Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft & Anti-Virus Websites Unreachable


  • This topic is locked This topic is locked
12 replies to this topic

#1 Agger

Agger

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 14 March 2011 - 06:23 AM

Hello,
I've recently realised that I am unable to access a few websites, including Microsoft and most anti-virus sites such as Norton, Microtrend, Kaspersky etc.
However, I believe this issue has been prevalent for sometime and have no knowledge of what may have caused it.
I receive the error message 'Server not found' while using Firefox, and have confirmed the same problem with IE.
I'm aware of lingering viruses on my system such as wc2.virut but I am not requesting help with this, merely mentioning for additional information.

Here is my HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:25:55 PM, on 14/03/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.trinity.vic.edu.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.trinity.vic.edu.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.trinity.vic.edu.au
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [uishf9wuifwuh387fh3wufinhjfdwefe] C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\Temp\jm52t.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Ejomujep] rundll32.exe "C:\Documents and Settings\LocalService\Local Settings\Application Data\ublsdblt.dll",Startup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Opafixejowerax] rundll32.exe "C:\Documents and Settings\LocalService\Local Settings\Application Data\ecoyixevoyohovoj.dll",Startup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (User 'Default user')
O4 - Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://intranet.trinity.vic.edu.au
O15 - Trusted Zone: http://tgsmail.trinity.vic.edu.au
O15 - Trusted Zone: http://intranet.trinity.vic.edu.au (HKLM)
O15 - Trusted Zone: http://tgsmail.trinity.vic.edu.au (HKLM)
O15 - ESC Trusted Zone: http://www.google.com.au
O15 - ESC Trusted Zone: http://www.eventid.net
O15 - ESC Trusted Zone: http://www.exchangeexchange.org
O15 - ESC Trusted Zone: http://www.tech-archive.net
O15 - ESC Trusted Zone: http://www.windowsxpuser.com
O15 - ESC Trusted Zone: http://www.google.com.au (HKLM)
O15 - ESC Trusted Zone: http://www.eventid.net (HKLM)
O15 - ESC Trusted Zone: http://www.exchangeexchange.org (HKLM)
O15 - ESC Trusted Zone: http://www.tech-archive.net (HKLM)
O15 - ESC Trusted Zone: http://www.windowsxpuser.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198038397046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198037853296
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = student.trinity.vic.edu.au
O17 - HKLM\Software\..\Telephony: DomainName = student.trinity.vic.edu.au
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = student.trinity.vic.edu.au
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = student.trinity.vic.edu.au
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: TosBtNP - TosBtNP.dll (file missing)
O20 - Winlogon Notify: TSigNP - TSigNP.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O24 - Desktop Component 0: Ink Desktop - {80E95280-2D38-3CB8-A215-FB5F14C4343E}

--
End of file - 9304 bytes



Thank you.

Edited by hamluis, 14 March 2011 - 07:46 AM.
Moved from XP to Malware Removal Logs.


BC AdBot (Login to Remove)

 


m

#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:22 PM

Posted 16 March 2011 - 10:42 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Agger

Agger
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 18 March 2011 - 06:18 AM

Thanks for your help. Don't worry i'm happy to wait, in no rush.

OTL.exe:

OTL logfile created on: 18/03/2011 10:08:39 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\112942\Desktop
Windows XP Tablet PC Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 30.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 32.29 Gb Free Space | 28.89% Space Free | Partition Type: NTFS
Drive E: | 2.32 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 298.09 Gb Total Space | 197.77 Gb Free Space | 66.35% Space Free | Partition Type: NTFS
Drive I: | 931.48 Gb Total Space | 711.80 Gb Free Space | 76.42% Space Free | Partition Type: NTFS

Computer Name: S112942 | User Name: 112942 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/18 18:24:05 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\112942\Desktop\OTL.exe
PRC - [2011/01/22 16:06:20 | 000,345,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2010/08/27 23:19:10 | 030,315,848 | ---- | M] (Sports Interactive) -- C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe
PRC - [2010/07/19 15:47:22 | 001,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2010/07/19 13:40:32 | 000,204,800 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2010/03/14 11:59:23 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2007/01/27 09:42:48 | 000,044,384 | ---- | M] (Antony Lewis) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2006/10/29 15:14:57 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006/07/03 03:29:46 | 000,195,584 | ---- | M] () -- C:\Program Files\uTorrent\utorrent.exe
PRC - [2005/12/20 12:46:20 | 000,176,128 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/03/18 18:24:05 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\112942\Desktop\OTL.exe
MOD - [2006/08/26 02:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [1999/12/07 21:00:00 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Texthelp Systems\Read And Write 8\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Spooler)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/11/29 12:31:36 | 001,375,992 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/29 15:14:57 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/12/20 12:46:20 | 000,176,128 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Unknown | Running] -- -- (SAVOnAccessFilter)
DRV - File not found [File_System | Unknown | Running] -- -- (SAVOnAccessControl)
DRV - [2010/11/29 12:31:42 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/07/12 19:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/16 14:50:21 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2008/12/04 13:50:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/12/04 13:50:04 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/12/04 13:50:02 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2007/09/12 11:29:38 | 000,054,016 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\activhidsermini.sys -- (ActivHIDSerMini)
DRV - [2007/09/12 10:58:14 | 000,004,480 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\activmouse.sys -- (prmvmouse)
DRV - [2007/09/12 10:58:08 | 000,052,224 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ACTIVhidmini.sys -- (ACTIVhidmini)
DRV - [2007/04/09 23:27:07 | 000,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2006/10/29 15:14:57 | 000,014,976 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/07/04 14:28:18 | 000,112,128 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/06/28 15:48:24 | 000,045,952 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/06/26 11:24:44 | 000,040,064 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/05/29 13:11:20 | 000,060,672 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006/05/05 18:00:02 | 000,013,568 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - [2006/05/05 17:59:52 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - [2006/05/05 17:33:04 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp)
DRV - [2006/03/16 10:45:12 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006/03/15 10:52:40 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/12/26 14:33:26 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2005/12/12 18:32:54 | 001,083,576 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/12/05 01:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/15 12:00:22 | 001,122,656 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/06 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/28 03:00:04 | 000,215,296 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\KR10I.sys -- (KR10I)
DRV - [2005/09/09 14:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/06/23 11:16:00 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/06/11 07:26:00 | 000,035,968 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005/03/21 04:05:46 | 000,333,620 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2005/01/06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/12/27 23:31:50 | 000,016,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2004/11/13 12:24:52 | 000,006,144 | R--- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2004/06/16 11:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2004/05/08 22:38:06 | 000,101,833 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/11/20 17:15:42 | 000,150,625 | ---- | M] (GlobespanVirata Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gwausb.sys -- (wanusb)
DRV - [2003/01/30 09:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/09/12 22:48:50 | 000,008,832 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TBtnKey.sys -- (TBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.trinity.vic.edu.au
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://intranet.trinity.vic.edu.au


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.trinity.vic.edu.au
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://intranet.trinity.vic.edu.au
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.trinity.vic.edu.au
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://intranet.trinity.vic.edu.au
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.trinity.vic.edu.au
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://intranet.trinity.vic.edu.au
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = intranet*;staffnet*;tgsmail*;opac*;tgsm004*;<local>
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy-server.student.trinity.vic.edu.au:80

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-331298818-2112300089-635260049-16307\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.trinity.vic.edu.au
IE - HKU\S-1-5-21-331298818-2112300089-635260049-16307\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-331298818-2112300089-635260049-16307\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-331298818-2112300089-635260049-16307\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.backup.ftp: "172.16.0.250"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "172.16.0.250"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "172.16.0.250"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "172.16.0.250"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "172.16.0.250"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "172.16.0.250"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "172.16.0.250"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "student"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "172.16.0.250"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "172.16.0.250"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/07 14:14:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/20 19:19:28 | 000,000,000 | ---D | M]

