoo!companioninstallscpnyt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:progra~1yahoo!companioninstallscpnyt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:program filesmicrosoftsearch enhancement packsearch helperSEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre1.6.0_07binssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:program fileswindows livetoolbarwltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:progra~1yahoo!companioninstallscpnYTSingleInstance.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:program fileswindows livetoolbarwltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:progra~1yahoo!companioninstallscpnyt.dll
uRun: [Sidebar] c:program fileswindows sidebarsidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "c:program filesyahoo!messengerYahooMessenger.exe" -quiet
uRun: [ehTray.exe] c:windowsehomeehTray.exe
uRun: [Windows Live Sync] "c:program fileswindows livesyncWindowsLiveSync.exe" /background
uRun: [RCUI] "c:program filesringcentralringcentral call controllerRCUI.exe"
uRun: [RCHotKey] "c:program filesringcentralringcentral call controllerRCHotKey.exe"
uRun: [EPSON60A5A5] c:windowssystem32spooldriversw32x863e_fatieka.exe /fu "c:userstazmiappdatalocaltempE_S7E42.tmp" /EF "HKCU"
uRun: [WMPNSCFG] c:program fileswindows media playerWMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:program filessuperantispywareSUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
mRun: [Apoint] c:program filesdelltpadApoint.exe
mRun: [HotKeysCmds] c:windowssystem32hkcmd.exe
mRun: [Persistence] c:windowssystem32igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:windowssystem32WLTRAY.exe
mRun: [Dell Webcam Central] "c:program filesdell webcamdell webcam centralWebcamDell.exe" /mode2
mRun: [PCMService] "c:program filesdellmediadirectPCMService.exe"
mRun: [Dell DataSafe Online] "c:program filesdell datasafe onlineDataSafeOnline.exe" /m
mRun: [dellsupportcenter] "c:program filesdell support centerbinsprtcmd.exe" /P dellsupportcenter
mRun: [LXCGCATS] rundll32 c:windowssystem32spooldriversw32x863LXCGtime.dll,_RunDLLEntry@16
mRun: [lxcgmon.exe] "c:program fileslexmark 2300 serieslxcgmon.exe"
mRun: [EzPrint] "c:program fileslexmark 2300 seriesezprint.exe"
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 9.0readerReader_sl.exe"
mRun: [OneCareUI] "c:program filesmicrosoft windows onecare livewinssnotify.exe"
mRun: [SysTrayApp] %ProgramFiles%IDTWDMsttray.exe
StartupFolder: c:userstazmiappdataroamingmicros~1windowsstartm~1programsstartupdelldo~1.lnk - c:program filesdelldelldockDellDock.exe
StartupFolder: c:progra~2micros~1windowsstartm~1programsstartupquickset.lnk - c:program filesdellquicksetquickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:progra~1mi1933~1office12EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:progra~1javajre16~1.0_0binssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:program fileswindows livewriterWriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1mi1933~1office12REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Notify: !SASWinLogon - c:program filessuperantispywareSASWINLO.dll
Notify: GoToAssist - c:program filescitrixgotoassist514G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:program filessuperantispywareSASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:userstazmiappdataroamingmozillafirefoxprofilesircak9tn.default
FF - plugin: c:program fileswindows livephoto galleryNPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension

---- FIREFOX POLICIES ----
c:program filesmozilla firefoxgreprefsall.js - pref("media.enforce_same_site_origin", false);
c:program filesmozilla firefoxgreprefsall.js - pref("media.cache_size", 51200);
c:program filesmozilla firefoxgreprefsall.js - pref("media.ogg.enabled", true);
c:program filesmozilla firefoxgreprefsall.js - pref("media.wave.enabled", true);
c:program filesmozilla firefoxgreprefsall.js - pref("media.autoplay.enabled", true);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.urlbar.autocomplete.enabled", true);
c:program filesmozilla firefoxgreprefsall.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:program filesmozilla firefoxgreprefsall.js - pref("dom.storage.default_quota", 5120);
c:program filesmozilla firefoxgreprefsall.js - pref("content.sink.event_probe_rate", 3);
c:program filesmozilla firefoxgreprefsall.js - pref("network.http.prompt-temp-redirect", true);
c:program filesmozilla firefoxgreprefsall.js - pref("layout.css.dpi", -1);
c:program filesmozilla firefoxgreprefsall.js - pref("layout.css.devPixelsPerPx", -1);
c:program filesmozilla firefoxgreprefsall.js - pref("gestures.enable_single_finger_input", true);
c:program filesmozilla firefoxgreprefsall.js - pref("dom.max_chrome_script_run_time", 0);
c:program filesmozilla firefoxgreprefsall.js - pref("network.tcp.sendbuffer", 131072);
c:program filesmozilla firefoxgreprefsall.js - pref("geo.enabled", true);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.blocklist.level", 2);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.urlbar.restrict.typed", "~");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.urlbar.default.behavior", 0);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.clearOnShutdown.history", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.clearOnShutdown.cache", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.cpd.history", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.cpd.formdata", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.cpd.passwords", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.cpd.downloads", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.cpd.cookies", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.cpd.cache", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.cpd.sessions", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.cpd.offlineApps", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.cpd.siteSettings", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.ssl_override_behavior", 2);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.privatebrowsing.autostart", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:program filessuperantispywaresasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2009-8-5 74480]
R2 AESTFilters;Andrea ST Filters Service;c:windowssystem32driverstorefilerepositorystwrt.inf_ae0b52e0AEstSrv.exe [2009-3-3 81920]
R2 Apache2.2;Remote Access Media Server;c:program filescommon filesdellapachebinhttpd.exe [2007-9-21 15872]
R2 DockLoginService;Dock Login Service;c:program filesdelldelldockDockLogin.exe [2008-9-23 155648]
R2 dsl-db;Remote Access DB;c:program filescommon filesdellmysqlbinmysqld.exe [2007-9-14 5730304]
R2 dsl-fs-sync;Remote Access File Sync Service;c:program filescommon filesdellremote access file sync servicedsl_fs_sync.exe [2009-1-5 173296]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:program filesmicrosoft windows onecare liveOcHealthMon.exe [2009-7-9 26104]
R2 SeaPort;SeaPort;c:program filesmicrosoftsearch enhancement packseaportSeaPort.exe [2009-5-19 240512]
R2 uvnc_service;UltraVNC Server;c:programdataultravncwinvnc.exe -service --> c:programdataultravncwinvnc.exe -service [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:windowssystem32driversIntcHdmi.sys [2009-3-3 112128]
R3 itecir;ITECIR Infrared Receiver;c:windowssystem32driversitecir.sys [2009-3-3 54784]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:windowssystem32driversk57nd60x.sys [2009-3-3 203264]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:windowssystem32driversOA001Ufd.sys [2009-3-3 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:windowssystem32driversOA001Vid.sys [2009-3-3 277440]
R3 SASENUM;SASENUM;c:program filessuperantispywareSASENUM.SYS [2009-8-5 7408]
R3 WSDPrintDevice;WSD Print Support via UMB;c:windowssystem32driversWSDPrint.sys [2008-1-20 16896]
R3 WSDScan;WSD Scan Support via UMB;c:windowssystem32driversWSDScan.sys [2009-7-14 19968]

=============== Created Last 30 ================

2009-09-01 16:41 --d----- c:windowspss
2009-09-01 16:26 --d----- c:programdataSUPERAntiSpyware.com
2009-09-01 16:26 --d----- c:progra~2SUPERAntiSpyware.com
2009-09-01 16:25 --d----- c:userstazmiappdataroamingSUPERAntiSpyware.com
2009-09-01 16:25 --d----- c:program filesSUPERAntiSpyware
2009-09-01 16:24 --d----- c:program filescommon filesWise Installation Wizard
2009-08-29 19:10 0 a------- c:windowssystem32settings.dat
2009-08-26 23:08 8,270,752 a------- c:userstazmiappdataroamingDataSafeDotNet.exe
2009-08-26 11:17 --d----- c:userstazmiappdataroamingMalwarebytes
2009-08-26 11:16 38,160 a------- c:windowssystem32driversmbamswissarmy.sys
2009-08-26 11:16 19,096 a------- c:windowssystem32driversmbam.sys
2009-08-26 11:16 --d----- c:programdataMalwarebytes
2009-08-26 11:16 --d----- c:progra~2Malwarebytes
2009-08-26 11:16 --d----- c:program filesMalwarebytes' Anti-Malware
2009-08-26 10:50 --d----- c:programdataOffice Genuine Advantage
2009-08-26 10:43 2,048 a------- c:windowssystem32tzres.dll
2009-08-26 10:42 499,712 a------- c:windowssystem32kerberos.dll
2009-08-26 10:42 218,624 a------- c:windowssystem32msv1_0.dll
2009-08-26 10:42 175,104 a------- c:windowssystem32wdigest.dll
2009-08-26 10:42 1,259,008 a------- c:windowssystem32lsasrv.dll
2009-08-26 10:42 439,864 a------- c:windowssystem32driversksecdd.sys
2009-08-26 10:42 270,848 a------- c:windowssystem32schannel.dll
2009-08-26 10:42 72,704 a------- c:windowssystem32secur32.dll
2009-08-26 10:42 9,728 a------- c:windowssystem32lsass.exe
2009-08-26 09:50 --dsh--- c:programdata3d79827
2009-08-26 09:50 --dsh--- c:progra~23d79827
2009-08-12 08:34 71,680 a------- c:windowssystem32atl.dll
2009-08-12 08:34 160,256 a------- c:windowssystem32wkssvc.dll
2009-08-12 08:34 2,066,432 a------- c:windowssystem32mstscax.dll
2009-08-12 08:34 91,136 a------- c:windowssystem32avifil32.dll
2009-08-12 08:34 313,344 a------- c:windowssystem32wmpdxm.dll
2009-08-12 08:34 4,096 a------- c:windowssystem32msdxm.ocx
2009-08-12 08:34 4,096 a------- c:windowssystem32dxmasf.dll
2009-08-12 08:34 8,147,456 a------- c:windowssystem32wmploc.DLL
2009-08-12 08:34 7,680 a------- c:windowssystem32spwmp.dll
2009-08-12 08:34 43,520 a------- c:windowssystem32msdxm.tlb
2009-08-12 08:34 18,432 a------- c:windowssystem32amcompat.tlb
2009-08-03 15:07 403,816 a------- c:windowssystem32OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:windowssystem32OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:windowssystem32OGAEXEC.exe

==================== Find3M ====================

2009-08-30 19:35 4,354 a------- c:windowssystem32tmp.reg
2009-08-05 03:01 143,360 a------- c:windowsinfinfstrng.dat
2009-08-05 03:01 86,016 a------- c:windowsinfinfpub.dat
2009-07-21 14:52 915,456 a------- c:windowssystem32wininet.dll
2009-07-21 14:47 109,056 a------- c:windowssystem32iesysprep.dll
2009-07-21 14:47 71,680 a------- c:windowssystem32iesetup.dll
2009-07-21 13:13 133,632 a------- c:windowssystem32ieUnatt.exe
2009-07-16 12:16 143,360 a------- c:windowsinfinfstor.dat
2009-07-14 11:48 665,600 a------- c:windowsinfdrvindex.dat
2009-07-07 09:18 0 a---h--- c:windowssystem32driversMsft_Kernel_NuidFltr_01005.Wdf
2009-06-15 07:53 156,672 a------- c:windowssystem32t2embed.dll
2009-06-15 07:52 23,552 a------- c:windowssystem32lpk.dll
2009-06-15 07:52 72,704 a------- c:windowssystem32fontsub.dll
2009-06-15 07:51 10,240 a------- c:windowssystem32dciman32.dll
2009-06-15 05:42 289,792 a------- c:windowssystem32atmfd.dll
2008-01-20 19:43 174 a--sh--- c:program filesdesktop.ini
2006-11-02 05:42 287,440 a------- c:windowsinfperflib0409perfi.dat
2006-11-02 05:42 287,440 a------- c:windowsinfperflib0409perfh.dat
2006-11-02 05:42 30,674 a------- c:windowsinfperflib0409perfd.dat
2006-11-02 05:42 30,674 a------- c:windowsinfperflib0409perfc.dat
2006-11-02 02:20 287,440 a------- c:windowsinfperflib0000perfi.dat
2006-11-02 02:20 287,440 a------- c:windowsinfperflib0000perfh.dat
2006-11-02 02:20 30,674 a------- c:windowsinfperflib0000perfd.dat
2006-11-02 02:20 30,674 a------- c:windowsinfperflib0000perfc.dat
2009-03-03 06:12 75 ---shr-- c:windowsCT4CET.bin

============= FINISH: 18:30:36.18 ===============

http://www.bleepingcomputer.com/forums/t/253493/pages-not-loading/

Previous Forum Post. Was not able to resolve there...

