Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google searches hijacked


  • This topic is locked This topic is locked
16 replies to this topic

#1 MicheleKP

MicheleKP

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 26 January 2010 - 04:55 PM

Hi All!

I have an HP desktop running Vista. For the past few weeks I have had trouble with the search engines (google mostly) redirecting to trash site...where it sends me to varies but is never the right link.

Following is the DDS file contents and I have attached the attach.txt file. Sometime last week I downloaded and ran Malwarebytes and now have it running actively. That seemed to help for a while, then the problem recurs. It does seem to some and go...sometimes the search works flawlessly, other times I get trash... This happens with Firefox, Explorer and Chromw. Haven't checked out Opera yet...

I tried running root repeal but keep getting an error: FOPS: DevieIoControlError.

Thanks so much for the help!

Michele




DDS (Ver_09-12-01.01) - NTFSx86
Run by Michele at 16:14:17.50 on Tue 01/26/2010
Internet Explorer: 7.0.6000.16945 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3071.1740 [GMT -5:00]

AV: Sunbelt VIPRE *On-access scanning enabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Sunbelt VIPRE *enabled* (Updated) {9817B764-AE4E-4B29-AEE7-725B7A50BD48}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\hp\HPEZBTN\HPBtnSrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Michele\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Michele\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\jusched.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Michele\Documents\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=GRfox000&ptb=gENXj5FBF8QW6JO7h_HuwA
mStart Page = hxxp://www.maxiwe.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [LaCie Backup] c:\program files\lacie\backup software\\LaCieBackup.exe /background
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "c:\users\michele\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SBRegRebootCleaner] c:\program files\sunbelt software\vipre\SBRC.exe
mRun: [SBAMTray] c:\program files\sunbelt software\vipre\SBAMTray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\michele\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\michele\appdata\roaming\micros~1\windows\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
StartupFolder: c:\users\michele\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: goldleafach.com
Trusted Zone: musicmatch.com\online
DPF: {0EA69A0A-1123-490E-840F-3E2642938947} - hxxps://www.goldleafach.com/ach/Install/RDM61120/RDMTIFF.cab
DPF: {0F615A5A-868C-4748-8A2D-A15CDA6A7F82} - hxxps://www.goldleafach.com/ach/Install/RDM61120/RDMXUTIL.cab
DPF: {122FEF1E-2444-4DE5-A47E-762465C26606} - hxxps://www.goldleafach.com/ach/Install/RDM61120/RDMCO.cab
DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c1/v21.129/qboax10.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
AppInit_DLLs: c:\windows\system32\dmdlgs32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\michele\appdata\roaming\mozilla\firefox\profiles\9nlyduwf.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRfox000&fl=0&ptb=gENXj5FBF8QW6JO7h_HuwA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - component: c:\users\michele\appdata\roaming\mozilla\firefox\profiles\9nlyduwf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\users\michele\appdata\roaming\mozilla\firefox\profiles\9nlyduwf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\michele\appdata\roaming\mozilla\firefox\profiles\9nlyduwf.default\extensions\lazarus@interclue.com\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-13 95024]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2009-12-26 203056]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\hp\dvdplay\000.fcl [2007-11-12 39408]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\hpezbtn\HPBtnSrv.exe [2007-11-12 198240]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-14 236368]
R2 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2010-1-4 1012080]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-8-10 69936]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2007-11-12 1129344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-14 19160]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2007-11-12 464384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-5 135664]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2007-9-12 25760]
S3 ustp2;ustp2;c:\windows\system32\drivers\ustp2.sys [2007-4-22 19840]

=============== Created Last 30 ================

2010-01-26 20:47:45 0 d-sh--w- C:\$RECYCLE.BIN
2010-01-26 20:39:52 98816 ----a-w- c:\windows\sed.exe
2010-01-26 20:39:52 77312 ----a-w- c:\windows\MBR.exe
2010-01-26 20:39:52 261632 ----a-w- c:\windows\PEV.exe
2010-01-26 20:39:52 161792 ----a-w- c:\windows\SWREG.exe
2010-01-26 19:09:39 0 d-----w- c:\users\michele\appdata\roaming\PC Tools
2010-01-26 19:09:39 0 d-----w- c:\programdata\PC Tools
2010-01-26 19:09:39 0 d-----w- c:\program files\Spyware Doctor
2010-01-26 19:09:39 0 d-----w- c:\program files\common files\PC Tools
2010-01-15 04:52:52 0 d-----w- c:\users\michele\appdata\roaming\Malwarebytes
2010-01-15 04:52:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-15 04:52:38 0 d-----w- c:\programdata\Malwarebytes
2010-01-15 04:52:37 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-15 04:52:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-15 04:51:24 195456 ------w- c:\windows\system32\MpSigStub.exe
2010-01-15 04:35:24 1372 ----a-w- c:\users\michele\appdata\roaming\AYYtt.vbs
2010-01-15 04:35:20 1372 ----a-w- c:\users\michele\appdata\roaming\WD33yE7TWO6UA.vbs
2010-01-14 13:43:20 1372 ----a-w- c:\users\michele\appdata\roaming\EULyo.vbs
2010-01-14 13:43:13 1372 ----a-w- c:\users\michele\appdata\roaming\Q68qIxeUWpoOO4E.vbs
2010-01-13 12:05:58 1372 ----a-w- c:\users\michele\appdata\roaming\4O63dRIH1SZyN.vbs
2010-01-12 15:09:58 1372 ----a-w- c:\users\michele\appdata\roaming\h4JZI.vbs
2010-01-12 15:01:50 817 ----a-w- c:\windows\system32\609435633
2010-01-11 22:19:03 1372 ----a-w- c:\users\michele\appdata\roaming\kiq9G.vbs
2010-01-11 22:18:24 1372 ----a-w- c:\users\michele\appdata\roaming\p0OnjJIDHWXPRR2.vbs
2010-01-11 10:11:09 1372 ----a-w- c:\users\michele\appdata\roaming\aHmc7.vbs
2010-01-11 10:11:08 1372 ----a-w- c:\users\michele\appdata\roaming\hTZ50urKxmKoR.vbs
2010-01-10 15:03:47 1372 ----a-w- c:\users\michele\appdata\roaming\0WLxmNE7pOyBO.vbs
2010-01-10 15:03:46 1372 ----a-w- c:\users\michele\appdata\roaming\LyW7kW757pvyj.vbs
2010-01-10 02:32:00 1372 ----a-w- c:\users\michele\appdata\roaming\UeisZ.vbs
2010-01-10 01:32:00 1372 ----a-w- c:\users\michele\appdata\roaming\l8fX6yEkjO9pyFs.vbs
2010-01-09 17:56:40 1372 ----a-w- c:\users\michele\appdata\roaming\q5eRD.vbs
2010-01-09 17:55:43 1372 ----a-w- c:\users\michele\appdata\roaming\h9FRyoNIkCsmRVl.vbs
2010-01-09 16:33:28 1372 ----a-w- c:\users\michele\appdata\roaming\2H8uuzlupGyR93R.vbs
2010-01-09 15:24:15 1372 ----a-w- c:\users\michele\appdata\roaming\gUTAiavH3Nuqcsl.vbs
2010-01-09 14:00:47 104 ----a-w- c:\windows\system32\SBRC.dat
2010-01-09 13:32:21 1372 ----a-w- c:\users\michele\appdata\roaming\DPNOMDvQbxFYo.vbs
2010-01-09 13:31:37 1372 ----a-w- c:\users\michele\appdata\roaming\unlTckg.vbs
2010-01-09 13:30:30 55072 ----a-w- c:\windows\system32\jureg.exe
2010-01-08 11:12:38 1372 ----a-w- c:\users\michele\appdata\roaming\0Zf4H0korkfqR.vbs
2010-01-08 11:12:25 1372 ----a-w- c:\users\michele\appdata\roaming\0pYsvvSITvmNC.vbs
2010-01-06 22:44:16 1372 ----a-w- c:\users\michele\appdata\roaming\dwThExsD8UCnFrb.vbs
2010-01-04 22:02:22 27984 ----a-w- c:\windows\system32\sbbd.exe
2010-01-03 20:09:27 0 d-----w- c:\program files\Veetle

==================== Find3M ====================

2009-12-26 20:31:57 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-26 20:31:57 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-26 20:31:56 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-11-09 13:34:40 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:30:40 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-10-29 07:59:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-04 17:02:49 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-12-12 08:16:50 174 --sha-w- c:\program files\desktop.ini
2007-04-23 02:51:22 19840 ----a-w- c:\windows\inf\ustp2.sys
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-05-13 23:15:45 22 --sha-w- c:\windows\sminst\HPCD.sys
2007-11-13 03:29:32 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 16:15:43.02 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:47 AM

Posted 02 February 2010 - 01:36 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 MicheleKP

MicheleKP
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 02 February 2010 - 07:08 PM

Thanks for the reply!

Following are the results of the latest dds scan and the gmer scan and I have attached the dds attach file.

Let me know if there is anything else you need and thanks again.



DDS (Ver_09-12-01.01) - NTFSx86
Run by Michele at 18:32:14.36 on Tue 02/02/2010
Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3071.2002 [GMT -5:00]

AV: Sunbelt VIPRE *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Sunbelt VIPRE *disabled* (Updated) {9817B764-AE4E-4B29-AEE7-725B7A50BD48}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\hp\HPEZBTN\HPBtnSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Michele\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Michele\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\jusched.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Michele\Documents\Downloads\dds (1).scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=GRfox000&ptb=gENXj5FBF8QW6JO7h_HuwA
mStart Page = hxxp://www.maxiwe.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [LaCie Backup] c:\program files\lacie\backup software\\LaCieBackup.exe /background
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "c:\users\michele\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SBRegRebootCleaner] c:\program files\sunbelt software\vipre\SBRC.exe
mRun: [SBAMTray] c:\program files\sunbelt software\vipre\SBAMTray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\michele\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\michele\appdata\roaming\micros~1\windows\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
StartupFolder: c:\users\michele\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: goldleafach.com
Trusted Zone: musicmatch.com\online
DPF: {0EA69A0A-1123-490E-840F-3E2642938947} - hxxps://www.goldleafach.com/ach/Install/RDM61120/RDMTIFF.cab
DPF: {0F615A5A-868C-4748-8A2D-A15CDA6A7F82} - hxxps://www.goldleafach.com/ach/Install/RDM61120/RDMXUTIL.cab
DPF: {122FEF1E-2444-4DE5-A47E-762465C26606} - hxxps://www.goldleafach.com/ach/Install/RDM61120/RDMCO.cab
DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c1/v21.129/qboax10.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
AppInit_DLLs: c:\windows\system32\dmdlgs32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\michele\appdata\roaming\mozilla\firefox\profiles\9nlyduwf.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRfox000&fl=0&ptb=gENXj5FBF8QW6JO7h_HuwA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - component: c:\users\michele\appdata\roaming\mozilla\firefox\profiles\9nlyduwf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\users\michele\appdata\roaming\mozilla\firefox\profiles\9nlyduwf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\michele\appdata\roaming\mozilla\firefox\profiles\9nlyduwf.default\extensions\lazarus@interclue.com\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-13 95024]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2009-12-26 203056]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\hp\dvdplay\000.fcl [2007-11-12 39408]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\hpezbtn\HPBtnSrv.exe [2007-11-12 198240]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-14 236368]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-8-10 69936]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2007-11-12 1129344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-14 19160]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2007-11-12 464384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-5 135664]
S2 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2010-1-4 1012080]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2007-9-12 25760]
S3 ustp2;ustp2;c:\windows\system32\drivers\ustp2.sys [2007-4-22 19840]

