Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep getting 'Bad Image' pop-ups on my laptop.


  • This topic is locked This topic is locked
14 replies to this topic

#1 desyc

desyc

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 10 June 2011 - 08:24 PM

I used malwarebytes anti-malware to remove a virus a few months ago and my laptop was fine until about two weeks ago when I started getting pop-ups as soon as I started my computer and randomly while still on the computer. They usually have the title SSScheduler.exe - Bad Image and say "The application or DLL C:/Documents and Settings/stormy/Local Settings/Application Data/Windows Server/sxsxah.dll is not a valid Windows image. Please check this against your installation diskette." I have no clue what they mean and don't know how to get rid of whatever the virus is because malwarebytes doesn't seem to help against it anymore. Please help get rid of it! It frustrating having to constantly close out those pop-ups and I don't want the virus to get any worse. Thanks in advance!

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 PM

Posted 18 June 2011 - 11:38 AM

Hello and welcome to Bleeping Computer

My name is etavares and I will be working with you to fix your computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.
  • Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • If you have already posted a log, please do so again as instructed below, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.


Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log. Thanks and again sorry for the delay.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 desyc

desyc
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 19 June 2011 - 04:32 PM

OTL.txt
OTL logfile created on: 6/18/2011 7:51:57 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\stormy\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.04 Mb Total Physical Memory | 5.26 Mb Available Physical Memory | 1.18% Memory free
1.03 Gb Paging File | 0.35 Gb Available in Paging File | 33.86% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.23 Gb Total Space | 21.68 Gb Free Space | 29.21% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-USER | User Name: stormy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/18 14:07:08 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\stormy\My Documents\Downloads\OTL.exe
PRC - [2011/06/18 14:01:11 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/22 11:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/07/12 15:25:45 | 000,356,352 | ---- | M] () -- C:\Program Files\mousedrive\mouse32a.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/18 17:29:02 | 002,221,352 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
PRC - [2006/07/25 15:35:58 | 000,364,544 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PRC - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006/03/27 21:47:22 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2006/02/07 16:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2006/01/11 12:05:42 | 000,212,992 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\mcupdate.exe
PRC - [2005/11/11 17:00:56 | 001,005,096 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
PRC - [2005/11/11 16:43:04 | 000,548,864 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
PRC - [2005/11/11 16:42:12 | 000,524,288 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
PRC - [2005/10/13 19:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe
PRC - [2005/09/26 11:22:28 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2005/09/26 10:26:58 | 000,110,592 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKAgent.exe
PRC - [2005/09/22 18:29:08 | 000,303,104 | ---- | M] (McAfee, Inc) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2005/08/24 16:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe
PRC - [2005/08/11 22:02:44 | 000,053,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\VSO\oasclnt.exe
PRC - [2005/08/10 12:49:20 | 000,163,840 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\VSO\mcvsshld.exe
PRC - [2005/08/10 11:22:02 | 000,221,184 | ---- | M] (McAfee Inc.) -- c:\Program Files\McAfee.com\VSO\McShield.exe
PRC - [2005/07/12 18:10:18 | 000,963,072 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe
PRC - [2005/07/12 17:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/07/08 18:16:16 | 000,483,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\VSO\McVSEscn.exe
PRC - [2005/07/01 20:43:00 | 000,299,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\VSO\mcvsftsn.exe
PRC - [2005/05/31 21:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/05/31 20:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/04/26 16:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/01/17 16:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/08/28 00:37:00 | 000,155,648 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/28 00:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2003/12/22 08:38:40 | 000,135,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
PRC - [2003/08/04 17:28:18 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd.exe


========== Modules (SafeList) ==========

MOD - [2011/06/18 14:07:08 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\stormy\My Documents\Downloads\OTL.exe
MOD - [2008/07/12 15:25:45 | 000,073,728 | ---- | M] () -- C:\Program Files\mousedrive\mouDL32A.dll
MOD - [2008/04/13 17:12:51 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2005/09/26 18:12:52 | 000,098,304 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\VSO\McVSSkt.Dll
MOD - [2005/08/17 10:38:00 | 000,143,360 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKOEPlg.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/02/07 16:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/11/11 16:43:04 | 000,548,864 | ---- | M] (McAfee Corporation) [Auto | Running] -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService)
SRV - [2005/10/13 19:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe -- (McDetect.exe)
SRV - [2005/09/26 11:22:28 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2005/08/24 16:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe)
SRV - [2005/08/10 11:22:02 | 000,221,184 | ---- | M] (McAfee Inc.) [Auto | Running] -- c:\Program Files\McAfee.com\VSO\McShield.exe -- (McShield)
SRV - [2005/07/12 18:10:18 | 000,963,072 | ---- | M] (McAfee Inc.) [Auto | Running] -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe -- (MskService)
SRV - [2005/07/12 17:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/07/01 19:22:50 | 000,245,760 | ---- | M] (McAfee, Inc) [On_Demand | Stopped] -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe)
SRV - [2005/01/17 16:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 00:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2004/01/05 00:27:32 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2008/08/10 15:25:08 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/08/24 11:37:50 | 004,374,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/07/17 15:22:49 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/06/28 11:50:00 | 000,098,816 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2006/05/30 16:42:52 | 000,045,696 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/04/01 17:46:28 | 000,471,264 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006/03/18 07:36:42 | 001,155,584 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/03/17 17:24:10 | 001,520,640 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/02 18:49:50 | 000,015,360 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/02/26 14:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/11/11 16:43:52 | 000,080,640 | ---- | M] (McAfee) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MpFirewall.sys -- (MPFIREWL)
DRV - [2005/10/20 14:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/08/24 15:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/08/10 11:22:10 | 000,114,464 | ---- | M] (McAfee Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)
DRV - [2005/08/02 22:10:12 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/06/02 03:33:00 | 000,102,384 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/01/29 14:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 13:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-21-248480588-4011437580-1029270233-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-248480588-4011437580-1029270233-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-248480588-4011437580-1029270233-1008\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-248480588-4011437580-1029270233-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-248480588-4011437580-1029270233-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.msn.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/18 14:01:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/18 14:01:46 | 000,000,000 | ---D | M]

[2010/07/12 16:02:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\stormy\Application Data\Mozilla\Extensions
[2011/06/18 17:18:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\stormy\Application Data\Mozilla\Firefox\Profiles\q7k0zqss.default\extensions
[2010/07/16 02:05:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\stormy\Application Data\Mozilla\Firefox\Profiles\q7k0zqss.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/05 14:53:56 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\stormy\Application Data\Mozilla\Firefox\Profiles\q7k0zqss.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/04/04 12:47:48 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\stormy\Application Data\Mozilla\Firefox\Profiles\q7k0zqss.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/04/04 12:47:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\stormy\Application Data\Mozilla\Firefox\Profiles\q7k0zqss.default\extensions\engine@conduit.com
[2011/06/18 17:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\stormy\Application Data\Mozilla\Firefox\Profiles\q7k0zqss.default\extensions\staged
[2011/06/13 09:09:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/04 21:00:42 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/14 20:56:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 15:50:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
[2010/07/14 20:55:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/18 14:01:07 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2007/08/29 14:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/22 11:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2011/06/18 14:01:22 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (McAfee AntiPhishing Filter) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\Program Files\McAfee\SpamKiller\McApfBHO.dll (McAfee, Inc.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (McAfee, Inc.)
O3 - HKU\S-1-5-21-248480588-4011437580-1029270233-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [DXDllRegExe] File not found
O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\mousedrive\mouse32a.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
O4 - HKLM..\Run: [MSKAGENTEXE] C:\Program Files\McAfee\SpamKiller\MSKAgent.exe (McAfee Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [VirusScan Online] c:\Program Files\McAfee.com\VSO\mcvsshld.exe (McAfee, Inc.)
O4 - HKLM..\Run: [VSOCheckTask] C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe (McAfee, Inc.)
O4 - HKLM..\Run: [wfmtqtps] C:\Documents and Settings\cody\Local Settings\Application Data\nxfrifkyt\dkrirdftssd.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-248480588-4011437580-1029270233-1008..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-248480588-4011437580-1029270233-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\Program Files\McAfee\SpamKiller\McApfBHO.dll (McAfee, Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212705122291 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212705108588 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.168,93.188.166.199
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\stormy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\stormy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/17 11:54:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\stormy\Local Settings\Application Data\Windows Server\sxsxah.dll) - C:\Documents and Settings\stormy\Local Settings\Application Data\Windows Server\sxsxah.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/18 14:49:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/13 09:56:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/06/05 16:05:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/06/05 16:05:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\stormy\Start Menu\Programs\Administrative Tools
[2011/05/27 20:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\BitTorrentBar
[2011/05/27 20:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/07/17 13:26:20 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\stormy\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\stormy\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/18 19:49:11 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/18 19:34:07 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2011/06/18 18:49:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/18 15:00:29 | 000,214,656 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2011/06/18 14:59:07 | 000,000,280 | -H-- | M] () -- C:\WINDOWS\tasks\16446192.job
[2011/06/18 14:59:06 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\a7b2303d.job
[2011/06/18 14:59:06 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\18a38943.job
[2011/06/18 14:58:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/18 14:00:40 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\stormy\Desktop\Microsoft Office Word 2007.lnk
[2011/06/17 18:00:03 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for cody.job
[2011/06/17 16:44:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/05 15:25:34 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\stormy\defogger_reenable
[2011/05/27 20:16:19 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\stormy\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\stormy\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/18 14:02:05 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/06/05 15:24:49 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\stormy\defogger_reenable
[2011/05/10 16:55:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\stormy\Local Settings\Application Data\{61DA1BE1-B0BD-4CF5-A5CF-5B1F12DC63BC}
[2011/05/07 15:42:15 | 000,081,276 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/04 21:19:35 | 009,079,808 | ---- | C] () -- C:\WINDOWS\System32\alltoall.exe
[2010/10/04 21:01:58 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/07/12 00:52:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\stormy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/12 00:52:22 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\stormy\Local Settings\Application Data\fusioncache.dat
[2010/06/17 15:54:24 | 000,170,496 | ---- | C] () -- C:\WINDOWS\Ptyzya.exe
[2010/06/17 15:54:05 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\ernel32.dll
[2010/06/04 11:08:13 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/04/20 19:34:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/07/23 21:46:24 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/20 16:57:32 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2008/06/20 16:57:32 | 000,029,232 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2008/06/01 18:20:06 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2008/06/01 18:20:06 | 000,029,232 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2008/05/29 18:07:59 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ControlWZCS.exe
[2008/05/29 18:07:56 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2008/05/29 18:07:51 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2008/05/29 18:07:36 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe
[2006/08/31 10:07:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/31 09:36:18 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/08/31 09:36:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/08/10 11:51:29 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/08/10 11:51:29 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/08/10 11:51:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/08/10 11:51:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/08/10 11:51:29 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/08/10 11:51:29 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/07/27 11:22:05 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/07/17 15:21:30 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/07/17 15:05:24 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/07/17 13:59:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/07/17 13:59:37 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/07/17 13:59:37 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/07/17 13:32:05 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/07/17 13:32:04 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/07/17 13:32:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/07/17 13:32:04 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/07/17 13:26:20 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/07/17 11:59:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/17 11:56:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/17 11:52:32 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/17 11:51:28 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/07/17 11:27:48 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/07/17 11:24:23 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/07/17 11:24:17 | 000,445,938 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/07/17 11:24:17 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/07/17 11:24:17 | 000,072,978 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/07/17 11:24:17 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/07/17 11:24:14 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/07/17 11:24:13 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/07/17 11:24:08 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/07/17 11:23:58 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/07/17 11:23:58 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/07/17 11:23:42 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/07/17 11:23:30 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/07/17 04:47:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/17 04:46:22 | 000,380,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/02/13 16:29:26 | 000,121,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/08/24 15:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2004/01/05 00:27:36 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