Merged posts. ~ OB

Edited by Orange Blossom, 01 September 2009 - 10:23 PM.


BC AdBot (Login to Remove)

 


#2 tazmi

tazmi
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 01 September 2009 - 09:02 PM

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 3/2/2009 10:45:09 PM
System Uptime: 9/1/2009 5:57:46 PM (1 hours ago)

Motherboard: Dell Inc. | | 0P173H
Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | U2E1 | 2000/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 218 GiB total, 184.433 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 8.612 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP103: 9/1/2009 4:25:13 PM - Installed SUPERAntiSpyware Free Edition

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.2
Advanced Audio FX Engine
Bejeweled Deluxe 1.87
CBE2_1
CCScore
Choice Guard
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Dell-eBay
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Remote Access
Dell Support Center (Support Software)
Dell Touchpad
Dell Video Chat (remove only)
Dell Webcam Central
Dell Wireless WLAN Card Utility
DELL0604
EDocs
EPSON Scan
EPSON WorkForce 600 Series Printer Uninstall
EpsonNet Print
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
fflink
GoToAssist 8.0.0.514
GTOneCare
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Integrated Webcam Driver (1.03.02.0919)
ITECIR Driver
Java™ 6 Update 7
Junk Mail filter update
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Lexmark 2300 Series
Live! Cam Avatar Creator
Malwarebytes' Anti-Malware
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Protection Service
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Live OneCare Resources v2.5.2900.28
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Windows OneCare Live v2.5.2900.24 Idcrl Install
Microsoft Windows OneCare Live v2.5.2900.28
Mozilla Firefox (3.5.2)
Mozilla Thunderbird (2.0.0.23)
MSVCRT
MSXML 4.0 SP2 (KB954430)
netbrdg
OfotoXMI
OGA Notifier 2.0.0048.0
PX Engine
QuickSet
QuickTime
RingCentral Call Controller
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Salesforce Office Edition
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
SFR
SHASTA
skin0001
SKINXSDK
staticcr
SUPERAntiSpyware Free Edition
tooltips
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb972691)
VPRINTOL
WildTangent Games
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WIRELESS
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

9/1/2009 6:21:51 PM, Error: netbt [4321] - The name "SEAN-PC :0" could not be registered on the interface with IP address 192.168.1.106. The computer with the IP address 192.168.1.122 did not allow the name to be claimed by this computer.
9/1/2009 6:21:05 PM, Error: netbt [4321] - The name "BLAKE-PC :0" could not be registered on the interface with IP address 192.168.1.106. The computer with the IP address 192.168.1.105 did not allow the name to be claimed by this computer.
9/1/2009 6:00:08 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
9/1/2009 6:00:01 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
9/1/2009 5:58:29 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.2.101:63331. The error status code is contained within the returned data.
9/1/2009 5:58:29 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.1.106:63331. The error status code is contained within the returned data.
9/1/2009 5:57:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/1/2009 5:57:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/1/2009 5:57:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
9/1/2009 5:57:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/1/2009 5:56:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/1/2009 4:44:55 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
9/1/2009 4:44:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC MSFWHLPR NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr tdx Wanarpv6
9/1/2009 4:44:26 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/1/2009 4:44:26 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/1/2009 4:44:26 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
9/1/2009 4:44:26 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/1/2009 4:44:26 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/1/2009 4:44:26 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/1/2009 4:44:26 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/1/2009 4:44:26 PM, Error: Service Control Manager [7001] - The Remote Access Media Server service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/1/2009 4:44:26 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
9/1/2009 4:44:26 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/1/2009 4:44:26 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
9/1/2009 4:44:26 PM, Error: Service Control Manager [7001] - The MSFWDrv service depends on the MSFWHLPR service which failed to start because of the following error: A device attached to the system is not functioning.
9/1/2009 4:44:26 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/1/2009 4:44:26 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/1/2009 4:44:26 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/1/2009 4:44:26 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/1/2009 4:44:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/1/2009 10:19:00 AM, Error: netbt [4321] - The name "SALES :0" could not be registered on the interface with IP address 192.168.1.106. The computer with the IP address 192.168.1.115 did not allow the name to be claimed by this computer.
8/31/2009 10:04:13 PM, Error: netbt [4321] - The name "MIGUELSALCID-PC:0" could not be registered on the interface with IP address 192.168.2.101. The computer with the IP address 192.168.2.100 did not allow the name to be claimed by this computer.
8/27/2009 6:29:18 PM, Error: netbt [4321] - The name "CARRIE-PC :0" could not be registered on the interface with IP address 192.168.1.106. The computer with the IP address 192.168.1.133 did not allow the name to be claimed by this computer.
8/27/2009 3:49:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the stisvc service.
8/26/2009 12:36:05 PM, Error: netbt [4321] - The name "GRETCHEN-PC :0" could not be registered on the interface with IP address 192.168.1.106. The computer with the IP address 192.168.1.101 did not allow the name to be claimed by this computer.

==== End Of File ===========================


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/01 18:33
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x91876000 Size: 45056 File Visible: No Signed: -
Status: -

Name: dump_msahci.sys
Image Path: C:\Windows\System32\Drivers\dump_msahci.sys
Address: 0x91881000 Size: 40960 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xAE53F000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{bf969a01-9719-11de-9471-002219e504fa}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: c:\program files\microsoft windows onecare live\winsssvc_log.bin
Status: Allocation size mismatch (API: 2031616, Raw: 983040)

