Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Please


  • This topic is locked This topic is locked
49 replies to this topic

#1 Lee5

Lee5

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 29 October 2010 - 08:55 PM

Dear Forum Members,

My computer appears to be infected with something. I can't even log in to the computer now - as soon as i log on i get the windows startup tune immediately followed by the windows shutdown tune. This has occurred after getting an 'anti malware' pop-up... sorry that I can't be more specific about the exact wording on the anti malware popup...

Has anyone seen this startup shutdown loop sequence before? Suggestions?

Thanks,
Lee.

BC AdBot (Login to Remove)

 


#2 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:09:06 PM

Posted 29 October 2010 - 09:28 PM

startup shutdown loop

Do you mean that shortly after you log on, you are automatically logged off again, returning to the screen where you log on? That would be referred to as the LogOn/LogOff Loop.

OR ... do you mean that Windows shuts down and the computer is turned off after attempting to log on?

Which Windows Operating System are you using? (XP, Vista, Win7?)

Try booting Windows in Safe Mode
(See this guide if necessary ... http://www.computerhope.com/issues/chsafe.htm )
to see whether the same thing happens when you attempt to log on in Safe Mode.

Edited by AustrAlien, 29 October 2010 - 09:30 PM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#3 Lee5

Lee5
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 29 October 2010 - 09:47 PM

Hi AustrAlien,

Thank you for the reply... Windows XP

Yes, it the Log On/Log Off loop you describe.

I tried using F8 to get into Safe mode... but I didn't get the safe mode screen - I got a screen that gave me three boot options... floppy disc, hard drive and one other...

Thoughts?

Lee.

#4 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:09:06 PM

Posted 29 October 2010 - 09:53 PM

I got a screen that gave me three boot options... floppy disc, hard drive and one other...

That sounds a lot like a "boot options" screen.

Try again with F8. In the meantime give me your computer make and model .... it is possible that the procedure may me different for your particular machine?
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#5 Lee5

Lee5
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 29 October 2010 - 10:42 PM

The best I could glean on make and model is Lifestyle P5K/EPU??

Now, I managed to get to the Safe Mode screen, selected safe mode and then I get to the log on screen but as soon as i log on it immediately goes to log off, close network connections and shut down... so still appears to be in that loop even in safe mode... I also tried starting in last known good configuration... same loop

Lee.

#6 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:09:06 PM

Posted 29 October 2010 - 11:13 PM

... so still appears to be in that loop even in safe mode... I also tried starting in last known good configuration... same loop

In that case, according to forum policy, all I can do for you at this stage is to report your situation to to the Malware Removal Team here at BC. I will do that right now. An expert on your predicament will be along to help you as soon as they can (but I have no idea how long that will be).

If you were to google the search term "Fix Windows XP Log On/Log Off Loop" and "Fix Windows XP LogOn/LogOff Loop" you would see that the issue has been a common and widespread one.

Best of luck.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#7 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:09:06 PM

Posted 29 October 2010 - 11:16 PM

whoops ... duplicate posting

Edited by AustrAlien, 29 October 2010 - 11:17 PM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,830 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:06 PM

Posted 31 October 2010 - 03:01 AM

Hi Lee5, please let me know if you have an XP CD at hand we can use.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,830 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:06 PM

Posted 31 October 2010 - 03:02 AM

Hi Lee5, please let me know if you have an XP CD at hand we can use.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Lee5

Lee5
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 31 October 2010 - 09:54 AM

hi elise,

yes, i have my original xp cd... i have also created a BartPE cd... but tried to use it to fix the loop issue, without success...

will try again in the morning.

cheers,
lee.

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,830 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:06 PM

Posted 31 October 2010 - 10:08 AM

Hi, if you have a BartPE CD, please do the following:

Do you remember including the Runscanner plugin? If so, this ought to work.

From your clean computer..

Please download OTLPE.zip and save it to a flash drive.
http://oldtimer.geekstogo.com/OTLPE.zip
http://www.itxassociates.com/OT-Tools/OTLPE.zip

Double click and unzip OTLPE.zip to its own folder on your flash drive. Name it OTLPE <-- Important!!

==========

Plug your flash drive into your sick computer now and do as instructed below..

==========

1. Restart Your sick Computer Using the PE Builder ISO CD That You Have Created
  • Insert the CD in to one of your CD/DVD drives.
  • Restart your computer.
    • The computer should choose to boot from the CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.
  • Once the desktop appears, you will receive a message asking: Do you want to start Network support?
    • Click on No
  • After it loads press the Go button in the lower left and do this....
    • Go
    • System
    • Display
    • Screen Resolution
    • 1024x768
    Next choose....
    • Go
    • Programs
    • A43 File Management Utility

==========

In A43File Management you should see your flash drive
Navigate to the OTLPE folder that you saved to your flash drive.

Open the OTLPE folder and double click Start.bat.