========== LOP Check ==========

[2010/06/04 10:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2006/07/17 15:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/06/04 11:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2011/06/18 14:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/05/16 07:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2011/03/26 12:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/27 20:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/06/23 23:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cody\Application Data\BitTorrent
[2008/08/10 15:24:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cody\Application Data\DAEMON Tools
[2010/07/12 00:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cody\Application Data\DNA
[2006/07/17 15:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cody\Application Data\InterVideo
[2010/05/16 07:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cody\Application Data\MSNInstaller
[2008/06/01 18:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cody\Application Data\Template
[2008/07/06 16:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cody\Application Data\toshiba
[2008/07/26 14:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cody\Application Data\WildTangent
[2006/07/17 15:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterVideo
[2006/07/17 14:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2006/07/17 15:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\InterVideo
[2006/07/17 14:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\toshiba
[2011/05/23 20:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stormy\Application Data\BitTorrent
[2011/04/14 17:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stormy\Application Data\FrostWire
[2006/07/17 15:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stormy\Application Data\InterVideo
[2011/03/17 17:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stormy\Application Data\Soldat
[2006/07/17 14:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stormy\Application Data\toshiba
[2010/10/19 16:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stormy\Application Data\WildTangent
[2011/06/18 14:59:07 | 000,000,280 | -H-- | M] () -- C:\WINDOWS\Tasks\16446192.job
[2011/06/18 14:59:06 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\Tasks\18a38943.job
[2011/06/18 14:59:06 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\Tasks\a7b2303d.job
[2011/06/18 19:34:07 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/07/17 04:45:51 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/07/17 04:45:51 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/07/17 04:45:51 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2006/07/17 11:54:36 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/05/29 18:07:32 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2006/07/17 11:54:36 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/04/25 15:05:04 | 000,219,780 | ---- | M] () -- C:\EULA.pdf
[2001/09/05 22:00:58 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\gdiplus.dll
[2006/07/17 11:54:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/07/17 15:23:27 | 000,001,188 | -H-- | M] () -- C:\IPH.PH
[2011/03/17 17:57:26 | 000,000,000 | R--- | M] () -- C:\logwmemory.bin
[2006/07/17 11:54:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/07/06 18:31:05 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/06/18 14:57:57 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys
[2010/03/27 20:10:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/04/13 05:27:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/04/13 16:00:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/04/14 05:11:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/04/14 17:19:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/04/14 21:26:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/04/15 04:10:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/04/15 18:51:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/04/15 23:06:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/04/16 03:21:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/04/16 18:39:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/04/17 19:15:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/04/20 19:41:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/04/24 08:05:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/04/24 08:15:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/05/15 19:51:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/05/16 07:45:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/03/26 12:08:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/03/27 07:15:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/03/27 19:35:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/03/27 20:10:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/04/13 05:27:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/04/13 16:00:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/04/14 05:11:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/04/14 17:19:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/04/14 21:26:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/04/15 04:10:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/04/15 18:51:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/04/15 23:06:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/04/16 03:21:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/04/16 18:39:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/04/17 19:15:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/04/20 19:41:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/04/24 08:05:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/04/24 08:15:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/05/15 19:51:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/05/16 07:45:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/03/26 12:08:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/03/27 07:15:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/03/27 19:35:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\A17eIQ79.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\A31793yWS.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\A31e93k7y.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\A31e9aAA9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\A5555.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\A5kU5.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\A9kU7m3.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\AA17eIQ7w.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\AA3179u.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\AA3kUO3.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\AA5k5.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\AA5kU.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\AA79eIQ9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\AAA3k7.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\AAA55.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\AAAA3k79.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\AAAA5.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\AAAAA.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\C17uO1o9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\C1s9e179.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\C317y3c79.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\C31uO3o7o.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\C3sKUOCE9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\C5555.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\C555y.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\C5sKU.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\C7s317.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\C7sK1y.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\C93u7mY.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CE31kUO.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CE3aAA3.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CE55k.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CE5aA.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CE793179.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CE7aA179.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CE7aA1kU.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CE93kU.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CEI179q.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CEI79q1wS.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CEI93qG9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CEIQG3iQG.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CEIQG7.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CEIQGM7g.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\E179e179.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\E1aA3kU9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\E31793u79.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\E31k9y1c9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\E3aAA31e9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\E555e.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\E5a55.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\E5aAA.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\E79317.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\E7aAAA.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\E931eI3.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\E9a1kUO.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\EI1793qGM.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\EI1qG3iQ9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\EI317qG.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\EI31qGM.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\EI55q.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\EI5qG.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\EI793179.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\EI93qG.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\EI9q1w.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\EIQ1w9u.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\EIQ5w.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\EIQ93c7s.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\EIQGM93.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\EIQGMYW9.dll
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\G1iQ3wSK.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\G317k3179.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\G3i7q3w7u.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\G3iQG317k.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\G793kU.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\G79aAA.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\G9iQ7w3.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\GM1g93aAA.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\GM3gMYW.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\GM55w.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\GM79w179.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\GM79wS7e.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\GM931c.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\GMY1793.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\GMY17o3.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\GMY55.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\GMY5c.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\GMY7c3s7e.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\GMY9c17u.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\GMY9c1sK.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\GMYW5.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\GMYWS.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\GMYWSKU.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\I317q3wSK.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\I31qGM1gM.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\I31qGMY7c.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\I3q79c1s9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\I3qGM3179.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\I5555.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\I5qG5.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\I793qG.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\I79qGM.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\I93q79c.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\I9q179o.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\IQ179oCE9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\IQ317o3.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\IQ3w7u3.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\IQ555.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\IQG3i7.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\IQG55.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\IQG79a17e.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\IQG79a1k9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\IQG931k9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\IQG9iQGM.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\IQGM31w9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\IQGM7gM.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\IQGMY.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\K1yW3uO9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\K317w3uOC.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\K31g931kU.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\K3y79oCEI.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\K7931c.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\K7y317.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\K7yW17.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\K9317cE.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\K9yW793.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\K9yWS93.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\KU1mY3cE9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\KU555.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\KU55i.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\KUO793iQG.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\KUOC3sK9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\KUOC5.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\KUOC79u.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\KUOCE9a.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\M17w3u7m.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\M317c3s7e.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\M31w9uOC9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\M3g7iQ1w9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\M5g55.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\M7gMYW.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\M93w793.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\M93wSKU.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\M9gMYWS.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\MY179mYW9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\MY1c9s179.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\MY3c793.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\MY3c7sK.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\MY555.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\MY55o.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\MY5c5.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\MY793m7g.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\MYW3uO.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\MYW7931w9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\MYW93yWS.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\MYWS1e.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\MYWSK9y.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\O317931e9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\O31m93w7u.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\O31m9g179.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\O3o7931a9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\O3oCE31k9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\O55mY.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\O5o5o.dll
[2010/06/17 15:54:00 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\O79317.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\O793i7.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\O7oC1s.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\O9oCEIQ.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\OC1s93s7e.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\OC1sKUO7o.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\OC31uOC.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\OC793179.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\OC793yWS.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\OC7s317u.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\OCE1a9k.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\OCE31k.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\OCE3a7.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\OCE55.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\OCE9aAA9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\OCEI3q79.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\OCEIQG7i.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\Q1793mYW.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\Q1w9317w.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\Q317oC1sK.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\Q555o.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\Q55c5.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\Q5w5u.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\Q7931m.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\Q9w17yW.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\QG555.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\QG5iQ.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\QG931k.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\QGM317.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\QGM931cE.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\QGMY17.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\QGMY317m.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\QGMY3c7s.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\QGMY5.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\S1793yW9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\S17sKUOC.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\S317uO1o9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\S3eI931q9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\S555u.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\S5e5a.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\S79s17.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\S7e31k.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\S93s79s.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\S9eI79q.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\S9eIQGM.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\SK5y5.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\SK5yW.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\SK93g7.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\SKU1793.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\SKU317.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\SKU7931k9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\SKU9mY7c.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\SKUOC.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\U179a1kU.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\U1mY3c7s.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\U31iQG179.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\U5555.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\U793aA.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\U79i1q.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\U9mYW93.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\UO17m3g7i.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\UO31793.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\UO31m93.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\UO7931a9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\UO79m179.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\UO9oC7.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\UOC3s7.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\UOCE79k.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\UOCE9aAAA.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\UOCEI17q.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\W1u93179.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\W1uOCEIQ.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\W3u79iQGM.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\W55y5.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\W5u55.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\W7931w.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\W9uO793.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\WS3e793.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\WS9eI7.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\WSK1y93.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\WSK317.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\WSK31g.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\WSK3yW.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\WSK55.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\WSK5y.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\WSK7931cE.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\WSKU17.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\WSKUOC17u.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\Y17oC179.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\Y3c79u1m9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\Y5555.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\Y555m.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\Y7cE1a.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\Y9c1s9e.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\YW179gMY9.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\YW55y.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\YW5u5.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\YW7u3179.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\YWS1793.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\YWS17sK.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\YWS1e93.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\YWS55.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\YWS7e3aAA.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\YWSK31gM.dll
[2010/06/17 15:54:14 | 000,044,544 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\YWSK5.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< End of report >