Path: C:\Windows\System32\MPEG2D~1.AX
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1801_none_516953ad0f4d16c4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1801_none_d088a2ec442ef17b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_fdproxy_31bf3856ad364e35_6.0.6000.16386_none_792f8ff471a64e3b\$$DeleteMe.fdProxy.dll.01ca04b3c82f1ba0.0024
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_fdssdp_31bf3856ad364e35_6.0.6001.18000_none_3addf297743e6161\$$DeleteMe.fdSSDP.dll.01ca04b3c9685ef0.0050
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_fdwsd_31bf3856ad364e35_6.0.6001.18000_none_7da88373c225d895\$$DeleteMe.fdWSD.dll.01ca04b3cbb3ae80.009f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_fundisc_31bf3856ad364e35_6.0.6001.18000_none_7be46ed83ae29055\$$DeleteMe.fundisc.dll.01ca04b3c8c95fd0.003d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..dcredentialprovider_31bf3856ad364e35_6.0.6001.18000_none_420aa4b9c28d5162\$$DeleteMe.SmartcardCredentialProvider.dll.01ca04b3caeb5570.0077
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_d51103be4cb9d6c3\$$DeleteMe.apphelp.dll.01ca04b3cbba8c50.00a2
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..o-mmecore-wdm-audio_31bf3856ad364e35_6.0.6001.18000_none_4a4e4c26e5b22007\$$DeleteMe.wdmaud.drv.01ca04b3c98005a0.0055
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..terface-ldapc-layer_31bf3856ad364e35_6.0.6001.18000_none_5f327439667d597c\$$DeleteMe.adsldpc.dll.01ca04b3c8bf26a0.003b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.0.6001.18000_none_e34851aa8681b8b0\$$DeleteMe.advapi32.dll.01ca04b3c7f32410.001d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18000_none_ab203fc659b26ce7\$$DeleteMe.atl.dll.01ca1d90b6dc7dc0.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6001.18000_none_769fc426e49fbfda\$$DeleteMe.audiodg.exe.01ca04b3c7f7b7f0.001e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6001.18000_none_769fc426e49fbfda\$$DeleteMe.AudioSes.dll.01ca04b3cacf6900.0073
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6001.18000_none_769fc426e49fbfda\$$DeleteMe.audiosrv.dll.01ca04b3cb8c2950.0097
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-base_31bf3856ad364e35_6.0.6001.18000_none_b5dfbc3a51b01b87\$$DeleteMe.winmm.dll.01ca04b3cb3f68e0.0089
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.0.6001.18000_none_8cfdc804108fe1a6\$$DeleteMe.midimap.dll.01ca04b3cacb4a50.0072
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.0.6001.18000_none_8cfdc804108fe1a6\$$DeleteMe.msacm32.drv.01ca04b3cc88d8d0.00b8
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-authentication-authui_31bf3856ad364e35_6.0.6001.18000_none_0bf37d16f567e1f7\$$DeleteMe.authui.dll.01ca04b3caa572d0.006a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.0.6001.18000_none_589bbe5841e2df00\$$DeleteMe.dsound.dll.01ca04b3ca7deda0.0064
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-azman_31bf3856ad364e35_6.0.6001.18000_none_56571935b2b95c99\$$DeleteMe.azroles.dll.01ca04b3c7e56870.001a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\$$DeleteMe.bcrypt.dll.01ca04b3c80f5ea0.0022
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\$$DeleteMe.qmgr.dll.01ca04b3ca4fffd0.005f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-bits-igdsearcher_31bf3856ad364e35_6.0.6001.18000_none_b16c3d098f004f58\$$DeleteMe.bitsigd.dll.01ca04b3c98b0220.0056
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18057_none_0cbe918751dfdd3f\$$DeleteMe.es.dll.01ca04b3cb894320.0096
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..rformance-xperfcore_31bf3856ad364e35_6.0.6001.18000_none_d71173946e986845\$$DeleteMe.diagperf.dll.01ca04b3cc52ada0.00b3
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_6.0.6001.18000_none_d77db57c3ca78826\$$DeleteMe.certcli.dll.01ca04b3c8d76990.0040
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cmi_31bf3856ad364e35_6.0.6001.18000_none_a9ce4a485a8ade99\$$DeleteMe.cmiv2.dll.01ca04b3ce5cfc90.00c9
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-comdlg32_31bf3856ad364e35_6.0.6001.18000_none_b5b111a1a5a793a5\$$DeleteMe.comdlg32.dll.01ca04b3c8d8c920.0041
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6001.18000_none_7701ab362cebf905\$$DeleteMe.umpnpmgr.dll.01ca04b3cbef09d0.00aa
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-credui_31bf3856ad364e35_6.0.6001.18000_none_db374cc18eed7408\$$DeleteMe.credui.dll.01ca04b3c789daf0.0009
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6001.18000_none_5b6fc1dbddd3c6da\$$DeleteMe.crypt32.dll.01ca04b3cb079000.007e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\$$DeleteMe.cryptsvc.dll.01ca04b3c912c4e0.0047
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cryptui-dll_31bf3856ad364e35_6.0.6001.18000_none_85ee5b5e98235317\$$DeleteMe.cryptui.dll.01ca04b3ca847d50.0065
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6001.18000_none_8da39414bd31fb37\$$DeleteMe.uxsms.dll.01ca04b3cbd58e60.00a5
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dfsr-core-clientonly_31bf3856ad364e35_6.0.6001.18000_none_b6798caa9a04157b\$$DeleteMe.dfsr.exe.01ca04b3c9911ca0.0057
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02e8fcf7a\$$DeleteMe.dhcpcsvc.dll.01ca04b3cbdc6c30.00a7
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02e8fcf7a\$$DeleteMe.dhcpcsvc6.dll.01ca04b3c79a0790.000d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6001.18000_none_b1ee595da0f48e64\$$DeleteMe.samlib.dll.01ca04b3c9b21220.0059
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6001.18000_none_b1ee595da0f48e64\$$DeleteMe.samsrv.dll.01ca04b3c7de1570.0018
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\$$DeleteMe.winrnr.dll.01ca04b3cc7eedc0.00b6
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b\$$DeleteMe.dnsapi.dll.01ca04b3c7c78030.0015
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b\$$DeleteMe.dnsrslvr.dll.01ca04b3c887c2f0.0035
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6001.18000_none_64138b2cc36a286b\$$DeleteMe.eappcfg.dll.01ca04b3c79b1900.000e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6001.18000_none_64138b2cc36a286b\$$DeleteMe.eapphost.dll.01ca04b3cc4bcfd0.00b2
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.18098_none_9e329f52f6fc276d\$$DeleteMe.emdmgmt.dll.01ca04b3cb10b7c0.0080
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_6.0.6001.18000_none_f1e446e12c0bbf09\$$DeleteMe.esent.dll.01ca04b3cab37c90.006e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-enhancedvideorenderer_31bf3856ad364e35_6.0.6001.18000_none_8fa27dabcc867f14\$$DeleteMe.evr.dll.01ca04b3cbaecc80.009e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-eventlog_31bf3856ad364e35_6.0.6001.18000_none_dcc45c1a12d92f84\$$DeleteMe.wevtsvc.dll.01ca04b3c7e9ae30.001b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-feclient_31bf3856ad364e35_6.0.6001.18000_none_beda112b5794d4e0\$$DeleteMe.feclient.dll.01ca04b3cbfcc570.00ac
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-feedback-service_31bf3856ad364e35_6.0.6001.18145_none_79a5b70991018b47\$$DeleteMe.wersvc.dll.01ca04b3caeeb0d0.0078
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-base_31bf3856ad364e35_6.0.6001.18000_none_282361dee702a605\$$DeleteMe.gpapi.dll.01ca04b3ca49e550.005e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-base_31bf3856ad364e35_6.0.6001.18000_none_282361dee702a605\$$DeleteMe.gpsvc.dll.01ca04b3cb2fb170.0086
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-hid-user_31bf3856ad364e35_6.0.6001.22107_none_d73ce73ea085f962\$$DeleteMe.hid.dll.01ca04b3c78b1370.000a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-hid-user_31bf3856ad364e35_6.0.6001.22107_none_d73ce73ea085f962\$$DeleteMe.hidserv.dll.01ca04b3cb4200f0.008a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.18000_none_11e312d27c5a6ba6\$$DeleteMe.iphlpsvc.dll.01ca04b3c3f62ce0.0004
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-icm-base_31bf3856ad364e35_6.0.6001.18000_none_22c7ea5489633945\$$DeleteMe.mscms.dll.01ca04b3ca47e980.005d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e167a6afd02\$$DeleteMe.imm32.dll.01ca04b3c8512290.002c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-installer-engine_31bf3856ad364e35_6.0.6001.18000_none_037a7e2bb384bf01\$$DeleteMe.msi.dll.01ca04b3c7d2a3c0.0017
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ldap-client_31bf3856ad364e35_6.0.6001.18000_none_f33c4797566bb3db\$$DeleteMe.Wldap32.dll.01ca04b3ca210090.005c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\$$DeleteMe.lsasrv.dll.01ca04b3c3f9fd70.0005
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\$$DeleteMe.secur32.dll.01ca04b3c40a5120.0007
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..c-drivermanager-dll_31bf3856ad364e35_6.0.6001.18000_none_1032b239e9f923ce\$$DeleteMe.odbc32.dll.01ca04b3cc1e0910.00af
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18096_none_9c03e1ac0d053e06\$$DeleteMe.mf.dll.01ca04b3c801a300.001f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\$$DeleteMe.wmp.dll.01ca04b3c7e45700.0019
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\$$DeleteMe.wmploc.DLL.01ca04b3c91e3690.004c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18005_none_0d553c2b4c3b84e1\$$DeleteMe.wmp.dll.01ca1d90b6b667c0.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18005_none_0d553c2b4c3b84e1\$$DeleteMe.wmploc.DLL.01ca1d90b6bb2a80.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-drm_31bf3856ad364e35_6.0.6001.18000_none_6e2e1b42c4ccee49\$$DeleteMe.wmdrmsdk.dll.01ca04b3cba97550.009d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mfplat_31bf3856ad364e35_6.0.6001.18000_none_f6aa98ad53755122\$$DeleteMe.mfplat.dll.01ca04b3c7b0c3e0.0012
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mmdeviceapi_31bf3856ad364e35_6.0.6001.18000_none_55044397b961da8a\$$DeleteMe.MMDevAPI.dll.01ca04b3cc325460.00b0
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mprapi_31bf3856ad364e35_6.0.6001.18000_none_140c84ec53049b39\$$DeleteMe.mprapi.dll.01ca04b3c78d8470.000c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.0.6001.18000_none_c7427a4e786d74bc\$$DeleteMe.adtschema.dll.01ca04b3cafb8210.007b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mpr_31bf3856ad364e35_6.0.6001.18000_none_add5c97257f151a1\$$DeleteMe.mpr.dll.01ca04b3c8f72690.0044
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18136_none_8853d47896e90b40\$$DeleteMe.msxml3.dll.01ca04b3cb87bc80.0095
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\$$DeleteMe.msvcrt.dll.01ca04b3c979c410.0054
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18000_none_440e77d1ec053e6c\$$DeleteMe.FwRemoteSvr.dll.01ca04b3ca770fd0.0063
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18094_none_43b129adec4a9f41\$$DeleteMe.FwRemoteSvr.dll.01ca04b3ca770fd0.0063
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18094_none_43b129adec4a9f41\$$DeleteMe.IPSECSVC.DLL.01ca04b3c9602190.004f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\$$DeleteMe.NaturalLanguage6.dll.01ca04b3cc15a4a0.00ae
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\$$DeleteMe.NlsLexicons0009.dll.01ca04b3c8d371f0.003f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_5dde5591f19c0ea3\$$DeleteMe.ncrypt.dll.01ca04b3ca993dd0.0068
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.18157_none_8d050f6301b2186f\$$DeleteMe.netapi32.dll.01ca04b3cb5d2a10.008e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\$$DeleteMe.netshell.dll.01ca04b3cb7bd5a0.0093
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.18000_none_cd246fe92a8ad809\$$DeleteMe.BFE.DLL.01ca04b3c3ef7620.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.18000_none_cd246fe92a8ad809\$$DeleteMe.FWPUCLNT.DLL.01ca04b3c3ed5340.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.18000_none_cd246fe92a8ad809\$$DeleteMe.IKEEXT.DLL.01ca04b3c40743e0.0006
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6001.18000_none_58d6de41fc2dac16\$$DeleteMe.ntdll.dll.01ca04b3c3f4f460.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-o..inefiles-win32-apis_31bf3856ad364e35_6.0.6001.18000_none_ab6af9d0f92539f0\$$DeleteMe.cscapi.dll.01ca04b3cbd9d420.00a6
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6001.18000_none_bd002a8dfb7a3328\$$DeleteMe.oleaut32.dll.01ca04b3c87ec240.0034
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-onex_31bf3856ad364e35_6.0.6001.18000_none_a5cb1bed1d5ba052\$$DeleteMe.onex.dll.01ca04b3c7a83860.0010
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6001.18247_none_2ff7241d92c8344e\$$DeleteMe.localspl.dll.01ca04b3cbc00a90.00a3
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..pooler-core-spoolss_31bf3856ad364e35_6.0.6001.18000_none_5b3992df8e604356\$$DeleteMe.spoolss.dll.01ca04b3cab1cee0.006d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_6.0.6001.18000_none_8ad265adc8633a42\$$DeleteMe.inetpp.dll.01ca04b3c874b020.0031
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..rtmonitor-tcpmondll_31bf3856ad364e35_6.0.6001.18000_none_d2ac9d5aa723258e\$$DeleteMe.tcpmon.dll.01ca04b3cc439270.00b1
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cdd\$$DeleteMe.pdh.dll.01ca04b3c9724a00.0052
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..ting-wsdportmonitor_31bf3856ad364e35_6.0.6001.18000_none_16d3442ddf994157\$$DeleteMe.WSDMon.dll.01ca04b3c8329e10.0026
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..ting-spooler-client_31bf3856ad364e35_6.0.6001.18000_none_932df61f18add086\$$DeleteMe.winspool.drv.01ca04b3cb76a580.0092
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-pantherengine_31bf3856ad364e35_6.0.6001.18000_none_ae116f90a5d6b7d4\$$DeleteMe.wdscore.dll.01ca04b3ca60c8b0.0061
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-peertopeerbase_31bf3856ad364e35_6.0.6001.18000_none_6bd83b0d2606e9d6\$$DeleteMe.p2psvc.dll.01ca04b3cb6fc7b0.0091
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-peertopeergraphing_31bf3856ad364e35_6.0.6001.18000_none_62c2dad4e9be8a09\$$DeleteMe.P2PGraph.dll.01ca04b3cb906f10.0099
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\$$DeleteMe.spoolsv.exe.01ca04b3cb961460.009a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-profsvc_31bf3856ad364e35_6.0.6001.18000_none_fbb1576d32ad0ba9\$$DeleteMe.profsvc.dll.01ca04b3cb1e9a70.0082
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-propsys_31bf3856ad364e35_7.0.6001.16503_none_f3d11aeeb9526bbb\$$DeleteMe.propsys.dll.01ca04b3c8539390.002d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-raschap_31bf3856ad364e35_6.0.6001.18000_none_12bf0305774c76e6\$$DeleteMe.raschap.dll.01ca04b3c8765dd0.0032
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rasdlg_31bf3856ad364e35_6.0.6001.18000_none_6d133c0e4fa0edb1\$$DeleteMe.rasdlg.dll.01ca04b3c78c4bf0.000b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.0.6001.18000_none_0d159410ea7a8f9d\$$DeleteMe.rtutils.dll.01ca04b3c893a9d0.0036
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rasmanservice_31bf3856ad364e35_6.0.6001.18136_none_9ea32a1fa0bb6c5d\$$DeleteMe.rasmans.dll.01ca04b3cadf6e90.0076
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rasplap_31bf3856ad364e35_6.0.6001.18000_none_1236753177b2477f\$$DeleteMe.rasplap.dll.01ca04b3cba7eeb0.009c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rasppp_31bf3856ad364e35_6.0.6001.18000_none_6c94b11e4fff8902\$$DeleteMe.rasppp.dll.01ca04b3c8fb4540.0045
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rastapi_31bf3856ad364e35_6.0.6001.18000_none_0ee42a5979dd0144\$$DeleteMe.rastapi.dll.01ca04b3caf19700.0079
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rastls_31bf3856ad364e35_6.0.6001.18000_none_6c652bee5023e04d\$$DeleteMe.rastls.dll.01ca04b3ca66bc20.0062
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rsaenh-dll_31bf3856ad364e35_6.0.6001.18000_none_5fc70fc7b14478d4\$$DeleteMe.rsaenh.dll.01ca04b3c8ed6290.0042
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..cardsubsystemclient_31bf3856ad364e35_6.0.6001.18000_none_18e47a437999387f\$$DeleteMe.WinSCard.dll.01ca04b3c994ed30.0058
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..configurationengine_31bf3856ad364e35_6.0.6001.18000_none_b924e3b3889aaa51\$$DeleteMe.scesrv.dll.01ca04b3cc0a0be0.00ad
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..entication-usermode_31bf3856ad364e35_6.0.6001.18000_none_3a21c33374546c1e\$$DeleteMe.authz.dll.01ca04b3cb5ed7c0.008f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..entication-usermode_31bf3856ad364e35_6.0.6001.18000_none_3a21c33374546c1e\$$DeleteMe.ntmarta.dll.01ca04b3c9360450Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1208 Status: Locked to the Windows API!

SSDT
-------------------
#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0x8e7e30b0

==EOF==

#3 tazmi

tazmi
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 08 September 2009 - 10:36 AM

This page finally looks the way it should for me. I can now upload files. Please let me know if I should delete the post with the DDS and Ark files, and then upload as attachments.

#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:50 PM

Posted 17 September 2009 - 08:04 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.  

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine.  Please perform the following scan:
  • Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool.  No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet.  