=============== Created Last 30 ================

2010-02-02 20:51:39 0 d-----w- c:\windows\CheckSur
2010-01-26 21:56:18 0 d-----w- c:\programdata\Cobian
2010-01-26 21:55:55 0 d-----w- c:\program files\Cobian Backup 9
2010-01-26 20:47:45 0 d-sh--w- C:\$RECYCLE.BIN
2010-01-26 20:39:52 98816 ------w- c:\windows\sed.exe
2010-01-26 20:39:52 77312 ------w- c:\windows\MBR.exe
2010-01-26 20:39:52 261632 ------w- c:\windows\PEV.exe
2010-01-26 20:39:52 161792 ------w- c:\windows\SWREG.exe
2010-01-26 19:09:39 0 d-----w- c:\users\michele\appdata\roaming\PC Tools
2010-01-26 19:09:39 0 d-----w- c:\programdata\PC Tools
2010-01-26 19:09:39 0 d-----w- c:\program files\Spyware Doctor
2010-01-26 19:09:39 0 d-----w- c:\program files\common files\PC Tools
2010-01-15 04:52:52 0 d-----w- c:\users\michele\appdata\roaming\Malwarebytes
2010-01-15 04:52:39 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-15 04:52:38 0 d-----w- c:\programdata\Malwarebytes
2010-01-15 04:52:37 19160 ------w- c:\windows\system32\drivers\mbam.sys
2010-01-15 04:52:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-15 04:51:24 195456 ------w- c:\windows\system32\MpSigStub.exe
2010-01-15 04:35:24 1372 ------w- c:\users\michele\appdata\roaming\AYYtt.vbs
2010-01-15 04:35:20 1372 ------w- c:\users\michele\appdata\roaming\WD33yE7TWO6UA.vbs
2010-01-14 13:43:20 1372 ------w- c:\users\michele\appdata\roaming\EULyo.vbs
2010-01-14 13:43:13 1372 ------w- c:\users\michele\appdata\roaming\Q68qIxeUWpoOO4E.vbs
2010-01-13 12:05:58 1372 ------w- c:\users\michele\appdata\roaming\4O63dRIH1SZyN.vbs
2010-01-12 21:55:41 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 21:55:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-01-12 21:55:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-01-12 21:55:41 24064 ----a-w- c:\windows\system32\lpk.dll
2010-01-12 21:55:41 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 21:55:41 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-01-12 15:09:58 1372 ------w- c:\users\michele\appdata\roaming\h4JZI.vbs
2010-01-12 15:01:50 817 ------w- c:\windows\system32\609435633
2010-01-11 22:19:03 1372 ------w- c:\users\michele\appdata\roaming\kiq9G.vbs
2010-01-11 22:18:24 1372 ------w- c:\users\michele\appdata\roaming\p0OnjJIDHWXPRR2.vbs
2010-01-11 10:11:09 1372 ------w- c:\users\michele\appdata\roaming\aHmc7.vbs
2010-01-11 10:11:08 1372 ------w- c:\users\michele\appdata\roaming\hTZ50urKxmKoR.vbs
2010-01-10 15:03:47 1372 ------w- c:\users\michele\appdata\roaming\0WLxmNE7pOyBO.vbs
2010-01-10 15:03:46 1372 ------w- c:\users\michele\appdata\roaming\LyW7kW757pvyj.vbs
2010-01-10 02:32:00 1372 ------w- c:\users\michele\appdata\roaming\UeisZ.vbs
2010-01-10 01:32:00 1372 ------w- c:\users\michele\appdata\roaming\l8fX6yEkjO9pyFs.vbs
2010-01-09 17:56:40 1372 ------w- c:\users\michele\appdata\roaming\q5eRD.vbs
2010-01-09 17:55:43 1372 ------w- c:\users\michele\appdata\roaming\h9FRyoNIkCsmRVl.vbs
2010-01-09 16:33:28 1372 ------w- c:\users\michele\appdata\roaming\2H8uuzlupGyR93R.vbs
2010-01-09 15:24:15 1372 ------w- c:\users\michele\appdata\roaming\gUTAiavH3Nuqcsl.vbs
2010-01-09 14:00:47 104 ------w- c:\windows\system32\SBRC.dat
2010-01-09 13:32:21 1372 ------w- c:\users\michele\appdata\roaming\DPNOMDvQbxFYo.vbs
2010-01-09 13:31:37 1372 ------w- c:\users\michele\appdata\roaming\unlTckg.vbs
2010-01-09 13:30:30 55072 ------w- c:\windows\system32\jureg.exe
2010-01-08 11:12:38 1372 ------w- c:\users\michele\appdata\roaming\0Zf4H0korkfqR.vbs
2010-01-08 11:12:25 1372 ------w- c:\users\michele\appdata\roaming\0pYsvvSITvmNC.vbs
2010-01-06 22:44:16 1372 ------w- c:\users\michele\appdata\roaming\dwThExsD8UCnFrb.vbs
2010-01-04 22:02:22 27984 ------w- c:\windows\system32\sbbd.exe

==================== Find3M ====================

2010-01-27 19:16:13 86016 ----a-w- c:\windows\inf\infstor.dat
2010-01-27 19:16:13 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-27 19:16:13 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-18 12:52:36 832512 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 12:48:23 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-12-18 12:48:19 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 12:46:10 72704 ----a-w- c:\windows\system32\admparse.dll
2009-12-18 10:18:14 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-18 08:45:07 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-12-14 19:15:14 2146304 ------w- c:\windows\system32\GPhotos.scr
2009-11-09 13:34:40 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:30:40 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-09-04 17:02:49 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-12-12 08:16:50 174 --sh--w- c:\program files\desktop.ini
2007-04-23 02:51:22 19840 ------w- c:\windows\inf\ustp2.sys
2006-11-02 12:42:02 30674 ------w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ------w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ------w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ------w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ------w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ------w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ------w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ------w- c:\windows\inf\perflib\0000\perfc.dat
2008-05-13 23:15:45 22 --sh--w- c:\windows\sminst\HPCD.sys
2007-11-13 03:29:32 8192 --sh--w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 18:33:08.20 ===============


gmer log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-02 18:55:36
Windows 6.0.6000
Running: ejb3su68.exe; Driver: C:\Users\Michele\AppData\Local\Temp\pxliapod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8EE24340, 0x3A0147, 0xE8000020]
C:\Program Files\HP\DVDPlay\000.fcl entry point in "" section [0x9F423000]
.clc C:\Program Files\HP\DVDPlay\000.fcl unknown last section [0x9F424000, 0x1000, 0x00000000]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\SearchProtocolHost.exe[3644] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] [736AD6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\system32\SearchProtocolHost.exe[3644] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [736AD6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\system32\SearchProtocolHost.exe[3644] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [736AD6EF] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
AttachedDevice \Driver\tdx \Device\Udp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
AttachedDevice \Driver\tdx \Device\RawIp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)

---- EOF - GMER 1.0.15 ----

Attached Files



#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:47 AM

Posted 03 February 2010 - 01:16 PM

Hello, MicheleKP
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.





Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 MicheleKP

MicheleKP
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 03 February 2010 - 04:54 PM

Hi Tom!

And thanks so much for your help!

I downloaded and ran the Combofix program...it appeared to be working fine, although it saved the log as "log.txt" (attached below) instead of the expected "Combofix.txt". Also, once the scan was finished I went to restart the anti-virus and malware programs and I got the error...'Illegal operation on a registry key that has been marked for deletion'. I tried to run several other programs and it seems that all the executable files on that machine won't run and I get the same error!!!!! So I checked the C drive and there is a ComboFix.txt file, on a quick inspection log.txt and ComboFix.txt appear to be the same. I attached them both for you.

So, I have the internet connection disabled for now and I have not done anything with the computer, I will wait to hear back.

Thanks again,

Michele

Attached Files



#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:47 AM

Posted 04 February 2010 - 03:46 PM

Hi,

Please don't attach the logfiles, just post it here in your thread.


We need to scan the system with this special tool:

* Please download and save:

Junction.zip

* Unzip it and place Junction.exe in the Windows directory (C:\Windows).
* Go to Start => Run... => Copy and paste the following command in the Run box and click OK:

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 MicheleKP

MicheleKP
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 04 February 2010 - 08:02 PM

Here you go, sorry for the misunderstanding...



Junction v1.05 - Windows junction creator and reparse point viewer
Copyright © 2000-2007 Mark Russinovich
Systems Internals - http://www.sysinternals.com

\\?\c:\\Documents and Settings: JUNCTION
Print Name : C:\Users
Substitute Name: C:\Users


Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\System Volume Information: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

..\\?\c:\\ProgramData\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\ProgramData\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\ProgramData\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\ProgramData\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

\\?\c:\\ProgramData\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\ProgramData\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

.
Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\72491d42f9ed691b8cef089dde7ed202_a256fb97-162a-4558-be23-08ae4bbcb195: Access is denied.




...

...

...

...\\?\c:\\Users\All Users: UNKNOWN MICROSOFT REPARSE POINT

\\?\c:\\Users\Default User: JUNCTION
Print Name : C:\Users\Default
Substitute Name: C:\Users\Default

\\?\c:\\Users\All Users\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\Users\All Users\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Users\All Users\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\Users\All Users\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites



\\?\c:\\Users\All Users\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Users\All Users\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

.
Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\72491d42f9ed691b8cef089dde7ed202_a256fb97-162a-4558-be23-08ae4bbcb195: Access is denied.


..

...

...

...

.\\?\c:\\Users\Chuck\Application Data: JUNCTION
Print Name : C:\Users\Chuck\AppData\Roaming
Substitute Name: C:\Users\Chuck\AppData\Roaming

\\?\c:\\Users\Chuck\Cookies: JUNCTION
Print Name : C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Chuck\Local Settings: JUNCTION
Print Name : C:\Users\Chuck\AppData\Local
Substitute Name: C:\Users\Chuck\AppData\Local

\\?\c:\\Users\Chuck\My Documents: JUNCTION
Print Name : C:\Users\Chuck\Documents
Substitute Name: C:\Users\Chuck\Documents

\\?\c:\\Users\Chuck\NetHood: JUNCTION
Print Name : C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Chuck\PrintHood: JUNCTION
Print Name : C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Chuck\Recent: JUNCTION
Print Name : C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Chuck\SendTo: JUNCTION
Print Name : C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Chuck\Start Menu: JUNCTION
Print Name : C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Chuck\Templates: JUNCTION
Print Name : C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Chuck\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Chuck\AppData\Local
Substitute Name: C:\Users\Chuck\AppData\Local

\\?\c:\\Users\Chuck\AppData\Local\History: JUNCTION
Print Name : C:\Users\Chuck\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Chuck\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Chuck\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Chuck\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Chuck\AppData\Local\Microsoft\Windows\Temporary Internet Files

..

...

...

\\?\c:\\Users\Chuck\Documents\My Music: JUNCTION
Print Name : C:\Users\Chuck\Music
Substitute Name: C:\Users\Chuck\Music

\\?\c:\\Users\Chuck\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Chuck\Pictures
Substitute Name: C:\Users\Chuck\Pictures

\\?\c:\\Users\Chuck\Documents\My Videos: JUNCTION
Print Name : C:\Users\Chuck\Videos
Substitute Name: C:\Users\Chuck\Videos

...\\?\c:\\Users\Default\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming
Substitute Name: C:\Users\Default\AppData\Roaming

\\?\c:\\Users\Default\Local Settings: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\My Documents: JUNCTION
Print Name : C:\Users\Default\Documents
Substitute Name: C:\Users\Default\Documents

\\?\c:\\Users\Default\NetHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Default\PrintHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Default\Recent: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Default\SendTo: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo



\\?\c:\\Users\Default\Start Menu: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Default\Templates: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Default\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\AppData\Local\History: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Default\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files

\\?\c:\\Users\Default\Documents\My Music: JUNCTION
Print Name : C:\Users\Default\Music
Substitute Name: C:\Users\Default\Music

\\?\c:\\Users\Default\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Default\Pictures
Substitute Name: C:\Users\Default\Pictures

\\?\c:\\Users\Default\Documents\My Videos: JUNCTION
Print Name : C:\Users\Default\Videos
Substitute Name: C:\Users\Default\Videos

\\?\c:\\Users\Michele\Application Data: JUNCTION
Print Name : C:\Users\Michele\AppData\Roaming
Substitute Name: C:\Users\Michele\AppData\Roaming

\\?\c:\\Users\Michele\Cookies: JUNCTION
Print Name : C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Michele\Local Settings: JUNCTION
Print Name : C:\Users\Michele\AppData\Local
Substitute Name: C:\Users\Michele\AppData\Local

\\?\c:\\Users\Michele\My Documents: JUNCTION
Print Name : C:\Users\Michele\Documents
Substitute Name: C:\Users\Michele\Documents

\\?\c:\\Users\Michele\NetHood: JUNCTION
Print Name : C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Michele\PrintHood: JUNCTION
Print Name : C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Michele\Recent: JUNCTION
Print Name : C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Michele\SendTo: JUNCTION
Print Name : C:\Users\Michele\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Michele\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Michele\Start Menu: JUNCTION
Print Name : C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Michele\Templates: JUNCTION
Print Name : C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Michele\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Michele\AppData\Local
Substitute Name: C:\Users\Michele\AppData\Local

\\?\c:\\Users\Michele\AppData\Local\History: JUNCTION
Print Name : C:\Users\Michele\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Michele\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Michele\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Michele\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Michele\AppData\Local\Microsoft\Windows\Temporary Internet Files

...

...

...

...

...

...

...

...

...

.\\?\c:\\Users\Michele\Documents\My Music: JUNCTION
Print Name : C:\Users\Michele\Music
Substitute Name: C:\Users\Michele\Music

\\?\c:\\Users\Michele\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Michele\Pictures
Substitute Name: C:\Users\Michele\Pictures

\\?\c:\\Users\Michele\Documents\My Videos: JUNCTION
Print Name : C:\Users\Michele\Videos
Substitute Name: C:\Users\Michele\Videos

..

...