[2010/01/20 19:16:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\112942\Application Data\Mozilla\Extensions
[2010/01/20 19:16:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\112942\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/03/05 14:26:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\112942\Application Data\Mozilla\Firefox\Profiles\kxkj0nff.default\extensions
[2009/10/09 08:50:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\112942\Application Data\Mozilla\Firefox\Profiles\kxkj0nff.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/07 21:26:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\112942\Application Data\Mozilla\Firefox\Profiles\kxkj0nff.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/07 23:35:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\112942\Application Data\Mozilla\Firefox\Profiles\kxkj0nff.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/01/09 13:36:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\112942\Application Data\Mozilla\Firefox\Profiles\kxkj0nff.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/13 20:36:48 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\112942\Application Data\Mozilla\Firefox\Profiles\kxkj0nff.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/10/17 20:21:17 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\112942\Application Data\Mozilla\Firefox\Profiles\kxkj0nff.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/01/23 00:00:10 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\112942\Application Data\Mozilla\Firefox\Profiles\kxkj0nff.default\searchplugins\web-search.xml
[2011/02/28 22:33:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/20 18:09:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/03/06 16:05:02 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 jL.chura.pl
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-331298818-2112300089-635260049-16307\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-331298818-2112300089-635260049-16307\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKU\.DEFAULT..\Run: [] File not found
O4 - HKU\.DEFAULT..\Run: [Diagnostic Manager] File not found
O4 - HKU\.DEFAULT..\Run: [Windows Resurections] File not found
O4 - HKU\S-1-5-18..\Run: [] File not found
O4 - HKU\S-1-5-18..\Run: [Diagnostic Manager] File not found
O4 - HKU\S-1-5-18..\Run: [Windows Resurections] File not found
O4 - HKU\S-1-5-19..\Run: [Ejomujep] File not found
O4 - HKU\S-1-5-19..\Run: [Opafixejowerax] File not found
O4 - HKU\S-1-5-19..\Run: [Regedit32] File not found
O4 - HKU\S-1-5-19..\Run: [TabletWizard] File not found
O4 - HKU\S-1-5-19..\Run: [uishf9wuifwuh387fh3wufinhjfdwefe] File not found
O4 - HKU\S-1-5-20..\Run: [TabletWizard] File not found
O4 - HKU\S-1-5-21-331298818-2112300089-635260049-16307..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-21-331298818-2112300089-635260049-16307..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\112942\Start Menu\Programs\Startup\WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe (Antony Lewis)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-331298818-2112300089-635260049-16307\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-331298818-2112300089-635260049-16307\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-331298818-2112300089-635260049-16307\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-21-331298818-2112300089-635260049-16307\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-331298818-2112300089-635260049-16307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-331298818-2112300089-635260049-16307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKU\S-1-5-21-331298818-2112300089-635260049-16307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKU\S-1-5-21-331298818-2112300089-635260049-16307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKU\S-1-5-21-331298818-2112300089-635260049-16307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKU\S-1-5-21-331298818-2112300089-635260049-16307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKU\S-1-5-21-331298818-2112300089-635260049-16307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKU\S-1-5-21-331298818-2112300089-635260049-16307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKU\S-1-5-21-331298818-2112300089-635260049-16307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKU\S-1-5-21-331298818-2112300089-635260049-16307\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: vic.edu.au ([intranet.trinity] http in Trusted sites)
O15 - HKLM\..Trusted Domains: vic.edu.au ([intranet.trinity] https in Local intranet)
O15 - HKLM\..Trusted Domains: vic.edu.au ([tgsmail.trinity] http in Trusted sites)
O15 - HKLM\..Trusted Domains: vic.edu.au ([tgsmail.trinity] https in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vic.edu.au ([intranet.trinity] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vic.edu.au ([intranet.trinity] https in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vic.edu.au ([tgsm023.student.trinity] http in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vic.edu.au ([tgsm023.student.trinity] https in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vic.edu.au ([tgsmail.trinity] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vic.edu.au ([tgsmail.trinity] https in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vic.edu.au ([intranet.trinity] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vic.edu.au ([intranet.trinity] https in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vic.edu.au ([tgsm023.student.trinity] http in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vic.edu.au ([tgsm023.student.trinity] https in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vic.edu.au ([tgsmail.trinity] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vic.edu.au ([tgsmail.trinity] https in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-19\..Trusted Domains: buy-internetsecurity10.com ([]http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: buy-is2010.com ([]http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: is10-soft-download.com ([]http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: vic.edu.au ([intranet.trinity] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: vic.edu.au ([intranet.trinity] https in Local intranet)
O15 - HKU\S-1-5-19\..Trusted Domains: vic.edu.au ([tgsmail.trinity] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: vic.edu.au ([tgsmail.trinity] https in Local intranet)
O15 - HKU\S-1-5-21-331298818-2112300089-635260049-16307\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKU\S-1-5-21-331298818-2112300089-635260049-16307\..Trusted Domains: vic.edu.au ([intranet.trinity] http in Trusted sites)
O15 - HKU\S-1-5-21-331298818-2112300089-635260049-16307\..Trusted Domains: vic.edu.au ([intranet.trinity] https in Local intranet)
O15 - HKU\S-1-5-21-331298818-2112300089-635260049-16307\..Trusted Domains: vic.edu.au ([tgsm023.student.trinity] http in Local intranet)
O15 - HKU\S-1-5-21-331298818-2112300089-635260049-16307\..Trusted Domains: vic.edu.au ([tgsm023.student.trinity] https in Local intranet)
O15 - HKU\S-1-5-21-331298818-2112300089-635260049-16307\..Trusted Domains: vic.edu.au ([tgsmail.trinity] http in Trusted sites)
O15 - HKU\S-1-5-21-331298818-2112300089-635260049-16307\..Trusted Domains: vic.edu.au ([tgsmail.trinity] https in Local intranet)
O15 - HKU\S-1-5-21-331298818-2112300089-635260049-16307\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198038397046 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198037853296 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 210.15.254.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = student.trinity.vic.edu.au
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe ()
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\TosBtNP: DllName - TosBtNP.dll - C:\WINDOWS\System32\TosBtNP.dll (TOSHIBA CORPORATION)
O20 - Winlogon\Notify\TSigNP: DllName - TSigNP.dll - C:\WINDOWS\System32\TSigNP.dll (TOSHIBA)
O24 - Desktop Components:0 (Ink Desktop) - {80E95280-2D38-3CB8-A215-FB5F14C4343E}
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\112942\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\112942\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/29 12:12:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/30 19:30:42 | 000,000,154 | R--- | M] () - E:\autorun.cfg -- [ UDF ]
O32 - AutoRun File - [2008/11/27 23:02:24 | 000,214,280 | R--- | M] (Sports Interactive) - E:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2006/09/12 00:26:42 | 000,000,027 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2009/03/22 01:18:57 | 000,095,034 | RHS- | M] () - H:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/22 01:18:57 | 000,095,034 | RHS- | M] () - I:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0d9cb50d-b413-11df-b17b-001c7e1a191e}\Shell - "" = AutoRun
O33 - MountPoints2\{0d9cb50d-b413-11df-b17b-001c7e1a191e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0d9cb50d-b413-11df-b17b-001c7e1a191e}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{0d9cb540-b413-11df-b17b-001c7e1a191e}\Shell - "" = AutoRun
O33 - MountPoints2\{0d9cb540-b413-11df-b17b-001c7e1a191e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0d9cb540-b413-11df-b17b-001c7e1a191e}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{173dae6f-0135-11de-af56-001cbf78d18b}\Shell - "" = AutoRun
