Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected: TR/Crypt.XPACK.Gen Trojan


  • This topic is locked This topic is locked
11 replies to this topic

#1 MissHelloKitty

MissHelloKitty

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 06 May 2010 - 09:25 PM

I read the pinned "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help." I followed the instructions; however had trouble with GMER. I'm running Windows 7 64bit OS. I downloaded GMER but it wouldn't work (when opened received the following pop up windo: C:\Windows\System32\config\system: The system cannot find the file specified.) .

The problem-- I did a scan with my free Avira AntiVer Personal and it detected and quarantined TR/Crypt.XPACK.Gen Trojan.

My computer seems to be running normally, but I'd like to make sure everything is ok. Could you please help?

I do have the DDS.txt and Attatch.txt I'm also including my Avira AntiVer Personal log file from when it detected the TR/Crypt.XPACK.Gen Trojan. Since quarantining the trojan, I've done a second scan and it didn't detect anything.

Thanks in advance for your help!

Avira AntiVer Personal Scan 5/5/2010

Avira AntiVir Personal
Report file date: Wednesday, May 05, 2010 21:52

Scanning for 2075343 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista 64 Bit
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MARGEAUX-PC

Version information:
BUILD.DAT : 9.0.0.422 21701 Bytes 3/9/2010 10:29:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 16:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 12:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 20:41:10
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 20:41:18
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 20:41:21
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 22:27:25
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 22:35:59
VBASE006.VDF : 7.10.6.83 2048 Bytes 4/15/2010 22:35:59
VBASE007.VDF : 7.10.6.84 2048 Bytes 4/15/2010 22:35:59
VBASE008.VDF : 7.10.6.85 2048 Bytes 4/15/2010 22:36:00
VBASE009.VDF : 7.10.6.86 2048 Bytes 4/15/2010 22:36:00
VBASE010.VDF : 7.10.6.87 2048 Bytes 4/15/2010 22:36:00
VBASE011.VDF : 7.10.6.88 2048 Bytes 4/15/2010 22:36:00
VBASE012.VDF : 7.10.6.89 2048 Bytes 4/15/2010 22:36:00
VBASE013.VDF : 7.10.6.90 2048 Bytes 4/15/2010 22:36:00
VBASE014.VDF : 7.10.6.123 126464 Bytes 4/19/2010 15:39:44
VBASE015.VDF : 7.10.6.152 123392 Bytes 4/21/2010 01:52:06
VBASE016.VDF : 7.10.6.178 122880 Bytes 4/22/2010 21:48:06
VBASE017.VDF : 7.10.6.206 120320 Bytes 4/26/2010 11:16:51
VBASE018.VDF : 7.10.6.232 99328 Bytes 4/28/2010 14:26:08
VBASE019.VDF : 7.10.7.2 155648 Bytes 4/30/2010 15:36:53
VBASE020.VDF : 7.10.7.26 119808 Bytes 5/4/2010 17:41:44
VBASE021.VDF : 7.10.7.27 2048 Bytes 5/4/2010 17:41:44
VBASE022.VDF : 7.10.7.28 2048 Bytes 5/4/2010 17:41:44
VBASE023.VDF : 7.10.7.29 2048 Bytes 5/4/2010 17:41:44
VBASE024.VDF : 7.10.7.30 2048 Bytes 5/4/2010 17:41:44
VBASE025.VDF : 7.10.7.31 2048 Bytes 5/4/2010 17:41:45
VBASE026.VDF : 7.10.7.32 2048 Bytes 5/4/2010 17:41:45
VBASE027.VDF : 7.10.7.33 2048 Bytes 5/4/2010 17:41:45
VBASE028.VDF : 7.10.7.34 2048 Bytes 5/4/2010 17:41:45
VBASE029.VDF : 7.10.7.35 2048 Bytes 5/4/2010 17:41:45
VBASE030.VDF : 7.10.7.36 2048 Bytes 5/4/2010 17:41:45
VBASE031.VDF : 7.10.7.46 102912 Bytes 5/5/2010 17:41:47
Engineversion : 8.2.1.236
AEVDF.DLL : 8.1.2.0 106868 Bytes 4/23/2010 21:48:12
AESCRIPT.DLL : 8.1.3.28 1298810 Bytes 5/5/2010 17:41:55
AESCN.DLL : 8.1.5.0 127347 Bytes 2/26/2010 13:38:48
AESBX.DLL : 8.1.3.1 254324 Bytes 4/23/2010 21:48:12
AERDL.DLL : 8.1.4.6 541043 Bytes 4/15/2010 22:36:09
AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 23:31:43
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/19/2010 23:31:42
AEHEUR.DLL : 8.1.1.27 2670967 Bytes 5/5/2010 17:41:49
AEHELP.DLL : 8.1.11.3 242039 Bytes 4/2/2010 15:21:03
AEGEN.DLL : 8.1.3.7 373106 Bytes 4/15/2010 22:36:04
AEEMU.DLL : 8.1.2.0 393588 Bytes 4/23/2010 21:48:11
AECORE.DLL : 8.1.15.1 192886 Bytes 5/5/2010 17:41:47
AEBB.DLL : 8.1.1.0 53618 Bytes 4/23/2010 21:48:10
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 20:14:02
AVREP.DLL : 8.0.0.7 159784 Bytes 2/18/2010 14:16:43
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 20:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 17:25:47