Information on A/V control HERE

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 tazmi

tazmi
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 17 September 2009 - 03:24 PM

DDS (Ver_09-07-30.01) - NTFSx86
Run by Tazmi at 13:22:39.47 on Thu 09/17/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3030.1120 [GMT -7:00]

AV: Windows Protection Suite *On-access scanning enabled* (Updated) {007D190B-F8BB-48D0-8220-A5727C8DE79B}
AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Live OneCare *enabled* (Updated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B}
FW: Windows Protection Suite *enabled* {6AD657EC-685E-4F12-BC33-3B16B9031F13}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe
C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
C:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\lxcgcoms.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\ehome\ehmsas.exe
C:\ProgramData\UltraVNC\winvnc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\ProgramData\UltraVNC\winvnc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\microsoft office\office12\excel.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Windows\System32\svchost.exe -k wdisvc
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Tazmi\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = https://na3.salesforce.com/50050000005u8PC/...50050000005u8PC
uWindow Title = Internet Explorer provided by Dell
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Windows Live Sync] "c:\program files\windows live\sync\WindowsLiveSync.exe" /background
uRun: [RCHotKey] "c:\program files\ringcentral\ringcentral call controller\RCHotKey.exe"
uRun: [EPSON60A5A5] c:\windows\system32\spool\drivers\w32x86\3\e_fatieka.exe /fu "c:\users\tazmi\appdata\local\temp\E_S7E42.tmp" /EF "HKCU"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [LXCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCGtime.dll,_RunDLLEntry@16
mRun: [lxcgmon.exe] "c:\program files\lexmark 2300 series\lxcgmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 2300 series\ezprint.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
StartupFolder: c:\users\tazmi\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\tazmi\appdata\roaming\mozilla\firefox\profiles\ircak9tn.default\
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-3-3 81920]
R2 Apache2.2;Remote Access Media Server;c:\program files\common files\dell\apache\bin\httpd.exe [2007-9-21 15872]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
R2 dsl-db;Remote Access DB;c:\program files\common files\dell\mysql\bin\mysqld.exe [2007-9-14 5730304]
R2 dsl-fs-sync;Remote Access File Sync Service;c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe [2009-1-5 173296]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2009-7-9 26104]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 uvnc_service;UltraVNC Server;c:\programdata\ultravnc\winvnc.exe -service --> c:\programdata\ultravnc\winvnc.exe -service [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-3-3 112128]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-3-3 54784]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-3-3 203264]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-3 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-3 277440]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-14 19968]

=============== Created Last 30 ================

2009-09-01 16:41 <DIR> --d----- c:\windows\pss
2009-09-01 16:26 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-09-01 16:26 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-09-01 16:25 <DIR> --d----- c:\users\tazmi\appdata\roaming\SUPERAntiSpyware.com
2009-09-01 16:25 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-09-01 16:24 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-08-29 19:10 0 a------- c:\windows\system32\settings.dat
2009-08-26 23:08 8,270,752 a------- c:\users\tazmi\appdata\roaming\DataSafeDotNet.exe
2009-08-26 11:17 <DIR> --d----- c:\users\tazmi\appdata\roaming\Malwarebytes
2009-08-26 11:16 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-26 11:16 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-26 11:16 <DIR> --d----- c:\programdata\Malwarebytes
2009-08-26 11:16 <DIR> --d----- c:\progra~2\Malwarebytes
2009-08-26 11:16 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-26 10:50 <DIR> --d----- c:\programdata\Office Genuine Advantage
2009-08-26 10:43 2,048 a------- c:\windows\system32\tzres.dll
2009-08-26 10:42 499,712 a------- c:\windows\system32\kerberos.dll
2009-08-26 10:42 218,624 a------- c:\windows\system32\msv1_0.dll
2009-08-26 10:42 175,104 a------- c:\windows\system32\wdigest.dll
2009-08-26 10:42 1,259,008 a------- c:\windows\system32\lsasrv.dll
2009-08-26 10:42 439,864 a------- c:\windows\system32\drivers\ksecdd.sys
2009-08-26 10:42 270,848 a------- c:\windows\system32\schannel.dll
2009-08-26 10:42 72,704 a------- c:\windows\system32\secur32.dll
2009-08-26 10:42 9,728 a------- c:\windows\system32\lsass.exe
2009-08-26 09:50 <DIR> --dsh--- c:\programdata\3d79827
2009-08-26 09:50 <DIR> --dsh--- c:\progra~2\3d79827

==================== Find3M ====================

2009-08-30 19:35 4,354 a------- c:\windows\system32\tmp.reg
2009-08-14 09:27 904,776 a------- c:\windows\system32\drivers\tcpip.sys
2009-08-14 08:53 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 06:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 06:49 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 06:49 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 06:49 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 06:49 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 06:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 06:49 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 06:48 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 06:48 105,984 a------- c:\windows\system32\netiohlp.dll
2009-08-05 03:01 143,360 a------- c:\windows\inf\infstrng.dat
2009-08-05 03:01 86,016 a------- c:\windows\inf\infpub.dat
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-21 14:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 14:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 14:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 13:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 06:54 71,680 a------- c:\windows\system32\atl.dll
2009-07-16 12:16 143,360 a------- c:\windows\inf\infstor.dat
2009-07-15 05:40 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-15 05:39 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-15 05:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-15 05:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 11:48 665,600 a------- c:\windows\inf\drvindex.dat
2009-07-11 12:01 513,536 a------- c:\windows\system32\wlansvc.dll
2009-07-11 12:01 302,592 a------- c:\windows\system32\wlansec.dll
2009-07-11 12:01 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-07-11 12:01 65,024 a------- c:\windows\system32\wlanapi.dll
2009-07-11 10:03 127,488 a------- c:\windows\system32\L2SecHC.dll
2008-01-20 19:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-03-03 06:12 75 ---shr-- c:\windows\CT4CET.bin
2009-06-17 12:46 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-17 12:46 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-17 12:46 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-17 12:46 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 13:23:13.98 ===============

#6 tazmi

tazmi
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 17 September 2009 - 03:29 PM

I am still having problems. I cannot just browse on Firefox or IE freely. I get redirected sometimes and sometimes it tells me page cannot be found. This is the case with all search engines.

Attached Files



#7 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:50 AM

Posted 18 September 2009 - 08:43 AM

Hi tazmi,



Welcome to BleepingComputer HijackThis Logs and Malware Removal, :(
My name is sundavis, I will be helping you to deal with your Malware problems today.


Step1

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Step2

If you already have Combofix, please delete that copy and download it again as it's being updated regularly.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: If you have Windows Vista, you can skip the recovery console step...in Vista it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.

1.Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

2.Click Yes to allow Combofix to continue scanning for malware.

When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.

If you have problem to run ComboFix, please delete that copy and redownload it again. Rename the ComboFix.exe to Tazmi.exe before saving it to your desktop.



Step3

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In your next reply, please post back:


1.GooredFix log
2.ComboFix log
3.OTListIt.txt and Extra.txt Thanks

#8 tazmi

tazmi
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 18 September 2009 - 11:30 AM

GooredFix by jpshortstuff (12.07.09)
Log created at 09:29 on 18/09/2009 (Tazmi)
Firefox version 3.5.3 (en-US)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [22:34 29/08/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [15:27 16/03/2009]

-=E.O.F=-

#9 tazmi

tazmi
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 18 September 2009 - 12:03 PM

ComboFix 09-09-17.04 - Tazmi 09/18/2009 9:40.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3030.1351 [GMT -7:00]
Running from: c:\users\Tazmi\Downloads\ComboFix.exe
AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Windows Live OneCare *enabled* (Updated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1697761158-3461116375-2391198924-500
c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500
c:\programdata\Microsoft\Windows\Start Menu\Programs\Windows Protection Suite.lnk
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\oem8.inf
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2009-08-18 to 2009-09-18 )))))))))))))))))))))))))))))))
.

2009-09-18 16:48 . 2009-09-18 16:49 -------- d-----w- c:\users\Tazmi\AppData\Local\temp
2009-09-18 16:48 . 2009-09-18 16:48 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2009-09-18 16:48 . 2009-09-18 16:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-04 03:41 . 2009-09-08 15:17 -------- d-----w- c:\users\Tazmi\AppData\Local\Adobe
2009-09-01 23:26 . 2009-09-12 16:01 117760 ----a-w- c:\users\Tazmi\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-09-01 23:26 . 2009-09-01 23:26 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-09-01 23:25 . 2009-09-18 16:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-01 23:25 . 2009-09-01 23:25 -------- d-----w- c:\users\Tazmi\AppData\Roaming\SUPERAntiSpyware.com
2009-08-31 03:58 . 2008-12-04 08:25 120832 ----a-w- c:\users\Tazmi\AppData\Roaming\Mozilla\Firefox\Profiles\ircak9tn.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-08-30 02:10 . 2009-08-30 02:10 0 ----a-w- c:\windows\system32\settings.dat
2009-08-27 06:08 . 2009-08-27 06:11 8270752 ----a-w- c:\users\Tazmi\AppData\Roaming\DataSafeDotNet.exe
2009-08-26 18:17 . 2009-08-26 18:17 -------- d-----w- c:\users\Tazmi\AppData\Roaming\Malwarebytes
2009-08-26 18:16 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-26 18:16 . 2009-08-26 18:16 -------- d-----w- c:\programdata\Malwarebytes
2009-08-26 18:16 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-26 18:16 . 2009-08-27 06:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-26 18:11 . 2009-08-26 18:11 32 ----a-w- c:\users\Tazmi\AppData\Roaming\Microsoft\Windows\Recent\sld.drv
2009-08-26 18:01 . 2009-08-26 18:01 33 ----a-w- c:\users\Tazmi\AppData\Roaming\Microsoft\Windows\Recent\cid.dll
2009-08-26 17:50 . 2009-08-26 17:50 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-08-26 17:43 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 17:42 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-26 17:42 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-26 17:42 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-26 17:42 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-26 17:42 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-26 17:42 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-26 17:42 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-26 17:42 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-26 17:03 . 2009-08-26 17:03 65 ----a-w- c:\users\Tazmi\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
2009-08-26 16:53 . 2009-08-26 16:53 76 ----a-w- c:\users\Tazmi\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
2009-08-26 16:53 . 2009-08-26 16:53 23 ----a-w- c:\users\Tazmi\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
2009-08-26 16:53 . 2009-08-26 16:53 51 ----a-w- c:\users\Tazmi\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
2009-08-26 16:53 . 2009-08-26 16:53 41 ----a-w- c:\users\Tazmi\AppData\Roaming\Microsoft\Windows\Recent\ppal.sys
2009-08-26 16:53 . 2009-08-26 16:53 24 ----a-w- c:\users\Tazmi\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll
2009-08-26 16:53 . 2009-08-26 16:53 12 ----a-w- c:\users\Tazmi\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
2009-08-26 16:53 . 2009-08-26 16:53 49 ----a-w- c:\users\Tazmi\AppData\Roaming\Microsoft\Windows\Recent\cb.sys
2009-08-26 16:53 . 2009-08-26 16:53 48 ----a-w- c:\users\Tazmi\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
2009-08-26 16:53 . 2009-08-26 16:53 31 ----a-w- c:\users\Tazmi\AppData\Roaming\Microsoft\Windows\Recent\SM.sys
2009-08-26 16:53 . 2009-08-26 16:53 38 ----a-w- c:\users\Tazmi\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.exe
2009-08-26 16:53 . 2009-08-26 16:53 5 ----a-w- c:\users\Tazmi\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.sys
2009-08-26 16:50 . 2009-08-26 18:29 -------- d-sh--w- c:\programdata\3d79827