  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTLPE should now start

    Change the following settings
    • Change Services, Drivers, Standard and Extra Registry to Use Safelist
    • Uncheck LOP and Purity check

    Please note: Stay with your computer during the course of the scan. If "Entry Point Errors" are encountered simply press "ok" and allow the program to continue. <-- Important!!
  • Push Posted Image
  • A report will open named "OTL.tx"t and another will be minimized to the system tray named "Extra.txt". Save both log's to your flash drive. Copy and Paste them in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Lee5

Lee5
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 31 October 2010 - 10:39 PM

hi elise,

please find OTL and Extra attached.

Thanks for the very clear instructions!

Lee.

OTL:

OTL logfile created on: 11/1/2010 2:29:29 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = D:\OTLPE\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 99.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 277.83 Gb Free Space | 59.65% Space Free | Partition Type: NTFS
Drive D: | 980.72 Mb Total Space | 489.98 Mb Free Space | 49.96% Space Free | Partition Type: FAT
Drive X: | 154.32 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MININT-JVC | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe -- (MyWebSearchService)
SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/27 15:10:49 | 000,073,216 | ---- | M] () [Auto] -- C:\Documents and Settings\All Users\Application Data\Adobe\sp.DLL -- (SPService)
SRV - [2010/02/19 08:43:34 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/05 11:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 01:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/10/09 02:47:42 | 001,079,176 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2008/06/13 05:29:14 | 000,356,920 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\yk51x86.sys -- (yukonwxp)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/10/31 06:12:36 | 000,760,320 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\xflvyz.sys -- (xflvyz)
DRV - [2009/08/05 11:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/08/25 01:36:30 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2008/08/25 01:36:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2008/08/25 01:36:28 | 000,040,840 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2008/05/16 04:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 18:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 18:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/20 10:00:06 | 004,637,696 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/12/17 09:14:05 | 000,012,400 | R--- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/08/13 00:29:08 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2005/10/06 05:17:34 | 000,280,576 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WG311v3XP.sys -- (W8335XP) NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335)
DRV - [2005/09/05 03:21:06 | 000,362,944 | R--- | M] (NETGEAR, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WG11TND5.sys -- (AR5523)
DRV - [2005/03/14 14:23:53 | 000,005,311 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\huadio.tmp -- (autorun)
DRV - [2004/09/02 03:24:40 | 000,067,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce™
DRV - [2004/08/14 02:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 22:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/07/21 01:02:00 | 000,166,400 | ---- | M] (Silicon Image, Inc) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Si3114r5.sys -- (Si3114r5)
DRV - [2003/10/15 00:28:00 | 000,010,240 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2003/07/24 01:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2001/11/19 08:05:18 | 000,003,972 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PciBus.sys -- (PciBus)
DRV - [2001/08/17 04:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 04:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 04:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 04:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 04:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 03:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 03:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 03:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 03:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 03:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 03:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 03:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 03:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 03:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 03:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [2001/08/17 02:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Angela_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\Angela_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\Angela_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com.au/ [binary data]
IE - HKU\Angela_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/webhp?sourceid=navclient&ie=UTF-8
IE - HKU\Angela_ON_C\..\URLSearchHook: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
IE - HKU\Angela_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Angela_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\James_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Lee_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Michael_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZJman000&ptb=OrCBFW5EkMtDdwKwITAYyg
IE - HKU\Michael_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\Michael_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://optuszoo.com.au/"
FF - prefs.js..extensions.enabledItems: toolbar@alot.com:2.4.4000
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:1.0
FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJman000&fl=0&ptb=OrCBFW5EkMtDdwKwITAYyg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/03 14:32:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/12 10:22:32 | 000,000,000 | ---D | M]

