Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with windows recovery virus?


  • This topic is locked This topic is locked
39 replies to this topic

#1 lksdrinker

lksdrinker

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 14 May 2011 - 12:21 AM

So I think I have the "windows recovery virus". Ever since this started popping up the "all programs" list is completely empty. I've already tried running malwarebytes antimalware and while that seems to have done something; it has not fixed it completely. Now it seems that the list of programs shows up in the "all programs"; but when you go to click them the folder is empty.

I also have Stopzilla installed on someone's recommendation. That also seems to often pop up with some warnings but hasnt helped anything.

I've tried to download and run defogger; but it seems that the file downloads but immediately disappears from my desktop when I try to open it. If I try to just run it instead of downloading it a window opens briefly and immediately disappears.

I've run DDS but no log files pop up after the program has run for quite a while. I've tried multiple times with the same result.

GMER is currently running but its time for me to get some sleep so I'll post the results of that up in the AM tomorrow.

In the meantime, does anyone have any suggestions for me?

thanks in advance.

Attached Files

  • Attached File  ark.txt   8.9KB   2 downloads

Edited by lksdrinker, 14 May 2011 - 07:13 AM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:57 PM

Posted 14 May 2011 - 02:31 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Please download UnHide.exe by Grinler.

It will unhide folders/files that were set to be hidden by the infection you had.


NEXT:



Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 lksdrinker

lksdrinker
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 14 May 2011 - 09:11 PM

Hey ST. Thanks for the response and taking the time to help me.

So I downloaded everything and ran unhide. It seems to now show all of the programs, but their folders are empty.

Heres the rootkit unhooker log:
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF6BDC000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1306624 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xAA4F5000 C:\WINDOWS\system32\drivers\sthda.sys 1069056 bytes (SigmaTel, Inc., NDRC)
0xBF077000 C:\WINDOWS\System32\ialmdd5.DLL 929792 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xF7288000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA608C000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0xA9D16000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6A9C000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA9E49000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA6A74000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF15A000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA6363000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver)
0xF73CF000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA6E0A000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF725B000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA5FC1000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA9D86000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF6BA0000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA9DFB000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF6B56000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 155648 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xA9E23000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA6FE8000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xAA4D1000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6B7C000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6B33000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA9DB1000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7367000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF739F000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7241000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7387000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA6FA2000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xA6FD0000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7328000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6B1C000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA6FBA000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xA6F8C000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF733F000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xA6E37000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6BC8000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA9EA2000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF7315000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7355000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF73BE000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6B0B000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF75BE000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF6D2B000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF75CE000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF769E000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF6D4B000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF74FE000 szkg.sys 57344 bytes (iS3 Inc., szkg Device Driver)
0xF756E000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF75EE000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF750E000 szkgfs.sys 53248 bytes (iS3, Inc., STOPzilla Kernel Guard File System, x86-32 )
0xF754E000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xA6143000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xF760E000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF773E000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF75DE000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF753E000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF75FE000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xA7043000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF752E000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xA9EF5000 C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver)
0xF6D7B000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF762E000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF755E000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xA6253000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF75AE000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF761E000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF774E000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF766E000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF757E000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF771E000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF78E6000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF77B6000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xA7EC7000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF77BE000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF78C6000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF784E000 C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 28672 bytes (Microsoft Corporation, Filter Driver for Microsoft Hardware HID Non-User Input Data)
0xF777E000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xAA06C000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF7886000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF77EE000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF77F6000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7846000 C:\WINDOWS\system32\DRIVERS\point32.sys 24576 bytes (Microsoft Corporation, Point32.sys)
0xF7796000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF78CE000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF77FE000 C:\WINDOWS\System32\drivers\aspi32.sys 20480 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xF7866000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF78DE000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7786000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF77DE000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF77E6000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF77C6000 C:\WINDOWS\system32\drivers\T1PExGrp.sys 20480 bytes (Magic Control Technology Corp., Trigger USB Graphics Chipset Family (1P-E) Driver)
0xF77CE000 C:\WINDOWS\system32\drivers\T1PMrGrp.sys 20480 bytes (Magic Control Technology Corp., Trigger USB Graphics Chipset Family (1P-M) Driver)
0xF77D6000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xA7ED7000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF706E000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xA62AB000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7204000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA6F54000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF790E000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF79DA000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA6277000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF79CE000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xA6313000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF79FA000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF79E6000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7AB6000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows ® 2000 DDK provider, TR Manager)
0xF7A50000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7A1E000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF7A36000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7A1A000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7A4E000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF79FE000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7A52000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7A1C000 C:\Program Files\LogMeIn\x86\RaInfo.sys 8192 bytes (LogMeIn, Inc., RemotelyAnywhere Kernel Information Provider)
0xF7A54000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7A20000 C:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xF7A22000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7A2A000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A00000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7B4C000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7C43000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7B59000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7C3E000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7AC6000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x86CBAA91 Unknown page with executable code, 1391 bytes
0x03EC0000 Hidden Image-->System.Data.dll [ EPROCESS 0x84C65BE0 ] PID: 3600, 2961408 bytes
0x03A00000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x84C65BE0 ] PID: 3600, 307200 bytes
0x86CB9288 Unknown page with executable code, 3448 bytes
0x86CBB191 Unknown page with executable code, 3695 bytes
0x03E80000 Hidden Image-->NamedPipes.dll [ EPROCESS 0x84C65BE0 ] PID: 3600, 45056 bytes
0x033E0000 Hidden Image-->Memeo.Client.dll [ EPROCESS 0x84C65BE0 ] PID: 3600, 53248 bytes
0xF754E000 WARNING: Virus alike driver modification [VolSnap.sys], 53248 bytes
0x86CBDE7A Unknown thread object [ ETHREAD 0x86D8EDA8 ] TID: 124, 600 bytes
0x86CC0008 Unknown thread object [ ETHREAD 0x86D9D5A8 ] TID: 128, 600 bytes
0x86CBF0DE Unknown thread object [ ETHREAD 0x86D45DA8 ] , 600 bytes
0x86CBDB45 Unknown thread object [ ETHREAD 0x86D8C5A8 ] , 600 bytes
0x86CBFCDC Unknown page with executable code, 804 bytes
0x046C0000 Hidden Image-->SQLite.NET.dll [ EPROCESS 0x84C65BE0 ] PID: 3600, 86016 bytes


And here are the OTL logs:
OTL logfile created on: 5/14/2011 9:54:54 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Richard Cave\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 121.00 Mb Available Physical Memory | 12.00% Memory free
2.00 Gb Paging File | 0.00 Gb Available in Paging File | 24.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 27.46 Gb Free Space | 38.42% Space Free | Partition Type: NTFS
Drive F: | 7.49 Gb Total Space | 7.32 Gb Free Space | 97.83% Space Free | Partition Type: FAT32

Computer Name: JDMRICH | User Name: Richard Cave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/14 21:27:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard Cave\Desktop\OTL.exe
PRC - [2011/05/11 14:05:36 | 000,267,728 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe
PRC - [2011/05/11 14:05:36 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2009/07/06 03:24:40 | 000,262,144 | R--- | M] (Magic Control Technology Corporation) -- C:\WINDOWS\system32\vgautil5100.exe
PRC - [2009/02/05 13:48:08 | 000,172,032 | ---- | M] () -- C:\WINDOWS\system32\t1psvr.exe
PRC - [2008/07/24 19:46:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/07/07 09:15:18 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/13 12:42:08 | 000,808,160 | ---- | M] (Memeo Inc.) -- C:\Program Files\Memeo\AutoSync\MemeoAutoSync.exe
PRC - [2006/02/10 19:17:04 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/05 04:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE


========== Modules (SafeList) ==========

MOD - [2011/05/14 21:27:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard Cave\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/11 14:05:36 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2009/02/05 13:48:08 | 000,172,032 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\t1psvr.exe -- (T1PSvr)
SRV - [2008/07/07 09:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Start_Pending] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 14:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/07/06 16:07:44 | 000,100,480 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\t1pusb.sys -- (t1pusb)
DRV - [2009/06/24 17:21:04 | 000,019,712 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\T1PMrGrp.sys -- (T1PMrGrp)
DRV - [2009/06/24 17:19:24 | 000,018,816 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\T1PExGrp.sys -- (T1PExGrp)
DRV - [2008/07/24 19:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/24 19:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2007/02/25 16:04:32 | 000,029,184 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\goprot51.sys -- (GoProto)
DRV - [2006/10/31 08:28:04 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/02/10 19:19:12 | 001,107,224 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/10 13:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/11/21 01:48:20 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005/11/11 12:34:16 | 000,353,728 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (DELL_A02)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061031
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061031