\\?\c:\\Users\michelep\Application Data: JUNCTION
Print Name : C:\Users\michelep\AppData\Roaming
Substitute Name: C:\Users\michelep\AppData\Roaming

\\?\c:\\Users\michelep\Cookies: JUNCTION
Print Name : C:\Users\michelep\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\michelep\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\michelep\Local Settings: JUNCTION
Print Name : C:\Users\michelep\AppData\Local
Substitute Name: C:\Users\michelep\AppData\Local

\\?\c:\\Users\michelep\My Documents: JUNCTION
Print Name : C:\Users\michelep\Documents
Substitute Name: C:\Users\michelep\Documents

\\?\c:\\Users\michelep\NetHood: JUNCTION
Print Name : C:\Users\michelep\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\michelep\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\michelep\PrintHood: JUNCTION
Print Name : C:\Users\michelep\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\michelep\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\michelep\Recent: JUNCTION
Print Name : C:\Users\michelep\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\michelep\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\michelep\SendTo: JUNCTION
Print Name : C:\Users\michelep\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\michelep\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\michelep\Start Menu: JUNCTION
Print Name : C:\Users\michelep\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\michelep\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\michelep\Templates: JUNCTION
Print Name : C:\Users\michelep\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\michelep\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\michelep\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\michelep\AppData\Local
Substitute Name: C:\Users\michelep\AppData\Local

\\?\c:\\Users\michelep\AppData\Local\History: JUNCTION
Print Name : C:\Users\michelep\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\michelep\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\michelep\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\michelep\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\michelep\AppData\Local\Microsoft\Windows\Temporary Internet Files

\\?\c:\\Users\michelep\Documents\My Music: JUNCTION
Print Name : C:\Users\michelep\Music
Substitute Name: C:\Users\michelep\Music

\\?\c:\\Users\michelep\Documents\My Pictures: JUNCTION
Print Name : C:\Users\michelep\Pictures
Substitute Name: C:\Users\michelep\Pictures

\\?\c:\\Users\michelep\Documents\My Videos: JUNCTION
Print Name : C:\Users\michelep\Videos
Substitute Name: C:\Users\michelep\Videos

.\\?\c:\\Users\Public\Documents\My Music: JUNCTION
Print Name : C:\Users\Public\Music
Substitute Name: C:\Users\Public\Music

\\?\c:\\Users\Public\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Public\Pictures
Substitute Name: C:\Users\Public\Pictures

\\?\c:\\Users\Public\Documents\My Videos: JUNCTION
Print Name : C:\Users\Public\Videos
Substitute Name: C:\Users\Public\Videos

..

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\Windows\System32\LogFiles\WMI\RtBackup: Access is denied.


...

...

...

...

...

...
Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-activexcompat_31bf3856ad364e35_6.0.6000.16926_none_f453c79d0672c164.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16982_none_a990adb9f5e906aa.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16982_none_a990adb9f5e906aa_advpack.dll_8c6ea088: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.16889_none_a8ec88265cc499db.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.16889_none_a8ec88265cc499db_atl.dll_0c7220db: Access is denied.





Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c_rpcss.dll_fd3e269b: Access is denied.


.
Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6000.16939_none_b3c27d2921dd6669.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6000.16939_none_b3c27d2921dd6669_t2embed.dll_66e8486f: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2_atmfd.dll_ff796bf0: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2_atmlib.dll_fe5ca5c9: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2_dciman32.dll_a41dd515: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2_fontsub.dll_367a1189: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2_lpk.dll_ebdc1de9: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16982_none_b2a8601bd9e2640d.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16982_none_b2a8601bd9e2640d_urlmon.dll_95c89473: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16982_none_ffae3bbda4eb8aa0.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16982_none_ffae3bbda4eb8aa0_jsproxy.dll_3cc8d651: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16982_none_ffae3bbda4eb8aa0_wininet.dll_790e2e3a: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16982_none_ffae3bbda4eb8aa0_wininetplugin.dll_f2ff35f9: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16982_none_958b974f84bc8b21.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16982_none_958b974f84bc8b21_dxtmsft.dll_4b67eac6: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16982_none_958b974f84bc8b21_dxtrans.dll_814d2aee: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-extcompat_31bf3856ad364e35_6.0.6000.16982_none_3a74f442d9b27ed4.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlactivexcompat_31bf3856ad364e35_6.0.6000.16982_none_1534b58712e1db28.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16982_none_11085adc2541f3d6.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16982_none_11085adc2541f3d6_mshtml.dll_fab8f891: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16982_none_11085adc2541f3d6_mshtml.tlb_fab8f577: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16982_none_6267b4dfb1378203.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16982_none_6267b4dfb1378203_ieframe.dll_c6cbe33f: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16982_none_6267b4dfb1378203_ieui.dll_f0fcf806: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed_kernel32.dll_ef9eca7e: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a_ksecdd.sys_dfd5d421: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a_lsa-ppdlic.xrm-ms_507c6c63: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a_lsasrv.dll_56db747f: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a_lsass.exe_682060de: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a_secur32.dll_8d4d0a15: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6000.16922_none_c5603d92a849343f.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6000.16922_none_c5603d92a849343f_msasn1.dll_e56dbc57: Access is denied.


.
Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16903_none_868b088499acd4c5.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16903_none_868b088499acd4c5_msxml3.dll_eaee1698: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16903_none_868b088499acd4c5_msxml3r.dll_d752d00e: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16903_none_868ac42c99ad21a8.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16903_none_868ac42c99ad21a8_msxml6.dll_ebe15265: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16903_none_868ac42c99ad21a8_msxml6r.dll_d8460bdb: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21108_none_5546ab1ed13d8ba7.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21108_none_5546ab1ed13d8ba7_netio.sys_a06e75d0: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16615_none_a4851c9d1fc8a346.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16615_none_a4851c9d1fc8a346_ntfs.sys_e80dca04: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21101_none_6ad49de3d019654f.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21101_none_6ad49de3d019654f_ntkrnlpa.exe_165c312a: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21101_none_6ad49de3d019654f_ntoskrnl.exe_0fb0ab79: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6000.16850_none_b1de54a148164471.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6000.16850_none_b1de54a148164471_rpcrt4.dll_5aa847dd: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.16870_none_1fe460c0585503b5.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.16870_none_1fe460c0585503b5_schannel.dll_7364eaa8: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00_netiomig.dll_917b9a36: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00_netiougc.exe_94123cfe: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00_tcpip.sys_3339bd51: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00_tcpipcfg.dll_e3a99e8a: Access is denied.


.
Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.4.7600.226_en-us_3eed8fc4903631e2.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.4.7600.226_en-us_3eed8fc4903631e2_wuaueng.dll.mui_297f975d: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16908_none_b71543169d58fafc.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16908_none_b71543169d58fafc_win32k.sys_0d7a6fb3: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7_gdiplus.dll_423f7010: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6000.16782_none_8df276136273e58e.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6000.16782_none_8df276136273e58e_gdiplus.dll_423f7010: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6000.16913_none_22dff16cc5023274.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6000.16913_none_22dff16cc5023274_winhttp.dll_6cd72d6e: Access is denied.




.
Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_apppatch_1143992cbbbebcab.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_ehome_40103e2da1d121de.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_microsoft.net_3296b36dbe4c7fa3.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_microsoft.net_framework_83386eac0379231b.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_microsoft.net_framework_v2.0.50727_e9368840261e60ee.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_servicing_fc2045b9046cc796.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_servicing_gc32_972ee38cf65a9c2f.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_servicing_version_6.0.6002.18005_aecdeb30f9a49d36.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_system32_drivers_dc1b782427b5ee1b.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_system32_drivers_en-us_4bb913fc5eb96bcf.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_system32_en-us_429cd25484dc6f94.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_system32_licensing_ppdlic_e4dbfd5267861904.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_system32_manifeststore_7d35b12f9be4c20e.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_system32_migration_927a21df1acd7c18.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_system32_wbem_06656d9fdf2f8577.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_system32_wbem_tmf_026f0fb07227ea72.cdf-ms: Access is denied.


.
Failed to open \\?\c:\\Windows\winsxs\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\program_files_internet_explorer_a421d1bfaf856e2b.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\program_files_windows_mail_e07902f329fe05e9.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\program_files_windows_media_player_da4e5f6eb3198de9.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\program_files_windows_media_player_en-us_94ff97943fc617cd.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\_0000000000000000.cdf-ms: Access is denied.


.

...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\Windows\winsxs\Temp\PendingRenames: Access is denied.


...

...

...

...

...

...

...

...

...

...

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:47 AM

Posted 05 February 2010 - 01:37 PM

Hi,

Please got to start, then type run in the searchfield and rightlick run, choose "run as admin" and type

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

hit enter and post back with the logfile.

Edited by schrauber, 05 February 2010 - 01:38 PM.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 MicheleKP

MicheleKP
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 05 February 2010 - 02:15 PM

OK, ran it as administrator and this is what I got, TIA!!


/
Junction v1.05 - Windows junction creator and reparse point viewer
Copyright © 2000-2007 Mark Russinovich
Systems Internals - http://www.sysinternals.com

\\?\c:\\Documents and Settings: JUNCTION
Print Name : C:\Users
Substitute Name: C:\Users


Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\System Volume Information: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

..\\?\c:\\ProgramData\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\ProgramData\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\ProgramData\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\ProgramData\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

\\?\c:\\ProgramData\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\ProgramData\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

.


Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\72491d42f9ed691b8cef089dde7ed202_a256fb97-162a-4558-be23-08ae4bbcb195: Access is denied.


...

...

...

...\\?\c:\\Users\All Users: UNKNOWN MICROSOFT REPARSE POINT

\\?\c:\\Users\Default User: JUNCTION
Print Name : C:\Users\Default
Substitute Name: C:\Users\Default

\\?\c:\\Users\All Users\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\Users\All Users\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Users\All Users\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\Users\All Users\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites



\\?\c:\\Users\All Users\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Users\All Users\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

.
Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\72491d42f9ed691b8cef089dde7ed202_a256fb97-162a-4558-be23-08ae4bbcb195: Access is denied.


..

...

...

...

.\\?\c:\\Users\Chuck\Application Data: JUNCTION
Print Name : C:\Users\Chuck\AppData\Roaming
Substitute Name: C:\Users\Chuck\AppData\Roaming

\\?\c:\\Users\Chuck\Cookies: JUNCTION
Print Name : C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Chuck\Local Settings: JUNCTION
Print Name : C:\Users\Chuck\AppData\Local
Substitute Name: C:\Users\Chuck\AppData\Local

\\?\c:\\Users\Chuck\My Documents: JUNCTION
Print Name : C:\Users\Chuck\Documents
Substitute Name: C:\Users\Chuck\Documents

\\?\c:\\Users\Chuck\NetHood: JUNCTION
Print Name : C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Chuck\PrintHood: JUNCTION
Print Name : C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Chuck\Recent: JUNCTION
Print Name : C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Chuck\SendTo: JUNCTION
Print Name : C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Chuck\Start Menu: JUNCTION
Print Name : C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Chuck\Templates: JUNCTION
Print Name : C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Chuck\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Chuck\AppData\Local
Substitute Name: C:\Users\Chuck\AppData\Local

\\?\c:\\Users\Chuck\AppData\Local\History: JUNCTION
Print Name : C:\Users\Chuck\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Chuck\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Chuck\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Chuck\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Chuck\AppData\Local\Microsoft\Windows\Temporary Internet Files

..

...

...

\\?\c:\\Users\Chuck\Documents\My Music: JUNCTION
Print Name : C:\Users\Chuck\Music
Substitute Name: C:\Users\Chuck\Music

\\?\c:\\Users\Chuck\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Chuck\Pictures
Substitute Name: C:\Users\Chuck\Pictures

\\?\c:\\Users\Chuck\Documents\My Videos: JUNCTION
Print Name : C:\Users\Chuck\Videos
Substitute Name: C:\Users\Chuck\Videos

...

\\?\c:\\Users\Default\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming
Substitute Name: C:\Users\Default\AppData\Roaming

\\?\c:\\Users\Default\Local Settings: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\My Documents: JUNCTION
Print Name : C:\Users\Default\Documents
Substitute Name: C:\Users\Default\Documents

\\?\c:\\Users\Default\NetHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Default\PrintHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Default\Recent: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Default\SendTo: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Default\Start Menu: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Default\Templates: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Default\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\AppData\Local\History: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Default\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files

\\?\c:\\Users\Default\Documents\My Music: JUNCTION
Print Name : C:\Users\Default\Music
Substitute Name: C:\Users\Default\Music

\\?\c:\\Users\Default\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Default\Pictures
Substitute Name: C:\Users\Default\Pictures

\\?\c:\\Users\Default\Documents\My Videos: JUNCTION
Print Name : C:\Users\Default\Videos
Substitute Name: C:\Users\Default\Videos

\\?\c:\\Users\Michele\Application Data: JUNCTION
Print Name : C:\Users\Michele\AppData\Roaming
Substitute Name: C:\Users\Michele\AppData\Roaming

\\?\c:\\Users\Michele\Cookies: JUNCTION
Print Name : C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Michele\Local Settings: JUNCTION
Print Name : C:\Users\Michele\AppData\Local
Substitute Name: C:\Users\Michele\AppData\Local

\\?\c:\\Users\Michele\My Documents: JUNCTION
Print Name : C:\Users\Michele\Documents
Substitute Name: C:\Users\Michele\Documents

\\?\c:\\Users\Michele\NetHood: JUNCTION
Print Name : C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Michele\PrintHood: JUNCTION
Print Name : C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Michele\Recent: JUNCTION
Print Name : C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Michele\SendTo: JUNCTION
Print Name : C:\Users\Michele\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Michele\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Michele\Start Menu: JUNCTION
Print Name : C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Michele\Templates: JUNCTION
Print Name : C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Michele\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Michele\AppData\Local
Substitute Name: C:\Users\Michele\AppData\Local

\\?\c:\\Users\Michele\AppData\Local\History: JUNCTION
Print Name : C:\Users\Michele\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Michele\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Michele\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Michele\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Michele\AppData\Local\Microsoft\Windows\Temporary Internet Files

...

...

...

...

...

...

...

...

...

..\\?\c:\\Users\Michele\Documents\My Music: JUNCTION
Print Name : C:\Users\Michele\Music
Substitute Name: C:\Users\Michele\Music

\\?\c:\\Users\Michele\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Michele\Pictures
Substitute Name: C:\Users\Michele\Pictures

\\?\c:\\Users\Michele\Documents\My Videos: JUNCTION
Print Name : C:\Users\Michele\Videos
Substitute Name: C:\Users\Michele\Videos

.

