Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected:ole32.dll! has taken over internet explorer email and others


  • This topic is locked This topic is locked
27 replies to this topic

#1 WIHH

WIHH

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 06 January 2011 - 12:27 PM

I have downloaded malwarebytes after a systems tool attack but now my email appears to be compromised. When I attempt to open the internet, I get 80+ windows opening on my desktop - all email errors?

I have been told that this potentially is the result of roots from the original trojan.




DDS (Ver_10-12-12.02) - NTFSx86
Run by Administrator at 10:17:44.96 on Thu 01/06/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.153 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uInternet Settings,ProxyServer = http=127.0.0.1:25454
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launch~1.lnk - c:\qoobox\quarantine\c\program files\whitesmoke translator\WSTrayDictMode.exe.vir
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152806705954
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-8-26 334984]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-8-26 53896]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-10-4 185968]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-10-4 177776]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-11-15 169200]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-11-15 1756912]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-12 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110101.005\naveng.sys [2011-1-6 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110101.005\navex15.sys [2011-1-6 1360760]
S0 drcxt;drcxt; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-20 136176]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-2-11 300400]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-10-4 83568]

=============== Created Last 30 ================

2010-12-30 20:54:10 -------- dcs---w- C:\fix
2010-12-30 20:23:44 -------- dcsha-r- C:\cmdcons
2010-12-30 20:20:46 98816 ----a-w- c:\windows\sed.exe
2010-12-30 20:20:46 89088 ----a-w- c:\windows\MBR.exe
2010-12-30 20:20:46 256512 ----a-w- c:\windows\PEV.exe
2010-12-30 20:20:46 161792 ----a-w- c:\windows\SWREG.exe
2010-12-30 19:52:47 -------- d-----w- c:\docume~1\admini~1\applic~1\WhiteSmokeSetup
2010-12-30 19:35:19 49664 ---ha-w- c:\windows\system32\eveninfo.dll
2010-12-29 13:31:42 29996 ---h--w- c:\docume~1\admini~1\applic~1\ntuser.dat
2010-12-22 13:05:25 20480 ----a-w- c:\documents and settings\administrator\ndisrd.sys
2010-12-22 13:05:25 13824 ----a-w- c:\documents and settings\administrator\snetcfg.exe
2010-12-16 16:45:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\pAcHc06101
2010-12-16 16:43:55 -------- d-----w- c:\docume~1\admini~1\applic~1\xssenddsurcycynvncvxnaqztacwddabojueh
2010-12-16 16:42:19 -------- d-----w- c:\docume~1\admini~1\applic~1\vcedlxwmuyd3mfqrgwdl31igzzs3j3y2

==================== Find3M ====================

2010-12-29 13:08:15 0 ----a-w- c:\windows\Kwufecus.bin
2010-10-20 18:19:08 1033728 ----a-w- c:\windows\explorer.exe
2010-10-20 18:17:56 507904 ----a-w- c:\windows\system32\winlogon.exe
2007-02-08 20:11:51 19666504 -c--a-w- c:\program files\QuickTimeInstaller.exe

============= FINISH: 10:18:39.76 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:07:02 AM

Posted 11 January 2011 - 04:01 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

Best Regards,
oneof4.

Best Regards,
oneof4.


#3 WIHH

WIHH
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 12 January 2011 - 03:40 PM

Thank you folks so much for taking the time to look at thyis gobbeldygook and makes head or tail out of it. If you can help me, I would be so thankful!

OTL logfile created on: 1/12/2011 2:27:05 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 54.00 Mb Available Physical Memory | 11.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 62.74 Gb Free Space | 84.18% Space Free | Partition Type: NTFS
Drive K: | 116.74 Gb Total Space | 79.56 Gb Free Space | 68.15% Space Free | Partition Type: NTFS
Drive U: | 116.74 Gb Total Space | 79.56 Gb Free Space | 68.15% Space Free | Partition Type: NTFS

Computer Name: FRONTDESK | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/12 14:24:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator\Desktop\OTL.exe
PRC - [2010/10/20 12:19:08 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2010/02/08 12:09:00 | 001,634,304 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2009/10/11 04:17:45 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2007/11/30 08:27:50 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2005/11/15 12:28:04 | 000,085,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2005/11/15 12:27:56 | 000,169,200 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2005/11/15 12:27:54 | 001,756,912 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/11/15 12:27:46 | 000,018,672 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DoScan.exe
PRC - [2005/11/15 12:27:44 | 000,020,208 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/10/04 11:42:50 | 000,177,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/10/04 11:42:42 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/10/04 11:42:40 | 000,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2000/06/29 02:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\WINDOWS\system32\Crypserv.exe


========== Modules (SafeList) ==========

MOD - [2011/01/12 14:24:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/02/11 15:36:12 | 000,300,400 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2005/11/15 12:27:56 | 000,169,200 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/11/15 12:27:54 | 001,756,912 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/11/15 12:27:44 | 000,020,208 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/10/19 16:39:34 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/10/04 11:42:50 | 000,177,776 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/10/04 11:42:48 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/10/04 11:42:42 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/03/30 20:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2000/06/29 02:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/01/06 09:32:47 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110101.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/01/06 09:32:46 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110101.005\NAVENG.SYS -- (NAVENG)
DRV - [2010/12/29 07:11:48 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/12 20:15:47 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2005/10/19 16:39:04 | 000,195,728 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/10/19 16:38:58 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/09/27 10:50:00 | 001,021,832 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/26 14:46:48 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2005/09/16 23:20:06 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/08/26 13:22:50 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/08/26 13:22:48 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/04/01 09:04:52 | 000,180,736 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2005/03/30 20:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2000/02/03 13:53:12 | 000,024,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:27811

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:27811

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-21-438646793-291972879-960579291-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-21-438646793-291972879-960579291-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-438646793-291972879-960579291-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25454