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061031
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061031
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2806852293-2966653593-1250637632-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061031
IE - HKU\S-1-5-21-2806852293-2966653593-1250637632-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
IE - HKU\S-1-5-21-2806852293-2966653593-1250637632-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2806852293-2966653593-1250637632-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2806852293-2966653593-1250637632-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2806852293-2966653593-1250637632-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1275399053&rver=6.0.5285.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us|https://www.google.com/calendar/render"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: bettergcal@ginatrapani.org:0.3
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {723AAF16-AF1F-4404-A5D7-0BFE39766605}:0.3.3
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: itele.widget@gmail.com:1.2.0.4
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 09:07:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 09:13:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/05 10:55:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/08/20 18:52:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Extensions
[2010/08/20 18:52:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/05/12 09:28:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions
[2010/03/26 11:08:12 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/10/15 09:04:48 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/03/24 10:21:36 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2009/05/18 11:50:40 | 000,000,000 | ---D | M] (Copy Plain Text) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}
[2009/06/05 08:56:02 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/04/15 11:42:43 | 000,000,000 | ---D | M] (Google Calendar Notifier) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\{7F364BE2-D493-11DA-BE96-9966D6839540}
[2010/01/21 10:30:29 | 000,000,000 | ---D | M] (SIRIUS Player) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\{A8208118-F761-47E2-A01F-4FB22AE08B5E}
[2011/04/01 09:08:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/04/22 09:03:57 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2009/04/15 11:42:43 | 000,000,000 | ---D | M] ("Better GCal") -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\bettergcal@ginatrapani.org
[2010/05/25 09:42:49 | 000,000,000 | ---D | M] (Newsbar) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\itele.widget@gmail.com
[2011/05/08 20:17:12 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack
[2009/12/11 13:14:34 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\LogMeInClient@logmein.com
[2011/05/12 09:28:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\staged
[2011/04/22 09:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2008/07/31 16:27:55 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\searchplugins\usatodaycom.xml
[2011/05/11 15:12:04 | 000,001,835 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\searchplugins\weathercom.xml
[2008/06/23 09:17:20 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\searchplugins\webster.xml
[2008/07/31 16:27:27 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Application Data\Mozilla\Firefox\Profiles\wd7ttbis.default\searchplugins\wikipedia-eng.xml
[2011/03/24 09:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/26 09:32:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RICHARD CAVE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WD7TTBIS.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RICHARD CAVE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WD7TTBIS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RICHARD CAVE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WD7TTBIS.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RICHARD CAVE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WD7TTBIS.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RICHARD CAVE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WD7TTBIS.DEFAULT\EXTENSIONS\GOOGLEDICTIONARY@TOPTIP.CA.XPI
[2009/03/17 08:52:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/03 03:02:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/05/05 09:07:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2007/10/25 15:00:45 | 000,000,897 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\livecom.png
[2007/10/25 15:00:45 | 000,001,015 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\livecom.src

O1 HOSTS File: ([2011/05/13 13:27:05 | 000,218,750 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.1.113 HP0017A422842B
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 7678 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [T1PSvrUtil] C:\WINDOWS\system32\T1PSvrUtil.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Richard Cave\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk = C:\Program Files\Memeo\AutoSync\MemeoLauncher.exe (Memeo Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2806852293-2966653593-1250637632-1007\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2806852293-2966653593-1250637632-1007\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2806852293-2966653593-1250637632-1007\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2806852293-2966653593-1250637632-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {4125262D-2E47-11D3-9387-00C04F5B12B1} https://secure10.backup.com/downloads/WRX.cab (WRXCtl Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5334504D-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/8/D/08D91A3B-CFF6-45DE-95DF-64415075E344/mpg4sdmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Richard Cave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Richard Cave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2250409a-1a24-11dd-8331-001372e85591}\Shell - "" = AutoRun
O33 - MountPoints2\{2250409a-1a24-11dd-8331-001372e85591}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2250409a-1a24-11dd-8331-001372e85591}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{41ceaadc-b343-11de-8446-001372e85591}\Shell - "" = AutoRun
O33 - MountPoints2\{41ceaadc-b343-11de-8446-001372e85591}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{41ceaadc-b343-11de-8446-001372e85591}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2806852293-2966653593-1250637632-1007\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/14 21:27:22 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Richard Cave\Desktop\OTL.exe
[2011/05/14 00:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Cave\Desktop\gmer
[2011/05/13 15:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\STOPzilla
[2011/05/13 15:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/05/13 15:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/05/13 13:20:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/05/13 13:10:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Richard Cave\Recent
[2011/05/13 11:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Cave\Application Data\Malwarebytes
[2011/05/13 11:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/13 11:08:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/13 11:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/13 11:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/11 14:05:30 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/05/11 14:05:30 | 000,456,144 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/05/11 14:05:30 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/05/11 14:05:30 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/05/11 14:05:30 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/05/11 14:05:30 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/05/11 14:05:28 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/05/11 14:05:28 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/05/11 14:05:28 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/05/11 14:05:28 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/05/11 14:05:28 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/05/11 14:05:28 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/05/06 16:43:07 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2011/05/06 16:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2011/05/06 16:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/14 21:27:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard Cave\Desktop\OTL.exe
[2011/05/14 21:26:10 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Desktop\RKUnhookerLE.EXE
[2011/05/14 21:25:30 | 000,605,735 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Desktop\unhide.exe
[2011/05/14 19:10:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/14 00:40:09 | 000,293,775 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Desktop\gmer.zip
[2011/05/14 00:32:07 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Desktop\dds.scr
[2011/05/13 15:14:20 | 000,154,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/13 10:38:38 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/12 17:10:45 | 000,000,468 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2011/05/12 14:53:15 | 000,343,994 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Desktop\ACRIS Search By Name Results 2011-05-12 14-52-53 copy.jpg
[2011/05/12 14:53:09 | 000,096,717 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Desktop\ACRIS Search By Name Results 2011-05-12 14-52-53 copy.png
[2011/05/12 14:52:56 | 000,090,835 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Desktop\ACRIS Search By Name Results 2011-05-12 14-52-53.png
[2011/05/12 14:46:39 | 000,158,775 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Desktop\ACRIS Search By Name Results 2011-05-12 14-46-04 copy.jpg
[2011/05/12 14:46:14 | 000,041,735 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Desktop\ACRIS Search By Name Results 2011-05-12 14-46-04.png
[2011/05/11 14:05:30 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/05/11 14:05:30 | 000,456,144 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/05/11 14:05:30 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/05/11 14:05:30 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/05/11 14:05:30 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/05/11 14:05:30 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/05/11 14:05:28 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/05/11 14:05:28 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/05/11 14:05:28 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/05/11 14:05:28 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/05/11 14:05:28 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/05/11 14:05:28 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/05/06 16:43:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2011/05/06 16:43:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2011/05/04 11:08:09 | 000,308,887 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Desktop\aff of serv with address.PDF
[2011/05/04 10:56:12 | 000,308,550 | ---- | M] () -- C:\Documents and Settings\Richard Cave\Desktop\aff of serv.PDF
[2011/04/28 15:41:52 | 004,948,069 | ---- | M] () -- C:\Documents and Settings\Richard Cave\My Documents\Delancey BofA signed lease.pdf
[2011/04/15 03:10:41 | 000,463,628 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/15 03:10:41 | 000,080,756 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/14 21:26:23 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Desktop\RKUnhookerLE.EXE
[2011/05/14 00:40:09 | 000,293,775 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Desktop\gmer.zip
[2011/05/14 00:32:07 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Desktop\dds.scr
[2011/05/13 14:50:01 | 1063,407,616 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/13 10:59:44 | 000,605,735 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Desktop\unhide.exe
[2011/05/12 14:53:14 | 000,343,994 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Desktop\ACRIS Search By Name Results 2011-05-12 14-52-53 copy.jpg
[2011/05/12 14:53:08 | 000,096,717 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Desktop\ACRIS Search By Name Results 2011-05-12 14-52-53 copy.png
[2011/05/12 14:52:56 | 000,090,835 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Desktop\ACRIS Search By Name Results 2011-05-12 14-52-53.png
[2011/05/12 14:46:37 | 000,158,775 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Desktop\ACRIS Search By Name Results 2011-05-12 14-46-04 copy.jpg
[2011/05/12 14:46:08 | 000,041,735 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Desktop\ACRIS Search By Name Results 2011-05-12 14-46-04.png
[2011/05/06 16:43:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2011/05/06 16:43:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2011/05/04 11:08:09 | 000,308,887 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Desktop\aff of serv with address.PDF
[2011/05/04 10:56:12 | 000,308,550 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Desktop\aff of serv.PDF
[2011/04/28 15:41:51 | 004,948,069 | ---- | C] () -- C:\Documents and Settings\Richard Cave\My Documents\Delancey BofA signed lease.pdf
[2010/09/02 13:10:06 | 000,000,294 | ---- | C] () -- C:\WINDOWS\dvdtowmvconverter.ini
[2010/09/02 13:06:52 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SysDVDtowmv.dat
[2010/09/02 12:59:24 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\libsndfile-1.dll
[2010/09/02 12:54:45 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/07/18 22:06:42 | 000,001,837 | ---- | C] () -- C:\WINDOWS\System32\MTri1+.ini
[2010/02/09 17:02:40 | 000,002,979 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat.temp
[2010/02/09 16:33:50 | 000,188,626 | ---- | C] () -- C:\WINDOWS\hpwins22.dat
[2010/02/09 16:33:50 | 000,002,979 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat
[2010/01/11 12:51:57 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2010/01/11 12:51:56 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2009/10/19 16:23:05 | 000,000,468 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/10/19 16:23:05 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\bd9840cd.dat
[2009/10/19 16:23:05 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/10/19 16:22:08 | 000,001,039 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/10/19 16:22:08 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/10/19 16:22:08 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bd9840cn.dat
[2009/10/19 16:20:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2009/10/19 16:20:31 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2009/10/19 16:20:30 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BAOCH06A.DAT
[2009/10/19 16:20:28 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/10/19 16:20:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009/10/19 16:20:27 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/10/19 16:18:43 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/04/09 13:57:23 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/02/16 12:48:02 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/02/16 12:48:02 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\93097EE3B0.sys
[2008/09/02 16:52:59 | 000,008,319 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Application Data\Comma Separated Values (DOS).JNL
[2008/09/02 16:52:06 | 000,038,486 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Application Data\Comma Separated Values (Windows).ADR
[2008/06/18 10:41:16 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Application Data\dvd.bmk
[2008/05/16 12:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/05/06 11:16:17 | 000,000,084 | ---- | C] () -- C:\WINDOWS\AVAideDVDtomp4.ini
[2008/05/06 10:54:56 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\AvaideDVDtomp4.dat
[2007/10/08 14:21:22 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2007/10/08 14:21:01 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2007/10/08 14:20:51 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/03/09 11:02:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007/03/07 13:58:11 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/06 16:41:21 | 000,038,486 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Application Data\Comma Separated Values (DOS).ADR
[2007/03/06 13:39:21 | 000,038,474 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Application Data\Microsoft Excel.ADR
[2007/01/12 16:46:47 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/01/12 16:28:32 | 000,000,130 | ---- | C] () -- C:\WINDOWS\pagesuit.ini
[2007/01/12 16:28:31 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2007/01/05 17:14:21 | 000,032,468 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\irisscan.clb
[2007/01/05 17:02:37 | 000,094,208 | R--- | C] () -- C:\WINDOWS\System32\IRISScan.DLL
[2006/12/05 11:49:13 | 000,002,672 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/05 11:49:13 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\C9888066A0.sys
[2006/11/27 12:09:45 | 000,001,775 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/11/09 15:22:51 | 000,195,072 | ---- | C] () -- C:\WINDOWS\System32\wav2mp3.exe
[2006/11/09 15:22:51 | 000,000,678 | ---- | C] () -- C:\WINDOWS\TalknSend.INI
[2006/11/09 11:56:47 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Richard Cave\Local Settings\Application Data\fusioncache.dat
[2006/11/09 11:30:12 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/11/09 11:30:12 | 000,000,147 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2006/11/09 11:29:41 | 000,000,649 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2006/11/09 11:16:30 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\CoPrism.dll
[2006/10/31 08:43:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/31 08:31:34 | 000,000,124 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/31 08:27:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/31 08:25:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/31 08:00:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/10/31 08:00:18 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/03/31 00:06:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\U2VSvr.exe
[2006/03/31 00:06:28 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\U2VDisp.exe
[2006/03/31 00:06:28 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\Util.exe
[2006/03/31 00:06:27 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\t1psvr.dll
[2006/03/31 00:06:27 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\t1psvr.exe
[2006/03/31 00:06:26 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\T1PDisp.exe
[2006/03/31 00:06:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\T1PSvrUtil.exe
[2006/03/31 00:06:25 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\UDLL.dll
[2006/03/31 00:06:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mctudll.dll
[2005/11/10 09:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,154,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,463,628 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,080,756 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >


OTL Extras logfile created on: 5/14/2011 9:54:54 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Richard Cave\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 121.00 Mb Available Physical Memory | 12.00% Memory free
2.00 Gb Paging File | 0.00 Gb Available in Paging File | 24.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 27.46 Gb Free Space | 38.42% Space Free | Partition Type: NTFS
Drive F: | 7.49 Gb Total Space | 7.32 Gb Free Space | 97.83% Space Free | Partition Type: FAT32

Computer Name: JDMRICH | User Name: Richard Cave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2806852293-2966653593-1250637632-1007\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"E:\setup\hpznui01.exe" = E:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\WeType4u\Talk-N-Send\TalknSend.exe" = C:\Program Files\WeType4u\Talk-N-Send\TalknSend.exe:*:Enabled:TalknSend -- (WeType4u Inc.)
"C:\Program Files\UVU\UVU Media Player\HSAudioPlayer.exe" = C:\Program Files\UVU\UVU Media Player\HSAudioPlayer.exe:*:Enabled:UVU Media Player
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Brother\Brmfl06d\FAXRX.exe" = C:\Program Files\Brother\Brmfl06d\FAXRX.exe:*:Enabled:PC-FAX Receive -- (Brother Industries Ltd.)
"E:\setup\hpznui01.exe" = E:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe" = C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe:*:Enabled:Foxit PDF Editor, the first REAL editor for PDF files! -- (Foxit Software Company)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
"{19934FC9-A54C-4DEF-ADAD-D3D361C2A595}" = DVD-WMV
"{20F51690-133A-453C-B616-1C15AB2C0EF0}" = SBA
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3846E811-639D-4DE1-844B-30491C0A6C0C}" = Dell Support 3.2
"{39CE3C17-846D-4D9B-8B3E-C01A4B90FB73}" = Virtual Earth 3D (Beta)
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{49253DE2-FC99-4BE3-99A4-DAB01A8E6088}" = Camtasia Studio 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{624E7452-BA43-4f55-B9D5-FC75EEA0808B}" = Officejet Pro 8500 A909 Series
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{75D09EAD-B54D-4DDC-9839-2BC38386ED1F}" = Cardiris
"{795A3A1E-E06A-4214-A2EF-3DDF3BA05C2B}" = STOPzilla
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}" = SEE2 - UV150 9.14.0728.1159
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{875F2DAB-3B03-11D5-AB3E-000102B0F79A}" = Readiris
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{900D3C0D-2F80-4A7B-86D7-4016157CF6B4}" = UVU Media Player
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}" = Brother MFL-Pro Suite
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D5DEF057-D3BC-499f-99EE-884ED429B6D1}" = 8500A909g
"{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{F413D795-B077-4A96-AE75-810BBA673A0E}" = Microsoft Office Small Business Accounting 2006
"{FD29EB58-CF8D-4BE9-9AE8-8EE4FEF6D2E0}" = Memeo AutoSync
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.5" = Adobe Photoshop 5.5
"Audacity_is1" = Audacity 1.2.6
"AviSynth" = AviSynth 2.5
"CutePDF Writer Installation" = CutePDF Writer 2.7
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.5 (1010)
"ffdshow_is1" = ffdshow v1.1.3516 [2010-07-25]
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"HPOCR" = OCR Software by I.R.I.S. 12.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{75D09EAD-B54D-4DDC-9839-2BC38386ED1F}" = Cardiris 3.5 - IBCR
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.3 build 4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer Basic
"SearchAssist" = SearchAssist
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"SolveigMM WMP Trimmer Plugin" = SolveigMM WMP Trimmer Plugin
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Talk-N-Send" = Talk-N-Send
"Taskbar Calculator" = Taskbar Calculator
"Ultra MP4 Video Converter_is1" = Ultra MP4 Video Converter 5.2.0603
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.8a
"WAV to MP3 Encoder" = WAV to MP3 Encoder
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2806852293-2966653593-1250637632-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{FD29EB58-CF8D-4BE9-9AE8-8EE4FEF6D2E0}" = Memeo AutoSync

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/31/2006 12:10:29 AM | Computer Name = JDMRICH | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/31/2006 12:10:31 AM | Computer Name = JDMRICH | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/31/2006 12:10:31 AM | Computer Name = JDMRICH | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/31/2006 12:10:31 AM | Computer Name = JDMRICH | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/31/2006 12:10:31 AM | Computer Name = JDMRICH | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/31/2006 12:10:38 AM | Computer Name = JDMRICH | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/31/2006 12:10:38 AM | Computer Name = JDMRICH | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/31/2006 12:10:39 AM | Computer Name = JDMRICH | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/31/2006 12:10:39 AM | Computer Name = JDMRICH | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 5/13/2011 5:14:32 PM | Computer Name = JDMRICH | Source = MsiInstaller | ID = 11722
Description = Product: STOPzilla -- Message 1722. STOPzilla has canceled the removal
process!

[ System Events ]
Error - 5/13/2011 5:14:43 PM | Computer Name = JDMRICH | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/13/2011 5:14:43 PM | Computer Name = JDMRICH | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/13/2011 5:14:44 PM | Computer Name = JDMRICH | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/13/2011 5:14:44 PM | Computer Name = JDMRICH | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 5/13/2011 11:39:39 PM | Computer Name = JDMRICH | Source = Service Control Manager | ID = 7000
Description = The %UsbScan.SvcDesc% service failed to start due to the following
error: %%1058

Error - 5/13/2011 11:40:49 PM | Computer Name = JDMRICH | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 5/13/2011 11:41:37 PM | Computer Name = JDMRICH | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.