...

.\\?\c:\\Users\michelep\Application Data: JUNCTION
Print Name : C:\Users\michelep\AppData\Roaming
Substitute Name: C:\Users\michelep\AppData\Roaming

\\?\c:\\Users\michelep\Cookies: JUNCTION
Print Name : C:\Users\michelep\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\michelep\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\michelep\Local Settings: JUNCTION
Print Name : C:\Users\michelep\AppData\Local
Substitute Name: C:\Users\michelep\AppData\Local

\\?\c:\\Users\michelep\My Documents: JUNCTION
Print Name : C:\Users\michelep\Documents
Substitute Name: C:\Users\michelep\Documents

\\?\c:\\Users\michelep\NetHood: JUNCTION
Print Name : C:\Users\michelep\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\michelep\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\michelep\PrintHood: JUNCTION
Print Name : C:\Users\michelep\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\michelep\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\michelep\Recent: JUNCTION
Print Name : C:\Users\michelep\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\michelep\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\michelep\SendTo: JUNCTION
Print Name : C:\Users\michelep\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\michelep\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\michelep\Start Menu: JUNCTION
Print Name : C:\Users\michelep\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\michelep\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\michelep\Templates: JUNCTION
Print Name : C:\Users\michelep\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\michelep\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\michelep\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\michelep\AppData\Local
Substitute Name: C:\Users\michelep\AppData\Local

\\?\c:\\Users\michelep\AppData\Local\History: JUNCTION
Print Name : C:\Users\michelep\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\michelep\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\michelep\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\michelep\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\michelep\AppData\Local\Microsoft\Windows\Temporary Internet Files

\\?\c:\\Users\michelep\Documents\My Music: JUNCTION
Print Name : C:\Users\michelep\Music
Substitute Name: C:\Users\michelep\Music

\\?\c:\\Users\michelep\Documents\My Pictures: JUNCTION
Print Name : C:\Users\michelep\Pictures
Substitute Name: C:\Users\michelep\Pictures

\\?\c:\\Users\michelep\Documents\My Videos: JUNCTION
Print Name : C:\Users\michelep\Videos
Substitute Name: C:\Users\michelep\Videos

\\?\c:\\Users\Public\Documents\My Music: JUNCTION
Print Name : C:\Users\Public\Music
Substitute Name: C:\Users\Public\Music

\\?\c:\\Users\Public\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Public\Pictures
Substitute Name: C:\Users\Public\Pictures

\\?\c:\\Users\Public\Documents\My Videos: JUNCTION
Print Name : C:\Users\Public\Videos
Substitute Name: C:\Users\Public\Videos

..

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\Windows\System32\LogFiles\WMI\RtBackup: Access is denied.


...

...

...

...

...

...


Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-activexcompat_31bf3856ad364e35_6.0.6000.16926_none_f453c79d0672c164.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16982_none_a990adb9f5e906aa.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16982_none_a990adb9f5e906aa_advpack.dll_8c6ea088: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.16889_none_a8ec88265cc499db.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.16889_none_a8ec88265cc499db_atl.dll_0c7220db: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c_rpcss.dll_fd3e269b: Access is denied.


.
Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6000.16939_none_b3c27d2921dd6669.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6000.16939_none_b3c27d2921dd6669_t2embed.dll_66e8486f: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2_atmfd.dll_ff796bf0: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2_atmlib.dll_fe5ca5c9: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2_dciman32.dll_a41dd515: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2_fontsub.dll_367a1189: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2_lpk.dll_ebdc1de9: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16982_none_b2a8601bd9e2640d.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16982_none_b2a8601bd9e2640d_urlmon.dll_95c89473: Access is denied.


.
Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16982_none_ffae3bbda4eb8aa0.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16982_none_ffae3bbda4eb8aa0_jsproxy.dll_3cc8d651: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16982_none_ffae3bbda4eb8aa0_wininet.dll_790e2e3a: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16982_none_ffae3bbda4eb8aa0_wininetplugin.dll_f2ff35f9: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16982_none_958b974f84bc8b21.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16982_none_958b974f84bc8b21_dxtmsft.dll_4b67eac6: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16982_none_958b974f84bc8b21_dxtrans.dll_814d2aee: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-extcompat_31bf3856ad364e35_6.0.6000.16982_none_3a74f442d9b27ed4.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlactivexcompat_31bf3856ad364e35_6.0.6000.16982_none_1534b58712e1db28.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16982_none_11085adc2541f3d6.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16982_none_11085adc2541f3d6_mshtml.dll_fab8f891: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16982_none_11085adc2541f3d6_mshtml.tlb_fab8f577: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16982_none_6267b4dfb1378203.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16982_none_6267b4dfb1378203_ieframe.dll_c6cbe33f: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16982_none_6267b4dfb1378203_ieui.dll_f0fcf806: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed_kernel32.dll_ef9eca7e: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a_ksecdd.sys_dfd5d421: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a_lsa-ppdlic.xrm-ms_507c6c63: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a_lsasrv.dll_56db747f: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a_lsass.exe_682060de: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a_secur32.dll_8d4d0a15: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6000.16922_none_c5603d92a849343f.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6000.16922_none_c5603d92a849343f_msasn1.dll_e56dbc57: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16903_none_868b088499acd4c5.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16903_none_868b088499acd4c5_msxml3.dll_eaee1698: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16903_none_868b088499acd4c5_msxml3r.dll_d752d00e: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16903_none_868ac42c99ad21a8.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16903_none_868ac42c99ad21a8_msxml6.dll_ebe15265: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16903_none_868ac42c99ad21a8_msxml6r.dll_d8460bdb: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21108_none_5546ab1ed13d8ba7.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21108_none_5546ab1ed13d8ba7_netio.sys_a06e75d0: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16615_none_a4851c9d1fc8a346.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16615_none_a4851c9d1fc8a346_ntfs.sys_e80dca04: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21101_none_6ad49de3d019654f.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21101_none_6ad49de3d019654f_ntkrnlpa.exe_165c312a: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21101_none_6ad49de3d019654f_ntoskrnl.exe_0fb0ab79: Access is denied.


.
Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6000.16850_none_b1de54a148164471.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6000.16850_none_b1de54a148164471_rpcrt4.dll_5aa847dd: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.16870_none_1fe460c0585503b5.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.16870_none_1fe460c0585503b5_schannel.dll_7364eaa8: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00_netiomig.dll_917b9a36: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00_netiougc.exe_94123cfe: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00_tcpip.sys_3339bd51: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00_tcpipcfg.dll_e3a99e8a: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.4.7600.226_en-us_3eed8fc4903631e2.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-w..ient-core.resources_31bf3856ad364e35_7.4.7600.226_en-us_3eed8fc4903631e2_wuaueng.dll.mui_297f975d: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16908_none_b71543169d58fafc.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16908_none_b71543169d58fafc_win32k.sys_0d7a6fb3: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7_gdiplus.dll_423f7010: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6000.16782_none_8df276136273e58e.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6000.16782_none_8df276136273e58e_gdiplus.dll_423f7010: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6000.16913_none_22dff16cc5023274.manifest: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\Backup\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6000.16913_none_22dff16cc5023274_winhttp.dll_6cd72d6e: Access is denied.




.
Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_apppatch_1143992cbbbebcab.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_ehome_40103e2da1d121de.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_microsoft.net_3296b36dbe4c7fa3.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_microsoft.net_framework_83386eac0379231b.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_microsoft.net_framework_v2.0.50727_e9368840261e60ee.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_servicing_fc2045b9046cc796.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_servicing_gc32_972ee38cf65a9c2f.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_servicing_version_6.0.6002.18005_aecdeb30f9a49d36.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_system32_drivers_dc1b782427b5ee1b.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_system32_drivers_en-us_4bb913fc5eb96bcf.cdf-ms: Access is denied.


.
Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_system32_en-us_429cd25484dc6f94.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_system32_licensing_ppdlic_e4dbfd5267861904.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_system32_manifeststore_7d35b12f9be4c20e.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_system32_migration_927a21df1acd7c18.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_system32_wbem_06656d9fdf2f8577.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\$$_system32_wbem_tmf_026f0fb07227ea72.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\program_files_internet_explorer_a421d1bfaf856e2b.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\program_files_windows_mail_e07902f329fe05e9.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\program_files_windows_media_player_da4e5f6eb3198de9.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\program_files_windows_media_player_en-us_94ff97943fc617cd.cdf-ms: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\FileMaps\_0000000000000000.cdf-ms: Access is denied.


.

...

...

...

...

...

...

...

...

...

.
Failed to open \\?\c:\\Windows\winsxs\Temp\PendingRenames: Access is denied.


..

...

...

...

...

...

...

...

...

...

#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:47 AM

Posted 05 February 2010 - 03:15 PM

Please post back with a fresh OTL logfile.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 MicheleKP

MicheleKP
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 05 February 2010 - 05:13 PM

Here you go, thanks!


OTL logfile created on: 2/5/2010 5:08:52 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Michele\Documents\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 325.54 Gb Total Space | 222.10 Gb Free Space | 68.22% Space Free | Partition Type: NTFS
Drive D: | 9.81 Gb Total Space | 1.05 Gb Free Space | 10.69% Space Free | Partition Type: NTFS
Drive E: | 335.35 Gb Total Space | 176.93 Gb Free Space | 52.76% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICE-PC
Current User Name: Michele
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/05 17:07:41 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Michele\Documents\Downloads\OTL.exe
PRC - [2010/01/21 02:24:00 | 000,527,344 | ---- | M] (Google Inc.) -- C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/01/04 17:02:10 | 001,012,080 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
PRC - [2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/11/02 07:36:04 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2006/11/02 04:45:50 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe


========== Modules (SafeList) ==========

MOD - [2010/02/05 17:07:41 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Michele\Documents\Downloads\OTL.exe
MOD - [2006/11/02 04:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/01/05 21:47:12 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2010/01/04 17:02:10 | 001,012,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/23 20:16:16 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/06/02 17:50:34 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/11/12 22:26:11 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/18 06:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/09/25 19:16:08 | 000,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/09/19 20:30:52 | 000,065,536 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2007/07/23 18:33:06 | 000,181,800 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/05/29 10:19:08 | 000,198,240 | ---- | M] () [Auto | Stopped] -- c:\hp\HPEZBTN\HPBtnSrv.exe -- (HPBtnSrv)
SRV - [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/10/13 08:22:50 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/08/28 18:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/10 19:06:28 | 000,069,936 | ---- | M] (Sunbelt Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2009/07/15 09:17:58 | 000,203,056 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (sbtis)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/11/20 14:19:06 | 000,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/06/02 17:49:48 | 000,305,688 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 04:04:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/15 18:19:04 | 002,047,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/10 18:57:00 | 008,237,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/12/18 12:18:52 | 000,039,408 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\HP\DVDPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263})
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/01 04:21:08 | 001,129,344 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2007/09/24 06:09:10 | 000,464,384 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2007/09/12 20:35:54 | 000,025,760 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor 5 for Windows\pcd5srvc.pkms -- (PCD5SRVC{BD6912E3-AC9D80E8-05040000})
DRV - [2007/08/03 05:44:00 | 000,091,648 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/04/22 21:51:22 | 000,019,840 | ---- | M] (RDM Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ustp2.sys -- (ustp2)
DRV - [2007/01/18 10:24:58 | 000,026,496 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:58:51 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2006/11/02 03:55:05 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 01:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/06/19 09:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.maxiwe.com/


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DD 71 44 01 8D 2F 14 46 8A 1D EA 60 89 55 EE 90 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DD 71 44 01 8D 2F 14 46 8A 1D EA 60 89 55 EE 90 [binary data]

IE - HKU\S-1-5-21-181874937-3409160218-966848015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.mywebsearch.com/mywebsearch/...BF8QW6JO7h_HuwA
IE - HKU\S-1-5-21-181874937-3409160218-966848015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-181874937-3409160218-966848015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DD 71 44 01 8D 2F 14 46 8A 1D EA 60 89 55 EE 90 [binary data]
IE - HKU\S-1-5-21-181874937-3409160218-966848015-1000\S-1-5-21-181874937-3409160218-966848015-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-181874937-3409160218-966848015-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-181874937-3409160218-966848015-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-181874937-3409160218-966848015-1001\S-1-5-21-181874937-3409160218-966848015-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "MyWebSearch"
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.1
FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:2.23b1
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.0.4
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.52
FF - prefs.js..extensions.enabledItems: {b6cad2af-398b-4539-a084-4f78ff8dfa05}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRfox000&fl=0&ptb=gENXj5FBF8QW6JO7h_HuwA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/26 15:04:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/26 15:01:50 | 000,000,000 | ---D | M]

[2009/05/17 19:40:59 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\Mozilla\Extensions
[2008/12/24 17:25:10 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2009/05/17 19:40:59 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/26 15:45:57 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\9nlyduwf.default\extensions
[2009/12/11 10:09:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\9nlyduwf.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/10/29 11:11:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\9nlyduwf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/12 13:53:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\9nlyduwf.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/12/11 10:09:21 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\9nlyduwf.default\extensions\bettergmail2@ginatrapani.org
[2009/10/29 11:11:41 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\9nlyduwf.default\extensions\fastdial@telega.phpnet.us
[2009/10/29 11:11:42 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\9nlyduwf.default\extensions\lazarus@interclue.com
[2009/12/02 14:46:11 | 000,009,941 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\Mozilla\Firefox\Profiles\9nlyduwf.default\searchplugins\mywebsearch.xml
[2010/01/22 13:43:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/16 12:36:17 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nphssb.dll