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files (x86)\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: Wednesday, May 05, 2010 21:52

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '0' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '0' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '0' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'sprtcmd.exe' - '1' Module(s) have been scanned
Scan process 'RoxioBurnLauncher.exe' - '1' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '0' Module(s) have been scanned
Scan process 'WebcamDell2.exe' - '1' Module(s) have been scanned
Scan process 'PDVDDXSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'DataSafeOnline.exe' - '1' Module(s) have been scanned
Scan process 'DellDock.exe' - '0' Module(s) have been scanned
Scan process 'wmdc.exe' - '0' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '0' Module(s) have been scanned
Scan process 'quickset.exe' - '0' Module(s) have been scanned
Scan process 'WLTRAY.EXE' - '0' Module(s) have been scanned
Scan process 'igfxpers.exe' - '0' Module(s) have been scanned
Scan process 'hkcmd.exe' - '0' Module(s) have been scanned
Scan process 'igfxtray.exe' - '0' Module(s) have been scanned
Scan process 'sttray64.exe' - '0' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '0' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '0' Module(s) have been scanned
Scan process 'Toaster.exe' - '1' Module(s) have been scanned
Scan process 'conhost.exe' - '0' Module(s) have been scanned
Scan process 'DSUpd.exe' - '0' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '0' Module(s) have been scanned
Scan process 'explorer.exe' - '0' Module(s) have been scanned
Scan process 'dwm.exe' - '0' Module(s) have been scanned
Scan process 'taskhost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'SftService.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'o2flash.exe' - '1' Module(s) have been scanned
Module is OK -> 'C:\Windows\system32\DRIVERS\o2flash.exe'
[WARNING] The file could not be opened!
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'AESTSr64.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '0' Module(s) have been scanned
Scan process 'BCMWLTRY.EXE' - '0' Module(s) have been scanned
Scan process 'conhost.exe' - '0' Module(s) have been scanned
Scan process 'wlanext.exe' - '0' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '0' Module(s) have been scanned
Scan process 'winlogon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'DockLogin.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'stacsv64.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'lsm.exe' - '0' Module(s) have been scanned
Scan process 'lsass.exe' - '0' Module(s) have been scanned
Scan process 'services.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'wininit.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'smss.exe' - '0' Module(s) have been scanned
19 processes with 19 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '28' files ).


Starting the file scan:

Begin scan in 'C:\' <OS>
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Program Files (x86)\WildTangent\Dell Games\Yahtzee\Yahtzee.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Windows\SoftwareDistribution\Download\777169c2f599f89b738661f3da6ffdc7\BITF067.tmp
[0] Archive type: CAB (Microsoft)
--> 5
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed

Beginning disinfection:
C:\Program Files (x86)\WildTangent\Dell Games\Yahtzee\Yahtzee.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4c4a2587.qua'!


End of the scan: Wednesday, May 05, 2010 22:10
Used time: 17:35 Minute(s)

The scan has been done completely.

19921 Scanned directories
205461 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
3 Files cannot be scanned
205457 Files not concerned
948 Archives were scanned
5 Warnings
3 Notes