Error - 5/13/2011 11:41:37 PM | Computer Name = JDMRICH | Source = Service Control Manager | ID = 7000
Description = The HTTP SSL service failed to start due to the following error: %%1053

Error - 5/13/2011 11:42:58 PM | Computer Name = JDMRICH | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 3/31/2006 12:05:54 AM | Computer Name = JDMRICH | Source = Service Control Manager | ID = 7000
Description = The %UsbScan.SvcDesc% service failed to start due to the following
error: %%1058


< End of report >

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:57 PM

Posted 15 May 2011 - 09:08 AM

Hi!

I need for you to do the following for me:

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

cmd /c dir /a /s "%Temp%/">"%userprofile%\desktop\look.txt"
A file called look.txt should appear on your Desktop. Please post the contents of this file.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 lksdrinker

lksdrinker
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 15 May 2011 - 10:49 AM

Volume in drive C has no label.
Volume Serial Number is 6878-7F35

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp

05/15/2011 11:47 AM <DIR> .
05/15/2011 11:47 AM <DIR> ..
05/13/2011 11:49 PM 67,628 262ca10b-2b2b-4bdc-9bee-5dd48e58327f.rsf
05/14/2011 12:33 AM <DIR> 5B.tmp
05/14/2011 12:48 AM <DIR> 72.tmp
05/14/2011 01:06 AM <DIR> 75.tmp
05/14/2011 01:07 AM <DIR> 79.tmp
05/14/2011 04:31 PM <DIR> hsperfdata_Richard Cave
03/31/2006 12:13 AM 1,600 jusched.log
05/13/2011 05:14 PM 212 MSI7b1cb.LOG
05/13/2011 04:10 PM <DIR> RarSFX0
05/13/2011 04:39 PM <DIR> RarSFX1
05/13/2011 03:44 PM <DIR> RarSFX13
05/13/2011 04:39 PM <DIR> RarSFX2
05/13/2011 04:40 PM <DIR> RarSFX3
05/13/2011 04:58 PM <DIR> RarSFX4
05/13/2011 04:54 PM 2,090 rks1.log
05/13/2011 03:44 PM <DIR> smtmp
05/13/2011 04:51 PM 0 tzk3.tmp
03/31/2006 12:05 AM <DIR> WPDNSE
05/13/2011 05:50 PM 81,920 ~DF4511.tmp
6 File(s) 153,450 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\5B.tmp

05/14/2011 12:33 AM <DIR> .
05/14/2011 12:33 AM <DIR> ..
05/14/2011 12:32 AM 3,692 Assoc.cmd
05/14/2011 12:33 AM 1,163 Created00
05/14/2011 12:32 AM 89,270 dds.cmd
05/14/2011 12:33 AM 291 DDS.txt
05/14/2011 12:32 AM 700 dds_.cmd
05/14/2011 12:33 AM 0 f3m0.dat
05/14/2011 12:33 AM 324 FILES00
05/14/2011 12:32 AM 89,088 MBR.DAT
05/14/2011 12:32 AM 2,240 MSClsid.exe
05/14/2011 12:32 AM 975 MSGB.pif
05/14/2011 12:32 AM 148 notifykeysB.com
05/14/2011 12:32 AM 8,348 osidDDS.pif
05/14/2011 12:32 AM 7,671 OSProp.pif
05/14/2011 12:32 AM 3,011 Policies.exe
05/14/2011 12:32 AM 1,896 Process.vbs
05/14/2011 12:32 AM 6,846 RegX64.cmd
05/14/2011 12:32 AM 519 Screentxt
05/14/2011 12:32 AM 98,816 SED.DAT
05/14/2011 12:32 AM 53,004 SvcWhtDDS.dll
05/14/2011 12:32 AM 12,800 SvcWhtDDSVista.dll
05/14/2011 12:32 AM 794 SvcWhtDDSW7.dll
05/14/2011 12:33 AM 22,920 WhiteDir
05/14/2011 12:33 AM 184 whitedirB
05/14/2011 12:32 AM 41 XP.mac
24 File(s) 404,741 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\72.tmp

05/14/2011 12:48 AM <DIR> .
05/14/2011 12:48 AM <DIR> ..
05/14/2011 12:48 AM 3,692 Assoc.cmd
05/14/2011 12:48 AM 2,219 Created00
05/14/2011 12:48 AM 89,270 dds.cmd
05/14/2011 12:48 AM 2,207 DDS.txt
05/14/2011 12:48 AM 700 dds_.cmd
05/14/2011 12:48 AM 0 f3m0.dat
05/14/2011 12:48 AM 1,380 FILES00
05/14/2011 12:48 AM 89,088 MBR.DAT
05/14/2011 12:48 AM 2,240 MSClsid.exe
05/14/2011 12:48 AM 975 MSGB.pif
05/14/2011 12:48 AM 148 notifykeysB.com
05/14/2011 12:48 AM 8,348 osidDDS.pif
05/14/2011 12:48 AM 7,671 OSProp.pif
05/14/2011 12:48 AM 3,011 Policies.exe
05/14/2011 12:48 AM 1,896 Process.vbs
05/14/2011 12:48 AM 6,846 RegX64.cmd
05/14/2011 12:48 AM 519 Screentxt
05/14/2011 12:48 AM 98,816 SED.DAT
05/14/2011 12:48 AM 113 StartUp
05/14/2011 12:48 AM 27,939 svclist.dat
05/14/2011 12:48 AM 53,004 SvcWhtDDS.dll
05/14/2011 12:48 AM 12,800 SvcWhtDDSVista.dll
05/14/2011 12:48 AM 794 SvcWhtDDSW7.dll
05/14/2011 12:48 AM 22,920 WhiteDir
05/14/2011 12:48 AM 184 whitedirB
05/14/2011 12:48 AM 41 XP.mac
26 File(s) 436,821 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\75.tmp

05/14/2011 01:06 AM <DIR> .
05/14/2011 01:06 AM <DIR> ..
05/14/2011 12:55 AM 3,692 Assoc.cmd
05/14/2011 12:55 AM 2,545 Created00
05/14/2011 12:55 AM 2,072 DDS.txt
05/14/2011 12:55 AM 0 f3m0.dat
05/14/2011 12:55 AM 1,706 FILES00
05/14/2011 12:55 AM 7,671 OSProp.pif
05/14/2011 12:55 AM 3,011 Policies.exe
05/14/2011 12:55 AM 1,896 Process.vbs
05/14/2011 12:55 AM 6,846 RegX64.cmd
05/14/2011 12:55 AM 519 Screentxt
05/14/2011 12:55 AM 98,816 SED.DAT
05/14/2011 12:55 AM 113 StartUp
05/14/2011 12:55 AM 27,939 svclist.dat
05/14/2011 12:55 AM 53,004 SvcWhtDDS.dll
05/14/2011 12:55 AM 12,800 SvcWhtDDSVista.dll
05/14/2011 12:55 AM 794 SvcWhtDDSW7.dll
05/14/2011 12:55 AM 22,920 WhiteDir
05/14/2011 12:55 AM 184 whitedirB
05/14/2011 12:55 AM 41 XP.mac
19 File(s) 246,569 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\79.tmp

05/14/2011 01:07 AM <DIR> .
05/14/2011 01:07 AM <DIR> ..
05/14/2011 01:06 AM 3,692 Assoc.cmd
05/14/2011 01:07 AM 2,545 Created00
05/14/2011 01:06 AM 89,270 dds.cmd
05/14/2011 01:06 AM 2,072 DDS.txt
05/14/2011 01:06 AM 700 dds_.cmd
05/14/2011 01:07 AM 0 f3m0.dat
05/14/2011 01:07 AM 1,706 FILES00
05/14/2011 01:06 AM 89,088 MBR.DAT
05/14/2011 01:06 AM 2,240 MSClsid.exe
05/14/2011 01:06 AM 975 MSGB.pif
05/14/2011 01:06 AM 148 notifykeysB.com
05/14/2011 01:06 AM 8,348 osidDDS.pif
05/14/2011 01:06 AM 7,671 OSProp.pif
05/14/2011 01:06 AM 3,011 Policies.exe
05/14/2011 01:06 AM 1,896 Process.vbs
05/14/2011 01:06 AM 6,846 RegX64.cmd
05/14/2011 01:06 AM 519 Screentxt
05/14/2011 01:06 AM 98,816 SED.DAT
05/14/2011 01:06 AM 113 StartUp
05/14/2011 01:06 AM 27,939 svclist.dat
05/14/2011 01:06 AM 53,004 SvcWhtDDS.dll
05/14/2011 01:06 AM 12,800 SvcWhtDDSVista.dll
05/14/2011 01:06 AM 794 SvcWhtDDSW7.dll
05/14/2011 01:06 AM 22,920 WhiteDir
05/14/2011 01:06 AM 184 whitedirB
05/14/2011 01:06 AM 41 XP.mac
26 File(s) 437,338 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\hsperfdata_Richard Cave

05/14/2011 04:31 PM <DIR> .
05/14/2011 04:31 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX0