[2009/08/01 06:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angela\Application Data\Mozilla\Extensions
[2009/08/01 06:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angela\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/29 03:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\kpx6covl.default\extensions
[2009/09/04 08:48:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\kpx6covl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/22 07:25:50 | 000,000,000 | ---D | M] (Free Lunch Design Toolbar) -- C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\kpx6covl.default\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}
[2010/09/03 14:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\kpx6covl.default\extensions\toolbar@alot.com
[2009/05/05 10:50:40 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\kpx6covl.default\searchplugins\live-search.xml
[2009/08/30 23:46:57 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\kpx6covl.default\searchplugins\mywebsearch.xml
[2010/10/17 07:52:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ALOT Toolbar BHO) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\alot.dll (Vertro)
O2 - BHO: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Angela_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\Angela_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Angela_ON_C\..\Toolbar\WebBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
O3 - HKU\James_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\James_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Michael_ON_C\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\Michael_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\Michael_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ASUS Energy Saving] C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe ()
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [CPU Power Monitor] C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\Angela_ON_C..\Run: [forusesetup70700advanced.exe] C:\Documents and Settings\Angela\Application Data\C46DB7B83C987EDAACF5B2EF3D406D44\forusesetup70700advanced.exe (Корпорация Майкрософт)
O4 - HKU\Angela_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\James_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\LocalService_ON_C..\Run: [upd_debug.exe] C:\Documents and Settings\Angela\Application Data\C46DB7B83C987EDAACF5B2EF3D406D44\upd_debug.exe (Корпорация Майкрософт)
O4 - HKU\Michael_ON_C..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe File not found
O4 - HKU\Michael_ON_C..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMON.EXE File not found
O4 - HKU\Michael_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\NetworkService_ON_C..\Run: [upd_debug.exe] C:\Documents and Settings\Angela\Application Data\C46DB7B83C987EDAACF5B2EF3D406D44\upd_debug.exe (Корпорация Майкрософт)
O4 - HKLM..\RunOnce: [*upd_debug.exe] C:\Documents and Settings\Angela\Application Data\C46DB7B83C987EDAACF5B2EF3D406D44\upd_debug.exe (Корпорация Майкрософт)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyDesktop Sync.lnk = C:\Program Files\Telstra\MyDesktop Sync\Voxsync.exe (Voxmobili)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T\wlan111t.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe ()
O4 - Startup: C:\Documents and Settings\Angela\Start Menu\Programs\Startup\Antimalware Doctor.lnk = C:\Documents and Settings\Angela\Application Data\C46DB7B83C987EDAACF5B2EF3D406D44\forusesetup70700advanced.exe (Корпорация Майкрософт)
O4 - Startup: C:\Documents and Settings\Angela\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\Michael\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Angela_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\James_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Lee_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Michael_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Rosalind_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229952725359 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - C:\WINDOWS\System32\MrvGINA.dll (Marvell®)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Angela/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\userinit.exe: Debugger - wincpack.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/14 14:10:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/11/02 04:04:58 | 000,000,046 | R--- | M] () - X:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0baa2b0d-d18b-11dd-845c-001e2ab534c1}\Shell - "" = AutoRun
O33 - MountPoints2\{0baa2b0d-d18b-11dd-845c-001e2ab534c1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0baa2b0d-d18b-11dd-845c-001e2ab534c1}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{0baa2b0e-d18b-11dd-845c-001e2ab534c1}\Shell - "" = AutoRun
O33 - MountPoints2\{0baa2b0e-d18b-11dd-845c-001e2ab534c1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0baa2b0e-d18b-11dd-845c-001e2ab534c1}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{509d2f37-7f2c-11dd-83f1-001fc64e77f9}\Shell - "" = AutoRun
O33 - MountPoints2\{509d2f37-7f2c-11dd-83f1-001fc64e77f9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{509d2f37-7f2c-11dd-83f1-001fc64e77f9}\Shell\AutoRun\command - "" = I:\AutoUSB.exe index.html -- File not found
O33 - MountPoints2\{5b1880a1-7f33-11dd-83f2-001e2ab534c1}\Shell - "" = AutoRun
O33 - MountPoints2\{5b1880a1-7f33-11dd-83f2-001e2ab534c1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5b1880a1-7f33-11dd-83f2-001e2ab534c1}\Shell\AutoRun\command - "" = K:\AutoUSB.exe index.html -- File not found
O33 - MountPoints2\{6a610094-07b8-11de-848e-001e2ab534c1}\Shell\AutoRun\command - "" = I:\RECYCLER\S-1-6-21-2434476521-1645641927-702000330-1542\volume.exe -- File not found
O33 - MountPoints2\{6a610094-07b8-11de-848e-001e2ab534c1}\Shell\open\command - "" = I:\RECYCLER\S-1-6-21-2434476521-1645641927-702000330-1542\volume.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/29 07:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\alot
[2010/10/29 07:43:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\alot
[2010/10/28 06:59:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/28 06:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/10/27 10:19:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/10/27 09:37:00 | 000,760,320 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\xflvyz.sys
[2010/10/27 09:36:56 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\hexdump.exe
[2010/10/27 09:36:56 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\gdi32.exe
[2010/10/27 09:36:55 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\system.exe
[2010/10/27 09:36:55 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\avp.exe
[2010/10/27 09:36:54 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\login.exe
[2010/10/27 09:36:39 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\setup.exe
[2010/10/27 09:36:39 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\lsass.exe
[2010/10/27 09:36:37 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\wininst.exe
[2010/10/27 09:36:36 | 000,060,004 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\mdm.exe
[2010/10/27 09:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angela\Application Data\C46DB7B83C987EDAACF5B2EF3D406D44
[2010/10/17 07:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angela\Application Data\YouTube Downloader
[2010/10/17 07:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angela\Application Data\Search Settings
[2010/10/17 07:52:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Application Updater
[2010/10/17 07:52:44 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2010/10/17 07:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar
[2010/10/17 07:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Angela\Desktop\*.tmp files -> C:\Documents and Settings\Angela\Desktop\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/31 06:12:36 | 000,760,320 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\xflvyz.sys
[2010/10/31 06:05:56 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/31 06:05:55 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure Startup.job
[2010/10/31 06:05:49 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/10/31 06:05:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/31 04:31:05 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/30 03:42:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/30 03:35:56 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/10/30 02:06:14 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/30 01:51:44 | 000,440,102 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/30 01:51:44 | 000,070,192 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/29 22:52:41 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/10/29 09:55:29 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/10/29 07:54:25 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\Angela\Desktop\RELAY AGE GROUP MANAGER'S GUIDE.doc
[2010/10/29 07:40:44 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/10/29 07:40:44 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/10/29 02:23:49 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/10/29 02:23:49 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/10/29 02:23:49 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/10/28 07:00:00 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/10/28 06:47:50 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/10/28 06:47:50 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/10/28 06:00:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/10/28 02:57:22 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/10/28 02:57:22 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/10/28 02:57:22 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/10/27 09:37:24 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/10/27 09:37:22 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/10/27 09:37:22 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/10/27 09:37:20 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/10/27 09:37:20 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/10/27 09:37:20 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/10/27 09:37:16 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/10/27 09:37:16 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/10/27 09:37:16 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/10/27 09:37:15 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/10/27 09:37:15 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/10/27 09:37:07 | 000,525,312 | ---- | M] () -- C:\Documents and Settings\Angela\Application Data\hotfix.exe
[2010/10/27 09:36:56 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\hexdump.exe
[2010/10/27 09:36:56 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\gdi32.exe
[2010/10/27 09:36:55 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system.exe
[2010/10/27 09:36:55 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\avp.exe
[2010/10/27 09:36:54 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\login.exe
[2010/10/27 09:36:52 | 000,001,231 | ---- | M] () -- C:\Documents and Settings\Angela\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/10/27 09:36:52 | 000,001,219 | ---- | M] () -- C:\Documents and Settings\Angela\Desktop\Antimalware Doctor.lnk
[2010/10/27 09:36:52 | 000,001,197 | ---- | M] () -- C:\Documents and Settings\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2010/10/27 09:36:50 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\z7l7alys5.dll
[2010/10/27 09:36:50 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\yevvr.dll
[2010/10/27 09:36:50 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\y89vp.dll
