Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i: Trojan.Downloader.Small-1042 and/or Google trashing virus


  • This topic is locked This topic is locked
24 replies to this topic

#1 TheOrgg

TheOrgg

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 26 October 2009 - 05:01 PM

Well, I went to a website that's quite old and has apparently been cybersquatted upon by a virus releasing program. It was a fake antivirus scanner, and I got rid of it by ctrl-alt-del at the very beginning when the computer booted up and stopped its crap from running, then hit the start menue, turned it off, and then rebooted and hit it with malwarebytes.

Unfortunatly, that is not the whole virus, and malwarebytes isn't finding the rest. Google searches still brough up shopping sites. I used Clamav to see if it'd find and kill it, but apparently it doesn't do any killing. It said "C:\WINDOWS\SYSTEM32\i: Trojan.Downloader.Small-1042 FOUND" and then just saved a text file. Wow... and the school recommends use of this thing that didn't catch this virus, and can't get rid of it? Wow.

Anyway, I'd like help getting this thing back to a clean bill of health. If it helps, when I got this computer (used), it had a terrible infection of Green AV that I finally got rid of with malwarebytes.

Someone gave me the 'try this' list, and then I posted this:

When trying Root Repeal.exe and its renamed form of Tatertot.src, my system does the same thing-- it says 'please wait, initializing' in a box, then after an hour, it tells me that more memory is needed. I click OK, wait another half hour, nothing happens. While this is happening, the computer won't respond.

I increased the virtual memory to 2048MB maximum and it STILL wouldn't work with either the regular or renamed program.

DDS worked in the 'Prep Guide' thread, but Root Repeal still didin't. Here's the logs from DDS.

Pasting in additional logs from other topic. ~ OB

Running from: C:\Documents and Settings\susan\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\susan\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll

[1] 2005-07-25 23:20:23 225792 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrv.dll (Microsoft Corporation)

[1] 2005-07-25 23:39:42 225792 C:\WINDOWS\$NtServicePackUninstall$\catsrv.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 215040 C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll ()

[1] 2004-08-04 02:56:41 229888 C:\WINDOWS\$NtUninstallKB902400$\catsrv.dll (Microsoft Corporation)

[1] 2004-03-05 21:16:10 225280 C:\WINDOWS\$xpsp1hfm$\KB828741\catsrv.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:50 226304 C:\WINDOWS\ServicePackFiles\i386\catsrv.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:50 226304 C:\WINDOWS\SYSTEM32\catsrv.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 215040 C:\i386\CATSRV.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll

[1] 2005-07-25 23:20:23 625152 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrvut.dll (Microsoft Corporation)

[1] 2005-07-25 23:39:43 625152 C:\WINDOWS\$NtServicePackUninstall$\catsrvut.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 583168 C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll ()

[1] 2004-08-04 02:56:41 628224 C:\WINDOWS\$NtUninstallKB902400$\catsrvut.dll (Microsoft Corporation)

[1] 2004-03-05 21:16:10 594944 C:\WINDOWS\$xpsp1hfm$\KB828741\catsrvut.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:50 625664 C:\WINDOWS\ServicePackFiles\i386\catsrvut.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:50 625664 C:\WINDOWS\SYSTEM32\catsrvut.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 583168 C:\i386\CATSRVUT.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll

[1] 2005-07-25 23:20:23 110080 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll (Microsoft Corporation)

[1] 2005-07-25 23:39:43 110080 C:\WINDOWS\$NtServicePackUninstall$\clbcatex.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 100864 C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll ()

[1] 2004-08-04 02:56:41 110080 C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll (Microsoft Corporation)

[1] 2004-03-05 21:16:10 110080 C:\WINDOWS\$xpsp1hfm$\KB828741\clbcatex.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:50 110592 C:\WINDOWS\ServicePackFiles\i386\clbcatex.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:50 110592 C:\WINDOWS\SYSTEM32\clbcatex.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 100864 C:\i386\CLBCATEX.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll

[1] 2005-07-25 23:20:24 498688 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll (Microsoft Corporation)

[1] 2005-07-25 23:39:43 498688 C:\WINDOWS\$NtServicePackUninstall$\clbcatq.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 468480 C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll ()

[1] 2004-08-04 02:56:41 501248 C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll (Microsoft Corporation)

[1] 2004-03-05 21:16:11 499712 C:\WINDOWS\$xpsp1hfm$\KB828741\clbcatq.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:50 498688 C:\WINDOWS\ServicePackFiles\i386\clbcatq.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:50 498688 C:\WINDOWS\SYSTEM32\clbcatq.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 468480 C:\i386\CLBCATQ.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\colbact.dll

[1] 2005-07-25 23:20:24 60416 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\colbact.dll (Microsoft Corporation)

[1] 2005-07-25 23:20:24 60416 C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\colbact.dll (Microsoft Corporation)

[1] 2005-07-25 23:39:43 60416 C:\WINDOWS\$NtServicePackUninstall$\colbact.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 56832 C:\WINDOWS\$NtUninstallKB828741$\colbact.dll ()

[1] 2004-08-04 02:56:41 62464 C:\WINDOWS\$NtUninstallKB902400$\colbact.dll (Microsoft Corporation)

[1] 2004-03-05 21:16:10 64512 C:\WINDOWS\$xpsp1hfm$\KB828741\colbact.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:51 60416 C:\WINDOWS\ServicePackFiles\i386\colbact.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:51 60416 C:\WINDOWS\SYSTEM32\colbact.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 56832 C:\i386\COLBACT.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll

[1] 2005-07-25 23:20:24 195072 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comadmin.dll (Microsoft Corporation)

[1] 2005-07-25 23:39:44 195072 C:\WINDOWS\$NtServicePackUninstall$\comadmin.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 186880 C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll ()

[1] 2004-08-04 02:56:41 195584 C:\WINDOWS\$NtUninstallKB902400$\comadmin.dll (Microsoft Corporation)

[1] 2004-03-05 21:16:10 187904 C:\WINDOWS\$xpsp1hfm$\KB828741\comadmin.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:51 195072 C:\WINDOWS\ServicePackFiles\i386\comadmin.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:51 195072 C:\WINDOWS\SYSTEM32\Com\comadmin.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 186880 C:\i386\COMADMIN.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe

[1] 2004-08-04 02:56:48 9728 C:\WINDOWS\$NtServicePackUninstall$\comrepl.exe (Microsoft Corporation)

[1] 2001-08-18 08:00:00 8192 C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe ()

[1] 2004-02-17 13:49:58 8192 C:\WINDOWS\$xpsp1hfm$\KB828741\comrepl.exe (Microsoft Corporation)

[1] 2008-04-13 19:12:15 9728 C:\WINDOWS\ServicePackFiles\i386\comrepl.exe (Microsoft Corporation)

[1] 2008-04-13 19:12:15 9728 C:\WINDOWS\SYSTEM32\Com\comrepl.exe (Microsoft Corporation)

[1] 2001-08-18 08:00:00 8192 C:\i386\COMREPL.EXE (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll

[1] 2005-07-25 23:20:27 1267200 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comsvcs.dll (Microsoft Corporation)

[1] 2005-07-25 23:39:44 1267200 C:\WINDOWS\$NtServicePackUninstall$\comsvcs.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 1139200 C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll ()

[1] 2004-08-04 02:56:41 1251840 C:\WINDOWS\$NtUninstallKB902400$\comsvcs.dll (Microsoft Corporation)

[1] 2004-03-05 21:16:11 1194496 C:\WINDOWS\$xpsp1hfm$\KB828741\comsvcs.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:51 1267200 C:\WINDOWS\ServicePackFiles\i386\comsvcs.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:51 1267200 C:\WINDOWS\SYSTEM32\comsvcs.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 1139200 C:\i386\COMSVCS.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comuid.dll

[1] 2005-07-25 23:20:28 540160 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comuid.dll (Microsoft Corporation)

[1] 2005-07-25 23:39:45 540160 C:\WINDOWS\$NtServicePackUninstall$\comuid.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 495616 C:\WINDOWS\$NtUninstallKB828741$\comuid.dll ()

[1] 2004-08-04 02:56:41 540160 C:\WINDOWS\$NtUninstallKB902400$\comuid.dll (Microsoft Corporation)

[1] 2004-03-05 21:16:10 499200 C:\WINDOWS\$xpsp1hfm$\KB828741\comuid.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:51 539648 C:\WINDOWS\ServicePackFiles\i386\comuid.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:51 539648 C:\WINDOWS\SYSTEM32\comuid.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 495616 C:\i386\COMUID.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\es.dll

[1] 2005-07-25 23:20:28 243200 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\es.dll (Microsoft Corporation)

[1] 2008-07-07 15:06:43 253952 C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll (Microsoft Corporation)

[1] 2008-07-07 15:26:58 253952 C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll (Microsoft Corporation)

[1] 2008-07-07 15:23:18 253952 C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll (Microsoft Corporation)

[1] 2008-07-07 15:32:22 253952 C:\WINDOWS\$NtServicePackUninstall$\es.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 224768 C:\WINDOWS\$NtUninstallKB828741$\es.dll ()

[1] 2004-08-04 02:56:42 243200 C:\WINDOWS\$NtUninstallKB902400$\es.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:53 246272 C:\WINDOWS\$NtUninstallKB950974$\es.dll (Microsoft Corporation)

[1] 2005-07-25 23:39:45 243200 C:\WINDOWS\$NtUninstallKB950974_0$\es.dll (Microsoft Corporation)

[1] 2004-03-05 21:16:11 226816 C:\WINDOWS\$xpsp1hfm$\KB828741\es.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:53 246272 C:\WINDOWS\ServicePackFiles\i386\es.dll (Microsoft Corporation)

[1] 2008-07-07 15:26:58 253952 C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll (Microsoft Corporation)

[1] 2008-07-07 15:26:58 253952 C:\WINDOWS\SYSTEM32\es.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 224768 C:\i386\ES.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll

[1] 2005-07-25 23:20:29 425472 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcprx.dll (Microsoft Corporation)

[1] 2006-03-01 14:34:20 426496 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcprx.dll (Microsoft Corporation)

[1] 2008-06-12 08:47:12 428032 C:\WINDOWS\$hf_mig$\KB952004\SP2QFE\msdtcprx.dll (Microsoft Corporation)