05/13/2011 04:10 PM <DIR> .
05/13/2011 04:10 PM <DIR> ..
12/22/2010 12:01 PM 472 extra.dat
05/13/2011 04:09 PM <DIR> h
08/25/2009 09:12 AM 38,015 nircmd.chm
05/26/2009 07:47 PM 31,232 nircmd.exe
05/26/2009 07:47 PM 30,720 nircmdc.exe
05/13/2011 04:46 PM <DIR> nird
01/16/2011 04:55 PM 255,488 pev.exe
11/15/2010 04:33 PM 68 prep.bat
05/13/2011 04:09 PM <DIR> procs
03/04/2011 05:08 PM 302,187 proxycheck.exe
03/04/2011 05:14 PM 5,003 rkill.bat
03/01/2011 04:38 PM 3,087 rkill.reg
03/03/2011 01:50 PM 1,081 s.inf
08/31/2000 09:00 AM 98,816 sed.exe
11/23/2010 05:37 PM 190 serv.dat
12/22/2010 12:36 PM 313 sh.vbs
08/31/2000 09:00 AM 161,792 swreg.exe
02/18/2011 04:07 PM 323 wl.txt
15 File(s) 928,787 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX0\h

05/13/2011 04:09 PM <DIR> .
05/13/2011 04:09 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX0\nird

05/13/2011 04:46 PM <DIR> .
05/13/2011 04:46 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX0\procs

05/13/2011 04:09 PM <DIR> .
05/13/2011 04:09 PM <DIR> ..
01/16/2011 04:55 PM 255,488 iexplore.exe
03/16/2011 01:25 PM 11,031 proc.dat
2 File(s) 266,519 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX1

05/13/2011 04:39 PM <DIR> .
05/13/2011 04:39 PM <DIR> ..
12/22/2010 12:01 PM 472 extra.dat
05/13/2011 04:39 PM <DIR> h
08/25/2009 09:12 AM 38,015 nircmd.chm
05/26/2009 07:47 PM 31,232 nircmd.exe
05/26/2009 07:47 PM 30,720 nircmdc.exe
05/13/2011 04:39 PM <DIR> nird
01/16/2011 04:55 PM 255,488 pev.exe
11/15/2010 04:33 PM 68 prep.bat
05/13/2011 04:39 PM <DIR> procs
03/04/2011 05:08 PM 302,187 proxycheck.exe
03/04/2011 05:14 PM 5,003 rkill.bat
03/01/2011 04:38 PM 3,087 rkill.reg
03/03/2011 01:50 PM 1,081 s.inf
08/31/2000 09:00 AM 98,816 sed.exe
11/23/2010 05:37 PM 190 serv.dat
12/22/2010 12:36 PM 313 sh.vbs
08/31/2000 09:00 AM 161,792 swreg.exe
02/18/2011 04:07 PM 323 wl.txt
15 File(s) 928,787 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX1\h

05/13/2011 04:39 PM <DIR> .
05/13/2011 04:39 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX1\nird

05/13/2011 04:39 PM <DIR> .
05/13/2011 04:39 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX1\procs

05/13/2011 04:39 PM <DIR> .
05/13/2011 04:39 PM <DIR> ..
01/16/2011 04:55 PM 255,488 iexplore.exe
03/16/2011 01:25 PM 11,031 proc.dat
2 File(s) 266,519 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX13

05/13/2011 03:44 PM <DIR> .
05/13/2011 03:44 PM <DIR> ..
11/15/2010 02:39 PM <DIR> nird
0 File(s) 0 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX13\nird

11/15/2010 02:39 PM <DIR> .
11/15/2010 02:39 PM <DIR> ..
05/26/2009 07:47 PM 31,232 iexplore.exe
1 File(s) 31,232 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX2

05/13/2011 04:39 PM <DIR> .
05/13/2011 04:39 PM <DIR> ..
12/22/2010 12:01 PM 472 extra.dat
05/13/2011 04:39 PM <DIR> h
08/25/2009 09:12 AM 38,015 nircmd.chm
05/26/2009 07:47 PM 31,232 nircmd.exe
05/26/2009 07:47 PM 30,720 nircmdc.exe
11/15/2010 02:39 PM <DIR> nird
01/16/2011 04:55 PM 255,488 pev.exe
11/15/2010 04:33 PM 68 prep.bat
05/13/2011 04:39 PM <DIR> procs
03/04/2011 05:08 PM 302,187 proxycheck.exe
03/04/2011 05:14 PM 5,003 rkill.bat
03/01/2011 04:38 PM 3,087 rkill.reg
03/03/2011 01:50 PM 1,081 s.inf
08/31/2000 09:00 AM 98,816 sed.exe
11/23/2010 05:37 PM 190 serv.dat
12/22/2010 12:36 PM 313 sh.vbs
08/31/2000 09:00 AM 161,792 swreg.exe
02/18/2011 04:07 PM 323 wl.txt
15 File(s) 928,787 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX2\h

05/13/2011 04:39 PM <DIR> .
05/13/2011 04:39 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX2\nird

11/15/2010 02:39 PM <DIR> .
11/15/2010 02:39 PM <DIR> ..
05/26/2009 07:47 PM 31,232 iexplore.exe
1 File(s) 31,232 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX2\procs

05/13/2011 04:39 PM <DIR> .
05/13/2011 04:39 PM <DIR> ..
01/16/2011 04:55 PM 255,488 iexplore.exe
03/16/2011 01:25 PM 11,031 proc.dat
2 File(s) 266,519 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX3

05/13/2011 04:40 PM <DIR> .
05/13/2011 04:40 PM <DIR> ..
12/22/2010 12:01 PM 472 extra.dat
05/13/2011 04:40 PM <DIR> h
08/25/2009 09:12 AM 38,015 nircmd.chm
05/26/2009 07:47 PM 31,232 nircmd.exe
05/26/2009 07:47 PM 30,720 nircmdc.exe
05/13/2011 04:40 PM <DIR> nird
01/16/2011 04:55 PM 255,488 pev.exe
11/15/2010 04:33 PM 68 prep.bat
05/13/2011 04:40 PM <DIR> procs
03/04/2011 05:08 PM 302,187 proxycheck.exe
03/04/2011 05:14 PM 5,003 rkill.bat
03/01/2011 04:38 PM 3,087 rkill.reg
03/03/2011 01:50 PM 1,081 s.inf
08/31/2000 09:00 AM 98,816 sed.exe
11/23/2010 05:37 PM 190 serv.dat
12/22/2010 12:36 PM 313 sh.vbs
08/31/2000 09:00 AM 161,792 swreg.exe
02/18/2011 04:07 PM 323 wl.txt
15 File(s) 928,787 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX3\h

05/13/2011 04:40 PM <DIR> .
05/13/2011 04:40 PM <DIR> ..
08/16/2005 02:54 AM 1,536 iexplore.exe
1 File(s) 1,536 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX3\nird

05/13/2011 04:40 PM <DIR> .
05/13/2011 04:40 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX3\procs

05/13/2011 04:40 PM <DIR> .
05/13/2011 04:40 PM <DIR> ..
01/16/2011 04:55 PM 255,488 iexplore.exe
03/16/2011 01:25 PM 11,031 proc.dat
2 File(s) 266,519 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX4

05/13/2011 04:58 PM <DIR> .
05/13/2011 04:58 PM <DIR> ..
12/22/2010 12:01 PM 472 extra.dat
05/13/2011 04:58 PM <DIR> h
08/25/2009 09:12 AM 38,015 nircmd.chm
05/26/2009 07:47 PM 31,232 nircmd.exe
05/26/2009 07:47 PM 30,720 nircmdc.exe
05/13/2011 04:58 PM <DIR> nird
01/16/2011 04:55 PM 255,488 pev.exe
11/15/2010 04:33 PM 68 prep.bat
05/13/2011 04:58 PM <DIR> procs
03/04/2011 05:08 PM 302,187 proxycheck.exe
03/04/2011 05:14 PM 5,003 rkill.bat
03/01/2011 04:38 PM 3,087 rkill.reg
03/03/2011 01:50 PM 1,081 s.inf
08/31/2000 09:00 AM 98,816 sed.exe
11/23/2010 05:37 PM 190 serv.dat
12/22/2010 12:36 PM 313 sh.vbs
08/31/2000 09:00 AM 161,792 swreg.exe
02/18/2011 04:07 PM 323 wl.txt
15 File(s) 928,787 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX4\h

05/13/2011 04:58 PM <DIR> .
05/13/2011 04:58 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX4\nird

05/13/2011 04:58 PM <DIR> .
05/13/2011 04:58 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX4\procs

05/13/2011 04:58 PM <DIR> .
05/13/2011 04:58 PM <DIR> ..
01/16/2011 04:55 PM 255,488 iexplore.exe
03/16/2011 01:25 PM 11,031 proc.dat
2 File(s) 266,519 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\smtmp

05/13/2011 03:44 PM <DIR> .
05/13/2011 03:44 PM <DIR> ..
05/13/2011 03:44 PM <DIR> 1
05/13/2011 03:44 PM <DIR> 2
0 File(s) 0 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\smtmp\1