O1 HOSTS File: ([2008/03/25 11:09:54 | 000,225,720 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.139mm.com
O1 - Hosts: 127.0.0.1 139mm.com
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 7914 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - No CLSID value found.
O3 - HKU\S-1-5-21-181874937-3409160218-966848015-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [SBRegRebootCleaner] C:\Program Files\Sunbelt Software\VIPRE\SBRC.exe (Sunbelt Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-181874937-3409160218-966848015-1000..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKU\S-1-5-21-181874937-3409160218-966848015-1000..\Run: [Google Update] C:\Users\Michele\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-181874937-3409160218-966848015-1000..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-181874937-3409160218-966848015-1000..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\LaCieBackup.exe (LaCie SA)
O4 - HKU\S-1-5-21-181874937-3409160218-966848015-1000..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-181874937-3409160218-966848015-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-181874937-3409160218-966848015-1001..\Run: [EPSON Stylus Photo RX595 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-181874937-3409160218-966848015-1001..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-181874937-3409160218-966848015-1001..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-181874937-3409160218-966848015-1001..\Run: [SB Wireless Music] C:\Program Files\Creative\SB Wireless Music\Media Server\SBWMsvr.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-181874937-3409160218-966848015-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-181874937-3409160218-966848015-1001..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe File not found
O4 - HKU\S-1-5-21-181874937-3409160218-966848015-1001..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-181874937-3409160218-966848015-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-181874937-3409160218-966848015-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-181874937-3409160218-966848015-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-181874937-3409160218-966848015-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-181874937-3409160218-966848015-1001_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 31 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: 31 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-181874937-3409160218-966848015-1000\..Trusted Domains: goldleafach.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-181874937-3409160218-966848015-1000\..Trusted Domains: 31 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-181874937-3409160218-966848015-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-181874937-3409160218-966848015-1001\..Trusted Domains: 31 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-181874937-3409160218-966848015-1001\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0EA69A0A-1123-490E-840F-3E2642938947} https://www.goldleafach.com/ach/Install/RDM61120/RDMTIFF.cab (TIFF Class)
O16 - DPF: {0F615A5A-868C-4748-8A2D-A15CDA6A7F82} https://www.goldleafach.com/ach/Install/RDM...20/RDMXUTIL.cab (XUtil Class)
O16 - DPF: {122FEF1E-2444-4DE5-A47E-762465C26606} https://www.goldleafach.com/ach/Install/RDM61120/RDMCO.cab (RDMOPOS Class)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.quickbooks.com/c1/v21.129/qboax10.cab (QuickBooks Online Edition Utilities Class v10)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB (TSEasyInstallX Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe (Virtools WebPlayer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Crater.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Crater.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/12 23:12:36 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *SBBD.exe /d \Device\HarddiskVolume1\Program Files\Sunbelt Software\VIPRE\Definitions) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/05 15:08:27 | 000,000,000 | ---D | C] -- C:\Temp
[2010/02/03 16:28:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/02/03 16:28:40 | 000,000,000 | ---D | C] -- C:\Users\Michele\AppData\Local\temp
[2010/02/03 16:28:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/02/02 15:51:39 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2010/02/02 12:12:11 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/02/02 12:12:10 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/02/02 12:12:10 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/02/02 12:12:10 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/02/02 12:12:09 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/02/02 12:12:06 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/02/02 12:12:05 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/02/02 12:12:05 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/02/02 12:12:04 | 000,459,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/02/02 12:12:04 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/02/02 12:12:04 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/02/02 12:12:03 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/02/02 12:12:03 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/02/02 12:12:02 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/02/02 12:12:02 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/02/02 12:12:02 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/02/02 12:12:02 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/02/02 12:12:00 | 001,830,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/02/02 12:12:00 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/02/02 12:11:59 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/02/02 12:11:57 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2010/02/02 12:11:57 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/01/26 16:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Cobian
[2010/01/26 16:55:55 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 9
[2010/01/26 15:39:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/01/26 15:39:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/01/26 15:39:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/01/26 15:39:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/01/26 15:39:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/01/26 15:35:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/01/26 14:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/26 14:09:39 | 000,000,000 | ---D | C] -- C:\Users\Michele\AppData\Roaming\PC Tools
[2010/01/26 14:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/01/26 14:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/14 23:52:52 | 000,000,000 | ---D | C] -- C:\Users\Michele\AppData\Roaming\Malwarebytes
[2010/01/14 23:52:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/14 23:52:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/14 23:52:37 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/14 23:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/14 23:51:24 | 000,195,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/01/12 16:55:41 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/01/12 16:55:41 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/12 16:55:41 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/12 16:55:41 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/01/12 16:55:41 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010/01/12 10:01:45 | 000,000,000 | ---D | C] -- C:\Users\Michele\AppData\Roaming\WinRAR
[2010/01/09 08:30:30 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/01/09 08:30:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/01/09 08:30:30 | 000,055,072 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\jureg.exe
[2010/01/09 08:30:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

========== Files - Modified Within 30 Days ==========

[2010/02/05 17:07:59 | 006,553,600 | -HS- | M] () -- C:\Users\Michele\ntuser.dat
[2010/02/05 15:12:51 | 000,001,356 | ---- | M] () -- C:\Users\Michele\AppData\Local\d3d9caps.dat
[2010/02/05 14:10:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/02/05 14:10:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/02/04 19:42:01 | 000,733,440 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/04 19:42:01 | 000,628,894 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/04 19:42:01 | 000,107,974 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/04 19:36:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/04 19:34:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/04 19:33:54 | 002,992,434 | -H-- | M] () -- C:\Users\Michele\AppData\Local\IconCache.db
[2010/02/04 19:30:22 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D50B0399-A230-46ED-9060-21EF5CAB1095}.job
[2010/02/04 19:29:59 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9A6DC187-2558-4DD2-AF86-65F19A160A12}.job
[2010/02/04 19:06:15 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-181874937-3409160218-966848015-1000UA.job
[2010/02/04 18:52:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/04 18:41:05 | 000,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/04 18:41:05 | 000,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/04 13:44:20 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/02/04 01:15:36 | 000,000,500 | ---- | M] () -- C:\Windows\tasks\Malwarebytes' Scheduled Scan for Michele.job
[2010/02/04 01:00:05 | 000,000,486 | ---- | M] () -- C:\Windows\tasks\Malwarebytes' Scheduled Update for Michele.job
[2010/02/03 21:52:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/03 20:06:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-181874937-3409160218-966848015-1000Core.job
[2010/02/03 16:26:55 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/02/03 16:15:40 | 003,845,286 | R--- | M] () -- C:\Users\Michele\Desktop\schrauber.exe
[2010/02/02 19:01:03 | 462,779,625 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/02/02 13:39:30 | 000,393,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/01/29 13:07:17 | 000,002,089 | ---- | M] () -- C:\Users\Michele\Desktop\Google Chrome.lnk
[2010/01/27 20:10:53 | 000,030,720 | ---- | M] () -- C:\Users\Michele\Documents\$$AVItemp.doc
[2010/01/27 14:18:09 | 000,000,137 | ---- | M] () -- C:\Windows\disney.ini
[2010/01/26 18:01:07 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMichele.job
[2010/01/25 17:34:01 | 000,028,160 | ---- | M] () -- C:\Users\Michele\Documents\$$Preview.doc
[2010/01/25 17:28:30 | 000,000,000 | ---- | M] () -- C:\Users\Michele\Documents\eFax_4_4_Port
[2010/01/14 23:52:42 | 000,000,855 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/14 23:44:07 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\VIPRE.lnk
[2010/01/14 23:39:41 | 000,000,073 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\74d338f6
[2010/01/14 23:35:24 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\AYYtt.vbs
[2010/01/14 23:35:20 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\WD33yE7TWO6UA.vbs
[2010/01/14 08:43:20 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\EULyo.vbs
[2010/01/14 08:43:13 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\Q68qIxeUWpoOO4E.vbs
[2010/01/13 07:05:58 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\4O63dRIH1SZyN.vbs
[2010/01/12 10:09:58 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\h4JZI.vbs
[2010/01/12 10:01:50 | 000,000,817 | ---- | M] () -- C:\Windows\System32\609435633
[2010/01/11 17:19:03 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\kiq9G.vbs
[2010/01/11 17:18:24 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\p0OnjJIDHWXPRR2.vbs
[2010/01/11 05:11:09 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\aHmc7.vbs
[2010/01/11 05:11:08 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\hTZ50urKxmKoR.vbs
[2010/01/10 10:03:47 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\0WLxmNE7pOyBO.vbs
[2010/01/10 10:03:46 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\LyW7kW757pvyj.vbs
[2010/01/09 21:32:00 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\UeisZ.vbs
[2010/01/09 20:32:00 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\l8fX6yEkjO9pyFs.vbs
[2010/01/09 12:56:40 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\q5eRD.vbs
[2010/01/09 12:55:43 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\h9FRyoNIkCsmRVl.vbs
[2010/01/09 11:33:28 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\2H8uuzlupGyR93R.vbs
[2010/01/09 10:24:15 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\gUTAiavH3Nuqcsl.vbs
[2010/01/09 09:02:14 | 000,000,104 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2010/01/09 08:32:21 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\DPNOMDvQbxFYo.vbs
[2010/01/09 08:31:37 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\unlTckg.vbs
[2010/01/08 06:12:38 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\0Zf4H0korkfqR.vbs
[2010/01/08 06:12:25 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\0pYsvvSITvmNC.vbs
[2010/01/08 06:10:44 | 000,018,432 | ---- | M] () -- C:\Users\Michele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/06 17:44:16 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\dwThExsD8UCnFrb.vbs

========== Files Created - No Company Name ==========

[2010/02/05 14:10:19 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/02/05 14:10:19 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/02/03 16:15:37 | 003,845,286 | R--- | C] () -- C:\Users\Michele\Desktop\schrauber.exe
[2010/01/27 20:10:29 | 000,030,720 | ---- | C] () -- C:\Users\Michele\Documents\RxPad.doc
[2010/01/26 15:39:52 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/01/26 15:39:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/01/26 15:39:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/01/26 15:39:52 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/01/26 15:39:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/01/25 17:29:18 | 000,025,600 | ---- | C] () -- C:\Users\Michele\Documents\ANTECHLR.doc
[2010/01/15 00:22:04 | 000,000,500 | ---- | C] () -- C:\Windows\tasks\Malwarebytes' Scheduled Scan for Michele.job
[2010/01/15 00:22:01 | 000,000,486 | ---- | C] () -- C:\Windows\tasks\Malwarebytes' Scheduled Update for Michele.job
[2010/01/14 23:52:42 | 000,000,855 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/14 23:35:24 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\AYYtt.vbs
[2010/01/14 23:35:20 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\WD33yE7TWO6UA.vbs
[2010/01/14 08:43:20 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\EULyo.vbs
[2010/01/14 08:43:13 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\Q68qIxeUWpoOO4E.vbs
[2010/01/13 07:05:58 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\4O63dRIH1SZyN.vbs
[2010/01/12 10:09:58 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\h4JZI.vbs
[2010/01/12 10:01:50 | 000,000,817 | ---- | C] () -- C:\Windows\System32\609435633
[2010/01/11 17:19:03 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\kiq9G.vbs
[2010/01/11 17:18:24 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\p0OnjJIDHWXPRR2.vbs
[2010/01/11 05:11:09 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\aHmc7.vbs
[2010/01/11 05:11:08 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\hTZ50urKxmKoR.vbs
[2010/01/10 10:03:47 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\0WLxmNE7pOyBO.vbs
[2010/01/10 10:03:46 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\LyW7kW757pvyj.vbs
[2010/01/09 21:32:00 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\UeisZ.vbs
[2010/01/09 20:32:00 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\l8fX6yEkjO9pyFs.vbs
[2010/01/09 12:56:40 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\q5eRD.vbs
[2010/01/09 12:55:43 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\h9FRyoNIkCsmRVl.vbs
[2010/01/09 11:33:28 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\2H8uuzlupGyR93R.vbs
[2010/01/09 10:24:15 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\gUTAiavH3Nuqcsl.vbs
[2010/01/09 09:00:47 | 000,000,104 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2010/01/09 08:32:21 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\DPNOMDvQbxFYo.vbs
[2010/01/09 08:31:37 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\unlTckg.vbs
[2010/01/08 10:53:00 | 000,000,073 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\74d338f6
[2010/01/08 06:12:38 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\0Zf4H0korkfqR.vbs
[2010/01/08 06:12:25 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\0pYsvvSITvmNC.vbs
[2010/01/06 17:44:16 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\dwThExsD8UCnFrb.vbs
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/08/08 17:30:03 | 000,000,137 | ---- | C] () -- C:\Windows\disney.ini
[2008/05/29 07:15:24 | 000,000,066 | ---- | C] () -- C:\Windows\iltwain.ini
[2008/04/16 08:40:54 | 000,000,552 | ---- | C] () -- C:\Users\Michele\AppData\Local\d3d8caps.dat
[2008/03/01 10:14:03 | 000,018,432 | ---- | C] () -- C:\Users\Michele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/29 00:31:32 | 000,001,356 | ---- | C] () -- C:\Users\Michele\AppData\Local\d3d9caps.dat
[2008/02/29 00:10:21 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/02/29 00:07:30 | 000,000,084 | ---- | C] () -- C:\Windows\EPSPRX595.ini
[2007/11/12 23:05:39 | 000,000,342 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/11/12 23:01:54 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007/11/12 22:50:23 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/11/12 22:50:23 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:57:36 | 000,171,520 | ---- | C] () -- C:\Windows\System32\nlasvc.dll.old
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/12/03 14:53:25 | 000,626,688 | ---- | C] () -- C:\Windows\System32\dfxg13.dll
[2005/10/07 18:16:29 | 000,375,296 | ---- | C] () -- C:\Windows\System32\tx32.dll
[2005/10/07 18:16:29 | 000,000,202 | ---- | C] () -- C:\Windows\System32\Ic32.ini
[2005/01/28 08:08:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2002/09/17 15:46:30 | 000,229,376 | ---- | C] () -- C:\Windows\System32\ISP2000.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:60C897F3
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:E84CA8F2
@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:4CF76F21
@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:45F31C4F
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >




OTL Extras logfile created on: 2/5/2010 5:08:53 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Michele\Documents\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 325.54 Gb Total Space | 222.10 Gb Free Space | 68.22% Space Free | Partition Type: NTFS
Drive D: | 9.81 Gb Total Space | 1.05 Gb Free Space | 10.69% Space Free | Partition Type: NTFS
Drive E: | 335.35 Gb Total Space | 176.93 Gb Free Space | 52.76% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICE-PC
Current User Name: Michele
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0951B0F2-E197-4439-9F7E-871CDF918F13}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{128ABBE3-A5F0-416E-A7C8-A3EB85171388}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{19193008-81B1-4994-85E0-20B837343DCD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1DB3C0B2-CF26-42B0-82C6-0BDF270D5E35}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1F1EE689-E6A4-42BA-9D6B-8404689DB293}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{215F658F-5F7C-4C17-AE35-D664CA98F883}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{358E52DD-232A-46A7-8547-4F7FD31DAB2F}" = lport=138 | protocol=17 | dir=in | app=system |
"{36EB6E77-1411-4241-AF04-EE8D64CC3E71}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3E86BE70-B3AF-4305-8C25-4B5EF69AF721}" = rport=137 | protocol=17 | dir=out | app=system |
"{42E5F257-8B4E-4743-98AC-77EF07973591}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{45E75A96-47B1-4175-8629-451D0CEEF3BA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{46F57655-BE32-4CE9-B9C4-113F3D637064}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4EE3FC58-66E1-4A08-BC20-046DBE9787BE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4F6A766E-6DCE-4818-8079-77671BE1BAA1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{50044FB9-6F64-44AE-A8D6-0288E4F12913}" = rport=139 | protocol=6 | dir=out | app=system |
"{5BC6F30D-F5F2-43EE-B1B1-DF827281440A}" = rport=138 | protocol=17 | dir=out | app=system |
"{604FA91C-DD45-43C8-8FB5-581AB8A2CA2C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{67A2E10B-CD6E-48A5-A9DB-8C4D70D49396}" = rport=445 | protocol=6 | dir=out | app=system |
"{A572AAA9-0E5C-455B-BADB-DCE0CA439A53}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BE10FE7F-B845-4740-815B-6FF022F22F6C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C702FF30-EE16-49D2-A6FB-E48A7AED6457}" = lport=137 | protocol=17 | dir=in | app=system |
"{D0CF1B51-4CBB-4CA9-84CC-5FF2B59E80D2}" = lport=139 | protocol=6 | dir=in | app=system |
"{E5823A84-EB6E-41AE-9C4D-B6058FC163C7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F27513C2-25A8-4CCB-923B-8211A70C7A1D}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12EF5A62-AB65-4CAE-A2FE-580F89EA94F8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1E6A620C-B8C0-468B-AA7A-CAA3AB0B2007}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{1F4CA090-666A-434C-9F15-8D7F33C6B52B}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{238C1415-CFFB-4FE9-93E2-BF7739610BDD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{26161964-9F10-4F83-8FAA-B2BC02C13960}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{335DCC0A-69AA-44D1-B270-2D9D577BC554}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{382F6383-E2D8-4AD5-A8A8-59DE82827A0C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4035D80C-A5A6-49EA-9CF8-ED0FC4A919A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{412AFB95-6EFC-42EC-9399-69108C9D3CD1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{43AD2D0E-F164-4502-9217-5CD3CF0F5C79}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{448D7917-7E2C-471E-931A-4C9A3E5DCF2D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{449DF746-7EDF-40FA-AE84-40B498759794}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{465FC127-AC55-4210-8F3F-AA40294F83B2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{472F3A29-D59B-48F2-AB7E-39C9FC8BF5EB}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{5263C5F7-5266-4B2F-A685-B7F6176E6A74}" = dir=in | app=c:\program files\hp\dvdplay\dpservice.exe |
"{544F2DE5-8B2F-45ED-902E-4145D7EA28A1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5A6BAA2D-1102-4031-9836-5688753D6D72}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{5B7879C5-DBB9-447A-9587-9E825FB282AA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5B8F0BB7-09F3-4638-9F96-32E4E3772D79}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5E1B4AD6-68FD-4263-B222-8994CA93037B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5FBF6B42-5005-4E0C-B6F9-BDED1E967C61}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{60771B94-3A9D-456C-BB08-9BBCC6B7DB41}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{63C49FBC-CC3F-4AC5-AAFB-A4FB1C3A2F6C}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{6439EDE2-85AC-4C42-ADDE-4762DF4E8055}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{64DFB70A-A5A1-4071-BCC0-45C054E1E2FE}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6580BBCE-3227-4FDD-BA21-378641A7D5C9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6F60E50B-6F0F-409C-8A88-C5408BB950A9}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{86B9094A-C031-4E23-9619-3CEF9D27EDE7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{89058B5E-4DD9-499D-B073-1D91F212BC7D}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{8B0391D0-84BC-4B66-B66A-0AA65E52AC6F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{9979C0D5-A08B-408A-8A36-E734BDD8C22A}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{9D2C5721-CE26-4F3D-A603-02A50BDDC4DB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A41DD041-6C08-4277-804B-5B6A0897B4BA}" = dir=in | app=c:\program files\hp\dvdplay\dvdplay.exe |
"{A53EF03B-034D-4903-B5F5-D509D343AAAD}" = protocol=6 | dir=out | app=system |
"{AB0E87F6-0340-49DD-9349-F51DC4705901}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{AC02F66C-22B9-43D9-9A4D-B0F8B06CB2BE}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{C38D6CEF-FCC2-4EAC-825B-60D8A18ACE44}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{D1341899-ACAE-4B92-A4B7-83EC839AC1A1}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D50F3343-1363-48FE-9887-B3D4F02DAE24}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DB148793-F61A-44A2-9532-88F95FD78F6F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DC1D98DB-A79E-4A28-BA73-418F70E8B51F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DCF03A3C-6BC2-480E-97FB-884D2A41FA80}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DD2C218B-8519-44DE-9A62-327A80EF8DFC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DD6C85B5-C5C1-452E-A445-B13F983DC3E3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E0DC2D56-E700-4B0F-8439-D47BA88EE545}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E28D9FA1-7BC3-4C88-8234-A586CBB4D198}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EB0F2605-3CB4-4FB8-B033-36042438B882}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F180F01D-EF5D-4604-B4EF-276CCCCAB872}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F245288A-DCAF-494A-8BDB-64900D3633E7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F8324C36-5173-428C-9E63-58D3D46208AD}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FCE94B18-5CB8-46EF-BF5B-D90917B7F4FD}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{FEC7ADE0-8ECD-439F-871B-146B8C320604}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{6F339878-5EBA-4AF5-A92C-07028F2CEE4D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{75996625-03A7-43DA-840D-97D0D1300E43}C:\program files\creative\sb wireless music\media server\sbwmsvr.exe" = protocol=6 | dir=in | app=c:\program files\creative\sb wireless music\media server\sbwmsvr.exe |
"UDP Query User{00E32C87-7C87-4153-9662-9EC54740FE15}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{ABF85DFD-4365-4A5D-A339-4C87229F9C03}C:\program files\creative\sb wireless music\media server\sbwmsvr.exe" = protocol=17 | dir=in | app=c:\program files\creative\sb wireless music\media server\sbwmsvr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0978A841-2E44-4A85-922B-36D96F0BAE0E}_is1" = 3GP Player 2009
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus Photo RX595 Series Scanner Driver Update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{210309F3-7A5A-474C-B474-390D99C6A257}" = VIPRE Antivirus + Antispyware
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3EBA6E7C-3DF6-48AE-B87B-4CAFB2C1C3F7}" = LightScribe Template Labeler
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = DVD Play HD DVD
"{4627AB00-A0D2-11D7-9E5C-00D0B76A8705}" = Creative Sound Blaster Wireless Music
"{4676DB43-A5E5-40AD-ACBB-5D80AFD2AFC4}" = Opera 9.24
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4E48FAD8-211D-4BA6-90BE-38409B3224F7}" = RDM USB Vista Certified Device Driver
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA Player 4.1
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5967A03E-3B74-4DF1-B591-2D89CA26BDC9}" = LaCie Backup Software v1.5.2378
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7C0B3A39-6602-4E52-9561-01C24E7BDFC0}" = muvee autoProducer 6.1
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{972769DD-0C00-4920-A56F-1DEC675B14B3}" = AVImark
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-1033-F400-BA7E-100000000002}" = Adobe Acrobat 7.0 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements
"{B139DD51-C3F1-4583-98B4-D35F64EA847F}" = Windows Easy Transfer Companion (Beta)
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4C9170-F517-42EB-A5CB-F16DE610315A}" = Stamps.com Application Support for Microsoft Outlook 2000, 2002, 2003
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7
"{DAD4DE93-9438-4823-AE5E-93A1BE846FE0}" = Stamps.com Application Support for Microsoft Word 2000, 2002, 2003
"{DDBC8703-AA18-491F-97BE-98D4543A901B}" = FileMover
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1
"{e96b3d28-47d6-43cc-98fd-7069eeab6b11}" = HP Total Care Advisor
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FA86DB6D-DD7B-46A2-8FB1-6B33460D03A4}" = iPod System Software Updater 2.0.1
"{FC66E05E-8D39-47A6-8D07-759F33727EB0}" = Opera 10.00
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 7.0 Standard - EFG - V" = Adobe Acrobat 7.1.0 Standard - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"Audacity_is1" = Audacity 1.2.6
"BFG-Mae Q'West and the Sign of the Stars" = Mae Q`West and the Sign of the Stars
"BFG-Virtual Villagers - The Secret City" = Virtual Villagers: The Secret City
"BFG-Westward II - Heroes of the Frontier" = Westward II: Heroes of the Frontier
"BookWorm Deluxe 1.03" = BookWorm Deluxe 1.03
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"CobBackup9" = Cobian Backup 9
"DFX for MUSICMATCH" = DFX for MUSICMATCH
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Fairly OddParents - Timmy's Roach Rampage" = Fairly OddParents - Timmy's Roach Rampage
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Google Updater" = Google Updater
"Grimm's Hatchery" = Grimm's Hatchery
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"ImgBurn" = ImgBurn
"InfraRecorder" = InfraRecorder
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{FA86DB6D-DD7B-46A2-8FB1-6B33460D03A4}" = iPod System Software Updater 2.0.1
"Intuit SiteBuilder" = Intuit SiteBuilder
"Jimmy Neutron Space Blast" = Jimmy Neutron Space Blast
"LimeWire" = LimeWire 5.1.2
"Luxor 3" = Luxor 3
"Magic Inlay" = Magic Inlay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"Oxelon Media Converter_is1" = Oxelon Media Converter 1.0
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Peggle Deluxe" = Peggle Deluxe
"Picasa 3" = Picasa 3
"Puppy Luv: A New Breed" = Puppy Luv: A New Breed
"Putt Putt Enters the Race" = Putt Putt Enters the Race
"Putt Putt Goes to the Moon" = Putt Putt Goes to the Moon
"Putt Putt Joins The Parade" = Putt Putt Joins The Parade
"Putt Putt Travels Through the Time" = Putt Putt Travels Through the Time
"RealPlayer 6.0" = RealPlayer Basic
"Silent Package Run-Time Sample" = EPSON RX595 User's Guide
"Sparkle" = Sparkle
"Stamps.com" = Stamps.com
"Stamps.com support for Microsoft Outlook 2000-2007" = Stamps.com support for Microsoft Outlook 2000-2007
"Stamps.com support for Microsoft Word 2000-2007" = Stamps.com support for Microsoft Word 2000-2007
"TextCalc" = TextCalc
"The 5-Minute Veterinary Consult, V. 3" = The 5-Minute Veterinary Consult, V. 3
"TomTom HOME" = TomTom HOME 2.5.2.60
"Tropix" = Tropix
"Veetle TV" = Veetle TV 0.9.15
"Virtual Villagers: The Lost Children" = Virtual Villagers: The Lost Children
"WildTangent hp Master Uninstall" = My HP Games
"Winamp" = Winamp
"WinZip" = WinZip
"Wootalyzer" = Wootalyzer!
"Zoo Vet" = Zoo Vet