[2010/12/30 14:43:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/12/30 14:45:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Whitesmoke Translator.lnk = C:\Qoobox\Quarantine\C\Program Files\WhiteSmoke Translator\WSTrayDictMode.exe.vir ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-438646793-291972879-960579291-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-438646793-291972879-960579291-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-438646793-291972879-960579291-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-438646793-291972879-960579291-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152806705954 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.42.0.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = perpich.int
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\WINDOWS\Greenstone.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Greenstone.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/15 10:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/12 14:19:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\administrator\Desktop\OTL.exe
[2011/01/06 10:21:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator\Desktop\gmer
[2010/12/30 14:54:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/12/30 14:54:10 | 000,000,000 | --SD | C] -- C:\fix
[2010/12/30 14:23:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/30 14:20:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/30 14:20:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/30 14:20:46 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/30 14:20:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/30 14:20:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/30 13:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WhiteSmoke Translator
[2010/12/30 13:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator\Application Data\WhiteSmokeSetup
[2010/12/30 13:39:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/22 08:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator\Desktop\New Folder
[2010/12/22 07:05:25 | 000,020,480 | ---- | C] (NT Kernel Resources) -- C:\Documents and Settings\administrator\ndisrd.sys
[2010/12/22 07:05:25 | 000,013,824 | ---- | C] (Windows ® 2000 DDK provider) -- C:\Documents and Settings\administrator\snetcfg.exe
[2010/12/16 10:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pAcHc06101
[2010/12/16 10:43:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator\Application Data\xssenddsurcycynvncvxnaqztacwddabojueh
[2010/12/16 10:42:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator\Application Data\vcedlxwmuyd3mfqrgwdl31igzzs3j3y2
[2007/02/08 14:07:10 | 019,666,504 | ---- | C] (Apple Computer, Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/12 14:24:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator\Desktop\OTL.exe
[2011/01/12 14:08:03 | 000,228,434 | ---- | M] () -- C:\logfile
[2011/01/12 14:05:53 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{947FD3D4-A3ED-4F87-8ABA-3E29739454D8}.job
[2011/01/12 14:05:05 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/01/12 14:03:56 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/12 14:03:47 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/12 14:03:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/06 10:55:30 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/06 10:20:44 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\administrator\Desktop\gmer.zip
[2011/01/06 10:16:48 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\administrator\Desktop\dds.scr
[2011/01/06 09:44:53 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\administrator\Desktop\Defogger.exe
[2011/01/06 09:37:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\administrator\defogger_reenable
[2011/01/06 09:29:34 | 000,001,997 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Whitesmoke Translator.lnk
[2010/12/30 14:45:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/30 14:23:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/12/30 14:19:50 | 004,011,777 | R--- | M] () -- C:\Documents and Settings\administrator\Desktop\fix.exe
[2010/12/30 14:19:06 | 004,011,777 | R--- | M] () -- C:\Documents and Settings\administrator\Desktop\ComboFix.exe
[2010/12/30 13:52:52 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Whitesmoke Translator!.lnk
[2010/12/30 13:35:19 | 000,049,664 | -H-- | M] () -- C:\WINDOWS\System32\eveninfo.dll
[2010/12/30 13:35:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/29 11:19:41 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Dvelefubeqixiwuh.dat
[2010/12/29 07:08:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Kwufecus.bin
[2010/12/23 14:33:05 | 000,000,844 | ---- | M] () -- C:\Documents and Settings\administrator\Desktop\e.lnk
[2010/12/22 16:38:22 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2010/12/22 13:50:48 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\explore.exe.lnk
[2010/12/22 07:05:25 | 000,020,480 | ---- | M] (NT Kernel Resources) -- C:\Documents and Settings\administrator\ndisrd.sys
[2010/12/22 07:05:25 | 000,013,824 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Documents and Settings\administrator\snetcfg.exe
[2010/12/22 07:05:25 | 000,003,387 | ---- | M] () -- C:\Documents and Settings\administrator\ndisrd.inf
[2010/12/22 07:05:25 | 000,001,400 | ---- | M] () -- C:\Documents and Settings\administrator\ndisrd_m.inf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/06 10:20:41 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\administrator\Desktop\gmer.zip
[2011/01/06 10:16:45 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\administrator\Desktop\dds.scr
[2011/01/06 09:44:49 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\administrator\Desktop\Defogger.exe
[2011/01/06 09:37:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\administrator\defogger_reenable
[2010/12/30 14:23:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/12/30 14:23:46 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/30 14:20:46 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/30 14:20:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/30 14:20:46 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/30 14:20:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/30 14:20:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/30 14:19:47 | 004,011,777 | R--- | C] () -- C:\Documents and Settings\administrator\Desktop\fix.exe
[2010/12/30 14:18:43 | 004,011,777 | R--- | C] () -- C:\Documents and Settings\administrator\Desktop\ComboFix.exe
[2010/12/30 13:52:52 | 000,001,997 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Whitesmoke Translator.lnk
[2010/12/30 13:52:52 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Whitesmoke Translator!.lnk
[2010/12/30 13:35:19 | 000,049,664 | -H-- | C] () -- C:\WINDOWS\System32\eveninfo.dll
[2010/12/23 14:32:56 | 000,000,844 | ---- | C] () -- C:\Documents and Settings\administrator\Desktop\e.lnk
[2010/12/22 07:05:25 | 000,003,387 | ---- | C] () -- C:\Documents and Settings\administrator\ndisrd.inf
[2010/12/22 07:05:25 | 000,001,400 | ---- | C] () -- C:\Documents and Settings\administrator\ndisrd_m.inf
[2010/12/16 11:22:46 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2010/10/06 10:30:39 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\administrator\Application Data\asdsada.bat
[2010/07/29 09:27:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/07/10 16:00:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\administrator\Application Data\AVSDVDPlayer.m3u
[2008/07/10 15:58:58 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/10 15:58:58 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/05/31 15:27:25 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/09 16:34:16 | 000,782,244 | ---- | C] () -- C:\Program Files\TWV.zip
[2006/11/16 15:42:21 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2006/11/16 15:42:17 | 000,024,608 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2006/11/16 15:42:17 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2006/09/27 07:26:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/16 13:26:15 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\PWEventMessage.dll
[2006/08/16 13:26:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\SDInstall.dll
[2005/08/15 18:13:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/15 12:17:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/04 06:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 06:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 06:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 06:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 06:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >



OTL Extras logfile created on: 1/12/2011 2:27:06 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 54.00 Mb Available Physical Memory | 11.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 62.74 Gb Free Space | 84.18% Space Free | Partition Type: NTFS
Drive K: | 116.74 Gb Total Space | 79.56 Gb Free Space | 68.15% Space Free | Partition Type: NTFS
Drive U: | 116.74 Gb Total Space | 79.56 Gb Free Space | 68.15% Space Free | Partition Type: NTFS

Computer Name: FRONTDESK | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\SoftDent\SDWIN.EXE" = C:\SoftDent\SDWIN.EXE:*:Enabled:SoftDent Client -- (PracticeWorks, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\LMI104.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI104.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue -- File not found
"C:\WINDOWS\LMI10C.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI10C.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue -- File not found
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" = C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe" = C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" = C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe" = C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company)
"C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe" = C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer -- (Eastman Kodak Company)
"C:\Documents and Settings\All Users\Application Data\84b529\SM84b_2208.exe" = C:\Documents and Settings\All Users\Application Data\84b529\SM84b_2208.exe:*:Enabled:Smart Security -- File not found
"C:\WINDOWS\LMI12.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI12.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Documents and Settings\administrator\Application Data\vcedlxwmuyd3mfqrgwdl31igzzs3j3y2\csrss.exe" = C:\Documents and Settings\administrator\Application Data\vcedlxwmuyd3mfqrgwdl31igzzs3j3y2\csrss.exe:*:Enabled:ldrsoft -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{46B63F23-2B4A-4525-A827-688026BE5E40}" = Symantec AntiVirus
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}" = iTunes
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}" = Apple Mobile Device Support
"{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}" = Apple Software Update
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = KODAK All-in-One Printer Software
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"1.0_is1" = CareCredit CCware Version 4.3
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"CareCredit CCware_is1" = CCWare version 2.2
"CentraClient" = Centra Client
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Kodak Dental Imaging" = Kodak Dental Imaging
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Connections Drivers
"SoftDent Software" = SoftDent Software
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/29/2010 9:55:53 AM | Computer Name = FRONTDESK | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Threat: Trojan.Zefarch in File: c:\windows\uyahecew.dll
by: Manual scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged.

Error - 12/29/2010 9:56:02 AM | Computer Name = FRONTDESK | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Threat: Trojan.Zefarch in File: c:\windows\uyahecew.dll
by: Manual scan. Action: Clean failed : Quarantine failed. Action Description:
Quarantine was partially successful.

Error - 12/29/2010 11:18:04 AM | Computer Name = FRONTDESK | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Threat: Trojan.Gen.2 in File: C:\Documents and
Settings\administrator\Application Data\xssenddsurcycynvncvxnaqztacwddabojueh\svcnost.exe
by: Manual scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged.

Error - 12/29/2010 1:20:42 PM | Computer Name = FRONTDESK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 12/29/2010 1:20:43 PM | Computer Name = FRONTDESK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/29/2010 1:21:26 PM | Computer Name = FRONTDESK | Source = Application Hang | ID = 1002
Description = Hanging application VPC32.exe, version 10.0.2.2000, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/30/2010 3:35:04 PM | Computer Name = FRONTDESK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 12/30/2010 3:35:04 PM | Computer Name = FRONTDESK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/30/2010 3:53:31 PM | Computer Name = FRONTDESK | Source = Application Error | ID = 1000
Description = Faulting application whitesmoke-silent.exe, version 1.0.0.0, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001aa21.

Error - 12/30/2010 4:25:34 PM | Computer Name = FRONTDESK | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x715b9e59.