05/13/2011 03:44 PM <DIR> .
05/13/2011 03:44 PM <DIR> ..
09/02/2008 09:25 AM 272 desktop.ini
05/13/2011 03:44 PM <DIR> Programs
1 File(s) 272 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\smtmp\1\Programs

05/13/2011 03:44 PM <DIR> .
05/13/2011 03:44 PM <DIR> ..
05/13/2011 03:44 PM <DIR> Accessories
05/13/2011 03:44 PM <DIR> Administrative Tools
08/10/2004 02:02 PM 150 desktop.ini
05/13/2011 03:44 PM <DIR> Games
05/13/2011 03:44 PM <DIR> Startup
1 File(s) 150 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories

05/13/2011 03:44 PM <DIR> .
05/13/2011 03:44 PM <DIR> ..
05/13/2011 03:44 PM <DIR> Accessibility
05/13/2011 03:44 PM <DIR> Communications
02/09/2010 04:55 PM 255 desktop.ini
05/13/2011 03:44 PM <DIR> Entertainment
05/13/2011 03:44 PM <DIR> System Tools
1 File(s) 255 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility

05/13/2011 03:44 PM <DIR> .
05/13/2011 03:44 PM <DIR> ..
08/10/2004 02:01 PM 90 desktop.ini
1 File(s) 90 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications

05/13/2011 03:44 PM <DIR> .
05/13/2011 03:44 PM <DIR> ..
09/02/2008 09:27 AM 516 desktop.ini
05/13/2011 03:44 PM <DIR> Fax
1 File(s) 516 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax

05/13/2011 03:44 PM <DIR> .
05/13/2011 03:44 PM <DIR> ..
08/10/2004 02:01 PM 283 desktop.ini
1 File(s) 283 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment

05/13/2011 03:44 PM <DIR> .
05/13/2011 03:44 PM <DIR> ..
08/10/2004 02:01 PM 146 desktop.ini
1 File(s) 146 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools

05/13/2011 03:44 PM <DIR> .
05/13/2011 03:44 PM <DIR> ..
08/10/2004 02:04 PM 703 desktop.ini
1 File(s) 703 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools

05/13/2011 03:44 PM <DIR> .
05/13/2011 03:44 PM <DIR> ..
08/10/2004 02:04 PM 476 desktop.ini
1 File(s) 476 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\smtmp\1\Programs\Games

05/13/2011 03:44 PM <DIR> .
05/13/2011 03:44 PM <DIR> ..
10/31/2006 08:08 AM 798 desktop.ini
1 File(s) 798 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\smtmp\1\Programs\Startup

05/13/2011 03:44 PM <DIR> .
05/13/2011 03:44 PM <DIR> ..
08/10/2004 02:04 PM 84 desktop.ini
1 File(s) 84 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\smtmp\2

05/13/2011 03:44 PM <DIR> .
05/13/2011 03:44 PM <DIR> ..
11/09/2006 11:09 AM 119 desktop.ini
1 File(s) 119 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\WPDNSE

03/31/2006 12:05 AM <DIR> .
03/31/2006 12:05 AM <DIR> ..
0 File(s) 0 bytes

Total Files Listed:
201 File(s) 7,723,341 bytes
125 Dir(s) 28,404,887,552 bytes free

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:57 PM

Posted 15 May 2011 - 11:34 AM

Hi lksdrinker!

Thanks for posting that for me!

I need to do some research. Your Start menu items appear to be there, but are currently located in your Temp files. Please hang tight for me, I need to see what our options are here.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:57 PM

Posted 15 May 2011 - 11:45 AM

Hi!

I'd like to first have you create a back-up of the files that are in your Temp folder.

Please download ZipIt from here:
Download Link
  • Double-click ZipIt! to run it. (Windows Vista & 7 users need to right click and Run as Administrator)
  • Then copy the content of the following codebox into the textfield:

    ::info::Zip
    C:\DOCUMENTS AND SETTINGS\RICHARD CAVE\Local Settings\Temp\smtmp
    
  • Then, just click the Zip button.
  • When finished, and if successful, it should automatically submit a file for me, so that it may be analyzed further. You should also see that a new .zip file has been created on your Desktop. You will be notified of what the file name is when the process has been completed.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 lksdrinker

lksdrinker
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 15 May 2011 - 12:52 PM

Did you want me to attach the file for you? Does it matter that I am posting from a different computer?

I ran zipit and the file is attached.

Attached Files



#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:57 PM

Posted 15 May 2011 - 02:33 PM

Hi!

Thanks for attaching that file for me! Nope, it doesn't matter that you're attaching it from a different computer.

Please do the following first:

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Commands
    [CreateRestorePoint]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Go to Start > Run > Copy/Paste the following bolded command followed by ENTER:

cmd /c if exist "%Temp%\smtmp\1\*.*" copy /Y "%Temp%\smtmp\1\*.*" "C:\Documents and Settings\All Users\Start Menu\"


Please let me know if that brings back your Start Menu items.

Edited by SweetTech, 15 May 2011 - 02:57 PM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 lksdrinker

lksdrinker
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 15 May 2011 - 03:15 PM

the start menu still just lists all the programs but has empty folders. If I go to program files folder in the C drive I can open the programs normally.

Here is the report

========== SERVICES/DRIVERS ==========
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 05152011_161012

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:57 PM

Posted 15 May 2011 - 03:23 PM

Hi!

Please post the Look.txt log after running this command:

Go to Start > Run > Copy/Paste the following bolded command followed by ENTER:

cmd /c if exist "%Temp%\smtmp\1\*.*" xcopy /E /I /V /Y "%Temp%\smtmp\1\*.*" "C:\Documents and Settings\All Users\Start Menu\" >> "%userprofile%\desktop\Look"

Edited by SweetTech, 15 May 2011 - 03:46 PM.
Edited Script.--ST

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:57 PM

Posted 15 May 2011 - 03:47 PM

Hi!

I just made a quick edit to my previous post to you. If you've already run the one before, I'm going to ask that you run it again, with the new command.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 lksdrinker

lksdrinker
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 15 May 2011 - 03:52 PM

hmmm. now Im not sure if I did this right.
I didnt really see any new "look" files appear on the desktop....and after running that I had two. they are both copied below.

C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\smtmp\1\*.*
0 file(s) copied.





Volume in drive C has no label.
Volume Serial Number is 6878-7F35

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp

05/15/2011 11:47 AM <DIR> .
05/15/2011 11:47 AM <DIR> ..
05/13/2011 11:49 PM 67,628 262ca10b-2b2b-4bdc-9bee-5dd48e58327f.rsf
05/14/2011 12:33 AM <DIR> 5B.tmp
05/14/2011 12:48 AM <DIR> 72.tmp
05/14/2011 01:06 AM <DIR> 75.tmp
05/14/2011 01:07 AM <DIR> 79.tmp
05/14/2011 04:31 PM <DIR> hsperfdata_Richard Cave
03/31/2006 12:13 AM 1,600 jusched.log
05/13/2011 05:14 PM 212 MSI7b1cb.LOG
05/13/2011 04:10 PM <DIR> RarSFX0
05/13/2011 04:39 PM <DIR> RarSFX1
05/13/2011 03:44 PM <DIR> RarSFX13
05/13/2011 04:39 PM <DIR> RarSFX2
05/13/2011 04:40 PM <DIR> RarSFX3
05/13/2011 04:58 PM <DIR> RarSFX4
05/13/2011 04:54 PM 2,090 rks1.log
05/13/2011 03:44 PM <DIR> smtmp
05/13/2011 04:51 PM 0 tzk3.tmp
03/31/2006 12:05 AM <DIR> WPDNSE
05/13/2011 05:50 PM 81,920 ~DF4511.tmp
6 File(s) 153,450 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\5B.tmp

05/14/2011 12:33 AM <DIR> .
05/14/2011 12:33 AM <DIR> ..
05/14/2011 12:32 AM 3,692 Assoc.cmd
05/14/2011 12:33 AM 1,163 Created00
05/14/2011 12:32 AM 89,270 dds.cmd
05/14/2011 12:33 AM 291 DDS.txt
05/14/2011 12:32 AM 700 dds_.cmd
05/14/2011 12:33 AM 0 f3m0.dat
05/14/2011 12:33 AM 324 FILES00
05/14/2011 12:32 AM 89,088 MBR.DAT
05/14/2011 12:32 AM 2,240 MSClsid.exe
05/14/2011 12:32 AM 975 MSGB.pif
05/14/2011 12:32 AM 148 notifykeysB.com
05/14/2011 12:32 AM 8,348 osidDDS.pif
05/14/2011 12:32 AM 7,671 OSProp.pif
05/14/2011 12:32 AM 3,011 Policies.exe
05/14/2011 12:32 AM 1,896 Process.vbs
05/14/2011 12:32 AM 6,846 RegX64.cmd
05/14/2011 12:32 AM 519 Screentxt
05/14/2011 12:32 AM 98,816 SED.DAT
05/14/2011 12:32 AM 53,004 SvcWhtDDS.dll
05/14/2011 12:32 AM 12,800 SvcWhtDDSVista.dll
05/14/2011 12:32 AM 794 SvcWhtDDSW7.dll
05/14/2011 12:33 AM 22,920 WhiteDir
05/14/2011 12:33 AM 184 whitedirB
05/14/2011 12:32 AM 41 XP.mac
24 File(s) 404,741 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\72.tmp