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-18 03:33 . 2009-06-02 08:09 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-09-16 02:09 . 2009-03-16 16:06 -------- d-----w- c:\program files\Lx_cats
2009-09-11 10:12 . 2009-03-03 13:42 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-11 10:02 . 2009-03-10 18:24 -------- d-----w- c:\programdata\Microsoft Help
2009-09-10 10:00 . 2009-03-16 21:12 6756 ----a-w- c:\users\Tazmi\AppData\Local\d3d9caps.dat
2009-08-27 06:51 . 2009-03-03 13:21 -------- d-----w- c:\program files\Dell DataSafe Online
2009-08-20 20:20 . 2009-03-09 21:51 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-14 16:27 . 2009-09-09 14:55 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 14:55 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 14:55 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 14:55 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 14:55 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 14:55 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 14:55 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 14:55 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 14:55 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 14:55 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 14:55 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-03 22:07 . 2009-08-03 22:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 22:07 . 2009-08-03 22:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 22:07 . 2009-08-03 22:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-21 21:52 . 2009-07-29 15:26 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 15:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 15:26 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 15:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-12 15:34 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 15:34 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 15:34 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 15:34 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 15:34 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-11 19:01 . 2009-09-09 14:55 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01 . 2009-09-09 14:55 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:01 . 2009-09-09 14:55 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:01 . 2009-09-09 14:55 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-07-11 17:03 . 2009-09-09 14:55 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-03-03 13:12 . 2009-03-03 13:12 75 --sh--r- c:\windows\CT4CET.bin
2009-03-03 14:14 . 2009-03-03 14:08 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Windows Live Sync"="c:\program files\Windows Live\Sync\WindowsLiveSync.exe" [2009-02-07 1170272]
"RCHotKey"="c:\program files\RingCentral\RingCentral Call Controller\RCHotKey.exe" [2009-05-04 32768]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-17 196608]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-21 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-21 154136]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"LXCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2007-02-22 73728]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2007-04-30 205744]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2007-04-30 103344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-07-09 65240]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-22 483420]

c:\users\Tazmi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-9 1616976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-03 13:18 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:e0,1a,2a,c1,b4,04,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{87CC9E4C-677E-4FB9-8443-F58E3F1DDCD8}"= UDP:c:\program files\Dell Video Chat\DellVideoChat.exe:Dell Video Chat
"{A4C4A581-7605-48B3-B72D-3D81DE689ADC}"= TCP:c:\program files\Dell Video Chat\DellVideoChat.exe:Dell Video Chat
"{7C90514D-3279-41CC-81E3-1BF8E745AC97}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{178A3C8F-8D0B-4509-BB54-6DF9133A44BB}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{EFE3543A-16DA-4D8C-9883-0E06C1A8670F}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{63EBCC2F-62DA-4A61-89AF-536B75C7FEAC}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{0712058F-2AEB-41D6-A175-C6D06B7FE02A}"= UDP:c:\program files\Dell Remote Access\ezi_ra.exe:Dell Remote Access
"{CA3AEDF2-1ABF-4C2B-A7AD-115308F72317}"= TCP:c:\program files\Dell Remote Access\ezi_ra.exe:Dell Remote Access
"{6C7578CC-6F88-4A92-A74D-2BB431EC85D7}"= UDP:c:\programdata\SingleClick Systems\Advanced Networking Service\hnm_svc.exe:Advanced Networking Service
"{C5826AD0-1FB6-4998-9A32-19FA202B3CBF}"= TCP:c:\programdata\SingleClick Systems\Advanced Networking Service\hnm_svc.exe:Advanced Networking Service
"{9EC12805-E653-4DD2-A628-AA28C825DE0B}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{C90E8A9D-D9AB-4CD6-A57E-5077114B9E51}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{28BF5CC4-6841-47B7-9276-CFC44CA01715}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{51B326A6-0432-4076-ADF4-1D24E0A21D6E}"= UDP:c:\programdata\SingleClick Systems\VLC\vlc.exe:Remote Access VLC
"{4EDFD01D-442D-48BB-AE94-BC934018C38E}"= TCP:c:\programdata\SingleClick Systems\VLC\vlc.exe:Remote Access VLC
"{253D5676-01B1-4AE3-9FE5-96E5D4705077}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{36CB3F50-2390-4C1F-9A76-DD6E4B09B501}"= UDP:c:\windows\System32\lxcgcoms.exe:Lexmark Communications System
"{588BE299-9646-4948-A996-FF25AD52F1A9}"= TCP:c:\windows\System32\lxcgcoms.exe:Lexmark Communications System
"{7510A447-185B-4C44-A5AD-8292BE9B1A5A}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxcgpswx.exe:Printer Status Window
"{B203FEA8-5271-4B87-8A63-6922EAEBD689}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxcgpswx.exe:Printer Status Window
"TCP Query User{858A01D6-1D30-461E-86B0-74B59DB1955C}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{2C47D437-B5DA-4DD1-8891-02C81A0D01D2}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{95175B30-5293-4317-B466-295FEA4E81DD}"= UDP:c:\program files\Dell Remote Access\ezi_ra.exe:Dell Remote Access
"{1EC93B32-B517-46E7-A292-202A61224853}"= TCP:c:\program files\Dell Remote Access\ezi_ra.exe:Dell Remote Access
"{A62A2BBF-3E73-45BE-9806-E5CB6BE25B06}"= UDP:c:\program files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe:Advanced Networking Service
"{708AB162-9BE4-4933-9895-447D2B7C6DF0}"= TCP:c:\program files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe:Advanced Networking Service
"{64E4AD31-941E-4103-B4C9-A43AF4CD43E0}"= UDP:c:\program files\Common Files\Dell\VLC\vlc.exe:Remote Access VLC
"{31D499D2-BAA3-4D4E-A27C-980FBE5090AB}"= TCP:c:\program files\Common Files\Dell\VLC\vlc.exe:Remote Access VLC
"TCP Query User{26ADA0EC-B14C-426C-BAD7-3507BE281F2F}c:\\program files\\ringcentral\\ringcentral call controller\\rcui.exe"= UDP:c:\program files\ringcentral\ringcentral call controller\rcui.exe:RingCentral Call Controller
"UDP Query User{923E07C5-3CA7-449F-A3D9-C73E96593E69}c:\\program files\\ringcentral\\ringcentral call controller\\rcui.exe"= TCP:c:\program files\ringcentral\ringcentral call controller\rcui.exe:RingCentral Call Controller
"{AD965B8D-2FD8-4F98-9779-FCF533F65626}"= UDP:c:\program files\Common Files\Dell\apache\bin\httpd.exe:Remote Access Media Server
"{0E324A89-05BC-45AB-882D-CB805CDA9666}"= TCP:c:\program files\Common Files\Dell\apache\bin\httpd.exe:Remote Access Media Server
"{E7E83925-7843-4C75-82B6-DD777D19B837}"= UDP:c:\program files\Common Files\Dell\MySQL\bin\mysqld.exe:Remote Access DB
"{A74D4F54-3D54-4DA3-A336-8ED94684D0EA}"= TCP:c:\program files\Common Files\Dell\MySQL\bin\mysqld.exe:Remote Access DB
"{92D24D0F-D66E-44C0-AAF2-939882256BE1}"= UDP:c:\program files\Common Files\Dell\MySQL\bin\mysql.exe:Remote Access CLI
"{1FF41DF5-B7CC-4F4B-84DB-7088050C57DA}"= TCP:c:\program files\Common Files\Dell\MySQL\bin\mysql.exe:Remote Access CLI
"{567B908D-CA58-412C-93A0-3349741BC678}"= UDP:c:\program files\Common Files\Dell\apache\php.exe:Remote Access PHP
"{C0E352C0-3567-4F59-B47D-EC6FD5E80CC5}"= TCP:c:\program files\Common Files\Dell\apache\php.exe:Remote Access PHP
"{44B629E6-D610-44D8-97F4-7D0D9D17E49E}"= UDP:c:\program files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe:Remote Access File Sync Service
"{F748F740-1D08-42E5-9FEC-DAAA51B7B1DC}"= TCP:c:\program files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe:Remote Access File Sync Service
"{19A280D6-5E01-4EF5-ACE8-CDA7861C6DE4}"= UDP:40080:Remote Access Media Server
"{96A7C9DA-C9A7-4356-ADB5-37E0B9B03261}"= UDP:40090:Streaming Web Cam
"{F2834DD0-38F1-45C1-A542-3F3ED7515CAF}"= UDP:40091:Streaming Web Cam
"{7027EDCF-0D29-4006-BC74-37F02A1C6162}"= UDP:40092:Streaming Web Cam
"{8EC4E27D-506A-4B09-A9BD-E1F40789E63C}"= UDP:40093:Streaming Web Cam
"{FF23B183-EFC4-4144-86E8-B7A8524A1DA1}"= UDP:40094:Streaming Web Cam
"{ADA15056-80D0-4F19-8C11-29842EB6B8E3}"= UDP:c:\programdata\UltraVNC\winvnc.exe:UltraVNC Server
"{D3509CE0-8004-4E8B-8677-5AB5D92F1C46}"= TCP:c:\programdata\UltraVNC\winvnc.exe:UltraVNC Server
"{F32DD0CE-377A-4916-87B4-3F756283BC5D}"= UDP:5900:UltraVNC Server
"{1A31141F-EE6D-412F-973A-D7D65AFA7983}"= UDP:c:\programdata\3d79827\WI3d79.exe:Windows Protection Suite
"{E2F5E24D-A540-4AE3-9BBD-FB974E572471}"= TCP:c:\programdata\3d79827\WI3d79.exe:Windows Protection Suite
"{DC027929-00BB-41F3-8375-3C4EA47FF770}"= UDP:63331:Windows Live OneCare
"{C0ABC747-1FF2-43CE-A40B-AE7A9D672C1F}"= UDP:63331:Windows Live OneCare
"{4C58F5E3-9088-472F-AEA6-9EB9A8D28D6E}"= UDP:63331:Windows Live OneCare

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe [3/3/2009 7:36 AM 81920]
R2 Apache2.2;Remote Access Media Server;c:\program files\Common Files\Dell\apache\bin\httpd.exe [9/21/2007 1:26 PM 15872]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [9/23/2008 9:09 PM 155648]
R2 dsl-fs-sync;Remote Access File Sync Service;c:\program files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [1/5/2009 5:19 PM 173296]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [7/9/2009 12:15 PM 26104]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [3/3/2009 7:36 AM 112128]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [3/3/2009 7:36 AM 54784]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [3/3/2009 7:36 AM 203264]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [3/3/2009 7:36 AM 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [3/3/2009 7:36 AM 277440]
S2 dsl-db;Remote Access DB;c:\program files\Common Files\Dell\MySQL\bin\mysqld.exe [9/14/2007 1:35 PM 5730304]
S2 uvnc_service;UltraVNC Server;c:\programdata\UltraVNC\winvnc.exe -service --> c:\programdata\UltraVNC\winvnc.exe -service [?]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\System32\drivers\WSDPrint.sys [1/20/2008 7:23 PM 16896]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\System32\drivers\WSDScan.sys [7/14/2009 11:12 AM 19968]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = https://na3.salesforce.com/50050000005u8PC/...50050000005u8PC
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Tazmi\AppData\Roaming\Mozilla\Firefox\Profiles\ircak9tn.default\
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-18 09:49
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(656)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-09-18 9:50
ComboFix-quarantined-files.txt 2009-09-18 16:50

Pre-Run: 190,001,606,656 bytes free
Post-Run: 189,452,828,672 bytes free

266 --- E O F --- 2009-09-11 10:06

#10 tazmi

tazmi
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 18 September 2009 - 12:09 PM