Extras.txt
OTL Extras logfile created on: 6/18/2011 7:51:57 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\stormy\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.04 Mb Total Physical Memory | 5.26 Mb Available Physical Memory | 1.18% Memory free
1.03 Gb Paging File | 0.35 Gb Available in Paging File | 33.86% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.23 Gb Total Space | 21.68 Gb Free Space | 29.21% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-USER | User Name: stormy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-248480588-4011437580-1029270233-1008\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe" = C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine -- (TOSHIBA CORPORATION)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\1153174899\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1153174899\EE\AOLServiceHost.exe:*:Disabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Disabled:AOLTopSpeed
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Disabled:AOLTsMon
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Disabled:Windows Live Messenger (Phone)
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Disabled:Yahoo! Music Engine
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Soldat\Soldat.exe" = C:\Soldat\Soldat.exe:*:Enabled:http://soldat.pl


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI/PCIe card Driver
"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C5F1B30-B10B-4579-86DD-D00F662E1033}" = Nero 8
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529DDE6B-4F31-438B-B218-F36266ABD8C0}" = TOSHIBA Disc Creator
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}" = Atheros Client Utility
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{7AD35FDD-A268-44b7-9A8E-4677020CC90B}" = 1300Tour
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A1A3690-824F-49ED-BB15-9B0C6E118624}" = FateUtilities
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{980606BB-A475-4a85-A665-6E30DB2F28B3}" = 1300Trb
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A71822CD-7F77-46a3-B761-D6BA35245E95}" = 1300
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}" = Fax
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB83F10A-D02A-4aba-8843-ACAB50D48216}" = 1300_Help
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{EC62C4D6-DB1B-4678-8FD3-FBAF6C5ACA72}" = ATI Catalyst Control Center
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"Browser Mouse" = Browser Mouse
"conduitEngine" = Conduit Engine
"Desktop Dialer" = Desktop Dialer
"Easy WiFi Radar" = Easy WiFi Radar 1.0.5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FrostWire" = FrostWire 4.21.3
"HP Photo & Imaging" = HP Image Zone 3.5
"hp psc 1300 series_Driver" = hp psc 1300 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InFlac" = InFlac 1.1.1
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"McAfee Uninstall Utility" = McAfee Uninstall Wizard
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSSSetup.{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan (Symantec Corporation)
"Picasa2" = Picasa 2
"Power Saver" = TOSHIBA Power Saver
"RealPlayer 6.0" = RealPlayer Basic
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Game Console" = TOSHIBA Game Console
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent CDA" = WildTangent Web Driver
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-248480588-4011437580-1029270233-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/18/2011 10:49:53 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 6/18/2011 10:49:53 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 6/18/2011 10:49:55 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 6/18/2011 10:49:55 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 6/18/2011 10:49:55 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 6/18/2011 10:49:55 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 6/18/2011 10:50:01 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 6/18/2011 10:50:01 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 6/18/2011 10:50:01 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 6/18/2011 10:50:01 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ Application Events ]
Error - 6/18/2011 10:49:53 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 6/18/2011 10:49:53 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 6/18/2011 10:49:55 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 6/18/2011 10:49:55 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 6/18/2011 10:49:55 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 6/18/2011 10:49:55 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 6/18/2011 10:50:01 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 6/18/2011 10:50:01 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 6/18/2011 10:50:01 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 6/18/2011 10:50:01 PM | Computer Name = TOSHIBA-USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 6/18/2011 5:51:01 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/18/2011 5:51:01 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/18/2011 5:51:01 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/18/2011 5:51:01 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/18/2011 5:51:01 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/18/2011 5:51:01 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/18/2011 5:51:02 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/18/2011 5:51:02 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/18/2011 5:51:02 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/18/2011 5:51:02 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >
Attached File  ark.txt   8.24KB   1 downloads

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 PM

Posted 20 June 2011 - 05:50 PM

Hello, desyc.

P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case BitTorrent, FrostWire). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.






Viewpoint (foistware) Warning"

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/clickz/news/1714488/viewpoint-plunge-into-adware

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Conduit Toolbar Warning"

I see you have the a Conduit toolbar installed. This often is recognized as trackware and I recommend you remove it.

If you would like to remove it, please go to add/Remove Programs and uninstall Conduit Engine, BitTorrent Toolbar.






Step 1


OK, I see plenty of malware in your log. Let's run Combofix to start. make sure to disable McAfee. If you have issues, let me know.



Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 desyc

desyc
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 23 June 2011 - 01:54 PM