05/14/2011 12:48 AM <DIR> .
05/14/2011 12:48 AM <DIR> ..
05/14/2011 12:48 AM 3,692 Assoc.cmd
05/14/2011 12:48 AM 2,219 Created00
05/14/2011 12:48 AM 89,270 dds.cmd
05/14/2011 12:48 AM 2,207 DDS.txt
05/14/2011 12:48 AM 700 dds_.cmd
05/14/2011 12:48 AM 0 f3m0.dat
05/14/2011 12:48 AM 1,380 FILES00
05/14/2011 12:48 AM 89,088 MBR.DAT
05/14/2011 12:48 AM 2,240 MSClsid.exe
05/14/2011 12:48 AM 975 MSGB.pif
05/14/2011 12:48 AM 148 notifykeysB.com
05/14/2011 12:48 AM 8,348 osidDDS.pif
05/14/2011 12:48 AM 7,671 OSProp.pif
05/14/2011 12:48 AM 3,011 Policies.exe
05/14/2011 12:48 AM 1,896 Process.vbs
05/14/2011 12:48 AM 6,846 RegX64.cmd
05/14/2011 12:48 AM 519 Screentxt
05/14/2011 12:48 AM 98,816 SED.DAT
05/14/2011 12:48 AM 113 StartUp
05/14/2011 12:48 AM 27,939 svclist.dat
05/14/2011 12:48 AM 53,004 SvcWhtDDS.dll
05/14/2011 12:48 AM 12,800 SvcWhtDDSVista.dll
05/14/2011 12:48 AM 794 SvcWhtDDSW7.dll
05/14/2011 12:48 AM 22,920 WhiteDir
05/14/2011 12:48 AM 184 whitedirB
05/14/2011 12:48 AM 41 XP.mac
26 File(s) 436,821 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\75.tmp

05/14/2011 01:06 AM <DIR> .
05/14/2011 01:06 AM <DIR> ..
05/14/2011 12:55 AM 3,692 Assoc.cmd
05/14/2011 12:55 AM 2,545 Created00
05/14/2011 12:55 AM 2,072 DDS.txt
05/14/2011 12:55 AM 0 f3m0.dat
05/14/2011 12:55 AM 1,706 FILES00
05/14/2011 12:55 AM 7,671 OSProp.pif
05/14/2011 12:55 AM 3,011 Policies.exe
05/14/2011 12:55 AM 1,896 Process.vbs
05/14/2011 12:55 AM 6,846 RegX64.cmd
05/14/2011 12:55 AM 519 Screentxt
05/14/2011 12:55 AM 98,816 SED.DAT
05/14/2011 12:55 AM 113 StartUp
05/14/2011 12:55 AM 27,939 svclist.dat
05/14/2011 12:55 AM 53,004 SvcWhtDDS.dll
05/14/2011 12:55 AM 12,800 SvcWhtDDSVista.dll
05/14/2011 12:55 AM 794 SvcWhtDDSW7.dll
05/14/2011 12:55 AM 22,920 WhiteDir
05/14/2011 12:55 AM 184 whitedirB
05/14/2011 12:55 AM 41 XP.mac
19 File(s) 246,569 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\79.tmp

05/14/2011 01:07 AM <DIR> .
05/14/2011 01:07 AM <DIR> ..
05/14/2011 01:06 AM 3,692 Assoc.cmd
05/14/2011 01:07 AM 2,545 Created00
05/14/2011 01:06 AM 89,270 dds.cmd
05/14/2011 01:06 AM 2,072 DDS.txt
05/14/2011 01:06 AM 700 dds_.cmd
05/14/2011 01:07 AM 0 f3m0.dat
05/14/2011 01:07 AM 1,706 FILES00
05/14/2011 01:06 AM 89,088 MBR.DAT
05/14/2011 01:06 AM 2,240 MSClsid.exe
05/14/2011 01:06 AM 975 MSGB.pif
05/14/2011 01:06 AM 148 notifykeysB.com
05/14/2011 01:06 AM 8,348 osidDDS.pif
05/14/2011 01:06 AM 7,671 OSProp.pif
05/14/2011 01:06 AM 3,011 Policies.exe
05/14/2011 01:06 AM 1,896 Process.vbs
05/14/2011 01:06 AM 6,846 RegX64.cmd
05/14/2011 01:06 AM 519 Screentxt
05/14/2011 01:06 AM 98,816 SED.DAT
05/14/2011 01:06 AM 113 StartUp
05/14/2011 01:06 AM 27,939 svclist.dat
05/14/2011 01:06 AM 53,004 SvcWhtDDS.dll
05/14/2011 01:06 AM 12,800 SvcWhtDDSVista.dll
05/14/2011 01:06 AM 794 SvcWhtDDSW7.dll
05/14/2011 01:06 AM 22,920 WhiteDir
05/14/2011 01:06 AM 184 whitedirB
05/14/2011 01:06 AM 41 XP.mac
26 File(s) 437,338 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\hsperfdata_Richard Cave

05/14/2011 04:31 PM <DIR> .
05/14/2011 04:31 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX0

05/13/2011 04:10 PM <DIR> .
05/13/2011 04:10 PM <DIR> ..
12/22/2010 12:01 PM 472 extra.dat
05/13/2011 04:09 PM <DIR> h
08/25/2009 09:12 AM 38,015 nircmd.chm
05/26/2009 07:47 PM 31,232 nircmd.exe
05/26/2009 07:47 PM 30,720 nircmdc.exe
05/13/2011 04:46 PM <DIR> nird
01/16/2011 04:55 PM 255,488 pev.exe
11/15/2010 04:33 PM 68 prep.bat
05/13/2011 04:09 PM <DIR> procs
03/04/2011 05:08 PM 302,187 proxycheck.exe
03/04/2011 05:14 PM 5,003 rkill.bat
03/01/2011 04:38 PM 3,087 rkill.reg
03/03/2011 01:50 PM 1,081 s.inf
08/31/2000 09:00 AM 98,816 sed.exe
11/23/2010 05:37 PM 190 serv.dat
12/22/2010 12:36 PM 313 sh.vbs
08/31/2000 09:00 AM 161,792 swreg.exe
02/18/2011 04:07 PM 323 wl.txt
15 File(s) 928,787 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX0\h

05/13/2011 04:09 PM <DIR> .
05/13/2011 04:09 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX0\nird

05/13/2011 04:46 PM <DIR> .
05/13/2011 04:46 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX0\procs

05/13/2011 04:09 PM <DIR> .
05/13/2011 04:09 PM <DIR> ..
01/16/2011 04:55 PM 255,488 iexplore.exe
03/16/2011 01:25 PM 11,031 proc.dat
2 File(s) 266,519 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX1

05/13/2011 04:39 PM <DIR> .
05/13/2011 04:39 PM <DIR> ..
12/22/2010 12:01 PM 472 extra.dat
05/13/2011 04:39 PM <DIR> h
08/25/2009 09:12 AM 38,015 nircmd.chm
05/26/2009 07:47 PM 31,232 nircmd.exe
05/26/2009 07:47 PM 30,720 nircmdc.exe
05/13/2011 04:39 PM <DIR> nird
01/16/2011 04:55 PM 255,488 pev.exe
11/15/2010 04:33 PM 68 prep.bat
05/13/2011 04:39 PM <DIR> procs
03/04/2011 05:08 PM 302,187 proxycheck.exe
03/04/2011 05:14 PM 5,003 rkill.bat
03/01/2011 04:38 PM 3,087 rkill.reg
03/03/2011 01:50 PM 1,081 s.inf
08/31/2000 09:00 AM 98,816 sed.exe
11/23/2010 05:37 PM 190 serv.dat
12/22/2010 12:36 PM 313 sh.vbs
08/31/2000 09:00 AM 161,792 swreg.exe
02/18/2011 04:07 PM 323 wl.txt
15 File(s) 928,787 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX1\h

05/13/2011 04:39 PM <DIR> .
05/13/2011 04:39 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX1\nird

05/13/2011 04:39 PM <DIR> .
05/13/2011 04:39 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX1\procs

05/13/2011 04:39 PM <DIR> .
05/13/2011 04:39 PM <DIR> ..
01/16/2011 04:55 PM 255,488 iexplore.exe
03/16/2011 01:25 PM 11,031 proc.dat
2 File(s) 266,519 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX13

05/13/2011 03:44 PM <DIR> .
05/13/2011 03:44 PM <DIR> ..
11/15/2010 02:39 PM <DIR> nird
0 File(s) 0 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX13\nird

11/15/2010 02:39 PM <DIR> .
11/15/2010 02:39 PM <DIR> ..
05/26/2009 07:47 PM 31,232 iexplore.exe
1 File(s) 31,232 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX2