OTL logfile created on: 9/18/2009 10:04:50 AM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\Tazmi\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 68.78% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 176.03 Gb Free Space | 80.67% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 8.61 Gb Free Space | 58.79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TAZMI-LAPTOP
Current User Name: Tazmi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/07/09 17:05:22 | 00,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
PRC - [2008/12/22 02:26:36 | 00,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
PRC - [2008/09/23 21:09:52 | 00,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/12/22 03:32:44 | 02,809,856 | ---- | M] (Dell Inc.) -- C:\Windows\System32\bcmwltry.exe
PRC - [2006/12/19 18:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
PRC - [2008/12/22 02:26:08 | 00,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
PRC - [2007/09/21 13:26:34 | 00,015,872 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
PRC - [2009/01/05 17:19:08 | 00,173,296 | ---- | M] (SingleClick Systems) -- C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
PRC - [2007/09/21 13:26:34 | 00,015,872 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
PRC - [2009/01/05 17:19:10 | 00,824,560 | ---- | M] (Dell Inc.) -- C:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
PRC - [2008/09/23 21:09:52 | 01,295,656 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/07/17 05:00:18 | 00,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/11/21 04:05:22 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/11/21 04:05:32 | 00,154,136 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/12/22 03:34:46 | 03,810,304 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE
PRC - [2008/11/21 04:05:52 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/01/14 09:13:02 | 00,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2009/07/07 10:23:00 | 01,779,952 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2008/10/04 12:58:02 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2007/04/29 22:55:32 | 00,205,744 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
PRC - [2009/07/09 12:15:38 | 00,065,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
PRC - [2008/12/22 02:26:46 | 00,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/04/10 23:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009/02/20 14:22:34 | 04,363,504 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2008/01/20 19:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2009/02/06 18:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
PRC - [2009/05/04 14:15:16 | 00,032,768 | ---- | M] (RingCentral, Inc.) -- C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
PRC - [2008/01/20 19:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/07/09 13:31:46 | 01,616,976 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/04/29 22:54:44 | 00,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcgcoms.exe
PRC - [2009/07/09 12:15:32 | 00,026,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/01/20 19:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2007/11/27 22:45:02 | 00,869,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
PRC - [2009/07/09 12:15:38 | 01,139,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe
PRC - [2009/04/10 23:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/04/10 23:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2008/01/20 19:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008/07/17 05:00:16 | 00,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/07/17 05:00:18 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apntex.exe
PRC - [2008/07/17 05:00:36 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\HidFind.exe
PRC - [2008/10/04 12:58:04 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/01/08 07:36:42 | 02,521,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
PRC - [2009/04/10 23:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.exe
PRC - [2009/09/11 09:27:11 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/18 10:04:22 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Users\Tazmi\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/12/22 02:26:08 | 00,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe -- (AESTFilters [Auto | Running])
SRV - [2007/09/21 13:26:34 | 00,015,872 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Common Files\Dell\apache\bin\httpd.exe -- (Apache2.2 [Auto | Running])
SRV - [2009/03/29 21:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/09/23 21:09:52 | 00,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService [Auto | Running])
SRV - [2007/09/14 13:35:04 | 05,730,304 | ---- | M] () -- C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe -- (dsl-db [Auto | Stopped])
SRV - [2009/01/05 17:19:08 | 00,173,296 | ---- | M] (SingleClick Systems) -- C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe -- (dsl-fs-sync [Auto | Running])
SRV - [2008/01/20 19:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 05:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 05:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2006/12/19 18:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe -- (EpsonBidirectionalService [Auto | Running])
SRV - [2009/04/10 23:28:25 | 01,017,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2009/02/18 11:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/03/30 19:13:44 | 00,250,616 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2009/03/03 06:18:49 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist [On_Demand | Stopped])
SRV - [2009/01/05 17:19:10 | 00,824,560 | ---- | M] (Dell Inc.) -- C:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc [Auto | Running])
SRV - [2009/02/18 11:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/04/29 22:54:44 | 00,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcgcoms.exe -- (lxcg_device [Auto | Running])
SRV - [2007/11/27 22:45:02 | 00,869,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe -- (msfwsvc [Auto | Running])
SRV - [2009/02/18 11:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/07/09 12:15:32 | 00,026,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe -- (OcHealthMon [Auto | Running])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2008/07/09 17:05:22 | 00,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe -- (OneCareMP [Auto | Running])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2008/10/04 12:58:04 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter [Auto | Running])
SRV - [2008/12/22 02:26:36 | 00,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe -- (STacSV [Auto | Running])
SRV - [2008/03/24 06:35:22 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2008/08/31 12:02:04 | 01,519,168 | ---- | M] (UltraVNC) -- C:\ProgramData\UltraVNC\winvnc.exe -- (uvnc_service [Auto | Stopped])
SRV - [2008/01/20 19:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Stopped])
SRV - [2009/07/09 12:15:38 | 01,139,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe -- (winss [Auto | Running])
SRV - [2008/12/22 03:34:46 | 00,026,112 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Stopped])
SRV - [2008/01/20 19:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/01/20 19:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2008/01/20 19:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2008/01/20 19:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2008/01/20 19:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 02:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2008/01/20 19:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2008/07/17 05:00:14 | 00,170,032 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Windows\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2008/01/20 19:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2008/01/20 19:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2008/12/22 03:32:18 | 00,018,424 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\BCM42RLY.sys -- (BCM42RLY [On_Demand | Running])
DRV - [2008/12/17 02:22:02 | 01,331,192 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\bcmwl6.sys -- (BCM43XX [On_Demand | Running])
DRV - [2006/11/02 01:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 01:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 01:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 01:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 01:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 01:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2008/01/20 19:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2008/01/20 19:23:25 | 00,220,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\e1e6032.sys -- (e1express [On_Demand | Stopped])
DRV - [2008/01/20 19:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2008/01/20 19:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2008/01/20 19:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2008/01/20 19:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2008/11/21 04:05:26 | 02,473,472 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (igfx [On_Demand | Running])
DRV - [2006/11/02 02:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2008/11/21 04:06:30 | 00,112,128 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService [On_Demand | Running])
DRV - [2006/11/02 02:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2008/07/28 02:46:32 | 00,054,784 | ---- | M] (ITE Tech. Inc. ) -- C:\Windows\System32\DRIVERS\itecir.sys -- (itecir [On_Demand | Running])
DRV - [2006/11/02 02:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2008/05/29 04:03:34 | 00,203,264 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\k57nd60x.sys -- (k57nd60x [On_Demand | Running])
DRV - [2008/01/20 19:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2008/01/20 19:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2008/01/20 19:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2008/01/20 19:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2008/01/20 19:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Disabled | Stopped])
DRV - [2008/05/15 16:15:16 | 00,053,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\MpFilter.sys -- (MpFilter [On_Demand | Stopped])
DRV - [2006/11/02 02:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2007/11/27 22:45:00 | 00,091,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\msfwdrv.sys -- (MSFWDrv [Auto | Running])
DRV - [2007/11/27 22:44:54 | 00,037,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\msfwhlpr.sys -- (MSFWHLPR [System | Running])
DRV - [2006/11/02 02:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 00:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2009/05/09 01:14:20 | 00,014,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\NuidFltr.sys -- (NuidFltr [On_Demand | Stopped])
DRV - [2008/01/20 19:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2008/01/20 19:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2009/03/06 22:51:42 | 00,222,720 | ---- | M] (Novatel Wireless Inc) -- C:\Windows\System32\DRIVERS\NWADIenum.sys -- (NWADI [On_Demand | Running])
DRV - [2008/10/26 23:25:30 | 00,144,672 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\DRIVERS\OA001Ufd.sys -- (OA001Ufd [On_Demand | Running])
DRV - [2008/10/26 23:25:28 | 00,277,440 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\DRIVERS\OA001Vid.sys -- (OA001Vid [On_Demand | Running])
DRV - [2008/06/17 11:01:06 | 00,022,016 | ---- | M] (SingleClick Systems) -- C:\Windows\System32\DRIVERS\packet.sys -- (Packet [Auto | Running])
DRV - [2008/11/24 18:04:10 | 00,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\Drivers\PCASp50.sys -- (PCASp50 [On_Demand | Stopped])
DRV - [2007/11/14 02:00:00 | 00,043,840 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/01/20 19:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 02:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2006/11/02 00:36:43 | 02,028,032 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\DRIVERS\atikmdag.sys -- (R300 [On_Demand | Stopped])
DRV - [2008/07/03 01:58:24 | 00,046,592 | ---- | M] (REDC) -- C:\Windows\System32\DRIVERS\rimmptsk.sys -- (rimmptsk [Auto | Running])
DRV - [2008/07/03 01:58:22 | 00,043,008 | ---- | M] (REDC) -- C:\Windows\System32\DRIVERS\rimsptsk.sys -- (rimsptsk [Auto | Running])
DRV - [2007/01/18 10:24:58 | 00,026,496 | ---- | M] (Research in Motion Ltd) -- C:\Windows\System32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Stopped])
DRV - [2008/07/03 01:58:26 | 00,038,400 | ---- | M] (REDC) -- C:\Windows\System32\DRIVERS\rixdptsk.sys -- (rismxdp [Auto | Running])
DRV - [2008/01/20 19:24:49 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Stopped])
DRV - File not found -- Service key not found. -- (SASENUM [Unknown | Running])
DRV - File not found -- Service key not found. -- (SASKUTIL [Unknown | Running])
DRV - [2006/11/01 23:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2008/01/20 19:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2008/12/22 02:26:50 | 00,393,216 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DRIVERS\stwrt.sys -- (STHDA [On_Demand | Running])
DRV - [2009/03/06 22:51:52 | 00,026,888 | ---- | M] () -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt [On_Demand | Stopped])
DRV - [2009/03/06 22:51:50 | 00,149,512 | ---- | M] (Sierra Wireless Inc.) -- C:\Windows\System32\DRIVERS\swmx00.sys -- (swmx00 [On_Demand | Stopped])
DRV - [2009/03/06 22:51:52 | 00,171,144 | ---- | M] (Sierra Wireless Inc.) -- C:\Windows\System32\DRIVERS\SWNC5E00.sys -- (SWNC5E00 [On_Demand | Stopped])
DRV - [2006/11/02 02:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 02:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 02:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2008/01/20 19:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 02:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2008/01/20 19:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2008/01/20 19:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2008/01/20 19:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2008/01/20 19:23:21 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\WSDPrint.sys -- (WSDPrintDevice [On_Demand | Stopped])
DRV - [2009/04/10 22:06:26 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\WSDScan.sys -- (WSDScan [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1697761158-3461116375-2391198924-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1697761158-3461116375-2391198924-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1697761158-3461116375-2391198924-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://na3.salesforce.com/50050000005u8PC/...50050000005u8PC
IE - HKU\S-1-5-21-1697761158-3461116375-2391198924-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1697761158-3461116375-2391198924-1000\S-1-5-21-1697761158-3461116375-2391198924-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1697761158-3461116375-2391198924-1002\S-1-5-21-1697761158-3461116375-2391198924-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/07 09:18:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/11 09:27:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/11 09:27:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/08/20 13:20:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009/08/29 15:35:02 | 00,000,000 | ---D | M] -- C:\Users\Tazmi\AppData\Roaming\mozilla\Extensions
[2009/08/29 15:35:02 | 00,000,000 | ---D | M] -- C:\Users\Tazmi\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/12 09:46:50 | 00,000,000 | ---D | M] -- C:\Users\Tazmi\AppData\Roaming\mozilla\Firefox\Profiles\ircak9tn.default\extensions
[2009/08/29 15:35:56 | 00,000,000 | ---D | M] -- C:\Users\Tazmi\AppData\Roaming\mozilla\Firefox\Profiles\ircak9tn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/30 20:58:01 | 00,000,000 | ---D | M] -- C:\Users\Tazmi\AppData\Roaming\mozilla\Firefox\Profiles\ircak9tn.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/08/29 15:34:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/11 09:27:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/11 09:27:10 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/11 09:27:10 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/09/11 09:27:11 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/03/15 11:12:29 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/03/15 11:12:29 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/03/15 11:12:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/03/15 11:12:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/03/15 11:12:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/03/15 11:12:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/03/15 11:12:30 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/30 00:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 00:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 00:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 00:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 00:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 00:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 00:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (6656 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 64.86.17.56 google.ae
O1 - Hosts: 64.86.17.56 google.as
O1 - Hosts: 64.86.17.56 google.at
O1 - Hosts: 64.86.17.56 google.az
O1 - Hosts: 64.86.17.56 google.ba
O1 - Hosts: 64.86.17.56 google.be
O1 - Hosts: 64.86.17.56 google.bg
O1 - Hosts: 64.86.17.56 google.bs
O1 - Hosts: 64.86.17.56 google.ca
O1 - Hosts: 64.86.17.56 google.cd
O1 - Hosts: 64.86.17.56 google.com.gh
O1 - Hosts: 64.86.17.56 google.com.hk
O1 - Hosts: 197 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1697761158-3461116375-2391198924-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [LXCGCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.DLL ()
O4 - HKLM..\Run: [lxcgmon.exe] C:\Program Files\Lexmark 2300 Series\lxcgmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1697761158-3461116375-2391198924-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1697761158-3461116375-2391198924-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1697761158-3461116375-2391198924-1000..\Run: [RCHotKey] C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe (RingCentral, Inc.)
O4 - HKU\S-1-5-21-1697761158-3461116375-2391198924-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1697761158-3461116375-2391198924-1000..\Run: [Windows Live Sync] C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1697761158-3461116375-2391198924-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1697761158-3461116375-2391198924-1002..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Tazmi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1697761158-3461116375-2391198924-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1697761158-3461116375-2391198924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1697761158-3461116375-2391198924-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1697761158-3461116375-2391198924-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1697761158-3461116375-2391198924-1002_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.5.60 24.25.5.61
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/31 21:07:08 | 00,000,073 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/18 09:50:42 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/09/18 09:50:41 | 00,000,000 | ---D | C] -- C:\Users\Tazmi\AppData\Local\temp
[2009/09/18 09:50:40 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/09/18 09:39:12 | 00,229,888 | ---- | C] () -- C:\Windows\PEV.exe
[2009/09/18 09:39:12 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/09/18 09:39:12 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/09/18 09:39:12 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/09/18 09:39:12 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/09/18 09:39:12 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/09/18 09:39:12 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/09/18 09:39:12 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/09/18 09:39:05 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/09/18 09:39:05 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/09/18 09:32:30 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/09/17 13:27:04 | 00,003,558 | ---- | C] () -- C:\Users\Tazmi\Desktop\Attach.zip
[2009/09/09 07:55:48 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/09/09 07:55:38 | 00,904,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/09/09 07:55:37 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2009/09/09 07:55:36 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2009/09/09 07:55:36 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2009/09/09 07:55:36 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2009/09/09 07:55:35 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys
[2009/09/09 07:55:35 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2009/09/09 07:55:35 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2009/09/09 07:55:35 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2009/09/09 07:55:35 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2009/09/09 07:55:34 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2009/09/09 07:55:10 | 02,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/09/09 07:55:10 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2009/09/09 07:55:10 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/09/09 07:55:10 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2009/09/09 07:55:09 | 00,513,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009/09/09 07:55:09 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2009/09/09 07:55:06 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/09/09 07:55:06 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/09/03 20:41:08 | 00,000,000 | ---D | C] -- C:\Users\Tazmi\AppData\Local\Adobe
[2009/09/02 16:38:56 | 02,401,855 | -H-- | C] () -- C:\Users\Tazmi\AppData\Local\IconCache.db
[2009/09/01 17:58:23 | 31,780,86400 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/01 16:41:27 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/09/01 16:26:18 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/09/01 16:25:36 | 00,000,000 | ---D | C] -- C:\Users\Tazmi\AppData\Roaming\SUPERAntiSpyware.com
[2009/09/01 16:25:36 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/08/29 19:10:04 | 00,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat
[2009/08/26 23:08:34 | 08,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\Tazmi\AppData\Roaming\DataSafeDotNet.exe
[2009/08/26 11:17:04 | 00,000,000 | ---D | C] -- C:\Users\Tazmi\AppData\Roaming\Malwarebytes
[2009/08/26 11:16:58 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/26 11:16:56 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/08/26 11:16:56 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/08/26 11:16:55 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/26 10:50:06 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009/08/26 10:43:49 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/08/26 10:42:44 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/08/26 10:42:44 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/08/26 10:42:44 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2009/08/26 10:42:43 | 01,259,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/08/26 10:42:43 | 00,439,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/08/26 10:42:43 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/08/26 10:42:42 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/08/26 10:42:42 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/08/26 09:50:28 | 00,000,000 | -HSD | C] -- C:\ProgramData\3d79827
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/14 11:14:45 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/03/24 12:50:12 | 00,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/03/16 09:03:36 | 01,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcgserv.dll
[2009/03/16 09:03:36 | 00,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxcgusb1.dll
[2009/03/16 09:03:36 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcgpmui.dll
[2009/03/16 09:03:36 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcglmpm.dll
[2009/03/16 09:03:36 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcginpa.dll
[2009/03/16 09:03:36 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcgiesc.dll
[2009/03/16 09:03:36 | 00,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxcghcp.dll
[2009/03/16 09:03:36 | 00,274,432 | ---- | C] () -- C:\Windows\System32\lxcginst.dll
[2009/03/16 09:03:36 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcgprox.dll
[2009/03/16 09:03:36 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcgpplc.dll
[2009/03/16 09:03:35 | 00,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcghbn3.dll
[2009/03/16 09:03:35 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcgcomc.dll
[2009/03/16 09:03:35 | 00,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcgcomm.dll
[2009/03/06 22:51:52 | 00,026,888 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2009/03/03 07:36:36 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll
[2009/03/03 07:36:34 | 00,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/03/03 06:01:39 | 00,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/03/03 06:01:37 | 00,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/02/22 18:32:00 | 00,344,064 | ---- | C] () -- C:\Windows\System32\lxcgcoin.dll
[2006/11/02 05:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:23:31 | 00,000,664 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 03:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/08/18 06:26:46 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxcgvs.dll
[2005/03/13 14:32:14 | 00,061,440 | ---- | C] () -- C:\Windows\System32\lxcgcnv4.dll