[1] 2008-06-12 09:23:32 428032 C:\WINDOWS\$hf_mig$\KB952004\SP3GDR\msdtcprx.dll (Microsoft Corporation)

[1] 2008-06-12 09:09:35 428032 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\msdtcprx.dll (Microsoft Corporation)

[1] 2008-06-12 09:16:46 428032 C:\WINDOWS\$NtServicePackUninstall$\msdtcprx.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 360960 C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll ()

[1] 2004-08-04 02:56:43 425472 C:\WINDOWS\$NtUninstallKB902400$\msdtcprx.dll (Microsoft Corporation)

[1] 2005-07-25 23:39:46 425472 C:\WINDOWS\$NtUninstallKB913580$\msdtcprx.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:59 427008 C:\WINDOWS\$NtUninstallKB952004$\msdtcprx.dll (Microsoft Corporation)

[1] 2006-03-01 14:42:42 426496 C:\WINDOWS\$NtUninstallKB952004_0$\msdtcprx.dll (Microsoft Corporation)

[1] 2004-03-05 21:16:10 367616 C:\WINDOWS\$xpsp1hfm$\KB828741\msdtcprx.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:59 427008 C:\WINDOWS\ServicePackFiles\i386\msdtcprx.dll (Microsoft Corporation)

[1] 2008-06-12 09:23:32 428032 C:\WINDOWS\SYSTEM32\DLLCACHE\msdtcprx.dll (Microsoft Corporation)

[1] 2008-06-12 09:23:32 428032 C:\WINDOWS\SYSTEM32\msdtcprx.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 360960 C:\i386\MSDTCPRX.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll

[1] 2005-07-25 23:20:31 945152 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtctm.dll (Microsoft Corporation)

[1] 2006-03-01 14:34:20 956416 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtctm.dll (Microsoft Corporation)

[1] 2008-06-12 08:47:13 956928 C:\WINDOWS\$hf_mig$\KB952004\SP2QFE\msdtctm.dll (Microsoft Corporation)

[1] 2008-06-12 09:23:32 956928 C:\WINDOWS\$hf_mig$\KB952004\SP3GDR\msdtctm.dll (Microsoft Corporation)

[1] 2008-06-12 09:09:35 956928 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\msdtctm.dll (Microsoft Corporation)

[1] 2008-06-12 09:16:46 956928 C:\WINDOWS\$NtServicePackUninstall$\msdtctm.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 869376 C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll ()

[1] 2004-08-04 02:56:43 949248 C:\WINDOWS\$NtUninstallKB902400$\msdtctm.dll (Microsoft Corporation)

[1] 2005-07-25 23:39:47 945152 C:\WINDOWS\$NtUninstallKB913580$\msdtctm.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:59 956928 C:\WINDOWS\$NtUninstallKB952004$\msdtctm.dll (Microsoft Corporation)

[1] 2006-03-01 14:42:42 956416 C:\WINDOWS\$NtUninstallKB952004_0$\msdtctm.dll (Microsoft Corporation)

[1] 2004-03-05 21:16:11 977920 C:\WINDOWS\$xpsp1hfm$\KB828741\msdtctm.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:59 956928 C:\WINDOWS\ServicePackFiles\i386\msdtctm.dll (Microsoft Corporation)

[1] 2008-06-12 09:23:32 956928 C:\WINDOWS\SYSTEM32\DLLCACHE\msdtctm.dll (Microsoft Corporation)

[1] 2008-06-12 09:23:32 956928 C:\WINDOWS\SYSTEM32\msdtctm.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 869376 C:\i386\MSDTCTM.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll

[1] 2005-07-25 23:20:31 161280 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcuiu.dll (Microsoft Corporation)

[1] 2006-03-01 14:34:20 161280 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-06-12 08:47:13 161792 C:\WINDOWS\$hf_mig$\KB952004\SP2QFE\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-06-12 09:23:32 161792 C:\WINDOWS\$hf_mig$\KB952004\SP3GDR\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-06-12 09:09:35 161792 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-06-12 09:16:46 161792 C:\WINDOWS\$NtServicePackUninstall$\msdtcuiu.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 151040 C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll ()

[1] 2004-08-04 02:56:43 161280 C:\WINDOWS\$NtUninstallKB902400$\msdtcuiu.dll (Microsoft Corporation)

[1] 2005-07-25 23:39:47 161280 C:\WINDOWS\$NtUninstallKB913580$\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:59 161792 C:\WINDOWS\$NtUninstallKB952004$\msdtcuiu.dll (Microsoft Corporation)

[1] 2006-03-01 14:42:42 161280 C:\WINDOWS\$NtUninstallKB952004_0$\msdtcuiu.dll (Microsoft Corporation)

[1] 2004-03-05 21:16:10 150528 C:\WINDOWS\$xpsp1hfm$\KB828741\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:59 161792 C:\WINDOWS\ServicePackFiles\i386\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-06-12 09:23:32 161792 C:\WINDOWS\SYSTEM32\DLLCACHE\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-06-12 09:23:32 161792 C:\WINDOWS\SYSTEM32\msdtcuiu.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 151040 C:\i386\MSDTCUIU.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll

[1] 2005-07-25 23:20:39 66560 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxclu.dll (Microsoft Corporation)

[1] 2006-03-01 14:34:20 66560 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxclu.dll (Microsoft Corporation)

[1] 2008-06-12 08:47:13 66560 C:\WINDOWS\$hf_mig$\KB952004\SP2QFE\mtxclu.dll (Microsoft Corporation)

[1] 2008-06-12 09:23:32 66560 C:\WINDOWS\$hf_mig$\KB952004\SP3GDR\mtxclu.dll (Microsoft Corporation)

[1] 2008-06-12 09:09:35 66560 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\mtxclu.dll (Microsoft Corporation)

[1] 2008-06-12 09:16:46 66560 C:\WINDOWS\$NtServicePackUninstall$\mtxclu.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 61440 C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll ()

[1] 2004-08-04 02:56:44 66560 C:\WINDOWS\$NtUninstallKB902400$\mtxclu.dll (Microsoft Corporation)

[1] 2005-07-25 23:39:47 66560 C:\WINDOWS\$NtUninstallKB913580$\mtxclu.dll (Microsoft Corporation)

[1] 2008-04-13 19:12:01 66560 C:\WINDOWS\$NtUninstallKB952004$\mtxclu.dll (Microsoft Corporation)

[1] 2006-03-01 14:42:42 66560 C:\WINDOWS\$NtUninstallKB952004_0$\mtxclu.dll (Microsoft Corporation)

[1] 2004-03-05 21:16:10 64512 C:\WINDOWS\$xpsp1hfm$\KB828741\mtxclu.dll (Microsoft Corporation)

[1] 2008-04-13 19:12:01 66560 C:\WINDOWS\ServicePackFiles\i386\mtxclu.dll (Microsoft Corporation)

[1] 2008-06-12 09:23:32 66560 C:\WINDOWS\SYSTEM32\DLLCACHE\mtxclu.dll (Microsoft Corporation)

[1] 2008-06-12 09:23:32 66560 C:\WINDOWS\SYSTEM32\mtxclu.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 61440 C:\i386\MTXCLU.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll

[1] 2005-07-25 23:20:40 91136 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxoci.dll (Microsoft Corporation)

[1] 2006-03-01 14:34:20 91136 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxoci.dll (Microsoft Corporation)

[1] 2008-06-12 08:47:13 91648 C:\WINDOWS\$hf_mig$\KB952004\SP2QFE\mtxoci.dll (Microsoft Corporation)

[1] 2008-06-12 09:23:32 91648 C:\WINDOWS\$hf_mig$\KB952004\SP3GDR\mtxoci.dll (Microsoft Corporation)

[1] 2008-06-12 09:09:35 91648 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\mtxoci.dll (Microsoft Corporation)

[1] 2008-06-12 09:16:46 91648 C:\WINDOWS\$NtServicePackUninstall$\mtxoci.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 83968 C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll ()

[1] 2004-08-04 02:56:44 90112 C:\WINDOWS\$NtUninstallKB902400$\mtxoci.dll (Microsoft Corporation)

[1] 2005-07-25 23:39:47 91136 C:\WINDOWS\$NtUninstallKB913580$\mtxoci.dll (Microsoft Corporation)

[1] 2008-04-13 19:12:01 91648 C:\WINDOWS\$NtUninstallKB952004$\mtxoci.dll (Microsoft Corporation)

[1] 2006-03-01 14:42:42 91136 C:\WINDOWS\$NtUninstallKB952004_0$\mtxoci.dll (Microsoft Corporation)

[1] 2004-03-05 21:16:10 82432 C:\WINDOWS\$xpsp1hfm$\KB828741\mtxoci.dll (Microsoft Corporation)

[1] 2008-04-13 19:12:01 91648 C:\WINDOWS\ServicePackFiles\i386\mtxoci.dll (Microsoft Corporation)

[1] 2008-06-12 09:23:32 91648 C:\WINDOWS\SYSTEM32\DLLCACHE\mtxoci.dll (Microsoft Corporation)

[1] 2008-06-12 09:23:32 91648 C:\WINDOWS\SYSTEM32\mtxoci.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 83968 C:\i386\MTXOCI.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\ole32.dll

[1] 2005-04-28 14:35:02 1286144 C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\ole32.dll (Microsoft Corporation)

[1] 2005-07-25 23:20:40 1285632 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\ole32.dll (Microsoft Corporation)

[1] 2005-07-25 23:39:48 1285120 C:\WINDOWS\$NtServicePackUninstall$\ole32.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 1141248 C:\WINDOWS\$NtUninstallKB828741$\ole32.dll ()

[1] 2004-08-04 02:56:44 1281536 C:\WINDOWS\$NtUninstallKB894391$\ole32.dll (Microsoft Corporation)

[1] 2005-04-28 14:31:11 1285120 C:\WINDOWS\$NtUninstallKB902400$\ole32.dll (Microsoft Corporation)

[1] 2004-03-05 21:16:11 1183744 C:\WINDOWS\$xpsp1hfm$\KB828741\ole32.dll (Microsoft Corporation)

[1] 2008-04-13 19:12:02 1287168 C:\WINDOWS\ServicePackFiles\i386\ole32.dll (Microsoft Corporation)

[1] 2008-04-13 19:12:02 1287168 C:\WINDOWS\SYSTEM32\ole32.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 1141248 C:\i386\OLE32.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll

[1] 2007-07-09 08:16:16 582656 C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll (Microsoft Corporation)