[ System Events ]
Error - 12/30/2010 4:00:23 PM | Computer Name = FRONTDESK | Source = Service Control Manager | ID = 7003
Description = The Kodak AiO Network Discovery Service service depends on the following
nonexistent service: Bonjour Service

Error - 12/30/2010 4:00:23 PM | Computer Name = FRONTDESK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl Fips intelppm NetworkX SAVRT SAVRTPEL SYMTDI

Error - 12/30/2010 4:19:43 PM | Computer Name = FRONTDESK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/30/2010 4:20:43 PM | Computer Name = FRONTDESK | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 12/30/2010 4:20:43 PM | Computer Name = FRONTDESK | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 12/30/2010 4:28:19 PM | Computer Name = FRONTDESK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/30/2010 4:30:56 PM | Computer Name = FRONTDESK | Source = Service Control Manager | ID = 7003
Description = The Kodak AiO Network Discovery Service service depends on the following
nonexistent service: Bonjour Service

Error - 1/6/2011 11:29:19 AM | Computer Name = FRONTDESK | Source = Service Control Manager | ID = 7003
Description = The Kodak AiO Network Discovery Service service depends on the following
nonexistent service: Bonjour Service

Error - 1/6/2011 12:11:50 PM | Computer Name = FRONTDESK | Source = Service Control Manager | ID = 7003
Description = The Kodak AiO Network Discovery Service service depends on the following
nonexistent service: Bonjour Service

Error - 1/12/2011 4:04:58 PM | Computer Name = FRONTDESK | Source = Service Control Manager | ID = 7003
Description = The Kodak AiO Network Discovery Service service depends on the following
nonexistent service: Bonjour Service


< End of report >

Edited by WIHH, 12 January 2011 - 04:01 PM.


#4 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:07:02 AM

Posted 12 January 2011 - 09:02 PM

Hi,

Welcome to Bleeping Computer.

My name is Shannon and I will be working with you to remove the malware that is on your machine.

I apologize for the delay in replying to your post, but this forum is extremely busy.

Please don't make any further changes or run any other tools unless instructed to. Additional changes may hinder the cleaning of your machine.

When asked to copy logs or reports into your reply, please copy them directly into your reply. Do not include them in quotes. Do not attach them unless asked to do so. In Notepad, please turn off Word Wrap under the Format menu.

Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.

Please give me some time to look over your logs. I will post the reply as soon as possible.
Shannon

#5 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:07:02 AM

Posted 13 January 2011 - 11:42 AM

Hi-

I hope you haven't trashed your computer by running ComboFix. Please copy the contents of its report (C:\ComboFix.txt) into your reply.
Shannon

#6 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:07:02 AM

Posted 20 January 2011 - 12:16 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Shannon

#7 WIHH

WIHH
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 20 January 2011 - 05:24 PM

Hi-

I hope you haven't trashed your computer by running ComboFix. Please copy the contents of its report (C:\ComboFix.txt) into your reply.

I hope so, too. Can you tell me how to go about retrieving that report?

#8 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:07:02 AM

Posted 20 January 2011 - 05:54 PM

It should be at c:/ComboFix.txt.
Shannon

#9 WIHH

WIHH
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 26 January 2011 - 05:02 PM

I cannot find that file by searching for ComboFix or fix.txt although I have the program pinned to the desktop. Perhaps I did not run it successfully after all -perhaps because I did not know how to disable the Symantec Antivirus.

Edited by WIHH, 26 January 2011 - 05:10 PM.


#10 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:07:02 AM

Posted 26 January 2011 - 05:32 PM

Hi-

Ok, delete the ComboFix.exe from your desktop and do the following-

Download Combofix from either of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: how-to-use-combofix

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable your Anti-virusl


Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please copy the "C:\ComboFix.txt" into your reply.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


In your reply, copy in the ComboFix report that you just produced. Also, look under C:\qoobox and, if you see any ComboFixn.txt date-time files, copy them in as well.
Shannon

#11 WIHH

WIHH
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 27 January 2011 - 11:23 AM

ComboFix 11-01-26.04 - Administrator 01/27/2011 10:10:43.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.178 [GMT -6:00]
Running from: c:\documents and settings\administrator\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((( Files Created from 2010-12-27 to 2011-01-27 )))))))))))))))))))))))))))))))
.

2010-12-30 19:52 . 2010-12-30 19:52 -------- d-----w- c:\documents and settings\administrator\Application Data\WhiteSmokeSetup
2010-12-30 19:35 . 2010-12-30 19:35 49664 ---ha-w- c:\windows\system32\eveninfo.dll
2010-12-29 13:31 . 2010-12-29 17:18 29996 ---h--w- c:\documents and settings\administrator\Application Data\ntuser.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-22 13:05 . 2010-12-22 13:05 20480 ----a-w- c:\documents and settings\administrator\ndisrd.sys
2010-12-22 13:05 . 2010-12-22 13:05 13824 ----a-w- c:\documents and settings\administrator\snetcfg.exe
2010-12-21 00:09 . 2010-10-01 13:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2010-10-01 13:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2007-02-08 20:11 . 2007-02-08 20:07 19666504 -c--a-w- c:\program files\QuickTimeInstaller.exe
.

------- Sigcheck -------

[-] 2010-10-20 . 3FC15946D03850C2BCE7FFBA7C86C2C6 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2010-10-20 . 7D89F00A1D91B7C15036ACEC977E32BD . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
[-] 2010-10-20 . 7D89F00A1D91B7C15036ACEC977E32BD . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-11-15 85744]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-10 270648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-02-08 1634304]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-11-30 282624]
Launch Whitesmoke Translator.lnk - c:\qoobox\Quarantine\C\Program Files\WhiteSmoke Translator\WSTrayDictMode.exe.vir [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
2008-04-14 00:12 27648 ----a-w- c:\windows\system32\conime.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 12:27 PM 169200]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [6/12/2010 8:16 PM 102448]
S0 drcxt;drcxt; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/20/2010 2:40 PM 136176]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [2/11/2010 3:36 PM 300400]
.
Contents of the 'Scheduled Tasks' folder

2010-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 23:13]

2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-20 20:40]

2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-20 20:40]

2011-01-26 c:\windows\Tasks\User_Feed_Synchronization-{947FD3D4-A3ED-4F87-8ABA-3E29739454D8}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uInternet Settings,ProxyServer = http=127.0.0.1:25454
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-27 10:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-438646793-291972879-960579291-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,19,a9,6c,82,b8,d6,4b,8d,17,d9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,19,a9,6c,82,b8,d6,4b,8d,17,d9,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion*Pnijebebaguwi]
"Pkunoqepoquqoq"=hex:43,01,37,03,34,05,31,07,3b,09,3a,0b,35,0d,4f,0f,56,11,27,
13,21,15,2f,17,2c,19,5b,1b,59,1d,28,1f,61,21,10,23,10,25,65,27,1c,29,6b,2b,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2756)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-01-27 10:19:53
ComboFix-quarantined-files.txt 2011-01-27 16:19

Pre-Run: 67,610,013,696 bytes free
Post-Run: 67,622,920,192 bytes free

- - End Of File - - FD6A1B68A79101EE0212E1F0C2CF2F29

this also appears under Qoobox but did not appear as date-time???

2011-01-27 16:14:52 . 2011-01-27 16:14:52 7,494 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-01-26 22:03:41 . 2011-01-27 16:08:20 153 -c--a-w- C:\Qoobox\Quarantine\catchme.log

Edited by WIHH, 27 January 2011 - 11:25 AM.


#12 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:07:02 AM

Posted 27 January 2011 - 02:44 PM

Hi-

Thank you for the ComboFix report. It did show some problems which need to be fixed and we will start fixing them.

1. Close any open browsers.

2. Open notepad and copy/paste the text in the codebox below into it:

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:25454
FCopy::
c:\windows\ServicePackFiles\i386\winlogon.exe | c:\windows\system32\winlogon.exe
c:\windows\ServicePackFiles\i386\explorer.exe | c:\windows\explorer.exe
Folder::
c:\documents and settings\administrator\Application Data\WhiteSmokeSetup

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Next, Please run Malwarebytes' Anti-Malware (MBAM)
  • Click on the Update tab and click the Check for Updates button.
  • When the update is finished, click on the Scanner tab.
  • Select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.