O33 - MountPoints2\{173dae6f-0135-11de-af56-001cbf78d18b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{173dae6f-0135-11de-af56-001cbf78d18b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{1ad49678-4521-11df-b113-001c7ef6f11c}\Shell\AutoRun\command - "" = G:\jiwsxh39.exe
O33 - MountPoints2\{1ad49678-4521-11df-b113-001c7ef6f11c}\Shell\explore\Command - "" = G:\jiwsxh39.exe
O33 - MountPoints2\{1ad49678-4521-11df-b113-001c7ef6f11c}\Shell\open\Command - "" = G:\jiwsxh39.exe
O33 - MountPoints2\{26eba7be-1110-11df-b100-001cbf78d18b}\Shell\AutoRun\command - "" = F:\jiwsxh39.exe
O33 - MountPoints2\{26eba7be-1110-11df-b100-001cbf78d18b}\Shell\explore\Command - "" = F:\jiwsxh39.exe
O33 - MountPoints2\{26eba7be-1110-11df-b100-001cbf78d18b}\Shell\open\Command - "" = F:\jiwsxh39.exe
O33 - MountPoints2\{39d8306e-28d2-11de-af73-001cbf78d18b}\Shell\AutoRun\command - "" = E:\jiwsxh39.exe
O33 - MountPoints2\{39d8306e-28d2-11de-af73-001cbf78d18b}\Shell\explore\Command - "" = E:\jiwsxh39.exe
O33 - MountPoints2\{39d8306e-28d2-11de-af73-001cbf78d18b}\Shell\open\Command - "" = E:\jiwsxh39.exe
O33 - MountPoints2\{3fc132b0-b42b-11dd-af2d-001cbf78d18b}\Shell - "" = AutoRun
O33 - MountPoints2\{3fc132b0-b42b-11dd-af2d-001cbf78d18b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3fc132b0-b42b-11dd-af2d-001cbf78d18b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{4cd215d1-248a-11dd-aea7-001cbf78d18b}\Shell - "" = AutoRun
O33 - MountPoints2\{4cd215d1-248a-11dd-aea7-001cbf78d18b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4cd215d1-248a-11dd-aea7-001cbf78d18b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{58ecb04f-8a0a-11de-b048-001cbf78d18b}\Shell - "" = AutoRun
O33 - MountPoints2\{58ecb04f-8a0a-11de-b048-001cbf78d18b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{58ecb04f-8a0a-11de-b048-001cbf78d18b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{666a5a44-93d4-11df-b174-001c7e1a191e}\Shell - "" = AutoRun
O33 - MountPoints2\{666a5a44-93d4-11df-b174-001c7e1a191e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{666a5a44-93d4-11df-b174-001c7e1a191e}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{6aef1049-58b5-11df-b123-001cbf78d18b}\Shell - "" = AutoRun
O33 - MountPoints2\{6aef1049-58b5-11df-b123-001cbf78d18b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6aef1049-58b5-11df-b123-001cbf78d18b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{716cb0f0-8304-11de-b038-001cbf78d18b}\Shell\AutoRun\command - "" = E:\jiwsxh39.exe
O33 - MountPoints2\{716cb0f0-8304-11de-b038-001cbf78d18b}\Shell\explore\Command - "" = E:\jiwsxh39.exe
O33 - MountPoints2\{716cb0f0-8304-11de-b038-001cbf78d18b}\Shell\open\Command - "" = E:\jiwsxh39.exe
O33 - MountPoints2\{935611ca-aec6-11dd-af28-001cbf78d18b}\Shell - "" = AutoRun
O33 - MountPoints2\{935611ca-aec6-11dd-af28-001cbf78d18b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{935611ca-aec6-11dd-af28-001cbf78d18b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{99256554-eaba-11de-b0f4-001cbf78d18b}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{99a105fe-8ac2-11de-b04a-001cbf78d18b}\Shell - "" = AutoRun
O33 - MountPoints2\{99a105fe-8ac2-11de-b04a-001cbf78d18b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{99a105fe-8ac2-11de-b04a-001cbf78d18b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{a076b430-ae7a-11df-b179-001cbf78d18b}\Shell - "" = AutoRun
O33 - MountPoints2\{a076b430-ae7a-11df-b179-001cbf78d18b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a076b430-ae7a-11df-b179-001cbf78d18b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{afaf5f09-49b9-11df-b115-001cbf78d18b}\Shell - "" = AutoRun
O33 - MountPoints2\{afaf5f09-49b9-11df-b115-001cbf78d18b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{afaf5f09-49b9-11df-b115-001cbf78d18b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{d32c62c1-3072-11de-af7b-001cbf78d18b}\Shell\AutoRun\command - "" = E:\jiwsxh39.exe
O33 - MountPoints2\{d32c62c1-3072-11de-af7b-001cbf78d18b}\Shell\explore\Command - "" = E:\jiwsxh39.exe
O33 - MountPoints2\{d32c62c1-3072-11de-af7b-001cbf78d18b}\Shell\open\Command - "" = E:\jiwsxh39.exe
O33 - MountPoints2\{ee4050b5-ca66-11de-b0de-001cbf78d18b}\Shell\AutoRun\command - "" = E:\jiwsxh39.exe
O33 - MountPoints2\{ee4050b5-ca66-11de-b0de-001cbf78d18b}\Shell\explore\Command - "" = E:\jiwsxh39.exe
O33 - MountPoints2\{ee4050b5-ca66-11de-b0de-001cbf78d18b}\Shell\open\Command - "" = E:\jiwsxh39.exe
O33 - MountPoints2\{fc0c91ad-2582-11df-b106-001c7ef6f11c}\Shell\AutoRun\command - "" = F:\jiwsxh39.exe
O33 - MountPoints2\{fc0c91ad-2582-11df-b106-001c7ef6f11c}\Shell\explore\Command - "" = F:\jiwsxh39.exe
O33 - MountPoints2\{fc0c91ad-2582-11df-b106-001c7ef6f11c}\Shell\open\Command - "" = F:\jiwsxh39.exe
O33 - MountPoints2\{fd0dc2e0-ebf0-11dc-ae0b-001cbf78d18b}\Shell - "" = AutoRun
O33 - MountPoints2\{fd0dc2e0-ebf0-11dc-ae0b-001cbf78d18b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fd0dc2e0-ebf0-11dc-ae0b-001cbf78d18b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{ff0aa6ae-30f4-11e0-b18a-001cbf78d18b}\Shell - "" = AutoRun
O33 - MountPoints2\{ff0aa6ae-30f4-11e0-b18a-001cbf78d18b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ff0aa6ae-30f4-11e0-b18a-001cbf78d18b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe -- [2008/11/27 23:02:24 | 000,214,280 | R--- | M] (Sports Interactive)
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-331298818-2112300089-635260049-16307\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/03/18 22:05:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\112942\Recent
[2011/03/18 21:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\112942\Application Data\.minecraft
[2011/03/18 21:22:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\112942\Desktop\Curb Your Enthusiasm - Seasons 1-6 + Extras
[2011/03/18 18:23:34 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\112942\Desktop\OTL.exe
[2011/03/14 22:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/03/14 22:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\112942\Start Menu\Programs\HiJackThis
[2011/03/14 11:18:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/03/14 11:17:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/13 23:25:42 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2011/03/13 23:24:14 | 004,236,872 | ---- | C] (Veetle Inc) -- C:\Documents and Settings\112942\Desktop\veetle-0.9.18.exe
[2011/03/06 15:38:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/03/06 15:38:21 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/03/06 15:38:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/03/06 15:36:10 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\112942\Desktop\spybotsd162.exe
[2011/02/28 02:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\kLeObEg06511
[2011/02/28 00:02:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2011/02/28 00:02:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\112942\Local Settings\Application Data\GlobalSCAPE
[2011/02/28 00:02:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\112942\Application Data\GlobalSCAPE
[2011/02/20 17:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\112942\Application Data\GetRightToGo
[2011/02/20 15:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/02/20 15:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\112942\Application Data\SUPERAntiSpyware.com
[2011/02/20 15:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/02/20 01:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2006/10/29 15:09:30 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\BrigthDL.dll
[2006/10/29 15:09:30 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\System32\Thkemrun.exe
[2004/08/04 23:00:00 | 000,068,608 | --S- | C] (Microsoft Corporation) -- C:\Documents and Settings\LocalService\Local Settings\Application Data\3dviewerg.exe
[2004/08/04 23:00:00 | 000,068,608 | --S- | C] (Microsoft Corporation) -- C:\Documents and Settings\LocalService\Local Settings\Application Data\1037t.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\112942\*.tmp files -> C:\Documents and Settings\112942\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/18 22:10:00 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BB9DF14E-0BA4-425A-82AC-3C0C8E873A2F}.job
[2011/03/18 22:02:00 | 000,095,744 | ---- | M] () -- C:\Documents and Settings\112942\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/18 18:24:05 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\112942\Desktop\OTL.exe
[2011/03/15 20:24:29 | 021,006,278 | ---- | M] () -- C:\Documents and Settings\112942\Desktop\kong11.pdf
[2011/03/14 22:25:44 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\112942\Desktop\HiJackThis.lnk
[2011/03/14 11:14:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/03/14 01:05:30 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\112942\Desktop\HiJackThis.msi
[2011/03/13 23:25:21 | 004,236,872 | ---- | M] (Veetle Inc) -- C:\Documents and Settings\112942\Desktop\veetle-0.9.18.exe
[2011/03/06 16:08:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/06 16:05:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/06 16:04:59 | 2137,964,544 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/06 16:00:00 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/03/06 16:00:00 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/03/06 16:00:00 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/03/06 15:38:26 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\112942\Desktop\Spybot - Search & Destroy.lnk
[2011/03/06 15:36:25 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\112942\Desktop\spybotsd162.exe