[1] 2009-04-15 10:26:39 583168 C:\WINDOWS\$hf_mig$\KB970238\SP2QFE\rpcrt4.dll (Microsoft Corporation)

[1] 2009-04-15 09:51:25 585216 C:\WINDOWS\$hf_mig$\KB970238\SP3GDR\rpcrt4.dll (Microsoft Corporation)

[1] 2009-04-15 10:24:20 585216 C:\WINDOWS\$hf_mig$\KB970238\SP3QFE\rpcrt4.dll (Microsoft Corporation)

[1] 2009-04-15 10:11:19 584192 C:\WINDOWS\$NtServicePackUninstall$\rpcrt4.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 463872 C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll ()

[1] 2004-08-04 02:56:44 581120 C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll (Microsoft Corporation)

[1] 2008-04-13 19:12:04 584704 C:\WINDOWS\$NtUninstallKB970238$\rpcrt4.dll (Microsoft Corporation)

[1] 2007-07-09 08:09:42 584192 C:\WINDOWS\$NtUninstallKB970238_0$\rpcrt4.dll (Microsoft Corporation)

[1] 2004-03-05 21:16:11 535552 C:\WINDOWS\$xpsp1hfm$\KB828741\rpcrt4.dll (Microsoft Corporation)

[1] 2008-04-13 19:12:04 584704 C:\WINDOWS\ServicePackFiles\i386\rpcrt4.dll (Microsoft Corporation)

[1] 2009-04-15 09:51:25 585216 C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll (Microsoft Corporation)

[1] 2009-04-15 09:51:25 585216 C:\WINDOWS\SYSTEM32\rpcrt4.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 463872 C:\i386\RPCRT4.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll

[1] 2005-04-28 14:35:01 396288 C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll (Microsoft Corporation)

[1] 2005-07-25 23:20:40 398336 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll (Microsoft Corporation)

[1] 2009-02-09 05:01:53 401408 C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\rpcss.dll (Microsoft Corporation)

[1] 2009-02-09 07:10:48 401408 C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\rpcss.dll (Microsoft Corporation)

[1] 2009-02-09 05:56:36 401408 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll (Microsoft Corporation)

[1] 2009-02-09 05:20:34 399360 C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 259072 C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll ()

[1] 2004-08-04 02:56:44 395776 C:\WINDOWS\$NtUninstallKB894391$\rpcss.dll (Microsoft Corporation)

[1] 2005-04-28 14:31:11 395776 C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll (Microsoft Corporation)

[1] 2008-04-13 19:12:04 399360 C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll (Microsoft Corporation)

[1] 2005-07-25 23:39:49 397824 C:\WINDOWS\$NtUninstallKB956572_0$\rpcss.dll (Microsoft Corporation)

[1] 2004-03-05 21:16:11 263680 C:\WINDOWS\$xpsp1hfm$\KB828741\rpcss.dll (Microsoft Corporation)

[1] 2008-04-13 19:12:04 399360 C:\WINDOWS\ServicePackFiles\i386\rpcss.dll (Microsoft Corporation)

[1] 2009-02-09 07:10:48 401408 C:\WINDOWS\SYSTEM32\DLLCACHE\rpcss.dll (Microsoft Corporation)

[1] 2009-02-09 07:10:48 401408 C:\WINDOWS\SYSTEM32\rpcss.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 259072 C:\i386\RPCSS.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\txflog.dll

[1] 2005-07-25 23:20:40 101376 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\txflog.dll (Microsoft Corporation)

[1] 2005-07-25 23:39:49 101376 C:\WINDOWS\$NtServicePackUninstall$\txflog.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 90624 C:\WINDOWS\$NtUninstallKB828741$\txflog.dll ()

[1] 2004-08-04 02:56:46 101376 C:\WINDOWS\$NtUninstallKB902400$\txflog.dll (Microsoft Corporation)

[1] 2004-03-05 21:16:10 97280 C:\WINDOWS\$xpsp1hfm$\KB828741\txflog.dll (Microsoft Corporation)

[1] 2008-04-13 19:12:07 101376 C:\WINDOWS\ServicePackFiles\i386\txflog.dll (Microsoft Corporation)

[1] 2008-04-13 19:12:07 101376 C:\WINDOWS\SYSTEM32\txflog.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 90624 C:\i386\TXFLOG.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\browser.dll

[1] 2004-08-04 02:56:41 77312 C:\WINDOWS\$NtServicePackUninstall$\browser.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 49152 C:\WINDOWS\$NtUninstallKB835732$\browser.dll ()

[1] 2008-04-13 19:11:50 77824 C:\WINDOWS\ServicePackFiles\i386\browser.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:50 77824 C:\WINDOWS\SYSTEM32\browser.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 49152 C:\i386\BROWSER.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\callcont.dll

[1] 2004-08-04 02:56:41 385024 C:\WINDOWS\$NtServicePackUninstall$\callcont.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 360448 C:\WINDOWS\$NtUninstallKB835732$\callcont.dll ()

[1] 2004-03-29 20:48:36 364544 C:\WINDOWS\$xpsp1hfm$\KB835732\callcont.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:50 385024 C:\WINDOWS\ServicePackFiles\i386\callcont.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 360448 C:\i386\CALLCONT.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll

[1] 2005-10-05 22:18:28 280064 C:\WINDOWS\$hf_mig$\KB896424\SP2QFE\gdi32.dll (Microsoft Corporation)

[1] 2005-12-28 22:04:05 280064 C:\WINDOWS\$hf_mig$\KB912919\SP2QFE\gdi32.dll (Microsoft Corporation)

[1] 2007-03-08 10:48:36 282112 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\gdi32.dll (Microsoft Corporation)

[1] 2007-06-19 08:37:21 282112 C:\WINDOWS\$hf_mig$\KB938829\SP2QFE\gdi32.dll (Microsoft Corporation)

[1] 2008-10-23 07:51:04 284160 C:\WINDOWS\$hf_mig$\KB956802\SP2QFE\gdi32.dll (Microsoft Corporation)

[1] 2008-10-23 07:36:14 286720 C:\WINDOWS\$hf_mig$\KB956802\SP3GDR\gdi32.dll (Microsoft Corporation)

[1] 2008-10-23 07:43:42 286720 C:\WINDOWS\$hf_mig$\KB956802\SP3QFE\gdi32.dll (Microsoft Corporation)

[1] 2008-10-23 08:01:36 283648 C:\WINDOWS\$NtServicePackUninstall$\gdi32.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 250880 C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll ()

[1] 2004-08-04 02:56:42 278016 C:\WINDOWS\$NtUninstallKB896424$\gdi32.dll (Microsoft Corporation)

[1] 2005-10-05 22:09:36 280064 C:\WINDOWS\$NtUninstallKB912919$\gdi32.dll (Microsoft Corporation)

[1] 2005-12-28 21:54:35 280064 C:\WINDOWS\$NtUninstallKB925902$\gdi32.dll (Microsoft Corporation)

[1] 2007-03-08 10:36:28 281600 C:\WINDOWS\$NtUninstallKB938829$\gdi32.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:54 285184 C:\WINDOWS\$NtUninstallKB956802$\gdi32.dll (Microsoft Corporation)

[1] 2007-06-19 08:31:19 282112 C:\WINDOWS\$NtUninstallKB956802_0$\gdi32.dll (Microsoft Corporation)

[1] 2004-03-29 20:48:36 257536 C:\WINDOWS\$xpsp1hfm$\KB835732\gdi32.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:54 285184 C:\WINDOWS\ServicePackFiles\i386\gdi32.dll (Microsoft Corporation)

[1] 2008-10-23 07:36:14 286720 C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll (Microsoft Corporation)

[1] 2008-10-23 07:36:14 286720 C:\WINDOWS\SYSTEM32\gdi32.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 250880 C:\i386\GDI32.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\h323.tsp

[1] 2004-08-04 02:56:57 265728 C:\WINDOWS\$NtServicePackUninstall$\h323.tsp ()

[1] 2001-08-18 08:00:00 252928 C:\WINDOWS\$NtUninstallKB835732$\h323.tsp ()

[1] 2004-03-29 20:48:36 253440 C:\WINDOWS\$xpsp1hfm$\KB835732\h323.tsp ()

[1] 2008-04-13 19:12:45 265728 C:\WINDOWS\ServicePackFiles\i386\h323.tsp ()

[1] 2008-04-13 19:12:45 265728 C:\WINDOWS\SYSTEM32\h323.tsp ()

[1] 2001-08-18 08:00:00 252928 C:\i386\H323.TSP ()



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll

[1] 2004-08-04 02:56:42 614912 C:\WINDOWS\$NtServicePackUninstall$\h323msp.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 592896 C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll ()

[1] 2004-03-29 20:48:36 593408 C:\WINDOWS\$xpsp1hfm$\KB835732\h323msp.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:54 614912 C:\WINDOWS\ServicePackFiles\i386\h323msp.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:54 614912 C:\WINDOWS\SYSTEM32\h323msp.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 592896 C:\i386\H323MSP.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe

[1] 2004-08-04 02:56:49 768512 C:\WINDOWS\$NtServicePackUninstall$\helpctr.exe (Microsoft Corporation)

[1] 2001-08-18 08:00:00 692224 C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe ()

[1] 2004-03-29 20:34:15 741376 C:\WINDOWS\$xpsp1hfm$\KB835732\helpctr.exe (Microsoft Corporation)

[1] 2008-04-13 19:12:21 769024 C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe (Microsoft Corporation)

[1] 2008-04-13 19:12:21 769024 C:\WINDOWS\ServicePackFiles\i386\helpctr.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll

[1] 2004-08-04 02:56:42 331264 C:\WINDOWS\$NtServicePackUninstall$\ipnathlp.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 453632 C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll ()

[1] 2004-03-29 20:48:36 439808 C:\WINDOWS\$xpsp1hfm$\KB835732\ipnathlp.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:55 331264 C:\WINDOWS\ServicePackFiles\i386\ipnathlp.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:55 331264 C:\WINDOWS\SYSTEM32\ipnathlp.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 453632 C:\i386\IPNATHLP.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll

[1] 2004-10-27 20:28:18 721920 C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\lsasrv.dll (Microsoft Corporation)

[1] 2006-08-17 07:37:49 726528 C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\lsasrv.dll (Microsoft Corporation)

[1] 2007-11-07 04:50:47 727040 C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll (Microsoft Corporation)