Next, we need to create an OTL Report
  • Please download OTL from here:
  • Main Mirror
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "Use SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them into your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

In your reply, please copy in the contents of the ComboFix report, the MBAM report, and the two OTL reports.
Shannon

#13 WIHH

WIHH
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 27 January 2011 - 03:36 PM

ComboFix 11-01-26.04 - Administrator 01/27/2011 14:26:13.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.130 [GMT -6:00]
Running from: c:\documents and settings\administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\administrator\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\administrator\Application Data\WhiteSmokeSetup
c:\documents and settings\administrator\Application Data\WhiteSmokeSetup\0x0409.ini
c:\documents and settings\administrator\Application Data\WhiteSmokeSetup\config.txt
c:\documents and settings\administrator\Application Data\WhiteSmokeSetup\data1.cab
c:\documents and settings\administrator\Application Data\WhiteSmokeSetup\data1.hdr
c:\documents and settings\administrator\Application Data\WhiteSmokeSetup\data2.cab
c:\documents and settings\administrator\Application Data\WhiteSmokeSetup\ISSetup.dll
c:\documents and settings\administrator\Application Data\WhiteSmokeSetup\layout.bin
c:\documents and settings\administrator\Application Data\WhiteSmokeSetup\setup.exe
c:\documents and settings\administrator\Application Data\WhiteSmokeSetup\setup.ini
c:\documents and settings\administrator\Application Data\WhiteSmokeSetup\setup.inx
c:\documents and settings\administrator\Application Data\WhiteSmokeSetup\setup.iss
c:\documents and settings\administrator\Application Data\WhiteSmokeSetup\setup.log
c:\documents and settings\administrator\Application Data\WhiteSmokeSetup\setup.ocx

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\winlogon.exe --> c:\windows\system32\winlogon.exe
c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-12-27 to 2011-01-27 )))))))))))))))))))))))))))))))
.

2011-01-27 16:43 . 2010-11-13 00:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-12 21:13 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-01-12 21:11 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-01-12 21:08 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-12 21:01 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-30 19:35 . 2010-12-30 19:35 49664 ---ha-w- c:\windows\system32\eveninfo.dll
2010-12-29 13:31 . 2010-12-29 17:18 29996 ---h--w- c:\documents and settings\administrator\Application Data\ntuser.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-22 13:05 . 2010-12-22 13:05 20480 ----a-w- c:\documents and settings\administrator\ndisrd.sys
2010-12-22 13:05 . 2010-12-22 13:05 13824 ----a-w- c:\documents and settings\administrator\snetcfg.exe
2010-12-21 00:09 . 2010-10-01 13:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2010-10-01 13:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2005-08-15 16:27 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-04 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2007-02-08 20:11 . 2007-02-08 20:07 19666504 -c--a-w- c:\program files\QuickTimeInstaller.exe
.