[2011/03/05 18:02:43 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\112942\Application Data\winscp.rnd
[2011/03/05 17:57:53 | 002,601,083 | ---- | M] () -- C:\Documents and Settings\112942\Desktop\winscp432.zip
[2011/03/02 21:11:27 | 055,478,586 | ---- | M] () -- C:\Documents and Settings\112942\Desktop\Science and Pseudoscience Reader.pdf
[2011/02/27 23:27:35 | 001,564,623 | ---- | M] () -- C:\Documents and Settings\112942\Desktop\metadata.plist
[2011/02/27 23:06:55 | 005,061,536 | ---- | M] () -- C:\Documents and Settings\112942\Desktop\plistset.exe
[2011/02/20 18:48:50 | 000,526,104 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/20 18:48:50 | 000,095,578 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/20 15:36:54 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/20 15:23:40 | 000,000,368 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2011/02/20 02:28:49 | 000,002,304 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/02/19 14:00:02 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\112942\*.tmp files -> C:\Documents and Settings\112942\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/15 20:11:44 | 021,006,278 | ---- | C] () -- C:\Documents and Settings\112942\Desktop\kong11.pdf
[2011/03/14 22:01:38 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\112942\Desktop\HiJackThis.lnk
[2011/03/14 01:05:14 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\112942\Desktop\HiJackThis.msi
[2011/03/06 15:38:26 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\112942\Desktop\Spybot - Search & Destroy.lnk
[2011/03/05 17:57:51 | 002,601,083 | ---- | C] () -- C:\Documents and Settings\112942\Desktop\winscp432.zip
[2011/03/02 21:09:40 | 055,478,586 | ---- | C] () -- C:\Documents and Settings\112942\Desktop\Science and Pseudoscience Reader.pdf
[2011/02/27 23:05:49 | 005,061,536 | ---- | C] () -- C:\Documents and Settings\112942\Desktop\plistset.exe
[2011/02/27 21:52:26 | 001,564,623 | ---- | C] () -- C:\Documents and Settings\112942\Desktop\metadata.plist
[2011/02/20 15:36:54 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/20 01:27:45 | 000,000,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2011/02/20 01:26:50 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/02/19 23:04:53 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\112942\Application Data\winscp.rnd
[2011/02/05 12:45:43 | 000,159,232 | ---- | C] () -- C:\Documents and Settings\112942\Local Settings\Application Data\szjanqkhy.exe
[2010/12/01 12:07:56 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/12/01 12:07:56 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/12/01 12:07:56 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/11/19 22:13:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/07/19 15:47:24 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/05/12 18:57:35 | 000,075,612 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2010/03/06 13:01:12 | 000,000,476 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2010/02/14 11:02:56 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mhulihuvuwoxut.dat
[2010/02/14 11:02:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Lkozupukal.bin
[2009/12/02 18:45:22 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/12/01 16:35:29 | 000,000,622 | --S- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\1744852087.dat
[2009/09/08 19:54:43 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\ctfmon.exeA48F761C
[2009/09/08 15:45:48 | 000,056,792 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/17 10:23:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/05 12:53:30 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\softcoin.dll
[2009/08/05 12:53:30 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\gencoin.dll
[2009/04/07 15:48:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\IpSvchostF.dll
[2009/04/07 11:43:20 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\AUTMGR.EXE
[2008/03/16 17:32:19 | 000,161,815 | ---- | C] () -- C:\WINDOWS\System32\drivers\gtipdsp.bin
[2008/03/16 17:32:19 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\CoInst.dll
[2008/03/16 17:32:17 | 000,021,496 | ---- | C] () -- C:\WINDOWS\wwdslcfg.ini
[2008/02/22 12:31:55 | 000,000,082 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2008/02/14 14:12:27 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2008/02/08 17:29:10 | 000,002,935 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/02/08 16:47:34 | 000,000,042 | -HS- | C] () -- C:\Documents and Settings\112942\Application Data\PT4CJXFHYGGCXPMX73253MC85G
[2008/02/08 12:37:31 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\112942\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/08 12:37:31 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\112942\Local Settings\Application Data\fusioncache.dat
[2008/01/21 19:11:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/01/21 15:11:24 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/01/17 11:14:06 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/17 11:14:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/17 11:08:10 | 000,000,239 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/01/17 10:39:20 | 000,000,020 | ---- | C] () -- C:\WINDOWS\CrocTech.INI
[2008/01/16 10:50:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2007/12/19 16:05:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/09/18 15:01:08 | 000,167,936 | ---- | C] () -- C:\WINDOWS\libactivboardex.dll
[2007/09/13 09:31:50 | 000,196,608 | ---- | C] () -- C:\WINDOWS\ActivDRV.dll
[2007/01/11 15:41:32 | 000,000,021 | ---- | C] () -- C:\WINDOWS\crocclip.ini
[2007/01/08 20:12:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTRAY.INI
[2007/01/08 19:55:11 | 000,082,856 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2007/01/05 16:41:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/01/05 15:58:17 | 000,003,530 | ---- | C] () -- C:\WINDOWS\logos20.ini
[2007/01/05 14:04:38 | 000,026,317 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/01/05 13:25:16 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/10/29 19:50:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/10/29 19:49:31 | 001,647,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/10/29 17:12:36 | 000,000,498 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/29 16:22:24 | 000,167,936 | R--- | C] () -- C:\WINDOWS\System32\GBInf.dll
[2006/10/29 16:14:44 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/10/29 16:14:44 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/10/29 16:14:44 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/10/29 16:14:44 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/10/29 16:14:44 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/10/29 16:14:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/10/29 15:55:36 | 000,000,224 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/29 15:29:50 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/10/29 15:29:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/10/29 15:29:50 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/10/29 15:29:50 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/10/29 15:23:57 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TOSMgmt.dll
[2006/10/29 15:09:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2006/10/29 12:15:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/10/29 12:04:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/10/17 23:09:30 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2006/10/17 23:04:30 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/10/17 23:01:12 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2006/10/17 19:29:36 | 000,018,271 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2006/10/17 19:29:34 | 000,099,999 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2006/09/12 11:08:38 | 006,172,672 | ---- | C] () -- C:\WINDOWS\System32\HwRecogK.dll
[2006/08/14 09:56:52 | 007,946,240 | ---- | C] () -- C:\WINDOWS\System32\HWRecogT.dll
[2006/08/13 17:48:58 | 015,147,008 | ---- | C] () -- C:\WINDOWS\System32\HWRecog.dll
[2005/11/28 20:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/08/04 23:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 23:00:00 | 000,526,104 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 23:00:00 | 000,157,074 | ---- | C] () -- C:\WINDOWS\System32\ivfag.dll
[2004/08/04 23:00:00 | 000,095,578 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 23:00:00 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\userinit.exe
[2004/08/04 23:00:00 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\1033b.dat
[2004/08/04 23:00:00 | 000,006,672 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\activedst.dat
[2004/08/04 23:00:00 | 000,006,672 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\3076r.dat
[2004/08/04 23:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 23:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 23:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/08/07 16:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/03/24 05:03:00 | 000,279,552 | ---- | C] () -- C:\WINDOWS\System32\FGWVB32.DLL
[2002/09/24 12:19:02 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\DD32.dll
[2002/08/09 13:15:16 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
[2002/01/08 16:57:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[1998/03/26 01:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[1997/06/14 13:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >


Extra.txt:

OTL Extras logfile created on: 18/03/2011 10:08:39 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\112942\Desktop
Windows XP Tablet PC Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 30.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 32.29 Gb Free Space | 28.89% Space Free | Partition Type: NTFS
Drive E: | 2.32 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 298.09 Gb Total Space | 197.77 Gb Free Space | 66.35% Space Free | Partition Type: NTFS
Drive I: | 931.48 Gb Total Space | 711.80 Gb Free Space | 76.42% Space Free | Partition Type: NTFS

Computer Name: S112942 | User Name: 112942 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-331298818-2112300089-635260049-16307\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"Disable Config" = 1
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3235:TCP" = 3235:TCP:*:Enabled:szyhxp
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"22:TCP" = 22:TCP:*:Enabled:iPhone

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"c:\program files\texthelp systems\read and write 8\mind mapper\Property Controller.exe" = c:\program files\texthelp systems\read and write 8\mind mapper\Property Controller.exe:*:Enabled: -- (Texthelp Systems)
"c:\program files\texthelp systems\read and write 8\mind mapper\MindMapLauncher.exe" = c:\program files\texthelp systems\read and write 8\mind mapper\MindMapLauncher.exe:*:Enabled: -- (Texthelp Systems)
"c:\program files\texthelp systems\read and write 8\RW8.exe" = c:\program files\texthelp systems\read and write 8\RW8.exe:*:Enabled: -- ( )
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Corel\Graphics10\Register\NAVBrowser.exe" = C:\Program Files\Corel\Graphics10\Register\NAVBrowser.exe:*:Enabled:NAVBrowser
"c:\program files\texthelp systems\read and write 8\mind mapper\Property Controller.exe" = c:\program files\texthelp systems\read and write 8\mind mapper\Property Controller.exe:*:Enabled: -- (Texthelp Systems)
"c:\program files\texthelp systems\read and write 8\mind mapper\MindMapLauncher.exe" = c:\program files\texthelp systems\read and write 8\mind mapper\MindMapLauncher.exe:*:Enabled: -- (Texthelp Systems)
"c:\program files\texthelp systems\read and write 8\RW8.exe" = c:\program files\texthelp systems\read and write 8\RW8.exe:*:Enabled: -- ( )
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze
"C:\Documents and Settings\112942\Desktop\WinSCP.exe" = C:\Documents and Settings\112942\Desktop\WinSCP.exe:*:Enabled:WinSCP
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0759CACC-6CF9-4C3C-92C5-39668679AB16}" = Microsoft Ink Desktop
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1759CACC-6CF9-4C3C-92C5-39668679AB17}" = Microsoft Ink Crossword
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
"{1FBEE61B-F90E-4EE3-AE94-FCB8BD6EC443}" = Ink Art
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24300A63-DD78-4AA5-A914-4D582C41D33A}" = TOSHIBA TouchPad On/Off Utility V2.05.01
"{250A1355-2CB7-4B0E-8857-F457D8629565}" = Musition 3
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B02A6DF-9613-4289-96B6-11E68B0FD60D}" = Activstudio Resources (GBR) v3.0.1
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DE593E0-D44C-4E73-9A02-E59B970265CD}" = TOSHIBA Backup Utility V2.0.0
"{40FFC202-F842-44C7-ACBE-8B0EA690B1A3}" = Microsoft Education Pack for Windows XP Tablet PC Edition
"{4511EB07-EE29-4BF1-9B90-CE40F12B16CD}" = ClickView Player
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4D826618-59C6-11D4-976E-00C04F8EEB39}" = Macromedia FreeHand 10
"{4E8E152F-E82D-4786-95A9-C7F48C67F020}" = MicroWorlds EX
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5E71102C-2CEB-4C8B-99D3-D33B9741EEDA}" = Agilix GoBinder Lite
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{66695FF9-B692-4C90-89EF-42A45AA4CF64}" = Cricket Captain 2008
"{6B102825-6DEC-4808-BFE7-E4A596E7D8E6}" = Activdriver v4.1.12
"{6C2EFB33-4349-4952-90BE-A28A6EF5A32E}" = Read and Write 8 Gold
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{737629F4-4111-4FD4-9071-29873B7C6426}" = Protector Suite 5.4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey
"{85E70959-07B0-4F3B-8477-D5C0BA7D0DD9}" = Logger Lite 1.3.1
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8853C080-7F5C-4020-B663-C57FE29BB858}" = Microsoft Snipping Tool 2.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ONENOTE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ONENOTE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ONENOTE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ONENOTE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0000-0000-0000000FF1CE}" = Microsoft Office OneNote 2007
"{90120000-00A1-0000-0000-0000000FF1CE}_ONENOTE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0000-0000-0000000FF1CE}_ONENOTE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ONENOTE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ONENOTE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{960DB9A0-82DE-42B9-AB13-7CB5D73C8584}" = RealSpeak Solo Lee And Karen
"{99F6029B-73DE-4D03-B300-CF3C370FF250}" = Activstudio PE Help (GBR) v3.0.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0 SE
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4A0841B-2C43-40E6-9DE3-BA48D3469D5E}" = Logger Pro 3.4.2
"{B5688129-7595-4E5B-9990-CEF981A31264}" = SyncToy
"{B7F4B477-8EA3-4028-B458-2AE5E4A9D853}" = TOSHIBA Rotation Utility
"{BBF5493A-05FB-4449-90DE-84A61EB78154}" = TOSHIBA SD Memory Boot Utility
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"{C12EB29D-9D64-4ACA-84C2-33D8729AABD3}" = Microsoft Experience Pack for Tablet PC
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C444D4EE-5143-4D06-B10A-23965BE475EC}" = ClickView Video Codec MSI Deployer
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D43F473F-7E40-495F-971D-19BD4DBED1BD}" = Auralia 3
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{DA56F614-18B0-4E95-A016-99BBC2AC0242}" = Activstudio Professional Edition v3.0.110
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E18E644D-4FC1-4E7F-87B7-A0288A14A322}" = TIxx21/x515
"{E45873F4-AB2D-473F-9CBB-78125F4BF624}" = Cabri Geometry II Plus
"{E891B476-7FD7-4F73-A05A-CD6E36DB77D5}" = Crocodile Technology 1.6
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F1705BC9-D392-4502-9130-224BF0760952}" = Activstudio Flipchart Viewer v3.0.2436
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6C2D09F-6C82-48BB-A9D5-6A0478F52BD6}" = Microsoft Media Transfer
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{FA7314E7-9428-4866-80A8-762A538444DB}" = Microsoft Energy Blue Theme Pack
"{FC4C645F-8EBC-4F1E-A517-D1505B43A374}" = TOSHIBA Wireless Key Logon
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe PDF IFilter 6.0" = Adobe PDF IFilter 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner (remove only)
"DSMT6" = MathType 6
"Football Manager 2010" = Football Manager 2010
"Graphmatica" = Graphmatica
"Graphmatica 1.60c" = Graphmatica 1.60c
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Image Retriever" = Image Retriever
"Inspiration 8 Intl" = Inspiration 8 IE
"InstallShield_{3DE593E0-D44C-4E73-9A02-E59B970265CD}" = TOSHIBA Backup Utility V2.0.0
"InstallShield_{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"InstallShield_{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"InstallShield_{E18E644D-4FC1-4E7F-87B7-A0288A14A322}" = Texas Instruments PCIxx21/x515 drivers.
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"ONENOTE" = Microsoft Office OneNote 2007
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Picasa2" = Picasa 2
"Power Saver" = TOSHIBA Power Saver
"PowerISO" = PowerISO
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel® PRO Network Connections Drivers
"RealAlt_is1" = Real Alternative 1.7.5
"SopCast" = SopCast 3.0.3
"TDspBtn" = TOSHIBA Display Devices Change Utility
"TME3" = TOSHIBA Mobile Extension3 for Windows XP V3.78.00.XP
"TOSHIBA Accelerometer Utilities" = TOSHIBA Accelerometer Utilities
"TOSHIBA Management Console" = TOSHIBA Management Console Version 3.5 (3.5.4)
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TSigReco" = TOSHIBA Tablet Access Code Logon Utility V1.14.00
"Typequick" = Typequick
"UT2004" = Unreal Tournament 2004
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.2
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordWeb" = WordWeb Pro
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-331298818-2112300089-635260049-16307\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{DBFF7A38-F460-419A-A2E7-2D55BD2D9AD4}" = Dynasty Warriors 4 Hyper
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/03/2011 5:36:08 AM | Computer Name = S112942 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3921

Error - 17/03/2011 5:36:08 AM | Computer Name = S112942 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3921

Error - 17/03/2011 5:36:09 AM | Computer Name = S112942 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 17/03/2011 5:36:09 AM | Computer Name = S112942 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5875

Error - 17/03/2011 5:36:09 AM | Computer Name = S112942 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5875

Error - 17/03/2011 5:36:11 AM | Computer Name = S112942 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 17/03/2011 5:36:11 AM | Computer Name = S112942 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7828

Error - 17/03/2011 5:36:11 AM | Computer Name = S112942 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7828

Error - 18/03/2011 3:01:27 AM | Computer Name = S112942 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 18/03/2011 3:01:27 AM | Computer Name = S112942 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 77123421

[ OSession Events ]
Error - 13/02/2008 11:11:05 PM | Computer Name = S112942 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/10/2008 7:22:04 PM | Computer Name = S112942 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1219
seconds with 960 seconds of active time. This session ended with a crash.

Error - 11/02/2009 8:55:53 PM | Computer Name = S112942 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 75564
seconds with 360 seconds of active time. This session ended with a crash.

Error - 10/05/2009 7:46:15 PM | Computer Name = S112942 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2624
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/03/2010 2:23:36 AM | Computer Name = S112942 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23134
seconds with 1080 seconds of active time. This session ended with a crash.

Error - 17/05/2010 11:48:17 PM | Computer Name = S112942 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18
seconds with 0 seconds of active time. This session ended with a crash.

Error - 17/05/2010 11:48:41 PM | Computer Name = S112942 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 17/05/2010 11:49:24 PM | Computer Name = S112942 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 35
seconds with 0 seconds of active time. This session ended with a crash.

Error - 17/05/2010 11:50:02 PM | Computer Name = S112942 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16/06/2010 8:36:15 PM | Computer Name = S112942 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6408
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 18/03/2011 6:31:41 AM | Computer Name = S112942 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 18/03/2011 6:31:45 AM | Computer Name = S112942 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 18/03/2011 6:31:46 AM | Computer Name = S112942 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 18/03/2011 6:46:42 AM | Computer Name = S112942 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 18/03/2011 6:46:42 AM | Computer Name = S112942 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 239 minutes. NtpClient has no source of accurate
time.

Error - 18/03/2011 6:46:45 AM | Computer Name = S112942 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 18/03/2011 6:46:46 AM | Computer Name = S112942 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 18/03/2011 7:01:28 AM | Computer Name = S112942 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain STUDENT due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 18/03/2011 7:01:43 AM | Computer Name = S112942 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 18/03/2011 7:01:46 AM | Computer Name = S112942 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}


< End of report >

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:22 PM

Posted 18 March 2011 - 10:06 AM

Hi Agger,

How are you doing today?

Did you set these proxies in Firefox?