[2010/10/27 09:36:50 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\qb8eu8uw4v.dll
[2010/10/27 09:36:50 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\q8o0taorxs.dll
[2010/10/27 09:36:50 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\q35x3.dll
[2010/10/27 09:36:50 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\ilv1syfi.dll
[2010/10/27 09:36:50 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\hr5dyjzb2y.dll
[2010/10/27 09:36:39 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\setup.exe
[2010/10/27 09:36:39 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\lsass.exe
[2010/10/27 09:36:37 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\wininst.exe
[2010/10/27 09:36:36 | 000,060,004 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\mdm.exe
[2010/10/27 09:36:31 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\rw7s4u.dll
[2010/10/27 09:36:31 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\p0i5ddi1f3.dll
[2010/10/27 04:08:56 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Angela\Desktop\LORETO REGATTA VOLUNTEERS.doc
[2010/10/26 12:12:32 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Angela\Desktop\RELAYS U12 BOYS 2010.xls
[2010/10/26 12:11:43 | 000,000,998 | ---- | M] () -- C:\Documents and Settings\Angela\Desktop\RELAYS U12 BOYS 2010.htm
[2010/10/23 23:25:06 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/10/23 13:09:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2010/10/23 04:20:30 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\Angela\Desktop\TENNIS SUMMER ROSTER.doc
[2010/10/23 03:52:09 | 000,014,090 | ---- | M] () -- C:\Documents and Settings\Angela\Desktop\rowing regatta jobs.docx
[2010/10/23 00:33:13 | 004,975,686 | ---- | M] () -- C:\Documents and Settings\Angela\Desktop\The xx - Crystalised.mp3
[2010/10/23 00:33:12 | 005,119,934 | ---- | M] () -- C:\Documents and Settings\Angela\Desktop\01 Intro.mp3
[2010/10/23 00:33:11 | 005,636,430 | ---- | M] () -- C:\Documents and Settings\Angela\Desktop\05-the_xx-heart_skipped_a_beat(2).mp3
[2010/10/23 00:32:36 | 003,923,262 | ---- | M] () -- C:\Documents and Settings\Angela\Desktop\04-the_xx-islands.mp3
[2010/10/23 00:32:32 | 003,024,659 | ---- | M] () -- C:\Documents and Settings\Angela\Desktop\02-the_xx-vcr.mp3
[2010/10/21 21:39:14 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\Angela\Desktop\Apple Safari.lnk
[2010/10/19 09:23:30 | 000,076,027 | ---- | M] () -- C:\Documents and Settings\Angela\Desktop\2963989580_9b7662dfdb_o[1].jpg
[2010/10/16 03:05:42 | 005,234,338 | ---- | M] () -- C:\Documents and Settings\Angela\Desktop\Ghostface Killah - Fishscale - 03 - Kilo(2).mp3
[2010/10/15 18:49:02 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/10/13 01:42:55 | 000,014,522 | ---- | M] () -- C:\Documents and Settings\Angela\Desktop\Rowing Term-4_dates_2010_Version-1.xlsx
[2010/10/11 21:55:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/11 11:42:05 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Angela\Desktop\Exam Advice.doc
[2010/10/11 10:18:08 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/09 12:49:23 | 000,019,359 | ---- | M] () -- C:\Documents and Settings\Angela\Desktop\DRAW TENNIS.pdf
[2010/10/09 12:47:34 | 000,017,751 | ---- | M] () -- C:\Documents and Settings\Angela\Desktop\SCORECARDS.pdf
[2010/10/07 07:41:35 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\Angela\Desktop\2010 Winter Tennis Roster 11.doc
[2010/10/06 00:04:46 | 000,122,138 | ---- | M] () -- C:\Documents and Settings\Angela\Desktop\U13 Titans Coleman.pdf
[2010/10/04 05:57:30 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Angela\Desktop\Year 8 Study Skills Info Night.DOC
[2010/10/04 03:30:47 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Angela\Desktop\Year%208%20Study%20Skills%20Info%20Night[1].DOC
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Angela\Desktop\*.tmp files -> C:\Documents and Settings\Angela\Desktop\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/29 07:54:25 | 000,054,784 | ---- | C] () -- C:\Documents and Settings\Angela\Desktop\RELAY AGE GROUP MANAGER'S GUIDE.doc
[2010/10/27 09:37:32 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/10/27 09:37:32 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/10/27 09:37:30 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/10/27 09:37:30 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/10/27 09:37:29 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/10/27 09:37:27 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/10/27 09:37:27 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/10/27 09:37:24 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/10/27 09:37:24 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/10/27 09:37:24 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/10/27 09:37:24 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/10/27 09:37:24 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/10/27 09:37:22 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/10/27 09:37:22 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/10/27 09:37:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/10/27 09:37:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/10/27 09:37:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/10/27 09:37:16 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/10/27 09:37:16 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/10/27 09:37:16 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/10/27 09:37:15 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/10/27 09:37:15 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/10/27 09:37:15 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/10/27 09:37:15 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/10/27 09:37:07 | 000,525,312 | ---- | C] () -- C:\Documents and Settings\Angela\Application Data\hotfix.exe
[2010/10/27 09:36:52 | 000,001,231 | ---- | C] () -- C:\Documents and Settings\Angela\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/10/27 09:36:52 | 000,001,219 | ---- | C] () -- C:\Documents and Settings\Angela\Desktop\Antimalware Doctor.lnk
[2010/10/27 09:36:52 | 000,001,197 | ---- | C] () -- C:\Documents and Settings\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
[2010/10/27 09:36:50 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\z7l7alys5.dll
[2010/10/27 09:36:50 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\yevvr.dll
[2010/10/27 09:36:50 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\y89vp.dll
[2010/10/27 09:36:50 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\qb8eu8uw4v.dll
[2010/10/27 09:36:50 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\q8o0taorxs.dll
[2010/10/27 09:36:50 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\q35x3.dll
[2010/10/27 09:36:50 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\ilv1syfi.dll
[2010/10/27 09:36:50 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\hr5dyjzb2y.dll
[2010/10/27 09:36:31 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\rw7s4u.dll
[2010/10/27 09:36:31 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\p0i5ddi1f3.dll
[2010/10/27 04:08:56 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Angela\Desktop\LORETO REGATTA VOLUNTEERS.doc
[2010/10/26 12:12:32 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Angela\Desktop\RELAYS U12 BOYS 2010.xls
[2010/10/26 12:11:43 | 000,000,998 | ---- | C] () -- C:\Documents and Settings\Angela\Desktop\RELAYS U12 BOYS 2010.htm
[2010/10/23 03:52:08 | 000,014,090 | ---- | C] () -- C:\Documents and Settings\Angela\Desktop\rowing regatta jobs.docx
[2010/10/23 00:34:29 | 004,975,686 | ---- | C] () -- C:\Documents and Settings\Angela\Desktop\The xx - Crystalised.mp3
[2010/10/23 00:34:23 | 005,636,430 | ---- | C] () -- C:\Documents and Settings\Angela\Desktop\05-the_xx-heart_skipped_a_beat(2).mp3
[2010/10/23 00:34:18 | 005,119,934 | ---- | C] () -- C:\Documents and Settings\Angela\Desktop\01 Intro.mp3
[2010/10/23 00:32:47 | 003,923,262 | ---- | C] () -- C:\Documents and Settings\Angela\Desktop\04-the_xx-islands.mp3
[2010/10/23 00:32:41 | 003,024,659 | ---- | C] () -- C:\Documents and Settings\Angela\Desktop\02-the_xx-vcr.mp3
[2010/10/19 09:23:35 | 000,076,027 | ---- | C] () -- C:\Documents and Settings\Angela\Desktop\2963989580_9b7662dfdb_o[1].jpg
[2010/10/17 04:26:48 | 004,491,726 | ---- | C] () -- C:\Documents and Settings\Angela\Desktop\INI - Pete Rock - Grown Man Sport.mp3
[2010/10/16 03:07:41 | 005,234,338 | ---- | C] () -- C:\Documents and Settings\Angela\Desktop\Ghostface Killah - Fishscale - 03 - Kilo(2).mp3
[2010/10/13 01:42:54 | 000,014,522 | ---- | C] () -- C:\Documents and Settings\Angela\Desktop\Rowing Term-4_dates_2010_Version-1.xlsx
[2010/10/10 13:42:23 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Angela\Desktop\Exam Advice.doc
[2010/10/09 12:49:23 | 000,019,359 | ---- | C] () -- C:\Documents and Settings\Angela\Desktop\DRAW TENNIS.pdf
[2010/10/09 12:47:34 | 000,017,751 | ---- | C] () -- C:\Documents and Settings\Angela\Desktop\SCORECARDS.pdf
[2010/10/09 12:14:08 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\Angela\Desktop\TENNIS SUMMER ROSTER.doc
[2010/10/06 00:04:46 | 000,122,138 | ---- | C] () -- C:\Documents and Settings\Angela\Desktop\U13 Titans Coleman.pdf
[2010/10/04 05:57:29 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Angela\Desktop\Year 8 Study Skills Info Night.DOC
[2010/10/04 03:30:47 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Angela\Desktop\Year%208%20Study%20Skills%20Info%20Night[1].DOC
[2009/08/21 08:29:47 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/04 12:08:06 | 000,005,062 | ---- | C] () -- C:\Documents and Settings\Angela\reset.txt
[2009/01/01 11:32:07 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009/01/01 11:32:07 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/12/31 06:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/10/09 09:10:07 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Angela\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/20 13:41:31 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Angela\default.pls
[2008/09/20 13:39:55 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/10 12:53:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/10 03:50:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/09/09 07:52:36 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008/09/09 07:36:06 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008/09/09 07:36:06 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008/09/09 07:36:04 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2008/09/09 07:36:04 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008/09/09 07:20:32 | 000,031,291 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/09/09 07:18:22 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/09/09 07:18:21 | 000,030,985 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/09/09 07:18:14 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/05/16 04:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 04:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 04:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 04:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 04:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/03/15 07:57:51 | 000,000,338 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/03/15 07:57:33 | 000,082,432 | ---- | C] () -- C:\WINDOWS\isatfot.dll
[2005/03/15 01:03:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 05:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998/06/10 10:38:40 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\Reputil.dll
< End of report >