((((((((((((((((((((((((((((( SnapShot@2011-01-27_16.17.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-01-29 08:58 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
+ 2007-01-29 08:58 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2004-08-04 12:00 . 2010-08-27 05:57 99840 c:\windows\system32\srvsvc.dll
+ 2004-08-04 12:00 . 2011-01-27 17:18 72108 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2010-10-05 14:26 72108 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-11-06 00:26 66560 c:\windows\system32\mshtmled.dll
- 2004-08-04 12:00 . 2009-03-08 10:31 66560 c:\windows\system32\mshtmled.dll
+ 2006-11-08 03:03 . 2010-11-06 00:26 55296 c:\windows\system32\msfeedsbs.dll
- 2006-11-08 03:03 . 2010-06-24 12:21 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 25600 c:\windows\system32\jsproxy.dll
- 2004-08-04 12:00 . 2010-06-24 12:21 25600 c:\windows\system32\jsproxy.dll
- 2010-01-13 13:30 . 2010-06-24 12:22 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-01-13 13:30 . 2010-11-06 00:26 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-08-27 05:57 . 2010-08-27 05:57 99840 c:\windows\system32\dllcache\srvsvc.dll
- 2004-08-04 12:00 . 2009-03-08 10:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-05-23 13:16 . 2010-06-24 12:21 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-23 13:16 . 2010-11-06 00:26 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-04 12:00 . 2010-06-24 12:21 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2005-08-15 16:27 . 2008-04-14 00:11 81920 c:\windows\system32\dllcache\isign32.dll
+ 2005-08-15 16:27 . 2010-11-18 18:12 81920 c:\windows\system32\dllcache\isign32.dll
+ 2010-09-22 15:43 . 2010-09-22 15:43 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2010-03-23 11:31 . 2010-03-23 11:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2010-04-01 17:42 . 2010-04-01 17:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2010-09-23 21:55 . 2010-09-23 21:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2010-09-23 08:26 . 2010-09-23 08:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2010-03-31 20:51 . 2010-03-31 20:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2010-03-31 20:51 . 2010-03-31 20:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-09-23 08:26 . 2010-09-23 08:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2010-03-31 20:51 . 2010-03-31 20:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-09-23 08:26 . 2010-09-23 08:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-09-23 09:17 . 2010-09-23 09:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2010-03-31 21:32 . 2010-03-31 21:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-09-23 09:17 . 2010-09-23 09:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2010-03-31 21:32 . 2010-03-31 21:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2006-09-27 13:26 . 2011-01-27 17:26 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-09-27 13:26 . 2010-09-30 20:42 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-09-27 13:26 . 2011-01-27 17:26 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-09-27 13:26 . 2010-09-30 20:42 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-09-27 13:26 . 2010-09-30 20:42 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-09-27 13:26 . 2011-01-27 17:26 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-09-27 13:26 . 2010-09-30 20:42 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2006-09-27 13:26 . 2011-01-27 17:26 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-08-25 13:20 . 2011-01-27 17:21 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-08-25 13:20 . 2010-10-01 19:26 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-01-27 17:22 . 2010-06-24 12:22 12800 c:\windows\ie8updates\KB2416400-IE8\xpshims.dll
+ 2011-01-27 17:22 . 2009-03-08 10:31 66560 c:\windows\ie8updates\KB2416400-IE8\mshtmled.dll
+ 2011-01-27 17:22 . 2010-06-24 12:21 55296 c:\windows\ie8updates\KB2416400-IE8\msfeedsbs.dll
+ 2011-01-27 17:22 . 2009-03-08 10:34 43008 c:\windows\ie8updates\KB2416400-IE8\licmgr10.dll
+ 2011-01-27 17:22 . 2010-06-24 12:21 25600 c:\windows\ie8updates\KB2416400-IE8\jsproxy.dll
+ 2011-01-27 17:14 . 2011-01-27 17:14 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_883cf82a\System.Drawing.Design.dll
+ 2011-01-27 17:14 . 2011-01-27 17:14 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_f2447511\CustomMarshalers.dll
+ 2011-01-27 17:25 . 2011-01-27 17:25 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\70ee6267f7bad40e8707d402277770c3\System.Web.DynamicData.Design.ni.dll
- 2010-09-30 20:34 . 2010-09-30 20:34 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-09-30 20:34 . 2010-09-30 20:34 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-09-30 20:34 . 2010-09-30 20:34 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-09-30 20:34 . 2010-09-30 20:34 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-01-27 17:13 . 2011-01-27 17:14 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-08-25 13:31 . 2010-08-25 13:31 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-01-07 13:25 . 2010-08-26 12:52 5120 c:\windows\system32\xpsp4res.dll
- 2010-01-07 13:25 . 2010-07-22 05:57 5120 c:\windows\system32\xpsp4res.dll
+ 2006-09-27 13:26 . 2011-01-27 17:26 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-09-27 13:26 . 2010-09-30 20:42 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2010-09-30 20:35 . 2010-09-30 20:35 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-09-30 20:35 . 2010-09-30 20:35 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2004-08-04 12:00 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed.dll
+ 2004-08-04 12:00 . 2010-08-27 08:02 119808 c:\windows\system32\t2embed.dll
+ 2004-08-04 12:00 . 2010-08-16 08:45 590848 c:\windows\system32\rpcrt4.dll
- 2004-08-04 12:00 . 2010-07-22 15:49 590848 c:\windows\system32\rpcrt4.dll
+ 2004-08-04 12:00 . 2011-01-27 17:18 444358 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2010-10-05 14:26 444358 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2010-06-24 12:22 206848 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 206848 c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2010-06-24 12:22 611840 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 611840 c:\windows\system32\mstime.dll
+ 2006-11-08 03:03 . 2010-11-06 00:26 602112 c:\windows\system32\msfeeds.dll
+ 2004-08-04 12:00 . 2010-09-18 18:23 974848 c:\windows\system32\mfc42u.dll
+ 2004-08-04 12:00 . 2010-09-18 06:53 974848 c:\windows\system32\mfc42.dll
+ 2004-08-04 12:00 . 2010-09-18 06:53 953856 c:\windows\system32\mfc40u.dll
+ 2004-08-04 12:00 . 2010-09-18 06:53 954368 c:\windows\system32\mfc40.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 184320 c:\windows\system32\iepeers.dll
- 2004-08-04 12:00 . 2010-06-24 12:21 184320 c:\windows\system32\iepeers.dll
- 2004-08-04 12:00 . 2010-06-24 12:21 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2010-11-03 12:26 173568 c:\windows\system32\ie4uinit.exe
- 2005-08-16 00:12 . 2011-01-12 20:49 119744 c:\windows\system32\FNTCACHE.DAT
+ 2005-08-16 00:12 . 2011-01-27 17:34 119744 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 12:00 . 2010-08-26 13:39 357248 c:\windows\system32\drivers\srv.sys
+ 2010-01-07 13:25 . 2010-07-12 12:55 218112 c:\windows\system32\dllcache\wordpad.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\winlogon.exe
- 2004-08-04 12:00 . 2010-06-24 12:22 916480 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 916480 c:\windows\system32\dllcache\wininet.dll
- 2004-08-04 12:00 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2004-08-04 12:00 . 2010-08-27 08:02 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-10-23 13:22 . 2010-08-26 13:39 357248 c:\windows\system32\dllcache\srv.sys
- 2009-04-15 14:51 . 2010-07-22 15:49 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-04-15 14:51 . 2010-08-16 08:45 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
- 2004-08-04 12:00 . 2010-06-24 12:22 206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 206848 c:\windows\system32\dllcache\occache.dll
- 2004-08-04 12:00 . 2010-06-24 12:22 611840 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 611840 c:\windows\system32\dllcache\mstime.dll
+ 2005-08-15 16:27 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
- 2005-08-15 16:27 . 2008-04-14 00:12 102400 c:\windows\system32\dllcache\msjro.dll
+ 2007-05-23 13:16 . 2010-11-06 00:26 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
+ 2005-08-15 16:27 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
- 2005-08-15 16:27 . 2008-04-14 00:11 180224 c:\windows\system32\dllcache\msadomd.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
- 2005-08-15 16:27 . 2008-04-14 00:11 143360 c:\windows\system32\dllcache\msadco.dll
+ 2005-08-15 16:27 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
+ 2004-08-04 12:00 . 2010-09-18 18:23 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2004-08-04 12:00 . 2010-09-18 06:53 953856 c:\windows\system32\dllcache\mfc40u.dll
+ 2004-08-04 12:00 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll
+ 2010-01-13 13:30 . 2010-11-06 00:26 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2010-01-13 13:30 . 2010-06-24 12:21 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 184320 c:\windows\system32\dllcache\iepeers.dll
- 2004-08-04 12:00 . 2010-06-24 12:21 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-09-30 18:36 . 2010-06-24 12:21 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-09-30 18:36 . 2010-11-06 00:26 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2004-08-04 12:00 . 2010-06-24 12:21 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 12:00 . 2010-11-03 12:26 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-04-20 05:30 . 2010-10-28 13:13 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2004-08-04 12:00 . 2010-08-23 16:12 617472 c:\windows\system32\comctl32.dll
- 2004-08-04 12:00 . 2008-04-14 00:11 617472 c:\windows\system32\comctl32.dll
+ 2004-08-04 12:00 . 2010-10-28 13:13 290048 c:\windows\system32\atmfd.dll
+ 2010-09-22 15:43 . 2010-09-22 15:43 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2010-03-23 11:31 . 2010-03-23 11:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2010-03-31 20:51 . 2010-03-31 20:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-09-23 08:26 . 2010-09-23 08:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2010-03-31 20:49 . 2010-03-31 20:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-09-23 08:25 . 2010-09-23 08:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-09-23 09:17 . 2010-09-23 09:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2010-03-31 21:32 . 2010-03-31 21:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-09-24 03:02 . 2010-09-24 03:02 798208 c:\windows\Installer\47e2f2.msp
+ 2010-11-12 17:08 . 2010-11-12 17:08 889344 c:\windows\Installer\47e2e1.msp
+ 2011-01-27 16:44 . 2011-01-27 16:44 180224 c:\windows\Installer\2cc0a8.msi
+ 2006-09-27 13:26 . 2011-01-27 17:26 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-09-27 13:26 . 2010-09-30 20:42 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-09-27 13:26 . 2010-09-30 20:42 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2006-09-27 13:26 . 2011-01-27 17:26 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-09-27 13:26 . 2010-09-30 20:42 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-09-27 13:26 . 2011-01-27 17:26 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-09-27 13:26 . 2010-09-30 20:42 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2006-09-27 13:26 . 2011-01-27 17:26 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-01-27 17:22 . 2010-06-24 12:22 916480 c:\windows\ie8updates\KB2416400-IE8\wininet.dll
+ 2011-01-27 17:23 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2416400-IE8\spuninst\updspapi.dll
+ 2011-01-27 17:23 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2416400-IE8\spuninst\spuninst.exe