========== Files - Modified Within 30 Days ==========

[2009/09/18 09:49:06 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/09/18 09:19:54 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/18 09:19:54 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/18 05:20:02 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/17 13:27:04 | 00,003,558 | ---- | M] () -- C:\Users\Tazmi\Desktop\Attach.zip
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\Windows\PEV.exe
[2009/09/12 09:07:34 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/09/12 09:07:34 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/09/12 09:07:33 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/09/12 09:00:42 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/12 09:00:36 | 31,780,86400 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/12 08:53:06 | 02,401,855 | -H-- | M] () -- C:\Users\Tazmi\AppData\Local\IconCache.db
[2009/09/10 03:00:10 | 00,006,756 | ---- | M] () -- C:\Users\Tazmi\AppData\Local\d3d9caps.dat
[2009/08/29 19:10:04 | 00,000,000 | ---- | M] () -- C:\Windows\System32\settings.dat
[2009/08/28 14:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/08/26 23:11:46 | 08,270,752 | ---- | M] (Dell, Inc. ) -- C:\Users\Tazmi\AppData\Roaming\DataSafeDotNet.exe
[2009/08/26 09:54:02 | 00,006,656 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >


OTL Extras logfile created on: 9/18/2009 10:04:50 AM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\Tazmi\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 68.78% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 176.03 Gb Free Space | 80.67% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 8.61 Gb Free Space | 58.79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TAZMI-LAPTOP
Current User Name: Tazmi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1697761158-3461116375-2391198924-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19A280D6-5E01-4EF5-ACE8-CDA7861C6DE4}" = lport=40080 | protocol=6 | dir=in | name=remote access media server |
"{253D5676-01B1-4AE3-9FE5-96E5D4705077}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4C58F5E3-9088-472F-AEA6-9EB9A8D28D6E}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{7027EDCF-0D29-4006-BC74-37F02A1C6162}" = lport=40092 | protocol=6 | dir=in | name=streaming web cam |
"{8EC4E27D-506A-4B09-A9BD-E1F40789E63C}" = lport=40093 | protocol=6 | dir=in | name=streaming web cam |
"{96A7C9DA-C9A7-4356-ADB5-37E0B9B03261}" = lport=40090 | protocol=6 | dir=in | name=streaming web cam |
"{B3A9399D-761C-4215-9A6C-85FF2DFAF6F3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C0ABC747-1FF2-43CE-A40B-AE7A9D672C1F}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{DC027929-00BB-41F3-8375-3C4EA47FF770}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{ECD5208B-A6F3-488A-86C0-7D706A8B326A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F2834DD0-38F1-45C1-A542-3F3ED7515CAF}" = lport=40091 | protocol=6 | dir=in | name=streaming web cam |
"{F32DD0CE-377A-4916-87B4-3F756283BC5D}" = lport=5900 | protocol=6 | dir=in | name=ultravnc server |
"{FF23B183-EFC4-4144-86E8-B7A8524A1DA1}" = lport=40094 | protocol=6 | dir=in | name=streaming web cam |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0712058F-2AEB-41D6-A175-C6D06B7FE02A}" = protocol=6 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{0805A0CB-6EEC-463D-98A1-119C21398EE5}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 |
"{0E324A89-05BC-45AB-882D-CB805CDA9666}" = protocol=17 | dir=in | app=c:\program files\common files\dell\apache\bin\httpd.exe |
"{178A3C8F-8D0B-4509-BB54-6DF9133A44BB}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{1A31141F-EE6D-412F-973A-D7D65AFA7983}" = protocol=6 | dir=in | app=c:\programdata\3d79827\wi3d79.exe |
"{1EC93B32-B517-46E7-A292-202A61224853}" = protocol=17 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{1FF41DF5-B7CC-4F4B-84DB-7088050C57DA}" = protocol=17 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysql.exe |
"{28BF5CC4-6841-47B7-9276-CFC44CA01715}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{31D499D2-BAA3-4D4E-A27C-980FBE5090AB}" = protocol=17 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
"{36CB3F50-2390-4C1F-9A76-DD6E4B09B501}" = protocol=6 | dir=in | app=c:\windows\system32\lxcgcoms.exe |
"{44B629E6-D610-44D8-97F4-7D0D9D17E49E}" = protocol=6 | dir=in | app=c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{4EDFD01D-442D-48BB-AE94-BC934018C38E}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |
"{51B326A6-0432-4076-ADF4-1D24E0A21D6E}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |
"{567B908D-CA58-412C-93A0-3349741BC678}" = protocol=6 | dir=in | app=c:\program files\common files\dell\apache\php.exe |
"{588BE299-9646-4948-A996-FF25AD52F1A9}" = protocol=17 | dir=in | app=c:\windows\system32\lxcgcoms.exe |
"{63EBCC2F-62DA-4A61-89AF-536B75C7FEAC}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{64E4AD31-941E-4103-B4C9-A43AF4CD43E0}" = protocol=6 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
"{6C7578CC-6F88-4A92-A74D-2BB431EC85D7}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{708AB162-9BE4-4933-9895-447D2B7C6DF0}" = protocol=17 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
"{7510A447-185B-4C44-A5AD-8292BE9B1A5A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcgpswx.exe |
"{7C90514D-3279-41CC-81E3-1BF8E745AC97}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{87CC9E4C-677E-4FB9-8443-F58E3F1DDCD8}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{92D24D0F-D66E-44C0-AAF2-939882256BE1}" = protocol=6 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysql.exe |
"{95175B30-5293-4317-B466-295FEA4E81DD}" = protocol=6 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{9EC12805-E653-4DD2-A628-AA28C825DE0B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A4C4A581-7605-48B3-B72D-3D81DE689ADC}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{A62A2BBF-3E73-45BE-9806-E5CB6BE25B06}" = protocol=6 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
"{A74D4F54-3D54-4DA3-A336-8ED94684D0EA}" = protocol=17 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysqld.exe |
"{AD965B8D-2FD8-4F98-9779-FCF533F65626}" = protocol=6 | dir=in | app=c:\program files\common files\dell\apache\bin\httpd.exe |
"{ADA15056-80D0-4F19-8C11-29842EB6B8E3}" = protocol=6 | dir=in | app=c:\programdata\ultravnc\winvnc.exe |
"{B203FEA8-5271-4B87-8A63-6922EAEBD689}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcgpswx.exe |
"{B483D7E2-7E75-420F-A086-EB2A21DACA7D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B4D288A5-D5BC-4151-B395-2E15FD8A4B78}" = protocol=58 | dir=in | app=system |
"{C0E352C0-3567-4F59-B47D-EC6FD5E80CC5}" = protocol=17 | dir=in | app=c:\program files\common files\dell\apache\php.exe |
"{C5826AD0-1FB6-4998-9A32-19FA202B3CBF}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{C90E8A9D-D9AB-4CD6-A57E-5077114B9E51}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{CA3AEDF2-1ABF-4C2B-A7AD-115308F72317}" = protocol=17 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{D3509CE0-8004-4E8B-8677-5AB5D92F1C46}" = protocol=17 | dir=in | app=c:\programdata\ultravnc\winvnc.exe |
"{E2F5E24D-A540-4AE3-9BBD-FB974E572471}" = protocol=17 | dir=in | app=c:\programdata\3d79827\wi3d79.exe |
"{E7E83925-7843-4C75-82B6-DD777D19B837}" = protocol=6 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysqld.exe |
"{EFE3543A-16DA-4D8C-9883-0E06C1A8670F}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{F748F740-1D08-42E5-9FEC-DAAA51B7B1DC}" = protocol=17 | dir=in | app=c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{FC0709D9-4672-4903-B98A-03166908223E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"TCP Query User{0F62B8A4-BEAA-4209-89E6-7A77FD783339}C:\program files\ringcentral\ringcentral call controller\rcui.exe" = protocol=6 | dir=in | app=c:\program files\ringcentral\ringcentral call controller\rcui.exe |
"TCP Query User{1059823F-7AAA-485E-93D5-9C989F7ABD07}C:\program files\sprint mobile email\desktop connector\desktopconnector.exe" = protocol=6 | dir=in | app=c:\program files\sprint mobile email\desktop connector\desktopconnector.exe |
"TCP Query User{26ADA0EC-B14C-426C-BAD7-3507BE281F2F}C:\program files\ringcentral\ringcentral call controller\rcui.exe" = protocol=6 | dir=in | app=c:\program files\ringcentral\ringcentral call controller\rcui.exe |
"TCP Query User{858A01D6-1D30-461E-86B0-74B59DB1955C}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{1033099F-1B6D-4073-9289-746B385141EA}C:\program files\ringcentral\ringcentral call controller\rcui.exe" = protocol=17 | dir=in | app=c:\program files\ringcentral\ringcentral call controller\rcui.exe |
"UDP Query User{2C47D437-B5DA-4DD1-8891-02C81A0D01D2}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{923E07C5-3CA7-449F-A3D9-C73E96593E69}C:\program files\ringcentral\ringcentral call controller\rcui.exe" = protocol=17 | dir=in | app=c:\program files\ringcentral\ringcentral call controller\rcui.exe |
"UDP Query User{EABEFBC3-A038-47CD-9022-D312A077ECBB}C:\program files\sprint mobile email\desktop connector\desktopconnector.exe" = protocol=17 | dir=in | app=c:\program files\sprint mobile email\desktop connector\desktopconnector.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3851147E-5A91-4469-BA4D-13FFFCC8A920}" = Microsoft Windows OneCare Live v2.5.2900.24 Idcrl Install
"{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{5660022E-F3F2-4126-8CC5-9726C47150EB}" = Microsoft Windows Live OneCare Resources v2.5.2900.28
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6513E869-647F-40FD-A55D-CFC92579B9BA}" = PX Engine
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}" = GTOneCare
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CCD2B912-A364-4E8A-99D0-389FE8937208}" = Salesforce Office Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D07A8E7E-D324-4945-BA8C-E532AD008FF3}" = Microsoft Windows OneCare Live v2.5.2900.28
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}" = Microsoft Windows OneCare Live AntiSpyware and AntiVirus
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F3B58D4E-7324-44E4-A6B3-65D2DB8D1FE9}" = Microsoft Protection Service
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Bejeweled Deluxe 1.87" = Bejeweled Deluxe 1.87
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"CBE 122239_is1" = CBE2_1
"Creative OA001" = Integrated Webcam Driver (1.03.02.0919)
"Dell Video Chat" = Dell Video Chat (remove only)
"Dell Webcam Central" = Dell Webcam Central
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 600 Series" = EPSON WorkForce 600 Series Printer Uninstall
"GoToAssist" = GoToAssist 8.0.0.514
"Lexmark 2300 Series" = Lexmark 2300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"PROR" = Microsoft Office Professional 2007
"RingCentral" = RingCentral Call Controller
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinSS" = Windows Live OneCare
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/1/2009 7:41:52 PM | Computer Name = Tazmi-Laptop | Source = EventSystem | ID = 4621
Description =