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-181874937-3409160218-966848015-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/4/2010 6:52:05 PM | Computer Name = Office-PC | Source = Google Update | ID = 20
Description =

Error - 2/4/2010 6:55:28 PM | Computer Name = Office-PC | Source = Google Update | ID = 20
Description =

Error - 2/4/2010 7:03:53 PM | Computer Name = Office-PC | Source = Google Update | ID = 20
Description =

Error - 2/4/2010 7:06:05 PM | Computer Name = Office-PC | Source = Google Update | ID = 20
Description =

Error - 2/4/2010 7:52:05 PM | Computer Name = Office-PC | Source = Google Update | ID = 20
Description =

Error - 2/4/2010 7:55:28 PM | Computer Name = Office-PC | Source = Google Update | ID = 20
Description =

Error - 2/4/2010 8:03:53 PM | Computer Name = Office-PC | Source = Google Update | ID = 20
Description =

Error - 2/4/2010 8:06:05 PM | Computer Name = Office-PC | Source = Google Update | ID = 20
Description =

Error - 2/4/2010 8:38:16 PM | Computer Name = Office-PC | Source = EventSystem | ID = 4609
Description =

Error - 2/5/2010 2:58:15 PM | Computer Name = Office-PC | Source = EventSystem | ID = 4609
Description =

[ Media Center Events ]
Error - 10/1/2008 1:36:36 PM | Computer Name = Office-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/29/2009 10:38:51 PM | Computer Name = Office-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/4/2009 1:30:40 AM | Computer Name = Office-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 2/2/2010 8:02:18 PM | Computer Name = Office-PC | Source = DCOM | ID = 10005
Description =

Error - 2/3/2010 1:51:06 PM | Computer Name = Office-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 2/4/2010 8:38:06 PM | Computer Name = Office-PC | Source = DCOM | ID = 10005
Description =

Error - 2/4/2010 8:38:16 PM | Computer Name = Office-PC | Source = DCOM | ID = 10005
Description =

Error - 2/4/2010 8:38:18 PM | Computer Name = Office-PC | Source = DCOM | ID = 10005
Description =

Error - 2/4/2010 8:39:12 PM | Computer Name = Office-PC | Source = DCOM | ID = 10005
Description =

Error - 2/5/2010 2:58:09 PM | Computer Name = Office-PC | Source = DCOM | ID = 10005
Description =

Error - 2/5/2010 2:58:15 PM | Computer Name = Office-PC | Source = DCOM | ID = 10005
Description =

Error - 2/5/2010 2:58:17 PM | Computer Name = Office-PC | Source = DCOM | ID = 10005
Description =

Error - 2/5/2010 2:58:44 PM | Computer Name = Office-PC | Source = DCOM | ID = 10005
Description =


< End of report >


#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:47 AM

Posted 06 February 2010 - 07:20 AM

Hi,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :OTL
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DD 71 44 01 8D 2F 14 46 8A 1D EA 60 89 55 EE 90 [binary data]
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DD 71 44 01 8D 2F 14 46 8A 1D EA 60 89 55 EE 90 [binary data]
    IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-181874937-3409160218-966848015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.mywebsearch.com/mywebsearch/...BF8QW6JO7h_HuwA
    IE - HKU\S-1-5-21-181874937-3409160218-966848015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
    IE - HKU\S-1-5-21-181874937-3409160218-966848015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DD 71 44 01 8D 2F 14 46 8A 1D EA 60 89 55 EE 90 [binary data]
    IE - HKU\S-1-5-21-181874937-3409160218-966848015-1000\S-1-5-21-181874937-3409160218-966848015-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    FF - prefs.js..browser.search.selectedEngine: "MyWebSearch"
    FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:2.23b1
    FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.0.4
    FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.52
    FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRfox000&fl=0&ptb=gENXj5FBF8QW6JO7h_HuwA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor="
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - No CLSID value found.
    [2010/01/14 23:39:41 | 000,000,073 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\74d338f6
    [2010/01/14 23:35:24 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\AYYtt.vbs
    [2010/01/14 23:35:20 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\WD33yE7TWO6UA.vbs
    [2010/01/14 08:43:20 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\EULyo.vbs
    [2010/01/14 08:43:13 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\Q68qIxeUWpoOO4E.vbs
    [2010/01/13 07:05:58 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\4O63dRIH1SZyN.vbs
    [2010/01/12 10:09:58 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\h4JZI.vbs
    [2010/01/12 10:01:50 | 000,000,817 | ---- | M] () -- C:\Windows\System32\609435633
    [2010/01/11 17:19:03 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\kiq9G.vbs
    [2010/01/11 17:18:24 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\p0OnjJIDHWXPRR2.vbs
    [2010/01/11 05:11:09 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\aHmc7.vbs
    [2010/01/11 05:11:08 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\hTZ50urKxmKoR.vbs
    [2010/01/10 10:03:47 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\0WLxmNE7pOyBO.vbs
    [2010/01/10 10:03:46 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\LyW7kW757pvyj.vbs
    [2010/01/09 21:32:00 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\UeisZ.vbs
    [2010/01/09 20:32:00 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\l8fX6yEkjO9pyFs.vbs
    [2010/01/09 12:56:40 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\q5eRD.vbs
    [2010/01/09 12:55:43 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\h9FRyoNIkCsmRVl.vbs
    [2010/01/09 11:33:28 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\2H8uuzlupGyR93R.vbs
    [2010/01/09 10:24:15 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\gUTAiavH3Nuqcsl.vbs
    [2010/01/09 08:32:21 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\DPNOMDvQbxFYo.vbs
    [2010/01/09 08:31:37 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\unlTckg.vbs
    [2010/01/08 06:12:38 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\0Zf4H0korkfqR.vbs
    [2010/01/08 06:12:25 | 000,001,372 | ---- | M] () -- C:\Users\Michele\AppData\Roaming\0pYsvvSITvmNC.vbs
    [2010/01/14 23:35:24 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\AYYtt.vbs
    [2010/01/14 23:35:20 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\WD33yE7TWO6UA.vbs
    [2010/01/14 08:43:20 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\EULyo.vbs
    [2010/01/14 08:43:13 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\Q68qIxeUWpoOO4E.vbs
    [2010/01/13 07:05:58 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\4O63dRIH1SZyN.vbs
    [2010/01/12 10:09:58 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\h4JZI.vbs
    [2010/01/12 10:01:50 | 000,000,817 | ---- | C] () -- C:\Windows\System32\609435633
    [2010/01/11 17:19:03 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\kiq9G.vbs
    [2010/01/11 17:18:24 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\p0OnjJIDHWXPRR2.vbs
    [2010/01/11 05:11:09 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\aHmc7.vbs
    [2010/01/11 05:11:08 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\hTZ50urKxmKoR.vbs
    [2010/01/10 10:03:47 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\0WLxmNE7pOyBO.vbs
    [2010/01/10 10:03:46 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\LyW7kW757pvyj.vbs
    [2010/01/09 21:32:00 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\UeisZ.vbs
    [2010/01/09 20:32:00 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\l8fX6yEkjO9pyFs.vbs
    [2010/01/09 12:56:40 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\q5eRD.vbs
    [2010/01/09 12:55:43 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\h9FRyoNIkCsmRVl.vbs
    [2010/01/09 11:33:28 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\2H8uuzlupGyR93R.vbs
    [2010/01/09 10:24:15 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\gUTAiavH3Nuqcsl.vbs
    [2010/01/09 08:32:21 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\DPNOMDvQbxFYo.vbs
    [2010/01/09 08:31:37 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\unlTckg.vbs
    [2010/01/08 10:53:00 | 000,000,073 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\74d338f6
    [2010/01/08 06:12:38 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\0Zf4H0korkfqR.vbs
    [2010/01/08 06:12:25 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\0pYsvvSITvmNC.vbs
    [2010/01/06 17:44:16 | 000,001,372 | ---- | C] () -- C:\Users\Michele\AppData\Roaming\dwThExsD8UCnFrb.vbs
    [2008/08/08 17:30:03 | 000,000,137 | ---- | C] () -- C:\Windows\disney.ini
    [2008/05/29 07:15:24 | 000,000,066 | ---- | C] () -- C:\Windows\iltwain.ini
    @Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:60C897F3
    @Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:E84CA8F2
    @Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:4CF76F21
    @Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:45F31C4F
    @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
    :Commands
    [emptytemp]
    [resethosts]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 MicheleKP

MicheleKP
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 06 February 2010 - 11:31 AM

OK, things are improving :-). Here is the log file from the last OTL scan...thank you again for your help...




All processes killed
========== OTL ==========
Unable to set value : HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E!
Unable to set value : HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E!
HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Unable to set value : HKU\S-1-5-21-181874937-3409160218-966848015-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E!
Unable to set value : HKU\S-1-5-21-181874937-3409160218-966848015-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E!
Unable to set value : HKU\S-1-5-21-181874937-3409160218-966848015-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E!
HKU\S-1-5-21-181874937-3409160218-966848015-1000\S-1-5-21-181874937-3409160218-966848015-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "MyWebSearch" removed from browser.search.selectedEngine
Prefs.js: fastdial@telega.phpnet.us:2.23b1 removed from extensions.enabledItems
Prefs.js: lazarus@interclue.com:2.0.4 removed from extensions.enabledItems
Prefs.js: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.52 removed from extensions.enabledItems
Prefs.js: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRfox000&fl=0&ptb=gENXj5FBF8QW6JO7h_HuwA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}\ not found.
C:\Users\Michele\AppData\Roaming\74d338f6 moved successfully.
C:\Users\Michele\AppData\Roaming\AYYtt.vbs moved successfully.
C:\Users\Michele\AppData\Roaming\WD33yE7TWO6UA.vbs moved successfully.
C:\Users\Michele\AppData\Roaming\EULyo.vbs moved successfully.
C:\Users\Michele\AppData\Roaming\Q68qIxeUWpoOO4E.vbs moved successfully.
C:\Users\Michele\AppData\Roaming\4O63dRIH1SZyN.vbs moved successfully.
C:\Users\Michele\AppData\Roaming\h4JZI.vbs moved successfully.
C:\Windows\System32\609435633 moved successfully.
C:\Users\Michele\AppData\Roaming\kiq9G.vbs moved successfully.
C:\Users\Michele\AppData\Roaming\p0OnjJIDHWXPRR2.vbs moved successfully.
C:\Users\Michele\AppData\Roaming\aHmc7.vbs moved successfully.
C:\Users\Michele\AppData\Roaming\hTZ50urKxmKoR.vbs moved successfully.
C:\Users\Michele\AppData\Roaming\0WLxmNE7pOyBO.vbs moved successfully.
C:\Users\Michele\AppData\Roaming\LyW7kW757pvyj.vbs moved successfully.
C:\Users\Michele\AppData\Roaming\UeisZ.vbs moved successfully.
C:\Users\Michele\AppData\Roaming\l8fX6yEkjO9pyFs.vbs moved successfully.
C:\Users\Michele\AppData\Roaming\q5eRD.vbs moved successfully.
C:\Users\Michele\AppData\Roaming\h9FRyoNIkCsmRVl.vbs moved successfully.
C:\Users\Michele\AppData\Roaming\2H8uuzlupGyR93R.vbs moved successfully.
C:\Users\Michele\AppData\Roaming\gUTAiavH3Nuqcsl.vbs moved successfully.
C:\Users\Michele\AppData\Roaming\DPNOMDvQbxFYo.vbs moved successfully.
C:\Users\Michele\AppData\Roaming\unlTckg.vbs moved successfully.
C:\Users\Michele\AppData\Roaming\0Zf4H0korkfqR.vbs moved successfully.
C:\Users\Michele\AppData\Roaming\0pYsvvSITvmNC.vbs moved successfully.
File C:\Users\Michele\AppData\Roaming\AYYtt.vbs not found.
File C:\Users\Michele\AppData\Roaming\WD33yE7TWO6UA.vbs not found.
File C:\Users\Michele\AppData\Roaming\EULyo.vbs not found.
File C:\Users\Michele\AppData\Roaming\Q68qIxeUWpoOO4E.vbs not found.
File C:\Users\Michele\AppData\Roaming\4O63dRIH1SZyN.vbs not found.
File C:\Users\Michele\AppData\Roaming\h4JZI.vbs not found.
File C:\Windows\System32\609435633 not found.
File C:\Users\Michele\AppData\Roaming\kiq9G.vbs not found.
File C:\Users\Michele\AppData\Roaming\p0OnjJIDHWXPRR2.vbs not found.
File C:\Users\Michele\AppData\Roaming\aHmc7.vbs not found.
File C:\Users\Michele\AppData\Roaming\hTZ50urKxmKoR.vbs not found.
File C:\Users\Michele\AppData\Roaming\0WLxmNE7pOyBO.vbs not found.
File C:\Users\Michele\AppData\Roaming\LyW7kW757pvyj.vbs not found.
File C:\Users\Michele\AppData\Roaming\UeisZ.vbs not found.
File C:\Users\Michele\AppData\Roaming\l8fX6yEkjO9pyFs.vbs not found.
File C:\Users\Michele\AppData\Roaming\q5eRD.vbs not found.
File C:\Users\Michele\AppData\Roaming\h9FRyoNIkCsmRVl.vbs not found.
File C:\Users\Michele\AppData\Roaming\2H8uuzlupGyR93R.vbs not found.
File C:\Users\Michele\AppData\Roaming\gUTAiavH3Nuqcsl.vbs not found.
File C:\Users\Michele\AppData\Roaming\DPNOMDvQbxFYo.vbs not found.
File C:\Users\Michele\AppData\Roaming\unlTckg.vbs not found.
File C:\Users\Michele\AppData\Roaming\74d338f6 not found.
File C:\Users\Michele\AppData\Roaming\0Zf4H0korkfqR.vbs not found.
File C:\Users\Michele\AppData\Roaming\0pYsvvSITvmNC.vbs not found.
C:\Users\Michele\AppData\Roaming\dwThExsD8UCnFrb.vbs moved successfully.
C:\Windows\disney.ini moved successfully.
C:\Windows\iltwain.ini moved successfully.
ADS C:\ProgramData\TEMP:60C897F3 deleted successfully.
ADS C:\ProgramData\TEMP:E84CA8F2 deleted successfully.
ADS C:\ProgramData\TEMP:4CF76F21 deleted successfully.
ADS C:\ProgramData\TEMP:45F31C4F deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chuck
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 63644227 bytes
->Java cache emptied: 349279 bytes
->FireFox cache emptied: 37321014 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Michele
->Temp folder emptied: 58245 bytes
->Temporary Internet Files folder emptied: 55257795 bytes
->Java cache emptied: 50866335 bytes
->FireFox cache emptied: 48476773 bytes
->Google Chrome cache emptied: 55211470 bytes
->Opera cache emptied: 78187568 bytes

User: michelep
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 2035 bytes

Total Files Cleaned = 371.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.1.28.0 log created on 02062010_105610

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:47 AM

Posted 06 February 2010 - 12:07 PM

Let's see the follow up scan smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 MicheleKP

MicheleKP
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 06 February 2010 - 01:37 PM

OK, wasn't sure which scan you wanted so I've got a DDS and a fresh OTL...sorry for making you wade through all the stuff you didn't want :-). Separated by ********

BTW, exactly what was I infected with ???