+ 2011-01-27 17:22 . 2010-06-24 12:22 206848 c:\windows\ie8updates\KB2416400-IE8\occache.dll
+ 2011-01-27 17:22 . 2010-06-24 12:22 611840 c:\windows\ie8updates\KB2416400-IE8\mstime.dll
+ 2011-01-27 17:22 . 2010-06-24 12:21 599040 c:\windows\ie8updates\KB2416400-IE8\msfeeds.dll
+ 2011-01-27 17:22 . 2010-06-24 12:21 247808 c:\windows\ie8updates\KB2416400-IE8\ieproxy.dll
+ 2011-01-27 17:22 . 2010-06-24 12:21 184320 c:\windows\ie8updates\KB2416400-IE8\iepeers.dll
+ 2011-01-27 17:22 . 2010-06-24 12:21 743424 c:\windows\ie8updates\KB2416400-IE8\iedvtool.dll
+ 2011-01-27 17:22 . 2010-06-24 12:21 387584 c:\windows\ie8updates\KB2416400-IE8\iedkcs32.dll
+ 2011-01-27 17:22 . 2010-06-23 12:08 173056 c:\windows\ie8updates\KB2416400-IE8\ie4uinit.exe
+ 2011-01-27 17:14 . 2011-01-27 17:14 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_49699f09\System.Drawing.dll
+ 2011-01-27 17:14 . 2011-01-27 17:14 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_1ac4c592\System.Drawing.Design.dll
+ 2011-01-27 17:14 . 2011-01-27 17:14 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_6f98b1bf\CustomMarshalers.dll
+ 2011-01-27 17:25 . 2011-01-27 17:25 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7f9a1ae146571025fd49914b5c71a39b\System.Web.Routing.ni.dll
+ 2011-01-27 17:25 . 2011-01-27 17:25 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\b1646e54b708b9824f4193f87eb00c0e\System.Web.Extensions.Design.ni.dll
+ 2011-01-27 17:25 . 2011-01-27 17:25 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\504a93e73da77c502ecf98bfdfc1485e\System.Web.Entity.ni.dll
+ 2011-01-27 17:25 . 2011-01-27 17:25 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f22334fbd9497d79448fffef515ae0cc\System.Web.Entity.Design.ni.dll
+ 2011-01-27 17:25 . 2011-01-27 17:25 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\af5452305588da228a74e30324681d20\System.Web.DynamicData.ni.dll
+ 2011-01-27 17:25 . 2011-01-27 17:25 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9bca1a8993c427984aa1bc9c165a33\System.Web.Abstractions.ni.dll
+ 2011-01-27 17:24 . 2011-01-27 17:24 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\165bd290e518b9397ca55192985fdee3\System.Data.Entity.Design.ni.dll
+ 2011-01-27 17:23 . 2011-01-27 17:23 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\72d3aacfca2e1ce835c210f5a1decb36\ServiceModelReg.ni.exe
+ 2011-01-27 17:22 . 2011-01-27 17:22 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\af4a3ae6d5c1cafa57002beb487b8d7a\AspNetMMCExt.ni.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-09-30 20:34 . 2010-09-30 20:34 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-09-30 20:34 . 2010-09-30 20:34 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-09-30 20:34 . 2010-09-30 20:34 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-01-27 17:18 . 2011-01-27 17:18 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-01-27 17:18 . 2011-01-27 17:18 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-09-30 20:34 . 2010-09-30 20:34 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-01-12 21:11 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
+ 2004-08-04 12:00 . 2010-10-26 13:25 1853312 c:\windows\system32\win32k.sys
+ 2004-08-04 12:00 . 2010-11-06 00:26 1210880 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2010-07-16 12:05 1288192 c:\windows\system32\ole32.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 5959168 c:\windows\system32\mshtml.dll
+ 2006-10-17 17:57 . 2010-11-06 00:26 1991680 c:\windows\system32\iertutil.dll
+ 2008-10-23 13:20 . 2010-10-26 13:25 1853312 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-04 12:00 . 2010-11-06 00:26 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2010-07-16 12:05 . 2010-07-16 12:05 1288192 c:\windows\system32\dllcache\ole32.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 5959168 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-23 13:16 . 2010-11-06 00:26 1991680 c:\windows\system32\dllcache\iertutil.dll
- 2004-08-04 12:00 . 2010-10-20 18:19 1033728 c:\windows\system32\dllcache\explorer.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\explorer.exe
+ 2010-09-22 15:44 . 2010-09-22 15:44 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2010-03-23 11:32 . 2010-03-23 11:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2010-04-01 17:42 . 2010-04-01 17:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-09-23 21:55 . 2010-09-23 21:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-09-23 21:55 . 2010-09-23 21:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2010-04-01 17:42 . 2010-04-01 17:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2010-03-31 20:50 . 2010-03-31 20:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-09-23 08:26 . 2010-09-23 08:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-09-23 08:25 . 2010-09-23 08:25 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-09-23 21:55 . 2010-09-23 21:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2010-04-01 17:42 . 2010-04-01 17:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-10-22 21:45 . 2010-10-22 21:45 8444928 c:\windows\Installer\47e31f.msp
+ 2010-08-23 23:09 . 2010-08-23 23:09 7673344 c:\windows\Installer\47e303.msp
+ 2010-09-23 13:39 . 2010-09-23 13:39 4265472 c:\windows\Installer\47e2eb.msp
+ 2010-12-06 21:02 . 2010-12-06 21:02 5518848 c:\windows\Installer\47e2cc.msp
+ 2010-08-24 15:49 . 2010-08-24 15:49 6825472 c:\windows\Installer\47e2a5.msp
+ 2011-01-27 17:22 . 2010-06-24 12:22 1210368 c:\windows\ie8updates\KB2416400-IE8\urlmon.dll
+ 2011-01-27 17:22 . 2010-06-24 12:22 5951488 c:\windows\ie8updates\KB2416400-IE8\mshtml.dll
+ 2011-01-27 17:22 . 2010-06-24 12:21 1986560 c:\windows\ie8updates\KB2416400-IE8\iertutil.dll
+ 2011-01-27 17:14 . 2011-01-27 17:14 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_f743ccdb\System.dll
+ 2011-01-27 17:14 . 2011-01-27 17:14 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_5113c0b4\System.dll
+ 2011-01-27 17:14 . 2011-01-27 17:14 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e19c8d78\System.Xml.dll
+ 2011-01-27 17:14 . 2011-01-27 17:14 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_51f8744b\System.Xml.dll
+ 2011-01-27 17:14 . 2011-01-27 17:14 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_9ed363d3\System.Windows.Forms.dll
+ 2011-01-27 17:14 . 2011-01-27 17:14 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_06244743\System.Windows.Forms.dll
+ 2011-01-27 17:15 . 2011-01-27 17:15 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_f9242ba4\System.Drawing.dll
+ 2011-01-27 17:15 . 2011-01-27 17:15 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_dbbd82d0\System.Design.dll
+ 2011-01-27 17:14 . 2011-01-27 17:14 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_a7932504\System.Design.dll
+ 2011-01-27 17:15 . 2011-01-27 17:15 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_daf83fbf\mscorlib.dll
+ 2011-01-27 17:14 . 2011-01-27 17:14 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5d41af6e\mscorlib.dll
+ 2011-01-27 17:26 . 2011-01-27 17:26 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bec60fe2e934a6284224ab45b0e981e2\System.WorkflowServices.ni.dll
+ 2011-01-27 17:26 . 2011-01-27 17:26 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\09da139c48e2f5e76994a5c0f2e5b19e\System.Workflow.Runtime.ni.dll
+ 2011-01-27 17:26 . 2011-01-27 17:26 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6809417da74ff937e18b3034f1eac2f2\System.Workflow.ComponentModel.ni.dll
+ 2011-01-27 17:26 . 2011-01-27 17:26 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\6c91ee82035d30efa8893e7b0396bbb0\System.Workflow.Activities.ni.dll
+ 2011-01-27 17:25 . 2011-01-27 17:25 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\181254ba0cb690decedb950fd26d7bea\System.Web.Services.ni.dll
+ 2011-01-27 17:25 . 2011-01-27 17:25 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4200f716e9a41cb91d17516ba864e586\System.Web.Mobile.ni.dll
+ 2011-01-27 17:25 . 2011-01-27 17:25 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\da367bc2ecf2c9c5b4f858b6dba9e2ea\System.Web.Extensions.ni.dll
+ 2011-01-27 17:24 . 2011-01-27 17:24 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8e34e273d036b7468fc4e951a1fde437\System.ServiceModel.Web.ni.dll
+ 2011-01-27 17:22 . 2011-01-27 17:22 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\095bb4f033374647b6d66c51f16bb886\System.IdentityModel.ni.dll
+ 2011-01-27 17:24 . 2011-01-27 17:24 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\b8c9267d87b7358e1a5f00bf1572c313\System.Data.Services.ni.dll
+ 2011-01-27 17:23 . 2011-01-27 17:23 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a27783547338dbebf84101a685ba641b\Microsoft.VisualBasic.ni.dll
+ 2011-01-27 17:18 . 2011-01-27 17:18 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-01-27 17:18 . 2011-01-27 17:18 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-09-30 20:34 . 2010-09-30 20:34 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-01-14 13:33 . 2010-01-14 13:33 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2011-01-27 17:20 . 2011-01-27 17:20 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-09-30 20:34 . 2010-09-30 20:34 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-09-30 20:34 . 2010-09-30 20:34 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-09-30 20:35 . 2010-09-30 20:35 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-01-27 17:17 . 2011-01-27 17:17 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-01-27 17:14 . 2011-01-27 17:14 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2010-08-25 13:31 . 2010-08-25 13:31 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2011-01-27 17:14 . 2011-01-27 17:14 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-08-25 13:31 . 2010-08-25 13:31 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2004-08-04 12:00 . 2009-07-14 05:43 10841088 c:\windows\system32\wmp.dll
+ 2004-08-04 12:00 . 2010-08-26 05:36 10841088 c:\windows\system32\wmp.dll
+ 2005-08-15 17:07 . 2011-01-04 23:20 37403080 c:\windows\system32\MRT.exe
+ 2006-11-08 03:03 . 2010-11-06 00:26 11080704 c:\windows\system32\ieframe.dll
+ 2004-08-04 12:00 . 2010-08-26 05:36 10841088 c:\windows\system32\dllcache\wmp.dll
- 2004-08-04 12:00 . 2009-07-14 05:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2007-05-23 13:16 . 2010-11-06 00:26 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2010-09-24 20:08 . 2010-09-24 20:08 11430400 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp
+ 2010-10-14 22:57 . 2010-10-14 22:57 11189248 c:\windows\Installer\47e330.msp
+ 2011-01-27 17:20 . 2011-01-27 17:20 20304384 c:\windows\Installer\47e30e.msp
+ 2010-09-24 13:08 . 2010-09-24 13:08 17518080 c:\windows\Installer\47e2bc.msp
+ 2011-01-27 17:22 . 2010-06-24 23:51 11077120 c:\windows\ie8updates\KB2416400-IE8\ieframe.dll
+ 2011-01-27 17:24 . 2011-01-27 17:24 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\41f436dae3c8146752d06130f7331527\System.Web.ni.dll
+ 2011-01-27 17:23 . 2011-01-27 17:23 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\75aeb590008d6e166f7be18f935c52d2\System.ServiceModel.ni.dll
+ 2011-01-27 17:20 . 2011-01-27 17:20 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\fdc42078fd10e4dc8b05087900c63977\System.Design.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-11-15 85744]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-10 270648]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Launch Whitesmoke Translator.lnk - c:\qoobox\Quarantine\C\Program Files\WhiteSmoke Translator\WSTrayDictMode.exe.vir [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
2008-04-14 00:12 27648 ----a-w- c:\windows\system32\conime.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 12:27 PM 169200]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [6/12/2010 8:16 PM 102448]
S0 drcxt;drcxt; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/20/2010 2:40 PM 136176]
.
Contents of the 'Scheduled Tasks' folder