Extra:

OTL Extras logfile created on: 11/1/2010 2:29:30 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = D:\OTLPE\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 99.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 277.83 Gb Free Space | 59.65% Space Free | Partition Type: NTFS
Drive D: | 980.72 Mb Total Space | 489.98 Mb Free Space | 49.96% Space Free | Partition Type: FAT
Drive X: | 154.32 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MININT-JVC | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"21007:TCP" = 21007:TCP:*:Enabled:spport
"6719:TCP" = 6719:TCP:*:Enabled:spport
"19586:TCP" = 19586:TCP:*:Enabled:spport
"7836:TCP" = 7836:TCP:*:Enabled:spport
"12879:TCP" = 12879:TCP:*:Enabled:spport
"13398:TCP" = 13398:TCP:*:Enabled:spport
"13838:TCP" = 13838:TCP:*:Enabled:spport
"29843:TCP" = 29843:TCP:*:Enabled:spport
"26879:TCP" = 26879:TCP:*:Enabled:spport
"6924:TCP" = 6924:TCP:*:Enabled:spport
"22230:TCP" = 22230:TCP:*:Enabled:spport
"17193:TCP" = 17193:TCP:*:Enabled:spport
"22033:TCP" = 22033:TCP:*:Enabled:spport
"14702:TCP" = 14702:TCP:*:Enabled:spport
"13926:TCP" = 13926:TCP:*:Enabled:spport
"21299:TCP" = 21299:TCP:*:Enabled:spport