Thank you so much for all your help...





DDS (Ver_09-12-01.01) - NTFSx86
Run by Michele at 13:27:45.54 on Sat 02/06/2010
Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3071.1757 [GMT -5:00]

AV: Sunbelt VIPRE *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Sunbelt VIPRE *disabled* (Updated) {9817B764-AE4E-4B29-AEE7-725B7A50BD48}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\hp\HPEZBTN\HPBtnSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Michele\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Users\Michele\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Michele\Documents\Downloads\dds (1).scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=GRfox000&ptb=gENXj5FBF8QW6JO7h_HuwA
mStart Page = hxxp://www.maxiwe.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [LaCie Backup] c:\program files\lacie\backup software\\LaCieBackup.exe /background
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "c:\users\michele\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SBRegRebootCleaner] c:\program files\sunbelt software\vipre\SBRC.exe
mRun: [SBAMTray] c:\program files\sunbelt software\vipre\SBAMTray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\michele\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\michele\appdata\roaming\micros~1\windows\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
StartupFolder: c:\users\michele\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: goldleafach.com
Trusted Zone: musicmatch.com\online
DPF: {0EA69A0A-1123-490E-840F-3E2642938947} - hxxps://www.goldleafach.com/ach/Install/RDM61120/RDMTIFF.cab
DPF: {0F615A5A-868C-4748-8A2D-A15CDA6A7F82} - hxxps://www.goldleafach.com/ach/Install/RDM61120/RDMXUTIL.cab
DPF: {122FEF1E-2444-4DE5-A47E-762465C26606} - hxxps://www.goldleafach.com/ach/Install/RDM61120/RDMCO.cab
DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c1/v21.129/qboax10.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\michele\appdata\roaming\mozilla\firefox\profiles\9nlyduwf.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\users\michele\appdata\roaming\mozilla\firefox\profiles\9nlyduwf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\users\michele\appdata\roaming\mozilla\firefox\profiles\9nlyduwf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\michele\appdata\roaming\mozilla\firefox\profiles\9nlyduwf.default\extensions\lazarus@interclue.com\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-13 95024]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2009-12-26 203056]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\hp\dvdplay\000.fcl [2007-11-12 39408]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\hpezbtn\HPBtnSrv.exe [2007-11-12 198240]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-14 236368]
R2 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2010-1-4 1012080]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-8-10 69936]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2007-11-12 1129344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-14 19160]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2007-11-12 464384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-5 135664]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2007-9-12 25760]
S3 ustp2;ustp2;c:\windows\system32\drivers\ustp2.sys [2007-4-22 19840]

=============== Created Last 30 ================

2010-02-06 15:56:10 0 d-----w- C:\_OTL
2010-02-05 20:08:27 0 d-----w- C:\Temp
2010-02-03 21:28:02 0 d-sh--w- C:\$RECYCLE.BIN
2010-02-02 20:51:39 0 d-----w- c:\windows\CheckSur
2010-01-26 21:56:18 0 d-----w- c:\programdata\Cobian
2010-01-26 21:55:55 0 d-----w- c:\program files\Cobian Backup 9
2010-01-26 20:39:52 98816 ----a-w- c:\windows\sed.exe
2010-01-26 20:39:52 77312 ----a-w- c:\windows\MBR.exe
2010-01-26 20:39:52 261632 ----a-w- c:\windows\PEV.exe
2010-01-26 20:39:52 161792 ----a-w- c:\windows\SWREG.exe
2010-01-26 19:09:39 0 d-----w- c:\users\michele\appdata\roaming\PC Tools
2010-01-26 19:09:39 0 d-----w- c:\programdata\PC Tools
2010-01-26 19:09:39 0 d-----w- c:\program files\Spyware Doctor
2010-01-26 19:09:39 0 d-----w- c:\program files\common files\PC Tools
2010-01-15 04:52:52 0 d-----w- c:\users\michele\appdata\roaming\Malwarebytes
2010-01-15 04:52:39 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-15 04:52:38 0 d-----w- c:\programdata\Malwarebytes
2010-01-15 04:52:37 19160 ------w- c:\windows\system32\drivers\mbam.sys
2010-01-15 04:52:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-15 04:51:24 195456 ------w- c:\windows\system32\MpSigStub.exe
2010-01-12 21:55:41 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 21:55:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-01-12 21:55:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-01-12 21:55:41 24064 ----a-w- c:\windows\system32\lpk.dll
2010-01-12 21:55:41 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 21:55:41 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-01-09 14:00:47 104 ------w- c:\windows\system32\SBRC.dat
2010-01-09 13:30:30 55072 ------w- c:\windows\system32\jureg.exe

==================== Find3M ====================

2010-01-27 19:16:13 86016 ----a-w- c:\windows\inf\infstor.dat
2010-01-27 19:16:13 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-27 19:16:13 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-01-04 22:02:22 27984 ------w- c:\windows\system32\sbbd.exe
2009-12-18 12:52:36 832512 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 12:48:23 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-12-18 12:48:19 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 12:46:10 72704 ----a-w- c:\windows\system32\admparse.dll
2009-12-18 10:18:14 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-18 08:45:07 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-12-14 19:15:14 2146304 ------w- c:\windows\system32\GPhotos.scr
2009-11-09 13:34:40 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:30:40 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-09-04 17:02:49 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-12-12 08:16:50 174 --sh--w- c:\program files\desktop.ini
2007-04-23 02:51:22 19840 ------w- c:\windows\inf\ustp2.sys
2006-11-02 12:42:02 30674 ------w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ------w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ------w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ------w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ------w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ------w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ------w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ------w- c:\windows\inf\perflib\0000\perfc.dat
2008-05-13 23:15:45 22 --sh--w- c:\windows\sminst\HPCD.sys
2007-11-13 03:29:32 8192 --sh--w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 13:28:39.70 ===============



***********************************************************************************************************************



DDS (Ver_09-12-01.01) - NTFSx86
Run by Michele at 13:27:45.54 on Sat 02/06/2010
Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3071.1757 [GMT -5:00]

AV: Sunbelt VIPRE *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Sunbelt VIPRE *disabled* (Updated) {9817B764-AE4E-4B29-AEE7-725B7A50BD48}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\hp\HPEZBTN\HPBtnSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Michele\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Users\Michele\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Michele\Documents\Downloads\dds (1).scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=GRfox000&ptb=gENXj5FBF8QW6JO7h_HuwA
mStart Page = hxxp://www.maxiwe.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [LaCie Backup] c:\program files\lacie\backup software\\LaCieBackup.exe /background
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "c:\users\michele\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SBRegRebootCleaner] c:\program files\sunbelt software\vipre\SBRC.exe
mRun: [SBAMTray] c:\program files\sunbelt software\vipre\SBAMTray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\michele\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\michele\appdata\roaming\micros~1\windows\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
StartupFolder: c:\users\michele\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: goldleafach.com
Trusted Zone: musicmatch.com\online
DPF: {0EA69A0A-1123-490E-840F-3E2642938947} - hxxps://www.goldleafach.com/ach/Install/RDM61120/RDMTIFF.cab
DPF: {0F615A5A-868C-4748-8A2D-A15CDA6A7F82} - hxxps://www.goldleafach.com/ach/Install/RDM61120/RDMXUTIL.cab
DPF: {122FEF1E-2444-4DE5-A47E-762465C26606} - hxxps://www.goldleafach.com/ach/Install/RDM61120/RDMCO.cab
DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c1/v21.129/qboax10.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\michele\appdata\roaming\mozilla\firefox\profiles\9nlyduwf.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\users\michele\appdata\roaming\mozilla\firefox\profiles\9nlyduwf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\users\michele\appdata\roaming\mozilla\firefox\profiles\9nlyduwf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\michele\appdata\roaming\mozilla\firefox\profiles\9nlyduwf.default\extensions\lazarus@interclue.com\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-13 95024]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2009-12-26 203056]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\hp\dvdplay\000.fcl [2007-11-12 39408]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\hpezbtn\HPBtnSrv.exe [2007-11-12 198240]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-14 236368]
R2 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2010-1-4 1012080]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-8-10 69936]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2007-11-12 1129344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-14 19160]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2007-11-12 464384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-5 135664]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2007-9-12 25760]
S3 ustp2;ustp2;c:\windows\system32\drivers\ustp2.sys [2007-4-22 19840]

=============== Created Last 30 ================

2010-02-06 15:56:10 0 d-----w- C:\_OTL
2010-02-05 20:08:27 0 d-----w- C:\Temp
2010-02-03 21:28:02 0 d-sh--w- C:\$RECYCLE.BIN
2010-02-02 20:51:39 0 d-----w- c:\windows\CheckSur
2010-01-26 21:56:18 0 d-----w- c:\programdata\Cobian
2010-01-26 21:55:55 0 d-----w- c:\program files\Cobian Backup 9
2010-01-26 20:39:52 98816 ----a-w- c:\windows\sed.exe
2010-01-26 20:39:52 77312 ----a-w- c:\windows\MBR.exe
2010-01-26 20:39:52 261632 ----a-w- c:\windows\PEV.exe
2010-01-26 20:39:52 161792 ----a-w- c:\windows\SWREG.exe
2010-01-26 19:09:39 0 d-----w- c:\users\michele\appdata\roaming\PC Tools
2010-01-26 19:09:39 0 d-----w- c:\programdata\PC Tools
2010-01-26 19:09:39 0 d-----w- c:\program files\Spyware Doctor
2010-01-26 19:09:39 0 d-----w- c:\program files\common files\PC Tools
2010-01-15 04:52:52 0 d-----w- c:\users\michele\appdata\roaming\Malwarebytes
2010-01-15 04:52:39 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-15 04:52:38 0 d-----w- c:\programdata\Malwarebytes
2010-01-15 04:52:37 19160 ------w- c:\windows\system32\drivers\mbam.sys
2010-01-15 04:52:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-15 04:51:24 195456 ------w- c:\windows\system32\MpSigStub.exe
2010-01-12 21:55:41 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 21:55:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-01-12 21:55:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-01-12 21:55:41 24064 ----a-w- c:\windows\system32\lpk.dll
2010-01-12 21:55:41 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 21:55:41 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-01-09 14:00:47 104 ------w- c:\windows\system32\SBRC.dat
2010-01-09 13:30:30 55072 ------w- c:\windows\system32\jureg.exe

==================== Find3M ====================

2010-01-27 19:16:13 86016 ----a-w- c:\windows\inf\infstor.dat
2010-01-27 19:16:13 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-27 19:16:13 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-01-04 22:02:22 27984 ------w- c:\windows\system32\sbbd.exe
2009-12-18 12:52:36 832512 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 12:48:23 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-12-18 12:48:19 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 12:46:10 72704 ----a-w- c:\windows\system32\admparse.dll
2009-12-18 10:18:14 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-18 08:45:07 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-12-14 19:15:14 2146304 ------w- c:\windows\system32\GPhotos.scr
2009-11-09 13:34:40 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:30:40 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-09-04 17:02:49 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-12-12 08:16:50 174 --sh--w- c:\program files\desktop.ini
2007-04-23 02:51:22 19840 ------w- c:\windows\inf\ustp2.sys
2006-11-02 12:42:02 30674 ------w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ------w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ------w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ------w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ------w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ------w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ------w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ------w- c:\windows\inf\perflib\0000\perfc.dat
2008-05-13 23:15:45 22 --sh--w- c:\windows\sminst\HPCD.sys
2007-11-13 03:29:32 8192 --sh--w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 13:28:39.70 ===============








0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users