[1] 2009-02-09 05:01:53 728576 C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\lsasrv.dll (Microsoft Corporation)

[1] 2009-02-09 07:10:49 729088 C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\lsasrv.dll (Microsoft Corporation)

[1] 2009-02-09 05:56:36 729088 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\lsasrv.dll (Microsoft Corporation)

[1] 2009-06-25 03:17:27 729600 C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\lsasrv.dll (Microsoft Corporation)

[1] 2009-06-25 03:25:26 730112 C:\WINDOWS\$hf_mig$\KB968389\SP3GDR\lsasrv.dll (Microsoft Corporation)

[1] 2009-06-26 04:41:12 730112 C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\lsasrv.dll (Microsoft Corporation)

[1] 2009-06-25 03:44:41 724480 C:\WINDOWS\$NtServicePackUninstall$\lsasrv.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 669696 C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll ()

[1] 2004-08-04 02:56:42 721920 C:\WINDOWS\$NtUninstallKB885835$\lsasrv.dll (Microsoft Corporation)

[1] 2004-10-27 20:21:01 721920 C:\WINDOWS\$NtUninstallKB924270$\lsasrv.dll (Microsoft Corporation)

[1] 2006-08-17 07:28:27 721920 C:\WINDOWS\$NtUninstallKB943485$\lsasrv.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:56 728064 C:\WINDOWS\$NtUninstallKB956572$\lsasrv.dll (Microsoft Corporation)

[1] 2007-11-07 04:26:56 721920 C:\WINDOWS\$NtUninstallKB956572_0$\lsasrv.dll (Microsoft Corporation)

[1] 2009-02-09 07:10:49 729088 C:\WINDOWS\$NtUninstallKB968389$\lsasrv.dll (Microsoft Corporation)

[1] 2009-02-09 05:20:34 723456 C:\WINDOWS\$NtUninstallKB968389_0$\lsasrv.dll (Microsoft Corporation)

[1] 2004-03-29 20:48:36 667648 C:\WINDOWS\$xpsp1hfm$\KB835732\lsasrv.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:56 728064 C:\WINDOWS\ServicePackFiles\i386\lsasrv.dll (Microsoft Corporation)

[1] 2009-06-25 03:25:26 730112 C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll (Microsoft Corporation)

[1] 2009-06-25 03:25:26 730112 C:\WINDOWS\SYSTEM32\lsasrv.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 669696 C:\i386\LSASRV.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll

[1] 2007-03-08 10:48:36 40960 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\mf3216.dll (Microsoft Corporation)

[1] 2007-03-08 10:36:28 40960 C:\WINDOWS\$NtServicePackUninstall$\mf3216.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 35328 C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll ()

[1] 2004-08-04 02:56:42 39936 C:\WINDOWS\$NtUninstallKB925902$\mf3216.dll (Microsoft Corporation)

[1] 2004-03-29 20:48:36 36864 C:\WINDOWS\$xpsp1hfm$\KB835732\mf3216.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:56 40960 C:\WINDOWS\ServicePackFiles\i386\mf3216.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:56 40960 C:\WINDOWS\SYSTEM32\mf3216.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 35328 C:\i386\MF3216.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll

[1] 2009-09-04 15:57:48 58880 C:\WINDOWS\$hf_mig$\KB974571\SP3QFE\msasn1.dll (Microsoft Corporation)

[1] 2004-08-04 02:56:42 57344 C:\WINDOWS\$NtServicePackUninstall$\msasn1.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 51200 C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll ()

[1] 2008-04-13 19:11:58 57344 C:\WINDOWS\$NtUninstallKB974571$\msasn1.dll (Microsoft Corporation)

[1] 2004-03-29 20:48:36 51712 C:\WINDOWS\$xpsp1hfm$\KB835732\msasn1.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:58 57344 C:\WINDOWS\ServicePackFiles\i386\msasn1.dll (Microsoft Corporation)

[1] 2009-09-04 16:03:36 58880 C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\sp3gdr\msasn1.dll (Microsoft Corporation)

[1] 2009-09-04 15:57:48 58880 C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\sp3qfe\msasn1.dll (Microsoft Corporation)

[1] 2009-09-04 16:03:36 58880 C:\WINDOWS\SYSTEM32\DLLCACHE\msasn1.dll (Microsoft Corporation)

[1] 2009-09-04 16:03:36 58880 C:\WINDOWS\SYSTEM32\msasn1.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 51200 C:\i386\MSASN1.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\msgina.dll

[1] 2004-08-04 02:56:43 994304 C:\WINDOWS\$NtServicePackUninstall$\msgina.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 967680 C:\WINDOWS\$NtUninstallKB835732$\msgina.dll ()

[1] 2004-03-29 20:48:36 971264 C:\WINDOWS\$xpsp1hfm$\KB835732\msgina.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:59 997376 C:\WINDOWS\ServicePackFiles\i386\msgina.dll (Microsoft Corporation)

[1] 2008-04-13 19:11:59 997376 C:\WINDOWS\SYSTEM32\msgina.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 967680 C:\i386\MSGINA.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\mst120.dll

[1] 2004-08-04 02:56:43 274432 C:\WINDOWS\$NtServicePackUninstall$\mst120.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 249856 C:\WINDOWS\$NtUninstallKB835732$\mst120.dll ()

[1] 2004-03-29 20:48:36 253952 C:\WINDOWS\$xpsp1hfm$\KB835732\mst120.dll (Microsoft Corporation)

[1] 2008-04-13 19:12:00 274432 C:\WINDOWS\ServicePackFiles\i386\mst120.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 249856 C:\i386\MST120.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll

[1] 2006-07-14 10:41:56 336896 C:\WINDOWS\$hf_mig$\KB921883\SP2QFE\netapi32.dll (Microsoft Corporation)

[1] 2006-08-17 07:37:49 337408 C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\netapi32.dll (Microsoft Corporation)

[1] 2008-10-15 11:53:28 339456 C:\WINDOWS\$hf_mig$\KB958644\SP2QFE\netapi32.dll (Microsoft Corporation)

[1] 2008-10-15 11:34:24 337408 C:\WINDOWS\$hf_mig$\KB958644\SP3GDR\netapi32.dll (Microsoft Corporation)

[1] 2008-10-15 11:25:53 339456 C:\WINDOWS\$hf_mig$\KB958644\SP3QFE\netapi32.dll (Microsoft Corporation)

[1] 2008-10-15 11:57:55 332800 C:\WINDOWS\$NtServicePackUninstall$\netapi32.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 309760 C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll ()

[1] 2004-08-04 02:56:44 332288 C:\WINDOWS\$NtUninstallKB921883$\netapi32.dll (Microsoft Corporation)

[1] 2006-07-14 10:31:39 332288 C:\WINDOWS\$NtUninstallKB924270$\netapi32.dll (Microsoft Corporation)

[1] 2008-04-13 19:12:01 337408 C:\WINDOWS\$NtUninstallKB958644$\netapi32.dll (Microsoft Corporation)

[1] 2006-08-17 07:28:27 332288 C:\WINDOWS\$NtUninstallKB958644_0$\netapi32.dll (Microsoft Corporation)

[1] 2004-03-29 20:48:36 306176 C:\WINDOWS\$xpsp1hfm$\KB835732\netapi32.dll (Microsoft Corporation)

[1] 2008-04-13 19:12:01 337408 C:\WINDOWS\ServicePackFiles\i386\netapi32.dll (Microsoft Corporation)

[1] 2008-10-15 11:34:24 337408 C:\WINDOWS\SYSTEM32\DLLCACHE\netapi32.dll (Microsoft Corporation)

[1] 2008-10-15 11:34:24 337408 C:\WINDOWS\SYSTEM32\netapi32.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 309760 C:\i386\NETAPI32.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll

[1] 2004-08-04 02:56:44 77824 C:\WINDOWS\$NtServicePackUninstall$\nmcom.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 69632 C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll ()

[1] 2004-03-29 20:48:36 73728 C:\WINDOWS\$xpsp1hfm$\KB835732\nmcom.dll (Microsoft Corporation)

[1] 2008-04-13 19:12:02 77824 C:\WINDOWS\ServicePackFiles\i386\nmcom.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 69632 C:\i386\NMCOM.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll

[1] 2001-08-18 08:00:00 550400 C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll ()

[1] 2004-03-29 20:48:36 548352 C:\WINDOWS\$xpsp1hfm$\KB835732\rtcdll.dll (Microsoft Corporation)

[1] 2008-04-13 19:12:50 991232 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 550400 C:\i386\RTCDLL.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\schannel.dll

[1] 2007-04-25 15:32:22 144896 C:\WINDOWS\$hf_mig$\KB935840\SP2QFE\schannel.dll (Microsoft Corporation)

[1] 2008-12-05 01:41:26 144896 C:\WINDOWS\$hf_mig$\KB960225\SP2QFE\schannel.dll (Microsoft Corporation)

[1] 2008-12-05 01:54:55 144896 C:\WINDOWS\$hf_mig$\KB960225\SP3GDR\schannel.dll (Microsoft Corporation)

[1] 2008-12-05 01:58:08 144896 C:\WINDOWS\$hf_mig$\KB960225\SP3QFE\schannel.dll (Microsoft Corporation)

[1] 2009-06-25 03:17:27 168448 C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\schannel.dll (Microsoft Corporation)

[1] 2009-06-25 03:25:26 147456 C:\WINDOWS\$hf_mig$\KB968389\SP3GDR\schannel.dll (Microsoft Corporation)

[1] 2009-06-25 03:41:11 147456 C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\schannel.dll (Microsoft Corporation)

[1] 2009-06-25 03:44:41 168448 C:\WINDOWS\$NtServicePackUninstall$\schannel.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 133632 C:\WINDOWS\$NtUninstallKB835732$\schannel.dll ()

[1] 2004-08-04 02:56:44 144896 C:\WINDOWS\$NtUninstallKB935840$\schannel.dll (Microsoft Corporation)

[1] 2008-04-13 19:12:05 144384 C:\WINDOWS\$NtUninstallKB960225$\schannel.dll (Microsoft Corporation)

[1] 2007-04-25 09:21:15 144896 C:\WINDOWS\$NtUninstallKB960225_0$\schannel.dll (Microsoft Corporation)

[1] 2008-12-05 01:54:55 144896 C:\WINDOWS\$NtUninstallKB968389$\schannel.dll (Microsoft Corporation)

[1] 2008-12-05 02:12:45 144896 C:\WINDOWS\$NtUninstallKB968389_0$\schannel.dll (Microsoft Corporation)

[1] 2004-03-29 20:48:36 136704 C:\WINDOWS\$xpsp1hfm$\KB835732\schannel.dll (Microsoft Corporation)

[1] 2008-04-13 19:12:05 144384 C:\WINDOWS\ServicePackFiles\i386\schannel.dll (Microsoft Corporation)

[1] 2009-06-25 03:25:26 147456 C:\WINDOWS\SYSTEM32\DLLCACHE\schannel.dll (Microsoft Corporation)

[1] 2009-06-25 03:25:26 147456 C:\WINDOWS\SYSTEM32\schannel.dll (Microsoft Corporation)

[1] 2001-08-18 08:00:00 133632 C:\i386\SCHANNEL.DLL (Microsoft Corporation)





Finished!