=========================================

DDS.txt

DDS (Ver_10-03-17.01) - NTFSX64
Run by Margeaux at 8:32:18.69 on Thu 05/06/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.2495 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_a66e062aeb2ba1cd\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_a66e062aeb2ba1cd\AESTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Margeaux\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\System32\Magnify.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
mRun: [Dell DataSafe Online] "c:\program files (x86)\dell datasafe online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "c:\program files (x86)\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "c:\program files (x86)\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "c:\program files (x86)\roxio\roxio burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "c:\program files (x86)\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files (x86)\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRunOnce: [STToasterLauncher] c:\program files (x86)\dell datasafe local backup\toasterLauncher.exe
StartupFolder: c:\users\margeaux\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] c:\program files\idt\wdm\sttray64.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [Broadcom Wireless Manager UI] c:\program files\dell\dell wireless wlan card\WLTRAY.exe
mRun-x64: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRunOnce-x64: [DSUpdateLauncher] "c:\program files (x86)\dell datasafe local backup\components\dsupdate\hstart.exe" /noconsole /d="c:\program files (x86)\dell datasafe local backup\components\dsupdate" /runas "c:\program files (x86)\dell datasafe local backup\components\dsupdate\DSUpd.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\margeaux\appdata\roaming\mozilla\firefox\profiles\scidd1sa.default\
FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-1-28 55280]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_a66e062aeb2ba1cd\AESTSr64.exe [2010-1-29 89600]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2010-2-5 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files (x86)\avira\antivir desktop\avguard.exe [2010-2-5 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-2-5 74880]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2009-6-9 155648]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\dell datasafe local backup\SftService.exe [2010-1-28 658656]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Acceler.sys [2010-1-29 23912]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-1-28 172704]
R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-1-29 56344]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-1-29 151040]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-1-29 233984]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdgx64.sys [2010-1-29 74016]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2010-1-29 239616]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-5 1255736]

=============== Created Last 30 ================

2010-05-06 12:29:06 0 ----a-w- c:\users\margeaux\defogger_reenable
2010-05-06 03:40:12 0 d-----w- c:\windows\syswow64\Wat
2010-05-06 03:40:12 0 d-----w- c:\windows\system32\Wat
2010-05-04 18:15:44 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-05-04 18:15:44 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-05-04 18:15:44 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-05-04 18:15:44 145184 ----a-w- c:\windows\syswow64\java.exe
2010-04-28 18:54:33 0 d-----w- c:\program files\DivX
2010-04-28 18:54:17 0 d-----w- c:\program files (x86)\common files\DivX Shared
2010-04-28 18:53:32 0 d-----w- c:\program files (x86)\DivX
2010-04-28 14:28:23 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-28 14:28:22 12867072 ----a-w- c:\windows\syswow64\shell32.dll
2010-04-28 14:28:21 96768 ----a-w- c:\windows\syswow64\sspicli.dll
2010-04-28 14:28:21 22016 ----a-w- c:\windows\syswow64\secur32.dll
2010-04-28 14:28:21 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-28 14:28:21 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-26 22:04:42 353592 ----a-w- c:\windows\syswow64\DivXControlPanelApplet.cpl
2010-04-26 18:30:46 0 d-----w- c:\programdata\DivX
2010-04-14 18:00:42 612352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 18:00:42 427520 ----a-w- c:\windows\syswow64\vbscript.dll
2010-04-14 18:00:14 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 18:00:14 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 18:00:14 125952 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 17:59:47 5509008 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 17:59:47 3954568 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-04-14 17:59:47 3899280 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-04-14 17:56:14 220672 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 17:56:14 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-04-14 17:56:13 139264 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 17:56:13 132608 ----a-w- c:\windows\syswow64\cabview.dll
2010-04-08 12:33:47 78 ----a-w- c:\users\margeaux\appdata\roaming\wklnhst.dat

==================== Find3M ====================

2010-04-29 12:28:44 8656832 ----a-w- c:\users\margeaux\appdata\roaming\DataSafeDotNet.exe
2010-03-08 17:59:18 94208 ----a-w- c:\windows\syswow64\dpl100.dll
2010-02-24 14:16:06 212864 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 08:22:50 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 07:56:00 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-02-23 07:55:56 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-02-23 07:55:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-02-23 07:55:43 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-02-23 07:55:43 5964800 ----a-w- c:\windows\syswow64\mshtml.dll
2010-02-23 07:55:24 10978816 ----a-w- c:\windows\syswow64\ieframe.dll
2010-02-23 07:55:20 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-02-19 19:27:36 720384 ----a-w- c:\windows\syswow64\DivX.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\syswow64\divx_xx0c.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\syswow64\divx_xx07.dll
2010-02-19 19:27:16 847872 ----a-w- c:\windows\syswow64\divx_xx0a.dll
2010-02-19 19:27:16 843776 ----a-w- c:\windows\syswow64\divx_xx16.dll
2010-02-19 19:27:16 839680 ----a-w- c:\windows\syswow64\divx_xx11.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-01-29 03:42:25 74 --sh--r- c:\windows\CT4CET.bin
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 05:12:52 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 8:32:51.27 ===============





Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:40 AM

Posted 09 May 2010 - 02:48 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Gmer doesn't run on Windows 7. Instead please run Sophos - it shouldn't find anything as rootkits haven't been able to infiltrate the Windows 7 operating system yet.