FF - prefs.js..network.proxy.backup.ftp: "172.16.0.250"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "172.16.0.250"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "172.16.0.250"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "172.16.0.250"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "172.16.0.250"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "172.16.0.250"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "172.16.0.250"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "student"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "172.16.0.250"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "172.16.0.250"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 4


OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    O3 - HKU\S-1-5-21-331298818-2112300089-635260049-16307\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O3 - HKU\S-1-5-21-331298818-2112300089-635260049-16307\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKU\.DEFAULT..\Run: [] File not found
    O4 - HKU\.DEFAULT..\Run: [Diagnostic Manager] File not found
    O4 - HKU\.DEFAULT..\Run: [Windows Resurections] File not found
    O4 - HKU\S-1-5-18..\Run: [] File not found
    O4 - HKU\S-1-5-18..\Run: [Diagnostic Manager] File not found
    O4 - HKU\S-1-5-18..\Run: [Windows Resurections] File not found
    O4 - HKU\S-1-5-19..\Run: [Ejomujep] File not found
    O4 - HKU\S-1-5-19..\Run: [Opafixejowerax] File not found
    O4 - HKU\S-1-5-19..\Run: [Regedit32] File not found
    O4 - HKU\S-1-5-19..\Run: [TabletWizard] File not found
    O4 - HKU\S-1-5-19..\Run: [uishf9wuifwuh387fh3wufinhjfdwefe] File not found
    O4 - HKU\S-1-5-20..\Run: [TabletWizard] File not found
    O15 - HKU\S-1-5-19\..Trusted Domains: buy-internetsecurity10.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: buy-is2010.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: is10-soft-download.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
    O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
    O33 - MountPoints2\{0d9cb50d-b413-11df-b17b-001c7e1a191e}\Shell - "" = AutoRun
    O33 - MountPoints2\{0d9cb50d-b413-11df-b17b-001c7e1a191e}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{0d9cb50d-b413-11df-b17b-001c7e1a191e}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    O33 - MountPoints2\{0d9cb540-b413-11df-b17b-001c7e1a191e}\Shell - "" = AutoRun
    O33 - MountPoints2\{0d9cb540-b413-11df-b17b-001c7e1a191e}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{0d9cb540-b413-11df-b17b-001c7e1a191e}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    O33 - MountPoints2\{173dae6f-0135-11de-af56-001cbf78d18b}\Shell - "" = AutoRun
    O33 - MountPoints2\{173dae6f-0135-11de-af56-001cbf78d18b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{173dae6f-0135-11de-af56-001cbf78d18b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\{1ad49678-4521-11df-b113-001c7ef6f11c}\Shell\AutoRun\command - "" = G:\jiwsxh39.exe
    O33 - MountPoints2\{1ad49678-4521-11df-b113-001c7ef6f11c}\Shell\explore\Command - "" = G:\jiwsxh39.exe
    O33 - MountPoints2\{1ad49678-4521-11df-b113-001c7ef6f11c}\Shell\open\Command - "" = G:\jiwsxh39.exe
    O33 - MountPoints2\{26eba7be-1110-11df-b100-001cbf78d18b}\Shell\AutoRun\command - "" = F:\jiwsxh39.exe
    O33 - MountPoints2\{26eba7be-1110-11df-b100-001cbf78d18b}\Shell\explore\Command - "" = F:\jiwsxh39.exe
    O33 - MountPoints2\{26eba7be-1110-11df-b100-001cbf78d18b}\Shell\open\Command - "" = F:\jiwsxh39.exe
    O33 - MountPoints2\{39d8306e-28d2-11de-af73-001cbf78d18b}\Shell\AutoRun\command - "" = E:\jiwsxh39.exe
    O33 - MountPoints2\{39d8306e-28d2-11de-af73-001cbf78d18b}\Shell\explore\Command - "" = E:\jiwsxh39.exe
    O33 - MountPoints2\{39d8306e-28d2-11de-af73-001cbf78d18b}\Shell\open\Command - "" = E:\jiwsxh39.exe
    O33 - MountPoints2\{3fc132b0-b42b-11dd-af2d-001cbf78d18b}\Shell - "" = AutoRun
    O33 - MountPoints2\{3fc132b0-b42b-11dd-af2d-001cbf78d18b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{3fc132b0-b42b-11dd-af2d-001cbf78d18b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    O33 - MountPoints2\{4cd215d1-248a-11dd-aea7-001cbf78d18b}\Shell - "" = AutoRun
    O33 - MountPoints2\{4cd215d1-248a-11dd-aea7-001cbf78d18b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{4cd215d1-248a-11dd-aea7-001cbf78d18b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\{58ecb04f-8a0a-11de-b048-001cbf78d18b}\Shell - "" = AutoRun
    O33 - MountPoints2\{58ecb04f-8a0a-11de-b048-001cbf78d18b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{58ecb04f-8a0a-11de-b048-001cbf78d18b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    O33 - MountPoints2\{666a5a44-93d4-11df-b174-001c7e1a191e}\Shell - "" = AutoRun
    O33 - MountPoints2\{666a5a44-93d4-11df-b174-001c7e1a191e}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{666a5a44-93d4-11df-b174-001c7e1a191e}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    O33 - MountPoints2\{6aef1049-58b5-11df-b123-001cbf78d18b}\Shell - "" = AutoRun
    O33 - MountPoints2\{6aef1049-58b5-11df-b123-001cbf78d18b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{6aef1049-58b5-11df-b123-001cbf78d18b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    O33 - MountPoints2\{716cb0f0-8304-11de-b038-001cbf78d18b}\Shell\AutoRun\command - "" = E:\jiwsxh39.exe
    O33 - MountPoints2\{716cb0f0-8304-11de-b038-001cbf78d18b}\Shell\explore\Command - "" = E:\jiwsxh39.exe
    O33 - MountPoints2\{716cb0f0-8304-11de-b038-001cbf78d18b}\Shell\open\Command - "" = E:\jiwsxh39.exe
    O33 - MountPoints2\{935611ca-aec6-11dd-af28-001cbf78d18b}\Shell - "" = AutoRun
    O33 - MountPoints2\{935611ca-aec6-11dd-af28-001cbf78d18b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{935611ca-aec6-11dd-af28-001cbf78d18b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\{99256554-eaba-11de-b0f4-001cbf78d18b}\Shell\AutoRun\command - "" = G:\setup.exe
    O33 - MountPoints2\{99a105fe-8ac2-11de-b04a-001cbf78d18b}\Shell - "" = AutoRun
    O33 - MountPoints2\{99a105fe-8ac2-11de-b04a-001cbf78d18b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{99a105fe-8ac2-11de-b04a-001cbf78d18b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\{a076b430-ae7a-11df-b179-001cbf78d18b}\Shell - "" = AutoRun
    O33 - MountPoints2\{a076b430-ae7a-11df-b179-001cbf78d18b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a076b430-ae7a-11df-b179-001cbf78d18b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    O33 - MountPoints2\{afaf5f09-49b9-11df-b115-001cbf78d18b}\Shell - "" = AutoRun
    O33 - MountPoints2\{afaf5f09-49b9-11df-b115-001cbf78d18b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{afaf5f09-49b9-11df-b115-001cbf78d18b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    O33 - MountPoints2\{d32c62c1-3072-11de-af7b-001cbf78d18b}\Shell\AutoRun\command - "" = E:\jiwsxh39.exe
    O33 - MountPoints2\{d32c62c1-3072-11de-af7b-001cbf78d18b}\Shell\explore\Command - "" = E:\jiwsxh39.exe
    O33 - MountPoints2\{d32c62c1-3072-11de-af7b-001cbf78d18b}\Shell\open\Command - "" = E:\jiwsxh39.exe
    O33 - MountPoints2\{ee4050b5-ca66-11de-b0de-001cbf78d18b}\Shell\AutoRun\command - "" = E:\jiwsxh39.exe
    O33 - MountPoints2\{ee4050b5-ca66-11de-b0de-001cbf78d18b}\Shell\explore\Command - "" = E:\jiwsxh39.exe
    O33 - MountPoints2\{ee4050b5-ca66-11de-b0de-001cbf78d18b}\Shell\open\Command - "" = E:\jiwsxh39.exe
    O33 - MountPoints2\{fc0c91ad-2582-11df-b106-001c7ef6f11c}\Shell\AutoRun\command - "" = F:\jiwsxh39.exe
    O33 - MountPoints2\{fc0c91ad-2582-11df-b106-001c7ef6f11c}\Shell\explore\Command - "" = F:\jiwsxh39.exe
    O33 - MountPoints2\{fc0c91ad-2582-11df-b106-001c7ef6f11c}\Shell\open\Command - "" = F:\jiwsxh39.exe
    O33 - MountPoints2\{fd0dc2e0-ebf0-11dc-ae0b-001cbf78d18b}\Shell - "" = AutoRun
    O33 - MountPoints2\{fd0dc2e0-ebf0-11dc-ae0b-001cbf78d18b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{fd0dc2e0-ebf0-11dc-ae0b-001cbf78d18b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\{ff0aa6ae-30f4-11e0-b18a-001cbf78d18b}\Shell - "" = AutoRun
    O33 - MountPoints2\{ff0aa6ae-30f4-11e0-b18a-001cbf78d18b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{ff0aa6ae-30f4-11e0-b18a-001cbf78d18b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe -- [2008/11/27 23:02:24 | 000,214,280 | R--- | M] (Sports Interactive)
    O33 - MountPoints2\H\Shell - "" = AutoRun
    O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\SETUP.EXE
    O37 - HKU\S-1-5-21-331298818-2112300089-635260049-16307\...exe [@ = exefile] -- Reg Error: Key error. File not found
    [2011/02/28 02:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\kLeObEg06511
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\112942\*.tmp files -> C:\Documents and Settings\112942\*.tmp -> ]
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\112942\*.tmp files -> C:\Documents and Settings\112942\*.tmp -> ]
    [2010/02/14 11:02:56 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mhulihuvuwoxut.dat
    [2010/02/14 11:02:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Lkozupukal.bin
    [2009/12/01 16:35:29 | 000,000,622 | --S- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\1744852087.dat
    [2008/02/08 16:47:34 | 000,000,042 | -HS- | C] () -- C:\Documents and Settings\112942\Application Data\PT4CJXFHYGGCXPMX73253MC85G
    
    :Reg
    
    :Files
    C:\WINDOWS\tasks\At*.job
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 Agger

Agger
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 18 March 2011 - 09:20 PM

No, i haven't changed any of the Firefox proxy settings.