Volume in drive C has no label.
Volume Serial Number is 446A-2AA3

Directory of C:\WINDOWS\$hf_mig$\KB968389\SP2QFE

02/06/2009 01:46 PM 408,064 netlogon.dll
1 File(s) 408,064 bytes

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 02:56 AM 180,224 scecli.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 02:56 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 02:56 AM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 07:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 07:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 07:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\SYSTEM32

04/13/2008 07:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\SYSTEM32

04/13/2008 07:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\SYSTEM32

04/13/2008 07:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Total Files Listed:
10 File(s) 2,340,352 bytes
0 Dir(s) 20,342,591,488 bytes free

Attached Files


Edited by Orange Blossom, 27 October 2009 - 07:12 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:53 AM

Posted 02 November 2009 - 03:41 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 TheOrgg

TheOrgg
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 03 November 2009 - 03:32 PM

I havn't gotten the problem fixed yet, and I've been checking this thread every other day. THANKS for getting around to it; we don't realize how critical Google is until we don't have it.

OTL logfile created on: 11/3/2009 2:31:48 PM - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\susan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.01 Mb Total Physical Memory | 90.62 Mb Available Physical Memory | 35.53% Memory free
617.19 Mb Paging File | 388.01 Mb Available in Paging File | 62.87% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 18.90 Gb Free Space | 50.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D4JNB411
Current User Name: susan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/03 14:31:07 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\susan\Desktop\OTL.exe
PRC - [2009/09/26 12:56:42 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/06/22 09:24:44 | 00,715,400 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
PRC - [2009/06/22 09:24:44 | 00,446,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
PRC - [2009/06/11 21:32:30 | 00,086,016 | ---- | M] (alch) -- C:\Program Files\ClamWin\bin\ClamTray.exe
PRC - [2009/03/26 21:57:52 | 00,326,192 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SYSTEM32\vmnetdhcp.exe
PRC - [2009/03/26 21:57:36 | 00,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SYSTEM32\vmnat.exe
PRC - [2009/03/26 21:57:32 | 00,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2008/04/13 18:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/05/15 17:24:33 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2005/12/20 13:09:45 | 01,119,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wdfmgr.exe


========== Modules (SafeList) ==========

MOD - [2009/11/03 14:31:07 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\susan\Desktop\OTL.exe
MOD - [2008/04/13 18:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 18:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\WBEM\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (SvcProc)
SRV - File not found -- -- (MsLX32)
SRV - [2009/09/26 12:56:42 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/06/22 09:24:44 | 00,715,400 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
SRV - [2009/03/26 21:57:52 | 00,326,192 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SYSTEM32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/03/26 21:57:36 | 00,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SYSTEM32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/03/26 21:57:32 | 00,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2008/12/01 10:49:02 | 00,191,024 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/13 18:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/04/13 10:20:22 | 00,097,432 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/01/24 19:14:37 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2006/05/15 17:24:33 | 02,086,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/05/15 17:24:33 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2005/12/20 13:09:45 | 01,119,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005/10/06 18:12:30 | 00,855,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wdfmgr.exe -- (UMWdf)
SRV - [2004/09/29 11:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2001/08/06 13:41:48 | 00,028,672 | ---- | M] () -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv)


========== Driver Services (SafeList) ==========

DRV - [2009/03/26 21:58:38 | 00,054,960 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\vmci.sys -- (vmci)
DRV - [2009/03/26 21:58:38 | 00,023,216 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\VMkbd.sys -- (vmkbd)
DRV - [2009/03/26 21:58:36 | 00,857,520 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\vmx86.sys -- (vmx86)
DRV - [2009/03/26 21:58:34 | 00,032,304 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\hcmon.sys -- (hcmon)
DRV - [2009/03/26 21:58:34 | 00,026,288 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009/03/26 21:57:56 | 00,014,896 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\vmparport.sys -- (VMparport)
DRV - [2009/03/26 16:31:12 | 00,031,280 | R--- | M] (VMware, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\vmusb.sys -- (vmusb)
DRV - [2009/03/26 16:31:12 | 00,031,280 | R--- | M] (VMware, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009/03/26 16:31:12 | 00,016,560 | R--- | M] (VMware, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2008/12/01 10:47:08 | 00,022,448 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2008/08/22 10:05:42 | 00,026,760 | R--- | M] () -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/08/20 14:36:36 | 00,142,976 | ---- | M] (Sierra Wireless Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\swumx80.sys -- (SWUMX80)
DRV - [2008/08/20 14:35:40 | 00,168,192 | ---- | M] (Sierra Wireless Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\swnc8u80.sys -- (SWNC8U80)
DRV - [2008/05/23 16:52:54 | 00,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\SYSTEM32\DRIVERS\PCASp50.sys -- (PCASp50)
DRV - [2008/04/13 12:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys -- (nm)
DRV - [2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/03/29 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/03/26 14:18:00 | 00,020,352 | ---- | M] (Sierra Wireless Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\swivspnt.sys -- (swivsp)
DRV - [2007/02/02 03:00:00 | 00,009,464 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 03:00:00 | 00,009,336 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\RimSerial.sys -- (RimVSerPort)
DRV - [2006/12/03 03:00:00 | 00,387,384 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2005/12/20 13:09:45 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)
DRV - [2004/12/14 10:07:44 | 00,051,120 | R--- | M] (HP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZid412.sys -- (HPZid412)
DRV - [2004/12/14 10:07:44 | 00,021,744 | R--- | M] (HP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys -- (HPZius12)
DRV - [2004/12/14 10:07:44 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys -- (HPZipr12)
DRV - [2004/08/03 23:31:18 | 00,036,224 | ---- | M] (ADMtek Incorporated.) -- C:\WINDOWS\SYSTEM32\DRIVERS\an983.sys -- (AN983)
DRV - [2004/08/03 23:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2002/01/11 00:22:10 | 00,295,168 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtaa.sys -- (ati2mtaa)
DRV - [2001/08/18 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2001/08/18 07:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ROOTMDM.SYS -- (ROOTMODEM)
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:24 | 00,038,144 | ---- | M] (HighPoint Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\hpt3xx.sys -- (hpt3xx)
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:28:02 | 00,907,456 | ---- | M] (Conexant) -- C:\WINDOWS\SYSTEM32\DRIVERS\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 12:50:26 | 00,731,648 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4.SYS -- (nv4)
DRV - [2001/08/17 12:48:52 | 00,281,856 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mpaa.sys -- (ati2mpaa)
DRV - [2001/08/17 12:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\AC97INTC.SYS -- (ac97intc)
DRV - [2001/08/17 12:11:42 | 00,029,696 | ---- | M] (CNet Technology, Inc. ) -- C:\WINDOWS\SYSTEM32\DRIVERS\DM9PCI5.SYS -- (DM9102)
DRV - [2001/08/17 12:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/08/09 16:25:22 | 00,022,608 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\wandrv.sys -- (wandrv)
DRV - [2001/07/25 15:40:30 | 00,438,200 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2001/06/20 17:32:54 | 00,004,272 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\bvrp_pci.sys -- (bvrp_pci)
DRV - [2000/10/03 15:18:24 | 00,006,942 | ---- | M] (Netropa Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\Msikbd2k.sys -- (Msikbd2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3849205493-1809067083-516276246-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-21-3849205493-1809067083-516276246-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3849205493-1809067083-516276246-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-3849205493-1809067083-516276246-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3849205493-1809067083-516276246-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3849205493-1809067083-516276246-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3849205493-1809067083-516276246-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3849205493-1809067083-516276246-1006\S-1-5-21-3849205493-1809067083-516276246-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/09/26 12:56:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/28 02:01:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/28 17:03:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/04 15:54:36 | 00,000,000 | ---D | M]