Please download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
  • Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
  • If the scan did not start automatically, make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.


Then run this scanner
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#3 MissHelloKitty

MissHelloKitty
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 12 May 2010 - 08:49 AM

I'm here and about to follow the instructions you have given!

#4 MissHelloKitty

MissHelloKitty
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 12 May 2010 - 09:35 AM

Ok, before I begin following the instructions you gave me, I'd like to make sure I understand this clearly.

First, is the ARC Scan the OTL link?

Second, I downloaded Sophos Anti-rootkit to desktop. It wanted the default location as: C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit Should I keep it as that or as the one you specified in your post?

Thanks!

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:40 AM

Posted 12 May 2010 - 03:10 PM

QUOTE
First, is the ARC Scan the OTL link?


The ARK scan is a rootkit scan. OTL is a scanner much like DDS but with some useful extras which help the Malware Response Team diagnose the problem. It doesn't scan for rootkits.

Where Sophos installed to is fine, you have a Windows 7 PC so the default location is slightly different.
Posted Image
m0le is a proud member of UNITE

#6 MissHelloKitty

MissHelloKitty
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 12 May 2010 - 04:09 PM

I did the Sophos Anti rootkit scan-- it didn't detect anything. It wouldn't let me check the Running Processes box, the other two were checked. Is there a reason why it wouldn't let me check that box?

Here are the OTL logs. Thanks again!

--------------------------

OTL logfile created on: 5/12/2010 4:56:07 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Margeaux\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 419.25 Gb Free Space | 92.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 983.73 Mb Total Space | 828.53 Mb Free Space | 84.22% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARGEAUX-PC
Current User Name: Margeaux
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Windows\SysWow64\DRIVERS\o2flash.exe File not found
PRC - C:\Users\Margeaux\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)


========== Modules (SafeList) ==========

MOD - C:\Users\Margeaux\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WatAdminSvc) -- C:\Windows\SysNative\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_a66e062aeb2ba1cd\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_a66e062aeb2ba1cd\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (O2FLASH) -- C:\Windows\SysNative\drivers\o2flash.exe (O2Micro International)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (VSS) -- C:\Windows\Vss [2009/07/13 23:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/13 23:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (O2MDGRDR) -- C:\Windows\SysNative\drivers\o2mdgx64.sys (O2Micro )
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Acceler.sys (ST Microelectronics)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (usbvideo) USB Video Device (WDM) -- C:\Windows\SysNative\drivers\usbvideo.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\CDE.tmp (Sophos Plc)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/02 20:49:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/04 14:15:44 | 000,000,000 | ---D | M]