OTL.exe log:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-331298818-2112300089-635260049-16307\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_USERS\S-1-5-21-331298818-2112300089-635260049-16307\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Diagnostic Manager deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Resurections deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Diagnostic Manager not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Resurections not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Ejomujep deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Opafixejowerax deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\TabletWizard deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\uishf9wuifwuh387fh3wufinhjfdwefe deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\TabletWizard deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-internetsecurity10.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-is2010.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is10-soft-download.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d9cb50d-b413-11df-b17b-001c7e1a191e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d9cb50d-b413-11df-b17b-001c7e1a191e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d9cb50d-b413-11df-b17b-001c7e1a191e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d9cb50d-b413-11df-b17b-001c7e1a191e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d9cb50d-b413-11df-b17b-001c7e1a191e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d9cb50d-b413-11df-b17b-001c7e1a191e}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d9cb540-b413-11df-b17b-001c7e1a191e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d9cb540-b413-11df-b17b-001c7e1a191e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d9cb540-b413-11df-b17b-001c7e1a191e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d9cb540-b413-11df-b17b-001c7e1a191e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d9cb540-b413-11df-b17b-001c7e1a191e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d9cb540-b413-11df-b17b-001c7e1a191e}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{173dae6f-0135-11de-af56-001cbf78d18b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{173dae6f-0135-11de-af56-001cbf78d18b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{173dae6f-0135-11de-af56-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{173dae6f-0135-11de-af56-001cbf78d18b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{173dae6f-0135-11de-af56-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{173dae6f-0135-11de-af56-001cbf78d18b}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ad49678-4521-11df-b113-001c7ef6f11c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ad49678-4521-11df-b113-001c7ef6f11c}\ not found.
File G:\jiwsxh39.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ad49678-4521-11df-b113-001c7ef6f11c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ad49678-4521-11df-b113-001c7ef6f11c}\ not found.
File G:\jiwsxh39.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ad49678-4521-11df-b113-001c7ef6f11c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ad49678-4521-11df-b113-001c7ef6f11c}\ not found.
File G:\jiwsxh39.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26eba7be-1110-11df-b100-001cbf78d18b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26eba7be-1110-11df-b100-001cbf78d18b}\ not found.
File F:\jiwsxh39.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26eba7be-1110-11df-b100-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26eba7be-1110-11df-b100-001cbf78d18b}\ not found.
File F:\jiwsxh39.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26eba7be-1110-11df-b100-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26eba7be-1110-11df-b100-001cbf78d18b}\ not found.
File F:\jiwsxh39.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39d8306e-28d2-11de-af73-001cbf78d18b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39d8306e-28d2-11de-af73-001cbf78d18b}\ not found.
File E:\jiwsxh39.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39d8306e-28d2-11de-af73-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39d8306e-28d2-11de-af73-001cbf78d18b}\ not found.
File E:\jiwsxh39.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39d8306e-28d2-11de-af73-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39d8306e-28d2-11de-af73-001cbf78d18b}\ not found.
File E:\jiwsxh39.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fc132b0-b42b-11dd-af2d-001cbf78d18b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fc132b0-b42b-11dd-af2d-001cbf78d18b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fc132b0-b42b-11dd-af2d-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fc132b0-b42b-11dd-af2d-001cbf78d18b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fc132b0-b42b-11dd-af2d-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fc132b0-b42b-11dd-af2d-001cbf78d18b}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cd215d1-248a-11dd-aea7-001cbf78d18b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4cd215d1-248a-11dd-aea7-001cbf78d18b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cd215d1-248a-11dd-aea7-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4cd215d1-248a-11dd-aea7-001cbf78d18b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cd215d1-248a-11dd-aea7-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4cd215d1-248a-11dd-aea7-001cbf78d18b}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58ecb04f-8a0a-11de-b048-001cbf78d18b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58ecb04f-8a0a-11de-b048-001cbf78d18b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58ecb04f-8a0a-11de-b048-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58ecb04f-8a0a-11de-b048-001cbf78d18b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58ecb04f-8a0a-11de-b048-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58ecb04f-8a0a-11de-b048-001cbf78d18b}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{666a5a44-93d4-11df-b174-001c7e1a191e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{666a5a44-93d4-11df-b174-001c7e1a191e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{666a5a44-93d4-11df-b174-001c7e1a191e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{666a5a44-93d4-11df-b174-001c7e1a191e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{666a5a44-93d4-11df-b174-001c7e1a191e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{666a5a44-93d4-11df-b174-001c7e1a191e}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6aef1049-58b5-11df-b123-001cbf78d18b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6aef1049-58b5-11df-b123-001cbf78d18b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6aef1049-58b5-11df-b123-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6aef1049-58b5-11df-b123-001cbf78d18b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6aef1049-58b5-11df-b123-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6aef1049-58b5-11df-b123-001cbf78d18b}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{716cb0f0-8304-11de-b038-001cbf78d18b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{716cb0f0-8304-11de-b038-001cbf78d18b}\ not found.
File E:\jiwsxh39.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{716cb0f0-8304-11de-b038-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{716cb0f0-8304-11de-b038-001cbf78d18b}\ not found.
File E:\jiwsxh39.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{716cb0f0-8304-11de-b038-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{716cb0f0-8304-11de-b038-001cbf78d18b}\ not found.
File E:\jiwsxh39.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{935611ca-aec6-11dd-af28-001cbf78d18b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{935611ca-aec6-11dd-af28-001cbf78d18b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{935611ca-aec6-11dd-af28-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{935611ca-aec6-11dd-af28-001cbf78d18b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{935611ca-aec6-11dd-af28-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{935611ca-aec6-11dd-af28-001cbf78d18b}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99256554-eaba-11de-b0f4-001cbf78d18b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99256554-eaba-11de-b0f4-001cbf78d18b}\ not found.
File G:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99a105fe-8ac2-11de-b04a-001cbf78d18b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99a105fe-8ac2-11de-b04a-001cbf78d18b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99a105fe-8ac2-11de-b04a-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99a105fe-8ac2-11de-b04a-001cbf78d18b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99a105fe-8ac2-11de-b04a-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99a105fe-8ac2-11de-b04a-001cbf78d18b}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a076b430-ae7a-11df-b179-001cbf78d18b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a076b430-ae7a-11df-b179-001cbf78d18b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a076b430-ae7a-11df-b179-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a076b430-ae7a-11df-b179-001cbf78d18b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a076b430-ae7a-11df-b179-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a076b430-ae7a-11df-b179-001cbf78d18b}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afaf5f09-49b9-11df-b115-001cbf78d18b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afaf5f09-49b9-11df-b115-001cbf78d18b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afaf5f09-49b9-11df-b115-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afaf5f09-49b9-11df-b115-001cbf78d18b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afaf5f09-49b9-11df-b115-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afaf5f09-49b9-11df-b115-001cbf78d18b}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d32c62c1-3072-11de-af7b-001cbf78d18b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d32c62c1-3072-11de-af7b-001cbf78d18b}\ not found.
File E:\jiwsxh39.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d32c62c1-3072-11de-af7b-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d32c62c1-3072-11de-af7b-001cbf78d18b}\ not found.
File E:\jiwsxh39.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d32c62c1-3072-11de-af7b-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d32c62c1-3072-11de-af7b-001cbf78d18b}\ not found.
File E:\jiwsxh39.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee4050b5-ca66-11de-b0de-001cbf78d18b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee4050b5-ca66-11de-b0de-001cbf78d18b}\ not found.
File E:\jiwsxh39.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee4050b5-ca66-11de-b0de-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee4050b5-ca66-11de-b0de-001cbf78d18b}\ not found.
File E:\jiwsxh39.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee4050b5-ca66-11de-b0de-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee4050b5-ca66-11de-b0de-001cbf78d18b}\ not found.
File E:\jiwsxh39.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc0c91ad-2582-11df-b106-001c7ef6f11c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc0c91ad-2582-11df-b106-001c7ef6f11c}\ not found.
File F:\jiwsxh39.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc0c91ad-2582-11df-b106-001c7ef6f11c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc0c91ad-2582-11df-b106-001c7ef6f11c}\ not found.
File F:\jiwsxh39.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc0c91ad-2582-11df-b106-001c7ef6f11c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc0c91ad-2582-11df-b106-001c7ef6f11c}\ not found.
File F:\jiwsxh39.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd0dc2e0-ebf0-11dc-ae0b-001cbf78d18b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd0dc2e0-ebf0-11dc-ae0b-001cbf78d18b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd0dc2e0-ebf0-11dc-ae0b-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd0dc2e0-ebf0-11dc-ae0b-001cbf78d18b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd0dc2e0-ebf0-11dc-ae0b-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd0dc2e0-ebf0-11dc-ae0b-001cbf78d18b}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff0aa6ae-30f4-11e0-b18a-001cbf78d18b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff0aa6ae-30f4-11e0-b18a-001cbf78d18b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff0aa6ae-30f4-11e0-b18a-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff0aa6ae-30f4-11e0-b18a-001cbf78d18b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff0aa6ae-30f4-11e0-b18a-001cbf78d18b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff0aa6ae-30f4-11e0-b18a-001cbf78d18b}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File move failed. E:\autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\SETUP.EXE not found.
Registry key HKEY_USERS\S-1-5-21-331298818-2112300089-635260049-16307_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-331298818-2112300089-635260049-16307_Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Folder C:\Documents and Settings\All Users\Application Data\kLeObEg06511\ not found.
C:\WINDOWS\DUMP4824.tmp deleted successfully.
C:\WINDOWS\DUMP59b8.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\10.tmp deleted successfully.
C:\WINDOWS\System32\11.tmp deleted successfully.
C:\WINDOWS\System32\12.tmp deleted successfully.
C:\WINDOWS\System32\13.tmp deleted successfully.
C:\WINDOWS\System32\1BB.tmp deleted successfully.
C:\WINDOWS\System32\1BC.tmp deleted successfully.
C:\WINDOWS\System32\26.tmp deleted successfully.
C:\WINDOWS\System32\27.tmp deleted successfully.
C:\WINDOWS\System32\2A2.tmp deleted successfully.
C:\WINDOWS\System32\2A3.tmp deleted successfully.
C:\WINDOWS\System32\2A4.tmp deleted successfully.
C:\WINDOWS\System32\2B4.tmp deleted successfully.
C:\WINDOWS\System32\2B5.tmp deleted successfully.
C:\WINDOWS\System32\2B6.tmp deleted successfully.
C:\WINDOWS\System32\71.tmp deleted successfully.
C:\WINDOWS\System32\72.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\112942\.uc-25683d055f87c9e58f13047ae9de8b40.112942.s112942.tmp deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Mhulihuvuwoxut.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Lkozupukal.bin moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\1744852087.dat moved successfully.
C:\Documents and Settings\112942\Application Data\PT4CJXFHYGGCXPMX73253MC85G moved successfully.
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\112942\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\112942\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (54622771300270080)