[2009/09/28 17:09:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\susan\Application Data\Mozilla\Extensions
[2009/09/28 17:09:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\susan\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/15 12:45:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\susan\Application Data\Mozilla\Firefox\Profiles\vmv4x03w.default\extensions
[2009/09/28 19:20:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\susan\Application Data\Mozilla\Firefox\Profiles\vmv4x03w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/28 17:02:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/28 17:02:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/24 14:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/08/24 14:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/08/24 14:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/08/24 12:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/24 12:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/08/24 12:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/24 12:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/24 12:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/08/24 12:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/24 12:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (23 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3849205493-1809067083-516276246-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3849205493-1809067083-516276246-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-3849205493-1809067083-516276246-1006\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll ()
O3 - HKU\S-1-5-21-3849205493-1809067083-516276246-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKU\S-1-5-21-3849205493-1809067083-516276246-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3849205493-1809067083-516276246-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM ()
O9 - Extra Button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM ()
O9 - Extra 'Tools' menuitem : Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM ()
O9 - Extra Button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM ()
O9 - Extra 'Tools' menuitem : Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\lsp.dll ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3849205493-1809067083-516276246-1006\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-3849205493-1809067083-516276246-1006\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-3849205493-1809067083-516276246-1006\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1122687320545 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {96D338F5-8757-4A1C-AFEA-770A4036752F} https://setup.bellsouth.net/wizlet/BellSout...wActiveXCab.CAB (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.5.1.3
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {9EF34FF2-3396-4527-9D27-04C8C1C67806} - C:\Program Files\Microsoft AntiSpyware\shellextension.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/08/31 10:50:52 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d39b1677-af10-11de-acb3-0008a1007b96}\Shell - "" = AutoRun
O33 - MountPoints2\{d39b1677-af10-11de-acb3-0008a1007b96}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d39b1677-af10-11de-acb3-0008a1007b96}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/03 14:31:07 | 00,527,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\susan\Desktop\OTL.exe
[2009/10/22 21:06:40 | 00,000,000 | ---D | C] -- C:\Program Files\dlpstc
[2009/10/21 17:24:28 | 00,031,280 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmusb.sys
[2009/10/19 08:27:46 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2009/10/15 19:51:33 | 00,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2009/10/14 17:55:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\susan\My Documents\Micropose MTG
[2009/10/14 17:54:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\susan\Application Data\VMware
[2009/10/14 17:46:51 | 00,016,560 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetadapter.sys
[2009/10/14 17:46:36 | 00,326,192 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnetdhcp.exe
[2009/10/14 17:46:30 | 00,399,920 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnat.exe
[2009/10/14 17:46:29 | 00,026,288 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetuserif.sys
[2009/10/14 17:46:19 | 00,050,736 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnetbridge.dll
[2009/10/14 17:46:19 | 00,031,280 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetbridge.sys
[2009/10/14 17:46:19 | 00,018,736 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnet.sys
[2009/10/14 17:46:12 | 00,723,504 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vnetlib.dll
[2009/10/14 17:45:50 | 00,023,216 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\VMkbd.sys
[2009/10/14 17:44:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VMware
[2009/10/14 17:44:19 | 00,000,000 | ---D | C] -- C:\Program Files\VMware
[2009/10/10 16:12:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\susan\Application Data\iShell
[2009/10/10 12:14:31 | 00,000,000 | ---D | C] -- C:\Program Files\FLV Player
[2009/10/07 22:21:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\susan\Local Settings\Application Data\Downloaded Installations
[2009/10/06 11:06:22 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/10/06 09:39:35 | 00,215,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2009/10/06 09:39:34 | 00,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/10/06 09:39:34 | 00,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/10/05 22:40:08 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/10/05 08:53:09 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2009/10/05 08:53:08 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2009/10/05 08:53:08 | 00,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2009/10/05 08:53:02 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2009/10/05 08:47:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\susan\Application Data\Wizards of the Coast
[2009/10/05 08:46:44 | 00,000,000 | ---D | C] -- C:\Program Files\Wizards of the Coast
[2009/10/05 08:46:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\susan\Application Data\InstallShield
[2009/10/05 08:02:05 | 69,255,4778 | ---- | C] (Macrovision Corporation) -- C:\Documents and Settings\susan\Desktop\MTGOIII.exe

========== Files - Modified Within 30 Days ==========

[2009/11/03 14:31:07 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\susan\Desktop\OTL.exe
[2009/11/03 08:31:12 | 00,525,914 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/03 08:31:12 | 00,443,808 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/11/03 08:31:12 | 00,072,270 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/11/03 08:26:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/03 08:26:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/11/03 08:26:19 | 26,746,8800 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/02 23:41:47 | 04,718,592 | -H-- | M] () -- C:\Documents and Settings\susan\ntuser.dat
[2009/11/02 23:41:47 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\susan\NTUSER.INI
[2009/11/01 18:26:47 | 00,287,661 | ---- | M] () -- C:\Documents and Settings\susan\Desktop\MTG flyer 2.JPG
[2009/11/01 18:26:23 | 00,464,718 | ---- | M] () -- C:\Documents and Settings\susan\Desktop\MTG flyer 2.bmp
[2009/11/01 17:56:53 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/11/01 11:46:10 | 00,011,776 | ---- | M] () -- C:\Documents and Settings\susan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/29 17:41:00 | 00,000,436 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2009/10/27 22:28:38 | 00,115,839 | ---- | M] () -- C:\Documents and Settings\susan\Desktop\Moneycard Statement.JPG
[2009/10/27 15:42:38 | 12,000,054 | ---- | M] () -- C:\Documents and Settings\susan\Desktop\cutie contst entry.bmp
[2009/10/24 23:34:49 | 00,074,232 | ---- | M] () -- C:\Documents and Settings\susan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/22 22:26:48 | 00,000,587 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/10/22 22:26:48 | 00,000,260 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/10/22 22:26:48 | 00,000,211 | RHS- | M] () -- C:\BOOT.INI
[2009/10/22 21:08:56 | 00,178,432 | ---- | M] () -- C:\WINDOWS\System32\lsp.dll
[2009/10/19 16:48:30 | 00,000,773 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2009/10/19 11:32:19 | 00,273,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/18 12:32:59 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\susan\My Documents\JKYHJKHJKKHJK.doc
[2009/10/18 12:14:53 | 00,000,015 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2009/10/16 10:52:13 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/16 10:40:31 | 00,016,067 | ---- | M] () -- C:\Documents and Settings\susan\Desktop\dontneeddate.jpg
[2009/10/14 17:45:43 | 00,001,024 | ---- | M] () -- C:\.rnd
[2009/10/13 15:31:07 | 00,298,624 | ---- | M] () -- C:\Documents and Settings\susan\Desktop\MTG flyer 1.JPG
[2009/10/13 09:04:58 | 00,027,250 | ---- | M] () -- C:\Documents and Settings\susan\Desktop\MTG Black and White.bmp
[2009/10/13 09:04:35 | 00,464,718 | ---- | M] () -- C:\Documents and Settings\susan\Desktop\MTG flyer 1.bmp
[2009/10/12 15:18:41 | 00,160,942 | ---- | M] () -- C:\Documents and Settings\susan\Desktop\MTG.bmp
[2009/10/05 22:32:28 | 00,135,456 | ---- | M] () -- C:\Documents and Settings\susan\Desktop\MOL3.JPG
[2009/10/05 12:24:30 | 00,001,848 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MagicOnline III.lnk
[2009/10/05 08:31:39 | 69,255,4778 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\susan\Desktop\MTGOIII.exe

========== Files Created - No Company Name ==========

[2009/11/01 18:26:47 | 00,287,661 | ---- | C] () -- C:\Documents and Settings\susan\Desktop\MTG flyer 2.JPG
[2009/11/01 12:02:19 | 00,464,718 | ---- | C] () -- C:\Documents and Settings\susan\Desktop\MTG flyer 2.bmp
[2009/10/27 22:28:38 | 00,115,839 | ---- | C] () -- C:\Documents and Settings\susan\Desktop\Moneycard Statement.JPG
[2009/10/22 21:08:56 | 00,178,432 | ---- | C] () -- C:\WINDOWS\System32\lsp.dll
[2009/10/18 12:29:15 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\susan\My Documents\JKYHJKHJKKHJK.doc
[2009/10/16 10:41:01 | 00,016,067 | ---- | C] () -- C:\Documents and Settings\susan\Desktop\dontneeddate.jpg
[2009/10/14 23:31:51 | 47,014,8459 | ---- | C] () -- C:\Documents and Settings\susan\Desktop\Roger Corman - Fantastic Four.rmvb
[2009/10/14 22:08:13 | 12,000,054 | ---- | C] () -- C:\Documents and Settings\susan\Desktop\cutie contst entry.bmp
[2009/10/14 17:46:51 | 00,055,856 | R--- | C] () -- C:\WINDOWS\System32\vnetinst.dll
[2009/10/14 17:45:43 | 00,001,024 | ---- | C] () -- C:\.rnd
[2009/10/13 15:31:07 | 00,298,624 | ---- | C] () -- C:\Documents and Settings\susan\Desktop\MTG flyer 1.JPG
[2009/10/13 09:02:41 | 00,464,718 | ---- | C] () -- C:\Documents and Settings\susan\Desktop\MTG flyer 1.bmp
[2009/10/12 15:34:49 | 00,027,250 | ---- | C] () -- C:\Documents and Settings\susan\Desktop\MTG Black and White.bmp
[2009/10/12 15:17:33 | 00,160,942 | ---- | C] () -- C:\Documents and Settings\susan\Desktop\MTG.bmp
[2009/10/08 12:24:56 | 01,404,270 | ---- | C] () -- C:\WINDOWS\Ash.bmp
[2009/10/05 22:32:28 | 00,135,456 | ---- | C] () -- C:\Documents and Settings\susan\Desktop\MOL3.JPG
[2009/10/05 12:24:30 | 00,001,848 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MagicOnline III.lnk
[2009/07/06 14:00:53 | 00,011,776 | ---- | C] () -- C:\Documents and Settings\susan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/20 18:07:48 | 00,026,760 | R--- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/11/06 13:30:45 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/11/06 13:26:56 | 00,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/07/28 19:21:00 | 00,000,773 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/11/15 03:43:14 | 06,426,736 | -H-- | C] () -- C:\Documents and Settings\susan\Local Settings\Application Data\IconCache.db
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/04/06 18:39:21 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\susan\Local Settings\Application Data\fusioncache.dat
[2006/04/05 19:13:02 | 00,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/11/14 19:14:43 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2005/10/31 14:33:36 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/21 17:42:03 | 00,000,031 | ---- | C] () -- C:\WINDOWS\lexhbp.ini
[2005/07/15 20:52:00 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2005/07/07 17:30:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2004/12/08 10:07:07 | 00,000,401 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2004/12/08 10:06:55 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004/12/08 10:05:27 | 00,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2004/11/30 20:34:17 | 00,074,232 | ---- | C] () -- C:\Documents and Settings\susan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/11/24 21:35:13 | 00,000,219 | ---- | C] () -- C:\WINDOWS\satmat.ini
[2004/11/22 21:23:47 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/10/23 17:08:28 | 00,000,045 | ---- | C] () -- C:\WINDOWS\JCGLENNL.ini
[2003/03/02 15:39:36 | 00,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2002/12/26 09:46:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\rkeeper.ini
[2002/12/26 09:41:23 | 00,000,305 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2002/12/26 09:40:21 | 00,000,030 | ---- | C] () -- C:\WINDOWS\WB.INI
[2002/09/15 19:22:50 | 00,000,062 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2002/01/25 18:17:24 | 00,000,544 | ---- | C] () -- C:\WINDOWS\disney.ini
[2002/01/25 18:17:19 | 00,000,189 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2002/01/08 15:51:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2002/01/03 20:04:01 | 00,000,290 | ---- | C] () -- C:\WINDOWS\KA.INI
[2002/01/03 19:44:59 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\susan\Application Data\DESKTOP.INI
[2001/12/28 08:58:02 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2001/12/28 08:54:03 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\saverrc.dll
[2001/12/28 08:43:39 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2001/12/28 08:41:45 | 00,000,313 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2001/12/28 08:41:45 | 00,000,269 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
[2001/12/28 08:41:42 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2001/12/28 08:41:33 | 00,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2001/12/28 08:41:16 | 00,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2001/12/28 08:41:13 | 00,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2001/12/28 08:37:15 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2001/12/28 08:33:34 | 00,000,480 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2001/08/31 10:50:50 | 00,000,587 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2001/08/31 10:40:36 | 00,000,260 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2001/08/31 10:40:22 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2000/07/07 14:49:30 | 00,069,120 | ---- | C] () -- C:\WINDOWS\System32\LTDLL.DLL
[2000/03/25 19:00:00 | 00,030,208 | ---- | C] () -- C:\WINDOWS\System32\clcd32.dll
[1999/09/20 13:43:10 | 00,006,784 | ---- | C] () -- C:\WINDOWS\System32\clcd16.dll
[1996/05/15 12:28:22 | 00,093,056 | ---- | C] () -- C:\WINDOWS\System32\WLPRSHT.DLL
[1996/05/15 12:28:11 | 00,004,000 | ---- | C] () -- C:\WINDOWS\System32\SW2REDIR.DLL
[1996/05/15 12:27:40 | 00,000,049 | ---- | C] () -- C:\WINDOWS\System32\CJ27INST.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
< End of report >