[2010/02/05 16:52:04 | 000,000,000 | ---D | M] -- C:\Users\Margeaux\AppData\Roaming\Mozilla\Extensions
[2010/02/05 16:52:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Margeaux\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/02/06 09:19:12 | 000,000,000 | ---D | M] -- C:\Users\Margeaux\AppData\Roaming\Mozilla\Firefox\Profiles\scidd1sa.default\extensions
[2010/05/04 14:15:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/02 20:49:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/04/01 21:36:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010/05/04 14:15:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/02 20:49:04 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/02 20:49:04 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/02 20:49:04 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2010/04/03 19:43:36 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2010/01/15 20:13:03 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/15 20:13:03 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2010/01/15 20:13:03 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/01/15 20:13:03 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/15 20:13:03 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/01/15 20:13:03 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/15 20:13:03 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - Startup: C:\Users\Margeaux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 74.128.19.102 74.128.17.114
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/12 16:25:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010/05/12 16:20:09 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Margeaux\Desktop\OTL.exe
[2010/05/05 23:40:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/05/05 23:40:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/05/04 14:15:44 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/05/04 14:15:44 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/05/04 14:15:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/05/04 14:15:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/05/03 08:15:18 | 000,000,000 | ---D | C] -- C:\Users\Margeaux\AppData\Local\System Access to Go
[2010/04/28 14:54:40 | 000,000,000 | ---D | C] -- C:\Users\Margeaux\AppData\Roaming\DivX
[2010/04/28 14:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/04/28 14:54:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2010/04/28 14:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2010/04/28 10:28:23 | 000,223,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys
[2010/04/28 10:28:21 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010/04/28 10:28:21 | 000,153,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys
[2010/04/26 18:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
[2010/04/26 14:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/04/14 14:00:42 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/04/14 14:00:42 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/04/14 13:59:47 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/04/14 13:59:47 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/04/14 13:59:47 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/04/14 13:56:14 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/04/14 13:56:14 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/04/14 13:56:13 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/04/14 13:56:13 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/12 16:56:07 | 001,310,720 | -HS- | M] () -- C:\Users\Margeaux\NTUSER.DAT
[2010/05/12 16:55:44 | 000,000,172 | ---- | M] () -- C:\Users\Margeaux\AppData\Roaming\wklnhst.dat
[2010/05/12 16:20:11 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Margeaux\Desktop\OTL.exe
[2010/05/12 14:49:28 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/12 14:49:28 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/12 14:46:24 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/12 14:46:24 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/12 14:46:24 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/12 14:42:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/12 14:42:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/12 14:42:01 | 2960,556,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/12 14:34:53 | 007,237,315 | -H-- | M] () -- C:\Users\Margeaux\AppData\Local\IconCache.db
[2010/05/12 10:02:07 | 001,339,288 | ---- | M] () -- C:\Users\Margeaux\Desktop\sar_15_sfx.exe
[2010/05/06 08:29:06 | 000,000,000 | ---- | M] () -- C:\Users\Margeaux\defogger_reenable
[2010/05/04 13:13:02 | 000,001,615 | ---- | M] () -- C:\Users\Margeaux\Desktop\DivX Movies.lnk
[2010/05/04 13:12:58 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/05/04 13:12:51 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/05/03 16:06:05 | 000,001,883 | ---- | M] () -- C:\Users\Margeaux\Desktop\CCleaner.lnk
[2010/04/29 08:28:44 | 008,656,832 | ---- | M] (Dell, Inc. ) -- C:\Users\Margeaux\AppData\Roaming\DataSafeDotNet.exe
[2010/04/26 18:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
[2010/04/16 03:52:22 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/04/12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/12 10:02:06 | 001,339,288 | ---- | C] () -- C:\Users\Margeaux\Desktop\sar_15_sfx.exe
[2010/05/06 08:29:06 | 000,000,000 | ---- | C] () -- C:\Users\Margeaux\defogger_reenable
[2010/04/28 14:54:48 | 000,001,615 | ---- | C] () -- C:\Users\Margeaux\Desktop\DivX Movies.lnk
[2010/04/28 14:54:39 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/04/28 14:54:32 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/01/29 00:52:28 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/01/29 00:52:28 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/05/12 09:57:27 | 000,000,000 | ---D | M] -- C:\Users\Margeaux\AppData\Roaming\Template
[2010/02/06 16:35:58 | 000,000,000 | ---D | M] -- C:\Users\Margeaux\AppData\Roaming\WildTangent
[2010/04/14 23:12:23 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >




OTL Extras logfile created on: 5/12/2010 4:56:07 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Margeaux\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 419.25 Gb Free Space | 92.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 983.73 Mb Total Space | 828.53 Mb Free Space | 84.22% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARGEAUX-PC
Current User Name: Margeaux
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java™ 6 Update 14 (64-bit)
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 20
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{67635FB6-2F63-4FFB-830B-D4C01597EBA4}" = Microsoft Office Suite Activation Assistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup.divx.com" = DivX Setup
"GoToAssist" = GoToAssist 8.0.0.514
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/27/2010 6:33:27 PM | Computer Name = Margeaux-PC | Source = EventSystem | ID = 4622
Description =

Error - 4/28/2010 5:20:25 PM | Computer Name = Margeaux-PC | Source = EventSystem | ID = 4621
Description =

Error - 4/30/2010 4:19:35 PM | Computer Name = Margeaux-PC | Source = EventSystem | ID = 4621
Description =

Error - 5/2/2010 2:28:27 PM | Computer Name = Margeaux-PC | Source = EventSystem | ID = 4621
Description =

Error - 5/3/2010 12:10:03 AM | Computer Name = Margeaux-PC | Source = EventSystem | ID = 4622
Description =

Error - 5/3/2010 4:22:48 PM | Computer Name = Margeaux-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3743 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 155c Start
Time: 01caeafc33b6172b Termination Time: 39 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 97cf9b46-56f1-11df-97b4-0026b9a64c1a