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found
"D:\Installation\Setupx.exe" = D:\Installation\Setupx.exe:*:Enabled:Nero ControlCenter -- File not found
"C:\Documents and Settings\Angela\Desktop\utorrent.exe" = C:\Documents and Settings\Angela\Desktop\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\WINDOWS\system32\wsntfy.exe" = C:\WINDOWS\system32\wsntfy.exe:*:Enabled:Explorer -- File not found
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 10
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = 3 Mobile Broadband
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51123D42-6B9C-4B93-900C-29F9EC5963C9}" = NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59046D29-2E6B-4224-BF0D-64F3E7A93F7B}" = LightScribe System Software 1.10.19.1
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65A54DC3-5FF6-4C75-906E-3EA1A3B71033}" = Nero 8 Essentials
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{BBE93894-6608-11d3-9F6A-006008A88EC8}" = Microsoft Repository
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2EBC2F1-B766-4AE3-A10C-6EBBC1EE3B02}" = MyDesktop Sync
"{C5C649A8-1D21-4C83-9B08-7B3752E580F4}" = Safari
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E44BD710-B71A-11d3-9F79-006008A88EC8}" = VBA
"{E8814A8F-3B06-11D3-8CD7-00C04F72C04D}" = Microsoft Visual Studio Service Pack 3
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF35F637-72B9-43BE-A281-06EB2854393A}" = 3DMark03
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Age of Empires" = Microsoft Age of Empires
"alotToolbar" = ALOT Toolbar
"BFGC" = Big Fish Games Client
"BFG-Drawn - The Painted Tower" = Drawn: The Painted Tower ™
"BFG-Paradise Beach" = Paradise Beach
"BFG-Plants vs. Zombies" = Plants vs. Zombies
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Feeding Frenzy Deluxe 5.7.18.1" = Feeding Frenzy Deluxe 5.7.18.1
"Free_Lunch_Design Toolbar" = Free_Lunch_Design Toolbar
"Icy Tower v1.4_is1" = Icy Tower v1.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"LimeWire" = LimeWire 5.3.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.12)" = Mozilla Firefox (3.0.12)
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\Angela_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Antimalware Doctor" = Antimalware Doctor
"TSC" = Total Security
"uTorrent" = µTorrent