OTL Extras logfile created on: 11/3/2009 2:31:48 PM - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\susan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

255.01 Mb Total Physical Memory | 90.62 Mb Available Physical Memory | 35.53% Memory free
617.19 Mb Paging File | 388.01 Mb Available in Paging File | 62.87% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 18.90 Gb Free Space | 50.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D4JNB411
Current User Name: susan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3849205493-1809067083-516276246-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe" = C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux -- File not found
"C:\Program Files\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe" = C:\Program Files\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files\Sierra Wireless Inc\3G Watcher\TRUUpdater.exe" = C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.)
"" =
"C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe" = C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\VMware\VMware Player\vmware-authd.exe" = C:\Program Files\VMware\VMware Player\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{01001202-5D65-445A-B3B4-3DCE72BA0C6C}" = Microsoft Encarta Encyclopedia Standard 2001
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0FF18B53-CA57-40BB-B562-21A27B662005}" = 1600
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX300_series" = Canon MX300 series
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15D9EB74-998E-4A04-B468-51C2E7B32182}" = Microsoft Picture It! Publishing 2001
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{280C7673-2DF8-4E74-B031-D8F108BE2A6D}" = PRO200WL
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3AE76A6A-DE52-4920-9814-905CA5551C2D}" = Cisco NAC Agent
"{3D719053-5593-11D3-8F25-0060085C1758}" = Microsoft Streets and Trips 2001
"{3E908702-AF35-4611-9518-955DA24B7E07}" = Microsoft XML Parser and SDK
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4AFA5BCB-E113-4FD6-8C28-D8F3FD0100D3}" = Nancy Drew: Secret of the Scarlet Hand
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{536F7C74-844B-4683-B0C5-EA39E19A6FE3}" = Microsoft AntiSpyware
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}" = Microsoft Works Suite Add-in for Microsoft Word
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{706D5382-7381-4680-9DD0-161832578252}" = DellTouch
"{70D1416D-C0FF-461C-8AF3-71B98C7F5CA4}" = Nancy Drew: Secret of the Old Clock
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{74B1D298-966D-4495-9B84-69CA441C5E7D}" = Marine Park Empire
"{753D852A-D86D-42C9-9978-40AE66FB8985}" = Driver Installer
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{80F825D2-ED4E-4C83-8A1E-D25160384B97}" = Wizards Event Reporter
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9579E862-5FC7-4337-B1CC-5E37451524C5}" = Motorola Driver Installation
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9E38979C-FA65-476D-80C7-72F4EADE726C}" = Nancy Drew: The Curse of Blackmoor Manor
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3096853-5F1C-464A-B7AE-5FB5137EAEC5}" = ArcSoft PhotoImpression
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online III
"{B089A9C3-9592-4219-9F25-7BA9846D2767}" = Nancy Drew: Ghost Dogs of Moon Lake
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB449D5A-7710-47aa-B9F5-352B877C90E6}" = 1600_Help
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D085A1B6-90A4-11D3-82B7-00C04FA309DE}" = Microsoft Money 2001
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB299A0A-69B8-4DD2-BB76-A17CF14CE649}" = Lets Ride Corral Club
"{DC398AAD-7EC9-488F-9D2C-7A710A8F3BF6}" = Sierra Wireless 3G Watcher
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E3436EE2-D5CB-4249-840B-3A0140CC34C1}" = PhoneTools
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EC255660-F987-41C8-8416-7376305A3FE5}" = Restaurant Empire
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4C6CC40-1142-49be-A28C-7BBD36F0B41A}" = 1600Trb
"{F4EC2FB1-4255-4040-8DE6-5D75FA9D039F}" = Nancy Drew: The Creature of Kapu Cave
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"7-Zip" = 7-Zip 4.65
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"ATI Display Driver" = ATI Display Driver
"CamStudio" = CamStudio
"Canon MX300 series User Registration" = Canon MX300 series User Registration
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"ClamWin Free Antivirus_is1" = ClamWin Free Antivirus 0.95.2
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"Flash Movie Player" = Flash Movie Player 1.5
"FLV Player" = FLV Player 2.0 (build 25)
"FoneSync" = FoneSync
"HijackThis" = HijackThis 1.99.0
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"Image Expert 3.2" = Dell Picture Studio - Image Expert 2000
"InstallShield_{DB299A0A-69B8-4DD2-BB76-A17CF14CE649}" = Lets Ride Corral Club
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCnC" = Microsoft Command & Control Engine
"MSLex" = Microsoft Speech Lexicon
"Nancy Drew: Secrets Can Kill" = Nancy Drew: Secrets Can Kill
"Nancy Drew: Stay Tuned For Danger" = Nancy Drew: Stay Tuned For Danger
"QuickTime32" = QuickTime for Windows (32-bit)
"Reader Rabbit Personalized Preschool" = Reader Rabbit Personalized Preschool
"RealPlayer 6.0" = RealPlayer
"SpeechAPI" = Microsoft Speech API 3.0
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"SpyBlocs v3.0" = SpyBlocs v3.0
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"Works2001Setup" = Microsoft Works 2001 Setup Launcher
"Yahoo! Anti-Spy" = Yahoo! Anti-Spy
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/24/2009 3:50:15 PM | Computer Name = D4JNB411 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 10/24/2009 5:35:34 PM | Computer Name = D4JNB411 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 10/24/2009 5:35:34 PM | Computer Name = D4JNB411 | Source = EventSystem | ID = 4613
Description = The COM+ Event System detected an unexpected error from a Win32 API
call at line 819 of d:\comxp_sp3\com\com1x\src\events\tier2\notify.cpp. A call
to CreateThread failed with error code 1455: "" Please contact Microsoft Product
Support Services to report this erro

Error - 10/24/2009 5:35:34 PM | Computer Name = D4JNB411 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
IEventSystem::Store. hr = 0x80040206.

Error - 10/24/2009 5:39:03 PM | Computer Name = D4JNB411 | Source = EventSystem | ID = 4612
Description = The COM+ Event System ran out of memory during its internal processing,
at line 34 of d:\comxp_sp3\com\com1x\src\events\queryengine\pool.cp

Error - 10/26/2009 8:17:46 PM | Computer Name = D4JNB411 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x000404b4.

Error - 10/26/2009 8:18:22 PM | Computer Name = D4JNB411 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/29/2009 8:42:25 PM | Computer Name = D4JNB411 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x000106ec.

Error - 10/31/2009 3:21:35 AM | Computer Name = D4JNB411 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/31/2009 5:53:12 PM | Computer Name = D4JNB411 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/24/2009 5:39:41 PM | Computer Name = D4JNB411 | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 10/24/2009 5:39:44 PM | Computer Name = D4JNB411 | Source = BROWSER | ID = 8007
Description = The browser was unable to update the service status bits. The data
is the error.

Error - 10/24/2009 9:42:41 PM | Computer Name = D4JNB411 | Source = NetBT | ID = 4321
Description = The name "D4JNB411 :0" could not be registered on the Interface
with IP address 10.5.17.230. The machine with the IP address 10.5.19.238 did not
allow the name to be claimed by this machine.

Error - 10/24/2009 9:43:48 PM | Computer Name = D4JNB411 | Source = NetBT | ID = 4321
Description = The name "D4JNB411 :0" could not be registered on the Interface
with IP address 10.5.17.230. The machine with the IP address 10.5.17.230 did not
allow the name to be claimed by this machine.

Error - 10/25/2009 5:19:27 PM | Computer Name = D4JNB411 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
CHRIS-SPARKS that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{E62E4AA9-24DB-4. The master browser is stopping or an election is being
forced.

Error - 10/26/2009 7:44:31 PM | Computer Name = D4JNB411 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
CHRIS-SPARKS that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{E62E4AA9-24DB-4. The master browser is stopping or an election is being
forced.

Error - 10/27/2009 6:11:33 PM | Computer Name = D4JNB411 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
CHRIS-SPARKS that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{E62E4AA9-24DB-4. The master browser is stopping or an election is being
forced.

Error - 10/28/2009 12:23:42 PM | Computer Name = D4JNB411 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
CHRIS-SPARKS that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{E62E4AA9-24DB-4. The master browser is stopping or an election is being
forced.

Error - 11/2/2009 9:00:51 AM | Computer Name = D4JNB411 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
CHRIS-SPARKS that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{E62E4AA9-24DB-4. The master browser is stopping or an election is being
forced.

Error - 11/2/2009 4:31:31 PM | Computer Name = D4JNB411 | Source = NetBT | ID = 4321
Description = The name "MSHOME :1d" could not be registered on the Interface
with IP address 10.5.17.230. The machine with the IP address 10.5.17.235 did not
allow the name to be claimed by this machine.


< End of report >


It looks like the campus firewall is keeping OTL from getting much with the Extras.txt...

THIS CASE IS NOT CLOSED. I REALLY NEED HELP (and Google!)