05/13/2011 04:39 PM <DIR> .
05/13/2011 04:39 PM <DIR> ..
12/22/2010 12:01 PM 472 extra.dat
05/13/2011 04:39 PM <DIR> h
08/25/2009 09:12 AM 38,015 nircmd.chm
05/26/2009 07:47 PM 31,232 nircmd.exe
05/26/2009 07:47 PM 30,720 nircmdc.exe
11/15/2010 02:39 PM <DIR> nird
01/16/2011 04:55 PM 255,488 pev.exe
11/15/2010 04:33 PM 68 prep.bat
05/13/2011 04:39 PM <DIR> procs
03/04/2011 05:08 PM 302,187 proxycheck.exe
03/04/2011 05:14 PM 5,003 rkill.bat
03/01/2011 04:38 PM 3,087 rkill.reg
03/03/2011 01:50 PM 1,081 s.inf
08/31/2000 09:00 AM 98,816 sed.exe
11/23/2010 05:37 PM 190 serv.dat
12/22/2010 12:36 PM 313 sh.vbs
08/31/2000 09:00 AM 161,792 swreg.exe
02/18/2011 04:07 PM 323 wl.txt
15 File(s) 928,787 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX2\h

05/13/2011 04:39 PM <DIR> .
05/13/2011 04:39 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX2\nird

11/15/2010 02:39 PM <DIR> .
11/15/2010 02:39 PM <DIR> ..
05/26/2009 07:47 PM 31,232 iexplore.exe
1 File(s) 31,232 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX2\procs

05/13/2011 04:39 PM <DIR> .
05/13/2011 04:39 PM <DIR> ..
01/16/2011 04:55 PM 255,488 iexplore.exe
03/16/2011 01:25 PM 11,031 proc.dat
2 File(s) 266,519 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX3

05/13/2011 04:40 PM <DIR> .
05/13/2011 04:40 PM <DIR> ..
12/22/2010 12:01 PM 472 extra.dat
05/13/2011 04:40 PM <DIR> h
08/25/2009 09:12 AM 38,015 nircmd.chm
05/26/2009 07:47 PM 31,232 nircmd.exe
05/26/2009 07:47 PM 30,720 nircmdc.exe
05/13/2011 04:40 PM <DIR> nird
01/16/2011 04:55 PM 255,488 pev.exe
11/15/2010 04:33 PM 68 prep.bat
05/13/2011 04:40 PM <DIR> procs
03/04/2011 05:08 PM 302,187 proxycheck.exe
03/04/2011 05:14 PM 5,003 rkill.bat
03/01/2011 04:38 PM 3,087 rkill.reg
03/03/2011 01:50 PM 1,081 s.inf
08/31/2000 09:00 AM 98,816 sed.exe
11/23/2010 05:37 PM 190 serv.dat
12/22/2010 12:36 PM 313 sh.vbs
08/31/2000 09:00 AM 161,792 swreg.exe
02/18/2011 04:07 PM 323 wl.txt
15 File(s) 928,787 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX3\h

05/13/2011 04:40 PM <DIR> .
05/13/2011 04:40 PM <DIR> ..
08/16/2005 02:54 AM 1,536 iexplore.exe
1 File(s) 1,536 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX3\nird

05/13/2011 04:40 PM <DIR> .
05/13/2011 04:40 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX3\procs

05/13/2011 04:40 PM <DIR> .
05/13/2011 04:40 PM <DIR> ..
01/16/2011 04:55 PM 255,488 iexplore.exe
03/16/2011 01:25 PM 11,031 proc.dat
2 File(s) 266,519 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX4

05/13/2011 04:58 PM <DIR> .
05/13/2011 04:58 PM <DIR> ..
12/22/2010 12:01 PM 472 extra.dat
05/13/2011 04:58 PM <DIR> h
08/25/2009 09:12 AM 38,015 nircmd.chm
05/26/2009 07:47 PM 31,232 nircmd.exe
05/26/2009 07:47 PM 30,720 nircmdc.exe
05/13/2011 04:58 PM <DIR> nird
01/16/2011 04:55 PM 255,488 pev.exe
11/15/2010 04:33 PM 68 prep.bat
05/13/2011 04:58 PM <DIR> procs
03/04/2011 05:08 PM 302,187 proxycheck.exe
03/04/2011 05:14 PM 5,003 rkill.bat
03/01/2011 04:38 PM 3,087 rkill.reg
03/03/2011 01:50 PM 1,081 s.inf
08/31/2000 09:00 AM 98,816 sed.exe
11/23/2010 05:37 PM 190 serv.dat
12/22/2010 12:36 PM 313 sh.vbs
08/31/2000 09:00 AM 161,792 swreg.exe
02/18/2011 04:07 PM 323 wl.txt
15 File(s) 928,787 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX4\h

05/13/2011 04:58 PM <DIR> .
05/13/2011 04:58 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX4\nird

05/13/2011 04:58 PM <DIR> .
05/13/2011 04:58 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RarSFX4\procs

05/13/2011 04:58 PM <DIR> .
05/13/2011 04:58 PM <DIR> ..
01/16/2011 04:55 PM 255,488 iexplore.exe
03/16/2011 01:25 PM 11,031 proc.dat
2 File(s) 266,519 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\smtmp

05/13/2011 03:44 PM <DIR> .
05/13/2011 03:44 PM <DIR> ..
05/13/2011 03:44 PM <DIR> 1
05/13/2011 03:44 PM <DIR> 2
0 File(s) 0 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\smtmp\1

05/13/2011 03:44 PM <DIR> .
05/13/2011 03:44 PM <DIR> ..
09/02/2008 09:25 AM 272 desktop.ini
05/13/2011 03:44 PM <DIR> Programs
1 File(s) 272 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\smtmp\1\Programs

05/13/2011 03:44 PM <DIR> .
05/13/2011 03:44 PM <DIR> ..
05/13/2011 03:44 PM <DIR> Accessories
05/13/2011 03:44 PM <DIR> Administrative Tools
08/10/2004 02:02 PM 150 desktop.ini
05/13/2011 03:44 PM <DIR> Games
05/13/2011 03:44 PM <DIR> Startup
1 File(s) 150 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories

05/13/2011 03:44 PM <DIR> .
05/13/2011 03:44 PM <DIR> ..
05/13/2011 03:44 PM <DIR> Accessibility
05/13/2011 03:44 PM <DIR> Communications
02/09/2010 04:55 PM 255 desktop.ini
05/13/2011 03:44 PM <DIR> Entertainment
05/13/2011 03:44 PM <DIR> System Tools
1 File(s) 255 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility

05/13/2011 03:44 PM <DIR> .
05/13/2011 03:44 PM <DIR> ..
08/10/2004 02:01 PM 90 desktop.ini
1 File(s) 90 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications

05/13/2011 03:44 PM <DIR> .
05/13/2011 03:44 PM <DIR> ..
09/02/2008 09:27 AM 516 desktop.ini
05/13/2011 03:44 PM <DIR> Fax
1 File(s) 516 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Fax

05/13/2011 03:44 PM <DIR> .
05/13/2011 03:44 PM <DIR> ..
08/10/2004 02:01 PM 283 desktop.ini
1 File(s) 283 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment

05/13/2011 03:44 PM <DIR> .
05/13/2011 03:44 PM <DIR> ..
08/10/2004 02:01 PM 146 desktop.ini
1 File(s) 146 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools

05/13/2011 03:44 PM <DIR> .
05/13/2011 03:44 PM <DIR> ..
08/10/2004 02:04 PM 703 desktop.ini
1 File(s) 703 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools

05/13/2011 03:44 PM <DIR> .
05/13/2011 03:44 PM <DIR> ..
08/10/2004 02:04 PM 476 desktop.ini
1 File(s) 476 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\smtmp\1\Programs\Games

05/13/2011 03:44 PM <DIR> .
05/13/2011 03:44 PM <DIR> ..
10/31/2006 08:08 AM 798 desktop.ini
1 File(s) 798 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\smtmp\1\Programs\Startup

05/13/2011 03:44 PM <DIR> .
05/13/2011 03:44 PM <DIR> ..
08/10/2004 02:04 PM 84 desktop.ini
1 File(s) 84 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\smtmp\2

05/13/2011 03:44 PM <DIR> .
05/13/2011 03:44 PM <DIR> ..
11/09/2006 11:09 AM 119 desktop.ini
1 File(s) 119 bytes

Directory of C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\WPDNSE

03/31/2006 12:05 AM <DIR> .
03/31/2006 12:05 AM <DIR> ..
0 File(s) 0 bytes

Total Files Listed:
201 File(s) 7,723,341 bytes
125 Dir(s) 28,404,887,552 bytes free

#14 lksdrinker

lksdrinker
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 15 May 2011 - 03:54 PM

ok did it again with the edited command and now the result says "0 file(s) copied"

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:57 PM

Posted 15 May 2011 - 04:00 PM

Hi!

We are going to need to do this manually.

Please browse to this folder: C:\DOCUMENTS AND SETTINGS\RICHARD CAVE\Local Settings\Temp\smtmp\1

Right click and select Copy.

Then go to this folder: C:\Documents and Settings\All Users\Start Menu\

Right click and select Paste.

This should move the .lnk files back to their proper location.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users