ComboFix 11-06-23.01 - stormy 06/23/2011 11:21:22.1.1 - x86
Running from: c:\documents and settings\stormy\Desktop\etavaresCF.exe
AV: McAfee VirusScan *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\cody\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Guest\WINDOWS
c:\documents and settings\stormy\Application Data\PriceGong
c:\documents and settings\stormy\Application Data\PriceGong\Data\1.xml
c:\documents and settings\stormy\Application Data\PriceGong\Data\a.xml
c:\documents and settings\stormy\Application Data\PriceGong\Data\b.xml
c:\documents and settings\stormy\Application Data\PriceGong\Data\c.xml
c:\documents and settings\stormy\Application Data\PriceGong\Data\d.xml
c:\documents and settings\stormy\Application Data\PriceGong\Data\e.xml
c:\documents and settings\stormy\Application Data\PriceGong\Data\f.xml
c:\documents and settings\stormy\Application Data\PriceGong\Data\g.xml
c:\documents and settings\stormy\Application Data\PriceGong\Data\h.xml
c:\documents and settings\stormy\Application Data\PriceGong\Data\i.xml
c:\documents and settings\stormy\Application Data\PriceGong\Data\j.xml
c:\documents and settings\stormy\Application Data\PriceGong\Data\k.xml
c:\documents and settings\stormy\Application Data\PriceGong\Data\l.xml
c:\documents and settings\stormy\Application Data\PriceGong\Data\m.xml
c:\documents and settings\stormy\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\stormy\Application Data\PriceGong\Data\n.xml
c:\documents and settings\stormy\Application Data\PriceGong\Data\o.xml
c:\documents and settings\stormy\Application Data\PriceGong\Data\p.xml
c:\documents and settings\stormy\Application Data\PriceGong\Data\q.xml
c:\documents and settings\stormy\Application Data\PriceGong\Data\r.xml
c:\documents and settings\stormy\Application Data\PriceGong\Data\s.xml
c:\documents and settings\stormy\Application Data\PriceGong\Data\t.xml
c:\documents and settings\stormy\Application Data\PriceGong\Data\u.xml
c:\documents and settings\stormy\Application Data\PriceGong\Data\v.xml
c:\documents and settings\stormy\Application Data\PriceGong\Data\w.xml
c:\documents and settings\stormy\Application Data\PriceGong\Data\x.xml
c:\documents and settings\stormy\Application Data\PriceGong\Data\y.xml
c:\documents and settings\stormy\Application Data\PriceGong\Data\z.xml
c:\documents and settings\stormy\WINDOWS
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\drivers\npf.sys
c:\windows\system32\ernel32.dll
c:\windows\system32\Packet.dll
c:\windows\system32\spool\prtprocs\w32x86\A17eIQ79.dll
c:\windows\system32\spool\prtprocs\w32x86\A31793yWS.dll
c:\windows\system32\spool\prtprocs\w32x86\A31e93k7y.dll
c:\windows\system32\spool\prtprocs\w32x86\A31e9aAA9.dll
c:\windows\system32\spool\prtprocs\w32x86\A5555.dll
c:\windows\system32\spool\prtprocs\w32x86\A5kU5.dll
c:\windows\system32\spool\prtprocs\w32x86\A9kU7m3.dll
c:\windows\system32\spool\prtprocs\w32x86\AA17eIQ7w.dll
c:\windows\system32\spool\prtprocs\w32x86\AA3179u.dll
c:\windows\system32\spool\prtprocs\w32x86\AA3kUO3.dll
c:\windows\system32\spool\prtprocs\w32x86\AA5k5.dll
c:\windows\system32\spool\prtprocs\w32x86\AA5kU.dll
c:\windows\system32\spool\prtprocs\w32x86\AA79eIQ9.dll
c:\windows\system32\spool\prtprocs\w32x86\AAA3k7.dll
c:\windows\system32\spool\prtprocs\w32x86\AAA55.dll
c:\windows\system32\spool\prtprocs\w32x86\AAAA3k79.dll
c:\windows\system32\spool\prtprocs\w32x86\AAAA5.dll
c:\windows\system32\spool\prtprocs\w32x86\AAAAA.dll
c:\windows\system32\spool\prtprocs\w32x86\C17uO1o9.dll
c:\windows\system32\spool\prtprocs\w32x86\C1s9e179.dll
c:\windows\system32\spool\prtprocs\w32x86\C317y3c79.dll
c:\windows\system32\spool\prtprocs\w32x86\C31uO3o7o.dll
c:\windows\system32\spool\prtprocs\w32x86\C3sKUOCE9.dll
c:\windows\system32\spool\prtprocs\w32x86\C5555.dll
c:\windows\system32\spool\prtprocs\w32x86\C555y.dll
c:\windows\system32\spool\prtprocs\w32x86\C5sKU.dll
c:\windows\system32\spool\prtprocs\w32x86\C7s317.dll
c:\windows\system32\spool\prtprocs\w32x86\C7sK1y.dll
c:\windows\system32\spool\prtprocs\w32x86\C93u7mY.dll
c:\windows\system32\spool\prtprocs\w32x86\CE31kUO.dll
c:\windows\system32\spool\prtprocs\w32x86\CE3aAA3.dll
c:\windows\system32\spool\prtprocs\w32x86\CE55k.dll
c:\windows\system32\spool\prtprocs\w32x86\CE5aA.dll
c:\windows\system32\spool\prtprocs\w32x86\CE793179.dll
c:\windows\system32\spool\prtprocs\w32x86\CE7aA179.dll
c:\windows\system32\spool\prtprocs\w32x86\CE7aA1kU.dll
c:\windows\system32\spool\prtprocs\w32x86\CE93kU.dll
c:\windows\system32\spool\prtprocs\w32x86\CEI179q.dll
c:\windows\system32\spool\prtprocs\w32x86\CEI79q1wS.dll
c:\windows\system32\spool\prtprocs\w32x86\CEI93qG9.dll
c:\windows\system32\spool\prtprocs\w32x86\CEIQG3iQG.dll
c:\windows\system32\spool\prtprocs\w32x86\CEIQG7.dll
c:\windows\system32\spool\prtprocs\w32x86\CEIQGM7g.dll
c:\windows\system32\spool\prtprocs\w32x86\E179e179.dll
c:\windows\system32\spool\prtprocs\w32x86\E1aA3kU9.dll
c:\windows\system32\spool\prtprocs\w32x86\E31793u79.dll
c:\windows\system32\spool\prtprocs\w32x86\E31k9y1c9.dll
c:\windows\system32\spool\prtprocs\w32x86\E3aAA31e9.dll
c:\windows\system32\spool\prtprocs\w32x86\E555e.dll
c:\windows\system32\spool\prtprocs\w32x86\E5a55.dll
c:\windows\system32\spool\prtprocs\w32x86\E5aAA.dll
c:\windows\system32\spool\prtprocs\w32x86\E79317.dll
c:\windows\system32\spool\prtprocs\w32x86\E7aAAA.dll
c:\windows\system32\spool\prtprocs\w32x86\E931eI3.dll
c:\windows\system32\spool\prtprocs\w32x86\E9a1kUO.dll
c:\windows\system32\spool\prtprocs\w32x86\EI1793qGM.dll
c:\windows\system32\spool\prtprocs\w32x86\EI1qG3iQ9.dll
c:\windows\system32\spool\prtprocs\w32x86\EI317qG.dll
c:\windows\system32\spool\prtprocs\w32x86\EI31qGM.dll
c:\windows\system32\spool\prtprocs\w32x86\EI55q.dll
c:\windows\system32\spool\prtprocs\w32x86\EI5qG.dll
c:\windows\system32\spool\prtprocs\w32x86\EI793179.dll
c:\windows\system32\spool\prtprocs\w32x86\EI93qG.dll
c:\windows\system32\spool\prtprocs\w32x86\EI9q1w.dll
c:\windows\system32\spool\prtprocs\w32x86\EIQ1w9u.dll
c:\windows\system32\spool\prtprocs\w32x86\EIQ5w.dll
c:\windows\system32\spool\prtprocs\w32x86\EIQ93c7s.dll
c:\windows\system32\spool\prtprocs\w32x86\EIQGM93.dll
c:\windows\system32\spool\prtprocs\w32x86\EIQGMYW9.dll
c:\windows\system32\spool\prtprocs\w32x86\G1iQ3wSK.dll
c:\windows\system32\spool\prtprocs\w32x86\G317k3179.dll
c:\windows\system32\spool\prtprocs\w32x86\G3i7q3w7u.dll
c:\windows\system32\spool\prtprocs\w32x86\G3iQG317k.dll
c:\windows\system32\spool\prtprocs\w32x86\G793kU.dll
c:\windows\system32\spool\prtprocs\w32x86\G79aAA.dll
c:\windows\system32\spool\prtprocs\w32x86\G9iQ7w3.dll
c:\windows\system32\spool\prtprocs\w32x86\GM1g93aAA.dll
c:\windows\system32\spool\prtprocs\w32x86\GM3gMYW.dll
c:\windows\system32\spool\prtprocs\w32x86\GM55w.dll
c:\windows\system32\spool\prtprocs\w32x86\GM79w179.dll
c:\windows\system32\spool\prtprocs\w32x86\GM79wS7e.dll
c:\windows\system32\spool\prtprocs\w32x86\GM931c.dll
c:\windows\system32\spool\prtprocs\w32x86\GMY1793.dll
c:\windows\system32\spool\prtprocs\w32x86\GMY17o3.dll
c:\windows\system32\spool\prtprocs\w32x86\GMY55.dll
c:\windows\system32\spool\prtprocs\w32x86\GMY5c.dll
c:\windows\system32\spool\prtprocs\w32x86\GMY7c3s7e.dll
c:\windows\system32\spool\prtprocs\w32x86\GMY9c17u.dll
c:\windows\system32\spool\prtprocs\w32x86\GMY9c1sK.dll
c:\windows\system32\spool\prtprocs\w32x86\GMYW5.dll
c:\windows\system32\spool\prtprocs\w32x86\GMYWS.dll
c:\windows\system32\spool\prtprocs\w32x86\GMYWSKU.dll
c:\windows\system32\spool\prtprocs\w32x86\I317q3wSK.dll
c:\windows\system32\spool\prtprocs\w32x86\I31qGM1gM.dll
c:\windows\system32\spool\prtprocs\w32x86\I31qGMY7c.dll
c:\windows\system32\spool\prtprocs\w32x86\I3q79c1s9.dll
c:\windows\system32\spool\prtprocs\w32x86\I3qGM3179.dll
c:\windows\system32\spool\prtprocs\w32x86\I5555.dll
c:\windows\system32\spool\prtprocs\w32x86\I5qG5.dll
c:\windows\system32\spool\prtprocs\w32x86\I793qG.dll
c:\windows\system32\spool\prtprocs\w32x86\I79qGM.dll
c:\windows\system32\spool\prtprocs\w32x86\I93q79c.dll
c:\windows\system32\spool\prtprocs\w32x86\I9q179o.dll
c:\windows\system32\spool\prtprocs\w32x86\IQ179oCE9.dll
c:\windows\system32\spool\prtprocs\w32x86\IQ317o3.dll
c:\windows\system32\spool\prtprocs\w32x86\IQ3w7u3.dll
c:\windows\system32\spool\prtprocs\w32x86\IQ555.dll
c:\windows\system32\spool\prtprocs\w32x86\IQG3i7.dll
c:\windows\system32\spool\prtprocs\w32x86\IQG55.dll
c:\windows\system32\spool\prtprocs\w32x86\IQG79a17e.dll
c:\windows\system32\spool\prtprocs\w32x86\IQG79a1k9.dll
c:\windows\system32\spool\prtprocs\w32x86\IQG931k9.dll
c:\windows\system32\spool\prtprocs\w32x86\IQG9iQGM.dll
c:\windows\system32\spool\prtprocs\w32x86\IQGM31w9.dll
c:\windows\system32\spool\prtprocs\w32x86\IQGM7gM.dll
c:\windows\system32\spool\prtprocs\w32x86\IQGMY.dll
c:\windows\system32\spool\prtprocs\w32x86\K1yW3uO9.dll
c:\windows\system32\spool\prtprocs\w32x86\K317w3uOC.dll
c:\windows\system32\spool\prtprocs\w32x86\K31g931kU.dll
c:\windows\system32\spool\prtprocs\w32x86\K3y79oCEI.dll
c:\windows\system32\spool\prtprocs\w32x86\K7931c.dll
c:\windows\system32\spool\prtprocs\w32x86\K7y317.dll
c:\windows\system32\spool\prtprocs\w32x86\K7yW17.dll
c:\windows\system32\spool\prtprocs\w32x86\K9317cE.dll
c:\windows\system32\spool\prtprocs\w32x86\K9yW793.dll
c:\windows\system32\spool\prtprocs\w32x86\K9yWS93.dll
c:\windows\system32\spool\prtprocs\w32x86\KU1mY3cE9.dll
c:\windows\system32\spool\prtprocs\w32x86\KU555.dll
c:\windows\system32\spool\prtprocs\w32x86\KU55i.dll
c:\windows\system32\spool\prtprocs\w32x86\KUO793iQG.dll
c:\windows\system32\spool\prtprocs\w32x86\KUOC3sK9.dll
c:\windows\system32\spool\prtprocs\w32x86\KUOC5.dll
c:\windows\system32\spool\prtprocs\w32x86\KUOC79u.dll
c:\windows\system32\spool\prtprocs\w32x86\KUOCE9a.dll
c:\windows\system32\spool\prtprocs\w32x86\M17w3u7m.dll
c:\windows\system32\spool\prtprocs\w32x86\M317c3s7e.dll
c:\windows\system32\spool\prtprocs\w32x86\M31w9uOC9.dll
c:\windows\system32\spool\prtprocs\w32x86\M3g7iQ1w9.dll
c:\windows\system32\spool\prtprocs\w32x86\M5g55.dll
c:\windows\system32\spool\prtprocs\w32x86\M7gMYW.dll
c:\windows\system32\spool\prtprocs\w32x86\M93w793.dll
c:\windows\system32\spool\prtprocs\w32x86\M93wSKU.dll
c:\windows\system32\spool\prtprocs\w32x86\M9gMYWS.dll
c:\windows\system32\spool\prtprocs\w32x86\MY179mYW9.dll
c:\windows\system32\spool\prtprocs\w32x86\MY1c9s179.dll
c:\windows\system32\spool\prtprocs\w32x86\MY3c793.dll
c:\windows\system32\spool\prtprocs\w32x86\MY3c7sK.dll
c:\windows\system32\spool\prtprocs\w32x86\MY555.dll
c:\windows\system32\spool\prtprocs\w32x86\MY55o.dll
c:\windows\system32\spool\prtprocs\w32x86\MY5c5.dll
c:\windows\system32\spool\prtprocs\w32x86\MY793m7g.dll
c:\windows\system32\spool\prtprocs\w32x86\MYW3uO.dll
c:\windows\system32\spool\prtprocs\w32x86\MYW7931w9.dll
c:\windows\system32\spool\prtprocs\w32x86\MYW93yWS.dll