Error - 9/1/2009 7:43:25 PM | Computer Name = Tazmi-Laptop | Source = EventSystem | ID = 4609
Description =

Error - 9/1/2009 7:44:25 PM | Computer Name = Tazmi-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 9/1/2009 8:57:00 PM | Computer Name = Tazmi-Laptop | Source = EventSystem | ID = 4609
Description =

Error - 9/1/2009 8:59:10 PM | Computer Name = Tazmi-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 9/2/2009 5:54:14 PM | Computer Name = Tazmi-Laptop | Source = MsiInstaller | ID = 10005
Description =

Error - 9/2/2009 7:39:03 PM | Computer Name = Tazmi-Laptop | Source = EventSystem | ID = 4621
Description =

Error - 9/2/2009 10:30:37 PM | Computer Name = Tazmi-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 9/4/2009 10:46:07 AM | Computer Name = Tazmi-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 9/4/2009 10:49:57 AM | Computer Name = Tazmi-Laptop | Source = Application Error | ID = 1000
Description = Faulting application RCUI.exe, version 4.60.109.48, time stamp 0x49fec0ad,
faulting module RCSPOptions.Dll_unloaded, version 0.0.0.0, time stamp 0x49fec08f,
exception code 0xc0000005, fault offset 0x045618c2, process id 0xd10, application
start time 0x01ca2d6e61cac4d4.

[ OSession Events ]
Error - 4/14/2009 5:55:02 PM | Computer Name = Tazmi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/16/2009 12:51:56 AM | Computer Name = Tazmi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9077
seconds with 1380 seconds of active time. This session ended with a crash.

Error - 4/23/2009 11:56:27 AM | Computer Name = Tazmi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 221485
seconds with 13320 seconds of active time. This session ended with a crash.

Error - 5/11/2009 12:51:11 PM | Computer Name = Tazmi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/1/2009 12:58:38 AM | Computer Name = Tazmi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/11/2009 5:42:35 PM | Computer Name = Tazmi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17618
seconds with 1800 seconds of active time. This session ended with a crash.

Error - 7/29/2009 11:17:56 PM | Computer Name = Tazmi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 36004
seconds with 7380 seconds of active time. This session ended with a crash.

Error - 8/5/2009 1:26:50 PM | Computer Name = Tazmi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 5821
seconds with 1200 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/1/2009 11:39:57 PM | Computer Name = Tazmi-PC | Source = netbt | ID = 4321
Description = The name "MIGUELSALCID-PC:0" could not be registered on the interface
with IP address 192.168.2.101. The computer with the IP address 192.168.2.100 did
not allow the name to be claimed by this computer.

Error - 7/2/2009 1:01:33 AM | Computer Name = Tazmi-PC | Source = netbt | ID = 4321
Description = The name "MIGUELSALCID-PC:0" could not be registered on the interface
with IP address 192.168.2.101. The computer with the IP address 192.168.2.100 did
not allow the name to be claimed by this computer.

Error - 7/2/2009 1:11:50 AM | Computer Name = Tazmi-PC | Source = netbt | ID = 4321
Description = The name "MIGUELSALCID-PC:0" could not be registered on the interface
with IP address 192.168.2.101. The computer with the IP address 192.168.2.100 did
not allow the name to be claimed by this computer.

Error - 7/2/2009 1:22:13 AM | Computer Name = Tazmi-PC | Source = netbt | ID = 4321
Description = The name "MIGUELSALCID-PC:0" could not be registered on the interface
with IP address 192.168.2.101. The computer with the IP address 192.168.2.100 did
not allow the name to be claimed by this computer.

Error - 7/2/2009 1:32:30 AM | Computer Name = Tazmi-PC | Source = netbt | ID = 4321
Description = The name "MIGUELSALCID-PC:0" could not be registered on the interface
with IP address 192.168.2.101. The computer with the IP address 192.168.2.100 did
not allow the name to be claimed by this computer.

Error - 7/2/2009 1:42:40 AM | Computer Name = Tazmi-PC | Source = netbt | ID = 4321
Description = The name "MIGUELSALCID-PC:0" could not be registered on the interface
with IP address 192.168.2.101. The computer with the IP address 192.168.2.100 did
not allow the name to be claimed by this computer.

Error - 7/2/2009 1:52:41 AM | Computer Name = Tazmi-PC | Source = netbt | ID = 4321
Description = The name "MIGUELSALCID-PC:0" could not be registered on the interface
with IP address 192.168.2.101. The computer with the IP address 192.168.2.100 did
not allow the name to be claimed by this computer.

Error - 7/2/2009 2:02:56 AM | Computer Name = Tazmi-PC | Source = netbt | ID = 4321
Description = The name "MIGUELSALCID-PC:0" could not be registered on the interface
with IP address 192.168.2.101. The computer with the IP address 192.168.2.100 did
not allow the name to be claimed by this computer.

Error - 7/2/2009 2:13:06 AM | Computer Name = Tazmi-PC | Source = netbt | ID = 4321
Description = The name "MIGUELSALCID-PC:0" could not be registered on the interface
with IP address 192.168.2.101. The computer with the IP address 192.168.2.100 did
not allow the name to be claimed by this computer.

Error - 7/2/2009 2:23:27 AM | Computer Name = Tazmi-PC | Source = netbt | ID = 4321
Description = The name "MIGUELSALCID-PC:0" could not be registered on the interface
with IP address 192.168.2.101. The computer with the IP address 192.168.2.100 did
not allow the name to be claimed by this computer.

[ Windows OneCare Events ]
Error - 6/2/2009 10:45:58 AM | Computer Name = Tazmi-PC | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x8a180109.

Error - 6/2/2009 10:46:23 AM | Computer Name = Tazmi-PC | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x8a180109.

Error - 6/2/2009 10:46:28 AM | Computer Name = Tazmi-PC | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x8a180109.

Error - 9/1/2009 7:37:42 PM | Computer Name = Tazmi-Laptop | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x80070004.

Error - 9/12/2009 11:48:10 AM | Computer Name = Tazmi-Laptop | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x8a190107.


< End of report >

#11 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:50 AM

Posted 18 September 2009 - 03:08 PM

Hi tazmi,



Step1
  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
File::
c:\users\Tazmi\AppData\Roaming\Microsoft\Windows\Recent\sld.drv
c:\users\Tazmi\AppData\Roaming\Microsoft\Windows\Recent\cid.dll
c:\users\Tazmi\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
c:\users\Tazmi\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\Tazmi\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\Tazmi\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\Tazmi\AppData\Roaming\Microsoft\Windows\Recent\ppal.sys
c:\users\Tazmi\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll
c:\users\Tazmi\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
c:\users\Tazmi\AppData\Roaming\Microsoft\Windows\Recent\cb.sys
c:\users\Tazmi\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
c:\users\Tazmi\AppData\Roaming\Microsoft\Windows\Recent\SM.sys
c:\users\Tazmi\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.exe
c:\users\Tazmi\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.sys
C:\Windows\System32\drivers\etc\Hosts

Folder::
c:\programdata\3d79827

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1A31141F-EE6D-412F-973A-D7D65AFA7983}"=-
"{E2F5E24D-A540-4AE3-9BBD-FB974E572471}"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001

DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Step2

Please go to Here and Download System Repair Engine by smallfrogs

  • Extract it to Desktop & double click SREng.exe to run it
  • Click System Repair in the left pane.
  • Click on Hosts File tap
  • Press reset button, and click Yes to the prompt window.
  • Click save button in the right bottom corner. Exit the program and restart it
  • Select 'Smart Scan' & tick "Verify the digital signatures of process modules"
  • Click on the Scan button. When finished, click on the Save Reports button & save the log to Desktop
  • You can refer to this thread for your reference.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


Step3


Older versions Java have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 16...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) the following Java Runtime Environment (JRE or J2SE) in the name, and the following update:

    Java™ 6 Update 7

  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.


Step4


Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step5


Please perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner.
  • Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database have finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
  • You can refer to this animation
Note for Internet Explorer 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



Please post back the logs in your next reply.

1.ComboFix log
2.Kas Scan Report
2.Sreng log

Tell me how your pc is running now.

#12 tazmi

tazmi
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 19 September 2009 - 12:23 PM

for step 2 i see a file called SREngLdr.exe and when I double click on it i get a message that says illegal operation attempted on a registry key that has been marked for deletion. Please tell me what I should do.

#13 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:50 AM

Posted 19 September 2009 - 12:49 PM

Hi tazmi,


Click yes, OK the prompt and proceed the instruction as described above. If possible, note down which file or registry key should be deleted. Thanks.

#14 tazmi

tazmi
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 19 September 2009 - 12:52 PM

I click OK and it does not run. I am not sure what to do now...

#15 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:50 AM

Posted 19 September 2009 - 01:13 PM

Hi tazmi,



Close SREngLdr.exe and exit the program. Reboot your pc and start Sreng to proceed. If still no joy, please do the following:

Start OTL from your desktop and Copy and Paste the following code into the Custom Scans/Fixes box at the bottom.

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1697761158-3461116375-2391198924-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

:Commands
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
•Then click the Run Fix button at the top
•Let the program run unhindered, reboot when it is done
•You will get a log that shows the results of the fix. Please post it.
•Then also run and post a new OTL log.


In your next reply, please post back:

1.Combofix log
2.OTL delete log and fresh OTL log. Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users