[EMPTYTEMP]

User: 112942
->Temp folder emptied: 2117906 bytes
->Temporary Internet Files folder emptied: 82054 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 130270732 bytes
->Flash cache emptied: 1938779 bytes

User: Administrator
->Temp folder emptied: 43028 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 43286707 bytes
->Flash cache emptied: 405 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 560894 bytes
->FireFox cache emptied: 2581695 bytes
->Flash cache emptied: 348 bytes

User: LocalService
->Temp folder emptied: 616165 bytes
->Temporary Internet Files folder emptied: 3000060 bytes
->Java cache emptied: 13 bytes
->Flash cache emptied: 725 bytes

User: NetworkService
->Temp folder emptied: 1292358 bytes
->Temporary Internet Files folder emptied: 3280652 bytes
->Flash cache emptied: 405 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2799 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 24102294 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 492190 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 204.00 mb


[EMPTYFLASH]

User: 112942
->Flash cache emptied: 0 bytes

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03192011_125358

Files\Folders moved on Reboot...
File\Folder E:\autorun.exe not found!
C:\Documents and Settings\112942\Local Settings\Temp\in2.tmp moved successfully.
C:\Documents and Settings\112942\Local Settings\Temp\in8.tmp moved successfully.
C:\WINDOWS\temp\in6.tmp moved successfully.

Registry entries deleted on Reboot...


As for the ComboFix log, i'm unable to run it because it says the 'contents have been compromised', which i'm guessing is because of the virut virus i've been infected with.
The previously inaccessible websites do seem to be working now, however.

Edited by Agger, 18 March 2011 - 09:22 PM.


#6 Agger

Agger
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 19 March 2011 - 03:25 AM

When i start my computer, it does not load explorer.exe. Instead, i have to manually start in by going to Task Manager -> New Task and type in explorer.exe
There is no trouble after i have done this.

I cannot say what might be the cause of this or what i was doing when the problem occurred because it happened some time ago. I do have the virut virus, however, if that is any help.

So far i have tried going into the registry and ensuring the link to explorer.exe on starup is correct - which it is. Other than that, i do not know what else to do.

Thanks in advance.

#7 Agger

Agger
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 19 March 2011 - 03:44 AM

I previously had a wireless LAN network which i would use to connect my iPhone to, but it all of a sudden stopped working due to a problem which i deduced to being a 'host error' (the host being my laptop).
Now, i can now longer even see my created network.
In addition, i cannot create a wireless network via the wizard, with the error: "The wizard could not create a wireless network".

I have no idea what could be causing this, nor what i did exactly which has caused this change.

Thanks in advance.

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,301 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:22 PM

Posted 19 March 2011 - 06:34 AM

Hello Agger,
I have merged the two topics you started with this one. Please do not start any new topic unless SweetTech gives you the go-ahead. This in order to avoid confusion due to you being helped by multiple people.

Thank you for your understanding.
Back to SweetTech now, sorry for the interruption. :)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Agger

Agger
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 19 March 2011 - 08:12 AM

Sorry, i thought it would clutter things seeing as these problems are of less concern. I'll just delete the posts and repost them when this problem is solved.

Edit: Well, can't delete them. Oh well.

Edited by Agger, 19 March 2011 - 08:14 AM.


#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:22 PM

Posted 19 March 2011 - 11:17 AM

Hi Agger,

I seemed to have overlooked the sentence in your original post mentioning Virut. Virut is a very dangerous infection.

This is what I tell my users when they are infected with Virut:

----------------------

Your system is infected with a nasty variant of Virut, a polymorphic file infector with IRCBot functionality which infects .exe, .scr files, downloads more malicious files to your system, and opens a back door that compromises your computer.

With this particular infection, the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

According to this Norman White Paper Assessment of W32/Virut, some variants can infect the HOSTS file and block access to security related web sites. Other variants of virut can even penetrate and infect .exe files within compressed files (.zip, .cab, rar). The Virux and Win32/Virut.17408 variants are an even more complex file infectors which can embed an iframe into the body of web-related files and infect script files (.php, .asp, .htm, .html, .xml). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair and in some instances can disable Windows File Protection. In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable. The longer virut remains on a computer, the more critical system files will become infected and corrupt so the degree of infection can vary.

The virus disables Windows File Protection by injecting code into the "winlogon.exe" process that patches system code in memory.

CA Virus detail of W32/Virut

The virus has a number of bugs in its code, and as a result it may misinfect a proportion of executable files....some W32/Virut.h infections are corrupted beyond repair.

McAfee Risk Assessment and Overview of W32/Virut

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus...Due to the damaged caused to files by virut it's possible to find repaired but corrupted files. They became corrupted by the incorrect writing of the viral code during the process of infection. undetected, corrupted files (possibly still containing part of the viral code) can also be found. this is caused by incorrectly written and non-function viral code present in these files.

AVG Overview of W32/VirutVirut is commonly spread via a flash drive (usb, pen, thumb, jump) infection using RUNDLL32.EXE and other malicious files. It is often contracted and spread by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

However, the CA Security Advisor Research Blog have found MySpace user pages carrying the malicious Virut URL. Either way you can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:Since virut is not effectively disinfectable, your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. In many cases the infected files cannot be deleted and anti-malware scanners cannot disinfect them properly. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat and reinstall the OS. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Please read:
----------------------

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 Agger

Agger
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 19 March 2011 - 08:37 PM

Alright, i'll reformat.
But surely my wireless internet problem is not related to virut? Would you be able to help with that?

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:22 PM

Posted 20 March 2011 - 08:51 AM

That is an issue that I feel you'd receive the best advice for by posting in our Networking forum.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:22 PM

Posted 23 March 2011 - 11:03 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users