< End of report >

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,830 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:06 PM

Posted 01 November 2010 - 04:33 AM

Hello again,

Please rerun OTLPE, click the NONE button, then change the value under Standard Registry to ALL. Paste the following text into the "custom scan/fix" field and click Run Scan. Post me the new log.
/md5start
userinit.exe
/md5stop

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Lee5

Lee5
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 01 November 2010 - 08:41 AM

Hello again Elise... here you go,

Cheers,
Lee.


OTL logfile created on: 11/2/2010 12:33:07 AM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = D:\OTLPE\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 99.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 277.83 Gb Free Space | 59.65% Space Free | Partition Type: NTFS
Drive D: | 980.72 Mb Total Space | 489.86 Mb Free Space | 49.95% Space Free | Partition Type: FAT
Drive X: | 154.32 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MININT-JVC | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet002

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Angela_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Angela_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\Angela_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\Angela_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\Angela_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com.au/ [binary data]
IE - HKU\Angela_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/webhp?sourceid=navclient&ie=UTF-8
IE - HKU\Angela_ON_C\Software\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
IE - HKU\Angela_ON_C\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\Angela_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKU\Angela_ON_C\..\URLSearchHook: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
IE - HKU\Angela_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Angela_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\James_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\James_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\James_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKU\James_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\James_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Lee_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Lee_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\Lee_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKU\Lee_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Lee_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Michael_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Michael_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\Michael_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZJman000&ptb=OrCBFW5EkMtDdwKwITAYyg
IE - HKU\Michael_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\Michael_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Michael_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Rosalind_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Rosalind_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\Rosalind_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKU\Rosalind_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://optuszoo.com.au/"
FF - prefs.js..extensions.enabledItems: toolbar@alot.com:2.4.4000
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8
FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJman000&fl=0&ptb=OrCBFW5EkMtDdwKwITAYyg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor="

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/11/06 08:30:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 13:44:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/03 14:32:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/12 10:22:32 | 000,000,000 | ---D | M]