c:\windows\system32\spool\prtprocs\w32x86\MYWS1e.dll
c:\windows\system32\spool\prtprocs\w32x86\MYWSK9y.dll
c:\windows\system32\spool\prtprocs\w32x86\O317931e9.dll
c:\windows\system32\spool\prtprocs\w32x86\O31m93w7u.dll
c:\windows\system32\spool\prtprocs\w32x86\O31m9g179.dll
c:\windows\system32\spool\prtprocs\w32x86\O3o7931a9.dll
c:\windows\system32\spool\prtprocs\w32x86\O3oCE31k9.dll
c:\windows\system32\spool\prtprocs\w32x86\O55mY.dll
c:\windows\system32\spool\prtprocs\w32x86\O5o5o.dll
c:\windows\system32\spool\prtprocs\w32x86\O79317.dll
c:\windows\system32\spool\prtprocs\w32x86\O793i7.dll
c:\windows\system32\spool\prtprocs\w32x86\O7oC1s.dll
c:\windows\system32\spool\prtprocs\w32x86\O9oCEIQ.dll
c:\windows\system32\spool\prtprocs\w32x86\OC1s93s7e.dll
c:\windows\system32\spool\prtprocs\w32x86\OC1sKUO7o.dll
c:\windows\system32\spool\prtprocs\w32x86\OC31uOC.dll
c:\windows\system32\spool\prtprocs\w32x86\OC793179.dll
c:\windows\system32\spool\prtprocs\w32x86\OC793yWS.dll
c:\windows\system32\spool\prtprocs\w32x86\OC7s317u.dll
c:\windows\system32\spool\prtprocs\w32x86\OCE1a9k.dll
c:\windows\system32\spool\prtprocs\w32x86\OCE31k.dll
c:\windows\system32\spool\prtprocs\w32x86\OCE3a7.dll
c:\windows\system32\spool\prtprocs\w32x86\OCE55.dll
c:\windows\system32\spool\prtprocs\w32x86\OCE9aAA9.dll
c:\windows\system32\spool\prtprocs\w32x86\OCEI3q79.dll
c:\windows\system32\spool\prtprocs\w32x86\OCEIQG7i.dll
c:\windows\system32\spool\prtprocs\w32x86\Q1793mYW.dll
c:\windows\system32\spool\prtprocs\w32x86\Q1w9317w.dll
c:\windows\system32\spool\prtprocs\w32x86\Q317oC1sK.dll
c:\windows\system32\spool\prtprocs\w32x86\Q555o.dll
c:\windows\system32\spool\prtprocs\w32x86\Q55c5.dll
c:\windows\system32\spool\prtprocs\w32x86\Q5w5u.dll
c:\windows\system32\spool\prtprocs\w32x86\Q7931m.dll
c:\windows\system32\spool\prtprocs\w32x86\Q9w17yW.dll
c:\windows\system32\spool\prtprocs\w32x86\QG555.dll
c:\windows\system32\spool\prtprocs\w32x86\QG5iQ.dll
c:\windows\system32\spool\prtprocs\w32x86\QG931k.dll
c:\windows\system32\spool\prtprocs\w32x86\QGM317.dll
c:\windows\system32\spool\prtprocs\w32x86\QGM931cE.dll
c:\windows\system32\spool\prtprocs\w32x86\QGMY17.dll
c:\windows\system32\spool\prtprocs\w32x86\QGMY317m.dll
c:\windows\system32\spool\prtprocs\w32x86\QGMY3c7s.dll
c:\windows\system32\spool\prtprocs\w32x86\QGMY5.dll
c:\windows\system32\spool\prtprocs\w32x86\S1793yW9.dll
c:\windows\system32\spool\prtprocs\w32x86\S17sKUOC.dll
c:\windows\system32\spool\prtprocs\w32x86\S317uO1o9.dll
c:\windows\system32\spool\prtprocs\w32x86\S3eI931q9.dll
c:\windows\system32\spool\prtprocs\w32x86\S555u.dll
c:\windows\system32\spool\prtprocs\w32x86\S5e5a.dll
c:\windows\system32\spool\prtprocs\w32x86\S79s17.dll
c:\windows\system32\spool\prtprocs\w32x86\S7e31k.dll
c:\windows\system32\spool\prtprocs\w32x86\S93s79s.dll
c:\windows\system32\spool\prtprocs\w32x86\S9eI79q.dll
c:\windows\system32\spool\prtprocs\w32x86\S9eIQGM.dll
c:\windows\system32\spool\prtprocs\w32x86\SK5y5.dll
c:\windows\system32\spool\prtprocs\w32x86\SK5yW.dll
c:\windows\system32\spool\prtprocs\w32x86\SK93g7.dll
c:\windows\system32\spool\prtprocs\w32x86\SKU1793.dll
c:\windows\system32\spool\prtprocs\w32x86\SKU317.dll
c:\windows\system32\spool\prtprocs\w32x86\SKU7931k9.dll
c:\windows\system32\spool\prtprocs\w32x86\SKU9mY7c.dll
c:\windows\system32\spool\prtprocs\w32x86\SKUOC.dll
c:\windows\system32\spool\prtprocs\w32x86\U179a1kU.dll
c:\windows\system32\spool\prtprocs\w32x86\U1mY3c7s.dll
c:\windows\system32\spool\prtprocs\w32x86\U31iQG179.dll
c:\windows\system32\spool\prtprocs\w32x86\U5555.dll
c:\windows\system32\spool\prtprocs\w32x86\U793aA.dll
c:\windows\system32\spool\prtprocs\w32x86\U79i1q.dll
c:\windows\system32\spool\prtprocs\w32x86\U9mYW93.dll
c:\windows\system32\spool\prtprocs\w32x86\UO17m3g7i.dll
c:\windows\system32\spool\prtprocs\w32x86\UO31793.dll
c:\windows\system32\spool\prtprocs\w32x86\UO31m93.dll
c:\windows\system32\spool\prtprocs\w32x86\UO7931a9.dll
c:\windows\system32\spool\prtprocs\w32x86\UO79m179.dll
c:\windows\system32\spool\prtprocs\w32x86\UO9oC7.dll
c:\windows\system32\spool\prtprocs\w32x86\UOC3s7.dll
c:\windows\system32\spool\prtprocs\w32x86\UOCE79k.dll
c:\windows\system32\spool\prtprocs\w32x86\UOCE9aAAA.dll
c:\windows\system32\spool\prtprocs\w32x86\UOCEI17q.dll
c:\windows\system32\spool\prtprocs\w32x86\W1u93179.dll
c:\windows\system32\spool\prtprocs\w32x86\W1uOCEIQ.dll
c:\windows\system32\spool\prtprocs\w32x86\W3u79iQGM.dll
c:\windows\system32\spool\prtprocs\w32x86\W55y5.dll
c:\windows\system32\spool\prtprocs\w32x86\W5u55.dll
c:\windows\system32\spool\prtprocs\w32x86\W7931w.dll
c:\windows\system32\spool\prtprocs\w32x86\W9uO793.dll
c:\windows\system32\spool\prtprocs\w32x86\WS3e793.dll
c:\windows\system32\spool\prtprocs\w32x86\WS9eI7.dll
c:\windows\system32\spool\prtprocs\w32x86\WSK1y93.dll
c:\windows\system32\spool\prtprocs\w32x86\WSK317.dll
c:\windows\system32\spool\prtprocs\w32x86\WSK31g.dll
c:\windows\system32\spool\prtprocs\w32x86\WSK3yW.dll
c:\windows\system32\spool\prtprocs\w32x86\WSK55.dll
c:\windows\system32\spool\prtprocs\w32x86\WSK5y.dll
c:\windows\system32\spool\prtprocs\w32x86\WSK7931cE.dll
c:\windows\system32\spool\prtprocs\w32x86\WSKU17.dll
c:\windows\system32\spool\prtprocs\w32x86\WSKUOC17u.dll
c:\windows\system32\spool\prtprocs\w32x86\Y17oC179.dll
c:\windows\system32\spool\prtprocs\w32x86\Y3c79u1m9.dll
c:\windows\system32\spool\prtprocs\w32x86\Y5555.dll
c:\windows\system32\spool\prtprocs\w32x86\Y555m.dll
c:\windows\system32\spool\prtprocs\w32x86\Y7cE1a.dll
c:\windows\system32\spool\prtprocs\w32x86\Y9c1s9e.dll
c:\windows\system32\spool\prtprocs\w32x86\YW179gMY9.dll
c:\windows\system32\spool\prtprocs\w32x86\YW55y.dll
c:\windows\system32\spool\prtprocs\w32x86\YW5u5.dll
c:\windows\system32\spool\prtprocs\w32x86\YW7u3179.dll
c:\windows\system32\spool\prtprocs\w32x86\YWS1793.dll
c:\windows\system32\spool\prtprocs\w32x86\YWS17sK.dll
c:\windows\system32\spool\prtprocs\w32x86\YWS1e93.dll
c:\windows\system32\spool\prtprocs\w32x86\YWS55.dll
c:\windows\system32\spool\prtprocs\w32x86\YWS7e3aAA.dll
c:\windows\system32\spool\prtprocs\w32x86\YWSK31gM.dll
c:\windows\system32\spool\prtprocs\w32x86\YWSK5.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-05-23 to 2011-06-23 )))))))))))))))))))))))))))))))
.
.
2011-06-23 18:03 . 2011-06-23 18:03 -------- d-----w- c:\documents and settings\stormy\Local Settings\Application Data\Conduit
2011-06-23 17:55 . 2011-06-23 17:55 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-23 17:55 . 2011-06-23 17:55 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-18 21:01 . 2011-06-23 17:54 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-06-18 21:01 . 2011-06-23 17:54 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-06-18 21:01 . 2011-06-23 17:54 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-06-18 21:01 . 2011-06-23 17:54 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-06-18 21:01 . 2011-06-23 17:54 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-06-18 21:01 . 2011-06-23 17:55 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-28 03:16 . 2011-05-28 03:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\BitTorrentBar
2011-05-28 03:16 . 2011-05-28 03:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-18 21:00 . 2011-05-17 17:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-10 23:55 . 2011-05-10 23:55 0 ---ha-w- c:\documents and settings\stormy\Local Settings\Application Data\BIT7.tmp
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-06-23 17:55 . 2011-06-18 21:01 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-29 1828136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-09 151552]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-23 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 110592]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 1121792]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-07-25 364544]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-24 16050688]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 89541]
"TFncKy"="TFncKy.exe" [BU]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 163840]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-12 1005096]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-05 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-19 2221352]
"FLMOFFICE4DMOUSE"="c:\program files\mousedrive\mouse32a.exe" [2008-07-12 356352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"wfmtqtps"="c:\documents and settings\cody\Local Settings\Application Data\nxfrifkyt\dkrirdftssd.exe" [2010-07-11 293632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-7-17 155648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 11:50 AM 98816]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/26/2011 5:32 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/26/2011 5:32 PM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\PEDrv.sys --> c:\sysprep\PEDrv.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/10/2008 3:25 PM 717296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-27 00:32]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-27 00:32]
.
2011-06-20 c:\windows\Tasks\Norton Security Scan for cody.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 11:18]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://desktop.google.com/networkhelp9.html
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0A83C69B-C87E-4C54-B0E6-A886F2305C49}: NameServer = 93.188.162.168,93.188.166.199
TCP: Interfaces\{D9D56180-898C-4B24-A009-6A1B517BA04C}: NameServer = 93.188.162.168,93.188.166.199
FF - ProfilePath - c:\documents and settings\stormy\Application Data\Mozilla\Firefox\Profiles\q7k0zqss.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-DXDllRegExe - dxdllreg.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-23 11:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(588)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3232)
c:\windows\system32\WININET.dll
c:\progra~1\McAfee\SPAMKI~1\mskoeplg.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\progra~1\mcafee.com\vso\McVSSkt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
c:\program files\mousedrive\MOUDL32A.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\progra~1\mcafee.com\vso\mcshield.exe
c:\progra~1\mcafee.com\agent\mctskshd.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\TODDSrv.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\windows\RTHDCPL.EXE
c:\windows\AGRSMMSG.exe
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\windows\system32\TPSMain.exe
c:\windows\system32\TPSBattM.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-06-23 11:48:10 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-23 18:47
.
Pre-Run: 23,823,204,352 bytes free
Post-Run: 25,244,471,296 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 1DF522D7F223F5CCAF64CE8142CA9242