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:53 AM

Posted 03 November 2009 - 05:00 PM

Hi,

the logs are the way they should be. :(

Please also run Malwarebytes and Rootrepeal to get a more complete picture of your PC:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click Posted Image on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 TheOrgg

TheOrgg
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 03 November 2009 - 05:20 PM

Root Repeal does not work. I don't have enough memory for it to function properly. I'm running Malwarebytes as soon as I finish posting this; it'll take until about eight or nine tonight to finish (it's 4:30 right now)

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:53 AM

Posted 03 November 2009 - 05:39 PM

Hi,

I'll be fast asleep at that time. :( It's almost midnight here.

If rootrepeal won't run, please try gmer instead:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 TheOrgg

TheOrgg
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 03 November 2009 - 11:12 PM

GMER froze the same way that RootRepeal did, but didn't give me the error message. It may be due to the firewall-type program that I cannot figure out how to stop from starting up with the computer that the campus requires to be running when the computer boots up, even if I don't try to log into the internet.

Malwarebytes' Anti-Malware 1.41
Database version: 3095
Windows 5.1.2600 Service Pack 3

11/3/2009 9:45:13 PM
mbam-log-2009-11-03 (21-45-13).txt

Scan type: Quick Scan
Objects scanned: 109280
Time elapsed: 43 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\lsp.dll (Search.Hijacker) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\gwr (Rogue.GreenAV) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\lsp.dll (Search.Hijacker) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\gwr\Viruses.dat (Rogue.GreenAV) -> Quarantined and deleted successfully.



#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:53 AM

Posted 05 November 2009 - 09:41 AM

Hi,

can you try the following setting for RootRepeal and see if it will work then:

Hi,

there may be some interference from other programs. Please try RootRepeal again, but before the scan do the following:
Please start RootRepeal, and, before doing anything else, try changing the "Disk Access Level" in the Settings->Options dialog. Try moving it to the "Special" or "High" level. Also, click on the Files tab, and uncheck "Use lowest level for MBR check". Please let me know if this fixes the problem.


If that doesn't work please run Sophos ARK instead:
lease download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now". Click Yes.
  • Make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 TheOrgg

TheOrgg
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 05 November 2009 - 02:30 PM

Both RootRepeal and the second one recommended never would start on the computer, but SaRk did work. Here's the log; it didn't recommend removal of anything, so I didn't re-scan.

Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc
Started logging on 11/5/2009 at 11:04:28 AM
User "susan" on computer "D4JNB411"
Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x300 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll
Hidden: file C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll
Hidden: file C:\WINDOWS\$NtUninstallKB828741$\es.dll
Hidden: file C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll
Hidden: file C:\WINDOWS\$NtUninstallKB828741$\ole32.dll
Hidden: file C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll
Hidden: file C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll
Hidden: file C:\WINDOWS\$NtUninstallKB828741$\txflog.dll
Hidden: file C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll
Hidden: file C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll
Hidden: file C:\WINDOWS\$NtUninstallKB828741$\colbact.dll
Hidden: file C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll
Hidden: file C:\WINDOWS\$NtUninstallKB828741$\comuid.dll
Hidden: file C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll
Hidden: file C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll
Hidden: file C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll
Hidden: file C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll
Hidden: file C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll
Hidden: file C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe
Hidden: file C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll
Hidden: file C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll
Hidden: file C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll
Hidden: file C:\WINDOWS\$NtUninstallKB835732$\msgina.dll
Hidden: file C:\WINDOWS\$NtUninstallKB835732$\schannel.dll
Hidden: file C:\WINDOWS\$NtUninstallKB835732$\browser.dll
Hidden: file C:\WINDOWS\$NtUninstallKB835732$\h323.tsp
Hidden: file C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll
Hidden: file C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll
Hidden: file C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll
Hidden: file C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll
Hidden: file C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll
Hidden: file C:\WINDOWS\$NtUninstallKB835732$\callcont.dll
Hidden: file C:\WINDOWS\$NtUninstallKB835732$\mst120.dll
Hidden: file C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll
Hidden: file C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe
Hidden: file C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
Hidden: file C:\Documents and Settings\susan\Local Settings\Temporary Internet Files\Content.IE5\POFNVXCK\159393%20-%204chan%20Alice%20Alice_in_Wonderland%20Bugs_Bunny%20Dug_Dug%20Fryger%20Hello_Kitty%20Jesus%20Looney_Tunes%20MEME%20Mario%20Mario_Kart%20Nintendo[1].jpg
Hidden: file C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll
Hidden: file C:\Documents and Settings\susan\Local Settings\Temporary Internet Files\Content.IE5\937DF1RC\3943%20-%20Biohazard%20Bugs_Bunny%20Daffy_Duck%20Elmer_Fudd%20Foghorn_Leghorn%20Lola_Bunny%20Looney_Tunes%20Marvin_The_Martian%20Pepe_Le_Pew%20Porky_Pig%20Ta[1].jpg
Hidden: file C:\Documents and Settings\susan\Local Settings\Temporary Internet Files\Content.IE5\POFNVXCK\id=1257393828&ga_hid=1406372292&ga_fc=0&u_tz=-360&u_his=2&u_java=1&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_nplug=0&u_nmime=0&biw=995&bih=568&fu=0&ifi=1&dtd=984
Hidden: file C:\Documents and Settings\susan\Local Settings\Temporary Internet Files\Content.IE5\7ROXOLVY\sid=1257393828&ga_hid=1406372292&ga_fc=0&u_tz=-360&u_his=2&u_java=1&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_nplug=0&u_nmime=0&biw=995&bih=568&fu=0&ifi=2&dtd=31
Hidden: file C:\Documents and Settings\susan\Local Settings\Temporary Internet Files\Content.IE5\937DF1RC\sid=1257393828&ga_hid=1406372292&ga_fc=0&u_tz=-360&u_his=2&u_java=1&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_nplug=0&u_nmime=0&biw=995&bih=568&fu=0&ifi=3&dtd=32
Hidden: file C:\Documents and Settings\susan\Local Settings\Temporary Internet Files\Content.IE5\POFNVXCK\sid=1257393828&ga_hid=1406372292&ga_fc=0&u_tz=-360&u_his=2&u_java=1&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_nplug=0&u_nmime=0&biw=995&bih=568&fu=0&ifi=4&dtd=31
Hidden: file C:\Documents and Settings\susan\Local Settings\Temporary Internet Files\Content.IE5\D8DO5V22\sid=1257393828&ga_hid=1406372292&ga_fc=0&u_tz=-360&u_his=2&u_java=1&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_nplug=0&u_nmime=0&biw=995&bih=568&fu=0&ifi=5&dtd=31
Hidden: file C:\Documents and Settings\susan\Local Settings\Temporary Internet Files\Content.IE5\0V23YTOP\sid=1257393828&ga_hid=1406372292&ga_fc=0&u_tz=-360&u_his=2&u_java=1&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_nplug=0&u_nmime=0&biw=995&bih=568&fu=0&ifi=6&dtd=47
Hidden: file C:\Documents and Settings\susan\Local Settings\Temporary Internet Files\Content.IE5\D8DO5V22\319221%20-%20Annie_Fanny%20Ariel%20Black_Queen%20Brandy%20Cool_World%20Crossover%20DC%20Daphne_Blake%20Disney%20Holli_Would%20Jean_Grey%20Jessica_Rabbit%20La[1].jpg
Hidden: file C:\Documents and Settings\susan\Local Settings\Temporary Internet Files\Content.IE5\7ROXOLVY\164003%20-%20Alfred_Pennyworth%20Barbara_Gordon%20Batgirl%20Batman%20Batman_Beyond%20Bruce_Wayne%20Catwoman%20DC%20DCAU%20Dana_Tan%20Dick_Grayson%20Forbidden[1].jpg
Stopped logging on 11/5/2009 at 11:52:10 AM



#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:53 AM

Posted 05 November 2009 - 03:51 PM

Hi,

the log is looking fine. How is your PC behaving now? Are you still getting redirected? If so, are you getting redirected on Internet Explorer or Firefox or both?

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 TheOrgg

TheOrgg
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 05 November 2009 - 07:58 PM

The searches look good. So I'm clear?

I'll remember to uninstall and reinstall Malwarebytes next time something is acting funny. It looks like that's what really got rid of it.

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:53 AM

Posted 06 November 2009 - 03:56 AM

Hi,

to make sure we didn't miss anything I would like to ask you to run an onlinescan:
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
The important thing with Malwarebytes was probably the update. Malwarebytes gets updated very frequently, so chances are that after update it'll catch infections that it didn't see the day before.

Please stay with me to the end, we still need to remove the tools used and bring your PC up to date.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 TheOrgg

TheOrgg
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 06 November 2009 - 02:00 PM

Please note, due to you not specifying the checkbox that said "remove found threats," I unchecked that selection. Here is the log:

C:\Documents and Settings\susan\Local Settings\Application Data\Identities\{22EC0CF3-81F7-4841-81FA-78134B37A30D}\Microsoft\Outlook Express\Deleted Items.dbx multiple threats
C:\Program Files\SpyBlocsv3.0\SpyBlocs3.0.exe probably a variant of Win32/Genetik trojan
C:\WINDOWS\SYSTEM32\tvm_b5_banner_test.exe Win32/TrojanDropper.SurfSide.A trojan



#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:53 AM

Posted 07 November 2009 - 10:19 AM

Hi,

I will update my instructions. I prefer the scan not to remove anything, because every now and then a scanner has false positives and deletes legit files. This way I can check which files need to be removed and which don't. :(

Spyblocks is a rogue software, please remove it from your system.
Go to Start > Control Panel > Add or Remove Programs.
If you are unsure of how to use Add or Remove Programs, the please see this tutorial:
How To Remove An Installed Program From Your Computer

Afterwards go to Start > My Computer
Go to Tools > Folder Options
Click on the View tab
Untick the following:
  • Hide extensions for known file types
  • Hide protected operating system files (Recommended)
You will get a message warning you about showing protected operating system files, click Yes
Make sure this option is selected:
  • Show hidden files and folders
Click Apply and then click OK
Use Windows Explorer to find and delete these file:
C:\WINDOWS\SYSTEM32\tvm_b5_banner_test.exe
As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop. Or click on the Windows KEY + E.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete


Finally, please post a new OTL log, and a description of any remaining problems.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 TheOrgg

TheOrgg
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 08 November 2009 - 11:27 AM

I deleted the tmv banner test.exe, but when I tried to add/remove the spyblocs I get an uninstall message that says "The following file does not exist or is not a valid uninstallation log file. C:\Program Files\SpyBlocs3.0\uninstal.log"

So how do I get rid of that bugger?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users