[2009/08/01 06:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angela\Application Data\Mozilla\Extensions
[2008/09/10 12:24:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Angela\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/01 06:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angela\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/29 03:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\kpx6covl.default\extensions
[2009/09/04 08:48:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\kpx6covl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/22 07:25:50 | 000,000,000 | ---D | M] (Free Lunch Design Toolbar) -- C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\kpx6covl.default\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}
[2010/09/03 14:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\kpx6covl.default\extensions\toolbar@alot.com
[2009/05/05 10:50:40 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\kpx6covl.default\searchplugins\live-search.xml
[2009/08/30 23:46:57 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\Angela\Application Data\Mozilla\Firefox\Profiles\kpx6covl.default\searchplugins\mywebsearch.xml
[2010/10/17 07:52:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/03 14:32:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/11/06 08:30:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2010/07/23 02:07:09 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/07/23 02:07:10 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/11/06 08:30:12 | 000,410,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2010/07/23 02:07:11 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 09:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/02/27 02:13:42 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/12/29 04:52:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/12/29 04:52:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/12/29 04:52:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/12/29 04:52:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/12/29 04:52:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/12/29 04:52:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/12/29 04:52:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/07/22 23:41:04 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/07/22 23:41:04 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/07/22 23:41:04 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/07/22 23:41:04 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/07/22 23:41:04 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/07/22 23:41:04 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/10/17 07:52:43 | 000,000,811 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2004/08/04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ALOT Toolbar BHO) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\alot.dll (Vertro)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Angela_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Angela_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Angela_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\Angela_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Angela_ON_C\..\Toolbar\WebBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
O3 - HKU\Angela_ON_C\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O3 - HKU\James_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\James_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\James_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\James_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Lee_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Lee_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Michael_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Michael_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Michael_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\Michael_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Rosalind_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Rosalind_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ASUS Energy Saving] C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe ()
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [CPU Power Monitor] C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\Angela_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Angela_ON_C..\Run: [forusesetup70700advanced.exe] C:\Documents and Settings\Angela\Application Data\C46DB7B83C987EDAACF5B2EF3D406D44\forusesetup70700advanced.exe (Корпорация Майкрософт)
O4 - HKU\Angela_ON_C..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKU\Angela_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\James_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\James_ON_C..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\James_ON_C..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\James_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Lee_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Lee_ON_C..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\Lee_ON_C..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [upd_debug.exe] C:\Documents and Settings\Angela\Application Data\C46DB7B83C987EDAACF5B2EF3D406D44\upd_debug.exe (Корпорация Майкрософт)
O4 - HKU\Michael_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Michael_ON_C..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\Michael_ON_C..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\Michael_ON_C..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe File not found
O4 - HKU\Michael_ON_C..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMON.EXE File not found
O4 - HKU\Michael_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\NetworkService_ON_C..\Run: [upd_debug.exe] C:\Documents and Settings\Angela\Application Data\C46DB7B83C987EDAACF5B2EF3D406D44\upd_debug.exe (Корпорация Майкрософт)
O4 - HKU\Rosalind_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Rosalind_ON_C..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKLM..\RunOnce: [*upd_debug.exe] C:\Documents and Settings\Angela\Application Data\C46DB7B83C987EDAACF5B2EF3D406D44\upd_debug.exe (Корпорация Майкрософт)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyDesktop Sync.lnk = C:\Program Files\Telstra\MyDesktop Sync\Voxsync.exe (Voxmobili)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T\wlan111t.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe ()
O4 - Startup: C:\Documents and Settings\Angela\Start Menu\Programs\Startup\Antimalware Doctor.lnk = C:\Documents and Settings\Angela\Application Data\C46DB7B83C987EDAACF5B2EF3D406D44\forusesetup70700advanced.exe (Корпорация Майкрософт)
O4 - Startup: C:\Documents and Settings\Angela\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\Michael\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Angela_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\James_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Lee_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Michael_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Rosalind_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229952725359 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - C:\WINDOWS\System32\MrvGINA.dll (Marvell®)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Angela/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\userinit.exe: Debugger - wincpack.exe File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/14 14:10:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/11/02 04:04:58 | 000,000,046 | R--- | M] () - X:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0baa2b0d-d18b-11dd-845c-001e2ab534c1}\Shell - "" = AutoRun
O33 - MountPoints2\{0baa2b0d-d18b-11dd-845c-001e2ab534c1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0baa2b0d-d18b-11dd-845c-001e2ab534c1}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{0baa2b0e-d18b-11dd-845c-001e2ab534c1}\Shell - "" = AutoRun
O33 - MountPoints2\{0baa2b0e-d18b-11dd-845c-001e2ab534c1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0baa2b0e-d18b-11dd-845c-001e2ab534c1}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{509d2f37-7f2c-11dd-83f1-001fc64e77f9}\Shell - "" = AutoRun
O33 - MountPoints2\{509d2f37-7f2c-11dd-83f1-001fc64e77f9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{509d2f37-7f2c-11dd-83f1-001fc64e77f9}\Shell\AutoRun\command - "" = I:\AutoUSB.exe index.html -- File not found
O33 - MountPoints2\{5b1880a1-7f33-11dd-83f2-001e2ab534c1}\Shell - "" = AutoRun
O33 - MountPoints2\{5b1880a1-7f33-11dd-83f2-001e2ab534c1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5b1880a1-7f33-11dd-83f2-001e2ab534c1}\Shell\AutoRun\command - "" = K:\AutoUSB.exe index.html -- File not found
O33 - MountPoints2\{6a610094-07b8-11de-848e-001e2ab534c1}\Shell\AutoRun\command - "" = I:\RECYCLER\S-1-6-21-2434476521-1645641927-702000330-1542\volume.exe -- File not found
O33 - MountPoints2\{6a610094-07b8-11de-848e-001e2ab534c1}\Shell\open\command - "" = I:\RECYCLER\S-1-6-21-2434476521-1645641927-702000330-1542\volume.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Custom Scans ==========



< MD5 for: USERINIT.EXE >
[2004/08/04 12:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< End of report >

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,830 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:06 PM

Posted 01 November 2010 - 08:59 AM

Hello there,
Please rerun OTLPE, copy/paste the following text into the "custom scan/fix" field and click Run Fix. Afterwards try to boot normally and let me know if you can log in.
:otl
O27 - HKLM IFEO\userinit.exe: Debugger - wincpack.exe File not found

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users