I haven't had any pop-ups since ComboFix rebooted my computer! I don't see anything wrong with my computer any more, thanks so much!

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 PM

Posted 23 June 2011 - 05:31 PM

Hello, desyc.
Great! Glad to hear we are making progress. There is still a lot of work left to do to clear out the virus.



Step 1



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the codebox below into Notepad:

Folder::
c:\documents and settings\stormy\Local Settings\Application Data\Conduit
c:\documents and settings\cody\Local Settings\Application Data\nxfrifkyt\
File::
C:\Documents and Settings\stormy\Local Settings\Application Data\Windows Server\sxsxah.dll
C:\WINDOWS\tasks\16446192.job
C:\WINDOWS\tasks\a7b2303d.job
C:\WINDOWS\tasks\18a38943.job
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\sqmnoopt19.sqm
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wfmtqtps"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=0
"UacDisableNotify"=0
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
MIA::
c:\windows\system32\drivers\npf.sys

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.



Step 2

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\System32\alltoall.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 PM

Posted 26 June 2011 - 07:52 AM

still with me?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 desyc

desyc
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 26 June 2011 - 06:56 PM

Yeah I'm still with you, sorry it took so long to reply. I've tried running combofix several times and every time it just freezes up on the blue window. I've let it run for almost an hour and it did nothing. I don't know what to do.

#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 PM

Posted 27 June 2011 - 05:00 PM

Hello, desyc.
OK, we'll use OTL instead.



Step 1

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :files
    c:\documents and settings\stormy\Local Settings\Application Data\Conduit
    c:\documents and settings\cody\Local Settings\Application Data\nxfrifkyt\
    C:\Documents and Settings\stormy\Local Settings\Application Data\Windows Server\sxsxah.dll
    C:\WINDOWS\tasks\16446192.job
    C:\WINDOWS\tasks\a7b2303d.job
    C:\WINDOWS\tasks\18a38943.job
    C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
    C:\sqmdata00.sqm
    C:\sqmdata01.sqm
    C:\sqmdata02.sqm
    C:\sqmdata03.sqm
    C:\sqmdata04.sqm
    C:\sqmdata05.sqm
    C:\sqmdata06.sqm
    C:\sqmdata07.sqm
    C:\sqmdata08.sqm
    C:\sqmdata09.sqm
    C:\sqmdata10.sqm
    C:\sqmdata11.sqm
    C:\sqmdata12.sqm
    C:\sqmdata13.sqm
    C:\sqmdata14.sqm
    C:\sqmdata15.sqm
    C:\sqmdata16.sqm
    C:\sqmdata17.sqm
    C:\sqmdata18.sqm
    C:\sqmdata19.sqm
    C:\sqmnoopt00.sqm
    C:\sqmnoopt01.sqm
    C:\sqmnoopt02.sqm
    C:\sqmnoopt03.sqm
    C:\sqmnoopt04.sqm
    C:\sqmnoopt05.sqm
    C:\sqmnoopt06.sqm
    C:\sqmnoopt07.sqm
    C:\sqmnoopt08.sqm
    C:\sqmnoopt09.sqm
    C:\sqmnoopt10.sqm
    C:\sqmnoopt11.sqm
    C:\sqmnoopt12.sqm
    C:\sqmnoopt13.sqm
    C:\sqmnoopt14.sqm
    C:\sqmnoopt15.sqm
    C:\sqmnoopt16.sqm
    C:\sqmnoopt17.sqm
    C:\sqmnoopt18.sqm
    C:\sqmnoopt19.sqm
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "wfmtqtps"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled"=0
    "UacDisableNotify"=0
    "AntiVirusDisableNotify"=0
    "FirewallDisableNotify"=0
    :Commands
    [EmptyTemp]
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 2

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\System32\alltoall.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/



Step 3

Download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

If you have a 64-bit system, please download the 64 bit version from here:
SystemLook (64-bit)

  • Double-click SystemLook.exe to run it.
  • A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
  • Copy and Paste the content of the following codebox into the main textfield under "File":
    :filefind
    npf.*
    
  • Please Confirm everything is copied and Pasted as I have provided above
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.


Note: The log can also be found on your Desktop entitled SystemLook.txt
2nd Note: The scan may take a while from several seconds to a minute or more depending on the number of files you have and how fast your computer can perform the task


etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 desyc

desyc
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 28 June 2011 - 10:44 PM

OTL fix
All processes killed
========== FILES ==========
c:\documents and settings\stormy\Local Settings\Application Data\Conduit\Toolbar\Facebook folder moved successfully.
c:\documents and settings\stormy\Local Settings\Application Data\Conduit\Toolbar folder moved successfully.
c:\documents and settings\stormy\Local Settings\Application Data\Conduit folder moved successfully.
c:\documents and settings\cody\Local Settings\Application Data\nxfrifkyt folder moved successfully.
C:\Documents and Settings\stormy\Local Settings\Application Data\Windows Server\sxsxah.dll moved successfully.
File\Folder C:\WINDOWS\tasks\16446192.job not found.
File\Folder C:\WINDOWS\tasks\a7b2303d.job not found.
File\Folder C:\WINDOWS\tasks\18a38943.job not found.
File\Folder C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job not found.
C:\sqmdata00.sqm moved successfully.
C:\sqmdata01.sqm moved successfully.
C:\sqmdata02.sqm moved successfully.
C:\sqmdata03.sqm moved successfully.
C:\sqmdata04.sqm moved successfully.
C:\sqmdata05.sqm moved successfully.
C:\sqmdata06.sqm moved successfully.
C:\sqmdata07.sqm moved successfully.
C:\sqmdata08.sqm moved successfully.
C:\sqmdata09.sqm moved successfully.
C:\sqmdata10.sqm moved successfully.
C:\sqmdata11.sqm moved successfully.
C:\sqmdata12.sqm moved successfully.
C:\sqmdata13.sqm moved successfully.
C:\sqmdata14.sqm moved successfully.
C:\sqmdata15.sqm moved successfully.
C:\sqmdata16.sqm moved successfully.
C:\sqmdata17.sqm moved successfully.
C:\sqmdata18.sqm moved successfully.
C:\sqmdata19.sqm moved successfully.
C:\sqmnoopt00.sqm moved successfully.
C:\sqmnoopt01.sqm moved successfully.
C:\sqmnoopt02.sqm moved successfully.
C:\sqmnoopt03.sqm moved successfully.
C:\sqmnoopt04.sqm moved successfully.
C:\sqmnoopt05.sqm moved successfully.
C:\sqmnoopt06.sqm moved successfully.
C:\sqmnoopt07.sqm moved successfully.
C:\sqmnoopt08.sqm moved successfully.
C:\sqmnoopt09.sqm moved successfully.
C:\sqmnoopt10.sqm moved successfully.
C:\sqmnoopt11.sqm moved successfully.
C:\sqmnoopt12.sqm moved successfully.
C:\sqmnoopt13.sqm moved successfully.
C:\sqmnoopt14.sqm moved successfully.
C:\sqmnoopt15.sqm moved successfully.
C:\sqmnoopt16.sqm moved successfully.
C:\sqmnoopt17.sqm moved successfully.
C:\sqmnoopt18.sqm moved successfully.
C:\sqmnoopt19.sqm moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\wfmtqtps deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirstRunDisabled"|0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"UacDisableNotify"|0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusDisableNotify"|0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallDisableNotify"|0 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: cody
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 7438379 bytes
->Java cache emptied: 503149 bytes
->FireFox cache emptied: 99941070 bytes
->Flash cache emptied: 50215 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: stormy
->Temp folder emptied: 1550710 bytes
->Temporary Internet Files folder emptied: 773906 bytes
->Java cache emptied: 994059 bytes
->FireFox cache emptied: 354184969 bytes
->Apple Safari cache emptied: 14336 bytes
->Flash cache emptied: 58633 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 115168 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3114977 bytes

Total Files Cleaned = 447.00 mb


OTL by OldTimer - Version 3.2.24.1 log created on 06282011_200553

Files\Folders moved on Reboot...
C:\Documents and Settings\stormy\Local Settings\Temporary Internet Files\Content.Word\~WRS{A85DBC6B-B808-4011-89FD-F224A91BCA47}.tmp moved successfully.
C:\Documents and Settings\stormy\Local Settings\Temporary Internet Files\Content.Word\~WRS{E4F05B8B-F61C-4190-BD99-58BB006EE6FA}.tmp moved successfully.
C:\Documents and Settings\stormy\Local Settings\Temporary Internet Files\Content.Word\~WRS{FB878A96-37BD-469A-9F29-A03B69F4C8BA}.tmp moved successfully.