2010-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 23:13]

2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-20 20:40]

2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-20 20:40]

2011-01-27 c:\windows\Tasks\User_Feed_Synchronization-{947FD3D4-A3ED-4F87-8ABA-3E29739454D8}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-27 14:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-438646793-291972879-960579291-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,19,a9,6c,82,b8,d6,4b,8d,17,d9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,19,a9,6c,82,b8,d6,4b,8d,17,d9,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion*Pnijebebaguwi]
"Pkunoqepoquqoq"=hex:43,01,37,03,34,05,31,07,3b,09,3a,0b,35,0d,4f,0f,56,11,27,
13,21,15,2f,17,2c,19,5b,1b,59,1d,28,1f,61,21,10,23,10,25,65,27,1c,29,6b,2b,\
.
Completion time: 2011-01-27 14:34:15
ComboFix-quarantined-files.txt 2011-01-27 20:34
ComboFix2.txt 2011-01-27 16:19

Pre-Run: 67,440,140,288 bytes free
Post-Run: 67,454,394,368 bytes free

- - End Of File - - D25B72D1CF0BAC7267E10FDD9EE98266

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5623

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/27/2011 3:20:09 PM
mbam-log-2011-01-27 (15-20-09).txt

Scan type: Full scan (C:\|)
Objects scanned: 200068
Time elapsed: 28 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\WhiteSmokeTranslator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\all users\start menu\Programs\whitesmoke translator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\all users\start menu\Programs\Startup\launch whitesmoke translator.lnk (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\application data\asdsada.bat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\whitesmoke translator\registration.lnk (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\whitesmoke translator\uninstall.lnk (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\whitesmoke translator\whitesmoke translator.lnk (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

OTL logfile created on: 1/27/2011 3:28:36 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 124.00 Mb Available Physical Memory | 25.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 62.80 Gb Free Space | 84.27% Space Free | Partition Type: NTFS
Drive K: | 116.74 Gb Total Space | 79.28 Gb Free Space | 67.91% Space Free | Partition Type: NTFS
Drive U: | 116.74 Gb Total Space | 79.28 Gb Free Space | 67.91% Space Free | Partition Type: NTFS

Computer Name: FRONTDESK | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/27 15:27:31 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator\Desktop\OTL.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/15 12:28:04 | 000,085,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2005/11/15 12:27:56 | 000,169,200 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2005/11/15 12:27:54 | 001,756,912 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/11/15 12:27:44 | 000,020,208 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/10/04 11:42:50 | 000,177,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/10/04 11:42:42 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/10/04 11:42:40 | 000,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2000/06/29 02:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\WINDOWS\system32\Crypserv.exe


========== Modules (SafeList) ==========

MOD - [2011/01/27 15:27:31 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2005/11/15 12:27:56 | 000,169,200 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/11/15 12:27:54 | 001,756,912 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/11/15 12:27:44 | 000,020,208 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/10/19 16:39:34 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/10/04 11:42:50 | 000,177,776 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/10/04 11:42:48 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/10/04 11:42:42 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/03/30 20:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2000/06/29 02:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - [2011/01/26 13:32:50 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110122.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/01/26 13:32:48 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110122.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/12/29 07:11:48 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/12 20:15:47 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2005/10/19 16:39:04 | 000,195,728 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/10/19 16:38:58 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/09/27 10:50:00 | 001,021,832 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/26 14:46:48 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2005/09/16 23:20:06 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/08/26 13:22:50 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/08/26 13:22:48 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/04/01 09:04:52 | 000,180,736 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2005/03/30 20:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2000/02/03 13:53:12 | 000,024,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:27811

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:27811

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-21-438646793-291972879-960579291-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-21-438646793-291972879-960579291-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2010/12/30 14:43:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/01/27 14:32:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-438646793-291972879-960579291-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-438646793-291972879-960579291-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-438646793-291972879-960579291-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-438646793-291972879-960579291-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152806705954 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.42.0.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = perpich.int
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\WINDOWS\Greenstone.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Greenstone.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/15 10:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/27 15:27:27 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\administrator\Desktop\OTL.exe
[2011/01/27 14:48:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/27 14:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/27 14:48:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/27 14:46:59 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\administrator\Desktop\mbam-setup.exe
[2011/01/27 14:36:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/27 14:34:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/01/27 10:52:16 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/01/27 10:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/01/27 10:43:50 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/01/27 10:08:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/27 10:08:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/27 10:08:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/27 10:08:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/26 16:03:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/12 15:13:20 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011/01/12 15:11:49 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/01/12 15:08:54 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/01/12 15:01:36 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/12/30 14:23:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/30 14:20:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2007/02/08 14:07:10 | 019,666,504 | ---- | C] (Apple Computer, Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/27 15:27:31 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator\Desktop\OTL.exe
[2011/01/27 15:24:55 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/01/27 15:24:17 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/27 15:24:11 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/27 15:23:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/27 14:55:06 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/27 14:48:06 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/27 14:46:59 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\administrator\Desktop\mbam-setup.exe
[2011/01/27 14:32:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/27 14:05:19 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{947FD3D4-A3ED-4F87-8ABA-3E29739454D8}.job
[2011/01/27 11:34:14 | 000,119,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/27 11:25:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/27 11:18:24 | 000,444,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/27 11:18:24 | 000,072,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/27 10:00:17 | 004,262,048 | R--- | M] () -- C:\Documents and Settings\administrator\Desktop\ComboFix.exe
[2011/01/27 09:59:22 | 000,229,346 | ---- | M] () -- C:\logfile
[2011/01/06 09:37:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\administrator\defogger_reenable
[2010/12/30 14:23:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/12/30 13:52:52 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Whitesmoke Translator!.lnk
[2010/12/30 13:35:19 | 000,049,664 | -H-- | M] () -- C:\WINDOWS\System32\eveninfo.dll
[2010/12/30 13:35:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/29 11:19:41 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Dvelefubeqixiwuh.dat
[2010/12/29 07:08:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Kwufecus.bin
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/27 14:48:06 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/27 10:08:29 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/27 10:08:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/27 10:08:29 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/27 10:08:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/27 10:08:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/27 10:00:17 | 004,262,048 | R--- | C] () -- C:\Documents and Settings\administrator\Desktop\ComboFix.exe
[2011/01/06 09:37:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\administrator\defogger_reenable
[2010/12/30 14:23:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/12/30 14:23:46 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/30 13:52:52 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Whitesmoke Translator!.lnk
[2010/12/30 13:35:19 | 000,049,664 | -H-- | C] () -- C:\WINDOWS\System32\eveninfo.dll
[2010/07/29 09:27:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/07/10 16:00:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\administrator\Application Data\AVSDVDPlayer.m3u
[2008/07/10 15:58:58 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/10 15:58:58 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/05/31 15:27:25 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/09 16:34:16 | 000,782,244 | ---- | C] () -- C:\Program Files\TWV.zip
[2006/11/16 15:42:21 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2006/11/16 15:42:17 | 000,024,608 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2006/11/16 15:42:17 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2006/09/27 07:26:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/16 13:26:15 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\PWEventMessage.dll
[2006/08/16 13:26:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\SDInstall.dll
[2005/08/15 18:13:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/15 12:17:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >

OTL Extras logfile created on: 1/27/2011 3:28:36 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 124.00 Mb Available Physical Memory | 25.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 62.80 Gb Free Space | 84.27% Space Free | Partition Type: NTFS
Drive K: | 116.74 Gb Total Space | 79.28 Gb Free Space | 67.91% Space Free | Partition Type: NTFS
Drive U: | 116.74 Gb Total Space | 79.28 Gb Free Space | 67.91% Space Free | Partition Type: NTFS

Computer Name: FRONTDESK | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\SoftDent\SDWIN.EXE" = C:\SoftDent\SDWIN.EXE:*:Enabled:SoftDent Client -- (PracticeWorks, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\LMI104.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI104.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\LMI10C.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI10C.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
"C:\Documents and Settings\All Users\Application Data\84b529\SM84b_2208.exe" = C:\Documents and Settings\All Users\Application Data\84b529\SM84b_2208.exe:*:Enabled:Smart Security
"C:\WINDOWS\LMI12.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI12.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{46B63F23-2B4A-4525-A827-688026BE5E40}" = Symantec AntiVirus
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}" = iTunes
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}" = Apple Mobile Device Support
"{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}" = Apple Software Update
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"1.0_is1" = CareCredit CCware Version 4.3
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"CareCredit CCware_is1" = CCWare version 2.2
"CentraClient" = Centra Client
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Kodak Dental Imaging" = Kodak Dental Imaging
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Connections Drivers
"SoftDent Software" = SoftDent Software
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/27/2011 7:09:53 AM | Computer Name = FRONTDESK | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Backdoor.Tidserv.I!inf in File: C:\System Volume
Information\_restore{243E1109-5198-4422-8AED-054B8201F609}\RP1\A0000019.sys by:
Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: The file was left unchanged.

Error - 1/27/2011 8:09:53 AM | Computer Name = FRONTDESK | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Backdoor.Tidserv.I!inf in File: C:\System Volume
Information\_restore{243E1109-5198-4422-8AED-054B8201F609}\RP1\A0000019.sys by:
Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: The file was left unchanged.

Error - 1/27/2011 9:23:38 AM | Computer Name = FRONTDESK | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Threat: Backdoor.Tidserv.I!inf in File: C:\System
Volume Information\_restore{243E1109-5198-4422-8AED-054B8201F609}\RP1\A0000019.sys
by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged.

Error - 1/27/2011 9:23:38 AM | Computer Name = FRONTDESK | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Backdoor.Tidserv.I!inf in File: c:\system volume
information\_restore{243e1109-5198-4422-8aed-054b8201f609}\RP1\A0000019.sys by:
Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged.

Error - 1/27/2011 9:23:44 AM | Computer Name = FRONTDESK | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Threat: Backdoor.Tidserv.I!inf in File: C:\System
Volume Information\_restore{243E1109-5198-4422-8AED-054B8201F609}\RP1\A0000019.sys
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: Quarantine was partially successful.

Error - 1/27/2011 9:51:03 AM | Computer Name = FRONTDESK | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Threat: SpywareStrike in File: C:\Documents and
Settings\All Users\Documents\Server\sphlp.dll by: Manual scan. Action: Leave Alone
succeeded. Action Description: The file was left unchanged.

Error - 1/27/2011 9:51:12 AM | Computer Name = FRONTDESK | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Threat: SpywareStrike in File: C:\Documents and
Settings\All Users\Documents\Server\sphlp.dll by: Manual scan. Action: Quarantine
succeeded. Action Description: The file was quarantined successfully.

Error - 1/27/2011 10:20:12 AM | Computer Name = FRONTDESK | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.Gen.2 in File: C:\Documents and Settings\administrator\Application
Data\Sun\Java\Deployment\cache\6.0\13\15397e0d-2f5f050b>>yandex/xmlparser.class
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully. Threat Found!Threat: in File: C:\Documents and Settings\administrator\Application
Data\Sun\Java\Deployment\cache\6.0\13\15397e0d-2f5f050b by: Manual scan. Action:
Quarantine succeeded. Action Description: The file was quarantined successfully.

Threat
Found!Threat: SpywareStrike in File: c:\documents and settings\all users\documents\Server\sphlp.dll
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully.

Error - 1/27/2011 12:50:05 PM | Computer Name = FRONTDESK | Source = MsiInstaller | ID = 11722
Description = Product: Java™ 6 Update 11 -- Error 1722.There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action FilesInUseDialog,
location: C:\WINDOWS\Installer\MSI46.tmp, command: C:\Program Files\Java\jre6\

Error - 1/27/2011 1:07:00 PM | Computer Name = FRONTDESK | Source = MsiInstaller | ID = 11905
Description = Product: ESSgui -- Error 1905.Module C:\Program Files\Kodak\Kodak
EasyShare software\bin\ESCom.dll failed to unregister. HRESULT -2147220472. Contact
your support personnel.

[ System Events ]
Error - 1/6/2011 11:29:19 AM | Computer Name = FRONTDESK | Source = Service Control Manager | ID = 7003
Description = The Kodak AiO Network Discovery Service service depends on the following
nonexistent service: Bonjour Service

Error - 1/6/2011 12:11:50 PM | Computer Name = FRONTDESK | Source = Service Control Manager | ID = 7003
Description = The Kodak AiO Network Discovery Service service depends on the following
nonexistent service: Bonjour Service

Error - 1/12/2011 4:04:58 PM | Computer Name = FRONTDESK | Source = Service Control Manager | ID = 7003
Description = The Kodak AiO Network Discovery Service service depends on the following
nonexistent service: Bonjour Service

Error - 1/12/2011 4:51:17 PM | Computer Name = FRONTDESK | Source = Service Control Manager | ID = 7003
Description = The Kodak AiO Network Discovery Service service depends on the following
nonexistent service: Bonjour Service

Error - 1/20/2011 4:21:18 PM | Computer Name = FRONTDESK | Source = Service Control Manager | ID = 7003
Description = The Kodak AiO Network Discovery Service service depends on the following
nonexistent service: Bonjour Service

Error - 1/20/2011 4:57:27 PM | Computer Name = FRONTDESK | Source = Service Control Manager | ID = 7003
Description = The Kodak AiO Network Discovery Service service depends on the following
nonexistent service: Bonjour Service

Error - 1/26/2011 3:25:01 PM | Computer Name = FRONTDESK | Source = Service Control Manager | ID = 7003
Description = The Kodak AiO Network Discovery Service service depends on the following
nonexistent service: Bonjour Service

Error - 1/26/2011 7:07:10 PM | Computer Name = FRONTDESK | Source = Service Control Manager | ID = 7003
Description = The Kodak AiO Network Discovery Service service depends on the following
nonexistent service: Bonjour Service

Error - 1/27/2011 11:55:40 AM | Computer Name = FRONTDESK | Source = Service Control Manager | ID = 7003
Description = The Kodak AiO Network Discovery Service service depends on the following
nonexistent service: Bonjour Service

Error - 1/27/2011 5:23:48 PM | Computer Name = FRONTDESK | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.


< End of report >

Edited by WIHH, 27 January 2011 - 04:41 PM.


#14 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:07:02 AM

Posted 27 January 2011 - 04:42 PM

Hi-

Don't edit in the OTL reports. Send them in a regular reply. How is your computer doing? Is it any better?
Shannon

#15 WIHH

WIHH
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 27 January 2011 - 05:01 PM

uh oh sorry - - it certainly seems to be running faster without any popups or takeovers - I haven't tried google to see if I am getting any redirects - or tried that email that was popping up like popcorn.
Dare I?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users