Error - 5/3/2010 5:26:20 PM | Computer Name = Margeaux-PC | Source = EventSystem | ID = 4621
Description =

Error - 5/3/2010 11:38:54 PM | Computer Name = Margeaux-PC | Source = EventSystem | ID = 4621
Description =

Error - 5/4/2010 8:21:20 AM | Computer Name = Margeaux-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 5/4/2010 8:21:39 AM | Computer Name = Margeaux-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

[ System Events ]
Error - 4/27/2010 10:50:27 AM | Computer Name = Margeaux-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 4/27/2010 3:09:00 PM | Computer Name = Margeaux-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 4/27/2010 3:09:01 PM | Computer Name = Margeaux-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 4/28/2010 10:23:45 AM | Computer Name = Margeaux-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 4/30/2010 5:49:23 PM | Computer Name = Margeaux-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 5/1/2010 1:40:01 PM | Computer Name = Margeaux-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 5/1/2010 2:27:14 PM | Computer Name = Margeaux-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 5/7/2010 9:46:06 AM | Computer Name = Margeaux-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 5/7/2010 10:36:50 AM | Computer Name = Margeaux-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 5/8/2010 3:28:31 PM | Computer Name = Margeaux-PC | Source = VDS Basic Provider | ID = 33554433
Description =


< End of report >



#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:40 AM

Posted 12 May 2010 - 05:40 PM

There's nothing there to worry about. It looks very much like the trojan was picked up before it spread anything.


Please run ESET's online scan and see if it can find the quarantined item at least.

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Leave the top box checked and then check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.


Posted Image
m0le is a proud member of UNITE

#8 MissHelloKitty

MissHelloKitty
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 13 May 2010 - 11:48 AM

Ok, I did the ESET scan and here is the log:

C:\Users\Margeaux\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-13073270 a variant of Java/TrojanDownloader.Agent.NAN trojan deleted - quarantined
C:\Users\Margeaux\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-7d2d22a1 a variant of Java/TrojanDownloader.Agent.NAN trojan deleted - quarantined
C:\Users\Margeaux\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\30feb821-743550ee a variant of Java/TrojanDownloader.Agent.NAN trojan deleted - quarantined
C:\Users\Margeaux\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\5473416c-45838331 a variant of Java/TrojanDownloader.Agent.NAN trojan deleted - quarantined
C:\Users\Margeaux\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\e649f74-58f9f938 a variant of Java/TrojanDownloader.Agent.NAN trojan deleted - quarantined


#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:40 AM

Posted 13 May 2010 - 05:53 PM

Just Java cache entries which is good.


We can clear up now.

You're clean. Good stuff! thumbup2.gif

Please download ATF Cleaner by Atribune.
    Double-click ATF-Cleaner.exe to run the program.
    Under Main "Select Files to Delete" choose: Select All.
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

If you are using Firefox and this has caused page loading problems then please clear your private data. To do this go
to the Tools menu, select Clear Private Data, and then check Cache. Click Clear Private Data Now.

This could also be Clear Recent History or similar

Then close Firefox and then reopen it.


Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

You should now set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:
  • Go to Start > All Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
  • Click "OK" to select the partition or drive you desire.
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one. More details and screenshots for Disk Cleanup in Windows Vista can be found here.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it MissHelloKitty, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#10 MissHelloKitty

MissHelloKitty
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 14 May 2010 - 10:40 AM

I have a couple of questions before I create a system restore point.

Should I first re-enable the CD Emulation Software using DeFogger before I create a system restore point or after?

I downloaded and followed through the OTC instructions. Sophos, ESET, and ATF Cleaner are still on my computer Should I keep them ore remove them? If I'm to remove them-- do I do so before or after creating a system restore point?

Thanks!

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:40 AM

Posted 14 May 2010 - 03:43 PM

QUOTE(MissHelloKitty @ May 14 2010, 04:40 PM) View Post
I have a couple of questions before I create a system restore point.

Should I first re-enable the CD Emulation Software using DeFogger before I create a system restore point or after?

I downloaded and followed through the OTC instructions. Sophos, ESET, and ATF Cleaner are still on my computer Should I keep them ore remove them? If I'm to remove them-- do I do so before or after creating a system restore point?

Thanks!


Good questions. The CD emulation software should be enabled first.

Next, as you found out, OTC doesn't remove everything. ESET and ATF can be kept as they are useful to use occasionally. Sophos can go though as you would download as needed to get the most updated version.

Then set the system restore point. thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:40 AM

Posted 19 May 2010 - 06:29 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users