Registry entries deleted on Reboot...



OTL.Txt
OTL logfile created on: 6/28/2011 8:22:45 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\stormy\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.04 Mb Total Physical Memory | 70.36 Mb Available Physical Memory | 15.77% Memory free
1.03 Gb Paging File | 0.56 Gb Available in Paging File | 54.75% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.23 Gb Total Space | 23.62 Gb Free Space | 31.82% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-USER | User Name: stormy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/23 10:54:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/18 14:07:08 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\stormy\My Documents\Downloads\OTL.exe
PRC - [2011/03/22 11:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/07/12 15:25:45 | 000,356,352 | ---- | M] () -- C:\Program Files\mousedrive\mouse32a.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/02/18 17:29:02 | 002,221,352 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
PRC - [2006/07/25 15:35:58 | 000,364,544 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PRC - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006/03/27 21:47:22 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2006/02/07 16:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2005/11/11 17:00:56 | 001,005,096 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
PRC - [2005/11/11 16:43:04 | 000,548,864 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
PRC - [2005/11/11 16:42:12 | 000,524,288 | ---- | M] (McAfee Security) -- C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
PRC - [2005/10/13 19:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe
PRC - [2005/09/26 11:22:28 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2005/09/26 10:26:58 | 000,110,592 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKAgent.exe
PRC - [2005/09/22 18:29:08 | 000,303,104 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2005/08/24 16:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe
PRC - [2005/08/11 22:02:44 | 000,053,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\VSO\oasclnt.exe
PRC - [2005/08/10 12:49:20 | 000,163,840 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\VSO\mcvsshld.exe
PRC - [2005/08/10 11:22:02 | 000,221,184 | ---- | M] (McAfee Inc.) -- c:\Program Files\McAfee.com\VSO\McShield.exe
PRC - [2005/07/12 18:10:18 | 000,963,072 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe
PRC - [2005/07/12 17:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/07/08 18:16:16 | 000,483,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\VSO\McVSEscn.exe
PRC - [2005/05/31 21:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/05/31 20:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/04/26 16:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/01/17 16:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/08/28 00:37:00 | 000,155,648 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/28 00:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2003/12/22 08:38:40 | 000,135,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
PRC - [2003/08/04 17:28:18 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd.exe


========== Modules (SafeList) ==========

MOD - [2011/06/18 14:07:08 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\stormy\My Documents\Downloads\OTL.exe
MOD - [2008/07/12 15:25:45 | 000,073,728 | ---- | M] () -- C:\Program Files\mousedrive\mouDL32A.dll
MOD - [2008/04/13 17:12:51 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2005/09/26 18:12:52 | 000,098,304 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\VSO\McVSSkt.Dll
MOD - [2005/08/17 10:38:00 | 000,143,360 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKOEPlg.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/02/07 16:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/11/11 16:43:04 | 000,548,864 | ---- | M] (McAfee Corporation) [Auto | Running] -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService)
SRV - [2005/10/13 19:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe -- (McDetect.exe)
SRV - [2005/09/26 11:22:28 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2005/08/24 16:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe)
SRV - [2005/08/10 11:22:02 | 000,221,184 | ---- | M] (McAfee Inc.) [Auto | Running] -- c:\Program Files\McAfee.com\VSO\McShield.exe -- (McShield)
SRV - [2005/07/12 18:10:18 | 000,963,072 | ---- | M] (McAfee Inc.) [Auto | Running] -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe -- (MskService)
SRV - [2005/07/12 17:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/07/01 19:22:50 | 000,245,760 | ---- | M] (McAfee, Inc) [On_Demand | Stopped] -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe)
SRV - [2005/01/17 16:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 00:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2004/01/05 00:27:32 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2008/08/10 15:25:08 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/08/24 11:37:50 | 004,374,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/07/17 15:22:49 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/06/28 11:50:00 | 000,098,816 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2006/05/30 16:42:52 | 000,045,696 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/04/01 17:46:28 | 000,471,264 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006/03/18 07:36:42 | 001,155,584 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/03/17 17:24:10 | 001,520,640 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/02 18:49:50 | 000,015,360 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/02/26 14:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/11/11 16:43:52 | 000,080,640 | ---- | M] (McAfee) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MpFirewall.sys -- (MPFIREWL)
DRV - [2005/10/20 14:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/08/24 15:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/08/10 11:22:10 | 000,114,464 | ---- | M] (McAfee Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)
DRV - [2005/06/02 03:33:00 | 000,102,384 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/01/29 14:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 13:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-21-248480588-4011437580-1029270233-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-248480588-4011437580-1029270233-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-248480588-4011437580-1029270233-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.msn.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 10:55:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/18 14:01:46 | 000,000,000 | ---D | M]

[2010/07/12 16:02:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\stormy\Application Data\Mozilla\Extensions
[2011/06/28 19:55:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\stormy\Application Data\Mozilla\Firefox\Profiles\q7k0zqss.default\extensions
[2010/07/16 02:05:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\stormy\Application Data\Mozilla\Firefox\Profiles\q7k0zqss.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/28 19:55:07 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\stormy\Application Data\Mozilla\Firefox\Profiles\q7k0zqss.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/06/13 09:09:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/04 21:00:42 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/14 20:56:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 15:50:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\STORMY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Q7K0ZQSS.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2010/07/14 20:55:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/23 10:55:00 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2007/08/29 14:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/22 11:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2011/06/18 14:01:22 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/23 11:35:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee AntiPhishing Filter) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\Program Files\McAfee\SpamKiller\McApfBHO.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (McAfee, Inc.)
O3 - HKU\S-1-5-21-248480588-4011437580-1029270233-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\mousedrive\mouse32a.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] C:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
O4 - HKLM..\Run: [MSKAGENTEXE] C:\Program Files\McAfee\SpamKiller\MSKAgent.exe (McAfee Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [VirusScan Online] c:\Program Files\McAfee.com\VSO\mcvsshld.exe (McAfee, Inc.)
O4 - HKLM..\Run: [VSOCheckTask] C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe (McAfee, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-248480588-4011437580-1029270233-1008..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-248480588-4011437580-1029270233-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-248480588-4011437580-1029270233-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-248480588-4011437580-1029270233-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-248480588-4011437580-1029270233-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\Program Files\McAfee\SpamKiller\McApfBHO.dll (McAfee, Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212705122291 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212705108588 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\stormy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\stormy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/17 11:54:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/28 20:05:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/28 19:52:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/26 16:21:06 | 000,000,000 | --SD | C] -- C:\etavaresCF11969e
[2011/06/26 16:20:26 | 000,000,000 | --SD | C] -- C:\etavaresCF22310e
[2011/06/26 16:00:44 | 000,000,000 | --SD | C] -- C:\etavaresCF14854e
[2011/06/26 15:51:53 | 000,000,000 | --SD | C] -- C:\etavaresCF
[2011/06/23 11:19:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/23 11:13:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/23 11:13:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/23 11:13:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/23 11:13:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/23 11:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/23 11:13:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/23 11:08:51 | 004,135,090 | R--- | C] (Swearware) -- C:\Documents and Settings\stormy\Desktop\etavaresCF.exe
[2011/06/18 14:49:45 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/06/13 09:56:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/06/05 16:05:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/06/05 16:05:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\stormy\Start Menu\Programs\Administrative Tools
[2006/07/17 13:26:20 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[1 C:\Documents and Settings\stormy\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\stormy\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/28 20:17:22 | 000,216,032 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2011/06/28 20:14:12 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/28 20:13:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/28 19:48:59 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/28 19:48:27 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\stormy\Desktop\Microsoft Office Word 2007.lnk
[2011/06/28 19:46:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/26 18:00:01 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for cody.job
[2011/06/23 11:35:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/23 11:19:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/06/23 11:09:07 | 004,135,090 | R--- | M] (Swearware) -- C:\Documents and Settings\stormy\Desktop\etavaresCF.exe
[2011/06/18 14:00:28 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/05 15:25:34 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\stormy\defogger_reenable
[1 C:\Documents and Settings\stormy\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\stormy\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/23 11:19:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/06/23 11:19:20 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/23 11:13:42 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/23 11:13:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/23 11:13:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/23 11:13:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/23 11:13:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/18 14:02:05 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/06/05 15:24:49 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\stormy\defogger_reenable
[2011/05/10 16:55:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\stormy\Local Settings\Application Data\{61DA1BE1-B0BD-4CF5-A5CF-5B1F12DC63BC}
[2011/05/07 15:42:15 | 000,081,276 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/04 21:19:35 | 009,079,808 | ---- | C] () -- C:\WINDOWS\System32\alltoall.exe
[2010/10/04 21:01:58 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/07/12 00:52:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\stormy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/12 00:52:22 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\stormy\Local Settings\Application Data\fusioncache.dat
[2010/06/17 15:54:24 | 000,170,496 | ---- | C] () -- C:\WINDOWS\Ptyzya.exe
[2010/06/04 11:08:13 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/04/20 19:34:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/07/23 21:46:24 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/20 16:57:32 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2008/06/20 16:57:32 | 000,029,232 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2008/06/01 18:20:06 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2008/06/01 18:20:06 | 000,029,232 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2008/05/29 18:07:59 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ControlWZCS.exe
[2008/05/29 18:07:56 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2008/05/29 18:07:51 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2008/05/29 18:07:36 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe
[2006/08/31 10:07:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/31 09:36:18 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/08/31 09:36:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/08/10 11:51:29 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/08/10 11:51:29 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/08/10 11:51:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/08/10 11:51:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/08/10 11:51:29 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/08/10 11:51:29 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/07/27 11:22:05 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/07/17 15:21:30 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/07/17 15:05:24 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/07/17 13:59:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/07/17 13:59:37 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/07/17 13:59:37 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/07/17 13:32:05 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/07/17 13:32:04 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/07/17 13:32:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/07/17 13:32:04 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/07/17 13:26:20 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/07/17 11:59:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/17 11:56:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/17 11:52:32 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/17 11:51:28 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/07/17 11:27:48 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/07/17 11:24:23 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/07/17 11:24:17 | 000,445,938 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/07/17 11:24:17 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/07/17 11:24:17 | 000,072,978 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/07/17 11:24:17 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/07/17 11:24:14 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/07/17 11:24:13 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/07/17 11:24:08 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/07/17 11:23:58 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/07/17 11:23:58 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/07/17 11:23:42 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/07/17 11:23:30 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/07/17 04:47:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/17 04:46:22 | 000,380,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/02/13 16:29:26 | 000,121,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/08/24 15:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2004/01/05 00:27:36 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

< End of report >



Jotti
Filename: ffmpeg.exe
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Sat 9 May 2009 19:56:30 (CET) Permalink


SystemLook.txt
SystemLook 04.09.10 by jpshortstuff
Log created at 20:37 on 28/06/2011 by stormy
Administrator - Elevation successful

========== filefind ==========

Searching for "npf.*"
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\npf.sys.vir --a---- 32512 bytes [02:38 07/07/2008] [05:10 03/08/2005] D21FEE8DB254BA762656878168AC1DB6

-= EOF =-

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 PM

Posted 29 June 2011 - 07:00 AM

Did you upload alltoall.exe to Jotti? It registered it as ffmpeg.exe and provided a scan from 2 years ago. It does that if it thinks it already scanned the file. We need a more recent scan though. Please upload it to VirusTotal (instructions and link above in my last post). If there is an option to "rescan the file" if it tells you it already scanned it, please do so.

Jotti
Filename: ffmpeg.exe
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Sat 9 May 2009 19:56:30 (CET) Permalink



How is your computer running now?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 desyc

desyc
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 02 July 2011 - 09:35 PM

I don't know what you wanted from the results, so I just copied it all.

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
alltoall.exe
Submission date:
2011-07-03 01:56:01 (UTC)
Current status:
finished
Result:
0/ 42 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.07.03.00 2011.07.02 -
AntiVir 7.11.10.199 2011.07.02 -
Antiy-AVL 2.0.3.7 2011.07.02 -
Avast 4.8.1351.0 2011.07.02 -
Avast5 5.0.677.0 2011.07.03 -
AVG 10.0.0.1190 2011.07.02 -
BitDefender 7.2 2011.07.03 -
CAT-QuickHeal 11.00 2011.07.02 -
ClamAV 0.97.0.0 2011.07.02 -
Commtouch 5.3.2.6 2011.07.02 -
Comodo 9257 2011.07.03 -
DrWeb 5.0.2.03300 2011.07.03 -
eSafe 7.0.17.0 2011.06.29 -
eTrust-Vet 36.1.8421 2011.07.01 -
F-Prot 4.6.2.117 2011.07.02 -
F-Secure 9.0.16440.0 2011.07.03 -
Fortinet 4.2.257.0 2011.07.02 -
GData 22 2011.07.03 -
Ikarus T3.1.1.104.0 2011.07.02 -
Jiangmin 13.0.900 2011.07.02 -
K7AntiVirus 9.107.4863 2011.07.01 -
Kaspersky 9.0.0.837 2011.07.03 -
McAfee 5.400.0.1158 2011.07.03 -
McAfee-GW-Edition 2010.1D 2011.07.03 -
Microsoft 1.7000 2011.07.02 -
NOD32 6260 2011.07.03 -
Norman 6.07.10 2011.07.02 -
nProtect 2011-07-02.01 2011.07.02 -
Panda 10.0.3.5 2011.07.02 -
PCTools 8.0.0.5 2011.07.01 -
Prevx 3.0 2011.07.03 -
Rising 23.64.04.03 2011.07.01 -
Sophos 4.67.0 2011.07.03 -
SUPERAntiSpyware 4.40.0.1006 2011.07.03 -
Symantec 20111.1.0.186 2011.07.03 -
TheHacker 6.7.0.1.246 2011.07.01 -
TrendMicro 9.200.0.1012 2011.07.02 -
TrendMicro-HouseCall 9.200.0.1012 2011.07.03 -
VBA32 3.12.16.4 2011.07.01 -
VIPRE 9754 2011.07.03 -
ViRobot 2011.7.2.4546 2011.07.02 -
VirusBuster 14.0.106.1 2011.07.02 -
Additional information
MD5 : 633a84aded12c904c05646e198aecb4b
SHA1 : 50d71de16bb253733aa35439953d4fd6ecea2ebd
SHA256: 94b11df9b2ad1ecbb8456688fb7ea9e2c0975cd418b5dc9b71371790161628ac
ssdeep: 196608:/z8omxWDdXwt6t/SfSAKqzXmTiQmfbt4sp:/z9mxWl/eVmT2
File size : 9079808 bytes
First seen: 2009-03-04 05:27:40
Last seen : 2011-07-03 01:56:01
TrID:
InstallShield setup (46.1%)
Win32 Executable MS Visual C++ (generic) (40.3%)
Win32 Executable Generic (9.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1130
timedatestamp....: 0x496C1F6E (Tue Jan 13 04:58:22 2009)
machinetype......: 0x14c (I386)

[[ 7 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x62F8C4, 0x62FA00, 6.51, 0fccd4d454ee60d020163e6a16c0f60a
.rotext, 0x631000, 0x1ABE3, 0x1AC00, 5.92, 9c10be51b053f2fa4eb4f4b89dde0f15
.data, 0x64C000, 0x12E978, 0x12EA00, 1.83, eb52932d38fd1fc0bb4c969c2265855b
.rdata, 0x77B000, 0x12AFA4, 0x12B000, 6.01, 838828b3efd08ed5a408fcab002dc0ba
.rodata, 0x8A6000, 0x3150, 0x3200, 5.95, 09586d1e7a20bde0954a11bf1bfc1402
.bss, 0x8AA000, 0x3C28D0, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.idata, 0xC6D000, 0x15A8, 0x1600, 5.21, a98be499989eb264ff066a1c40c83e1f

[[ 7 import(s) ]]
KERNEL32.dll: CloseHandle, CreateEventA, CreateMutexA, CreateSemaphoreA, CreateThread, DeleteCriticalSection, DuplicateHandle, EnterCriticalSection, ExitProcess, FreeLibrary, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetLastError, GetProcAddress, GetProcessAffinityMask, GetProcessTimes, GetSystemInfo, GetSystemTimeAsFileTime, GetThreadContext, GetThreadPriority, GetTickCount, InitializeCriticalSection, InterlockedDecrement, InterlockedExchange, InterlockedExchangeAdd, IsDBCSLeadByteEx, LeaveCriticalSection, LoadLibraryA, MultiByteToWideChar, OpenProcess, ReleaseMutex, ReleaseSemaphore, ResetEvent, ResumeThread, SetEvent, SetLastError, SetThreadContext, SetThreadPriority, SetUnhandledExceptionFilter, Sleep, SuspendThread, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, WaitForMultipleObjects, WaitForSingleObject, WideCharToMultiByte
msvcrt.dll: _close, _fdopen, _getch, _isatty, _kbhit, _open, _read, _setmode, _strdup, _swab, _tempnam, _unlink, _write
msvcrt.dll: __getmainargs, __lc_codepage, __mb_cur_max, __p__environ, __p__fmode, __set_app_type, _assert, _atoi64, _beginthreadex, _cexit, _endthreadex, _errno, _filbuf, _ftime, _iob, _isctype, _lseeki64, _onexit, _pctype, _setjmp, _setmode, _stricmp, _strnicmp, abort, acos, asin, atan, atexit, atof, atoi, calloc, ceil, cos, cosh, exit, exp, fclose, fflush, fgetc, floor, fopen, fprintf, fputc, fread, free, frexp, fscanf, fseek, ftell, fwrite, getenv, gmtime, isalpha, isprint, isspace, ldexp, localeconv, localtime, log, log10, longjmp, malloc, memchr, memcpy, memmove, memset, mktime, perror, pow, qsort, rand, realloc, rename, signal, sin, sinh, sprintf, sqrt, srand, sscanf, strcat, strchr, strcmp, strcpy, strcspn, strerror, strlen, strncmp, strncpy, strpbrk, strrchr, strspn, strstr, strtok, strtol, strtoul, tan, tanh, time, tolower, toupper, ungetc, vfprintf, vsprintf, wcslen
USER32.dll: DestroyWindow, GetWindowLongA, SendMessageA, SetWindowLongA
AVICAP32.DLL: capCreateCaptureWindowA
AVIFIL32.DLL: AVIFileExit, AVIFileGetStream, AVIFileInfoA, AVIFileInit, AVIFileOpenA, AVIFileRelease, AVIStreamInfoA, AVIStreamRead, AVIStreamReadFormat, AVIStreamRelease
WS2_32.DLL: WSACleanup, WSAGetLastError, WSASetLastError, WSAStartup, __WSAFDIsSet, bind, closesocket, connect, gethostbyname, gethostname, getsockname, getsockopt, htonl, htons, inet_ntoa, ioctlsocket, ntohl, ntohs, recv, recvfrom, select, send, sendto, setsockopt, socket
ExifTool:
file metadata
CodeSize: 6608896
EntryPoint: 0x1130
FileSize: 8.7 MB
FileType: Win32 EXE
ImageVersion: 1.0
InitializedDataSize: 2482688
LinkerVersion: 2.56
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
PEType: PE32
Subsystem: Windows command line
SubsystemVersion: 4.0
TimeStamp: 2009:01:13 05:58:22+01:00
UninitializedDataSize: 3942912



My computer's been running fine, no pop-ups, but my internet is really slow for some reason, that's why it's been so hard to reply to you. It freezes up easily whenever I try to do things, but it's mostly when I'm on the internet that it happens, doing anything else on the computer is pretty easy.

#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 PM

Posted 03 July 2011 - 10:03 AM

Hello, desyc.

OK, we'll do a few more things.



Step 1

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 25..
  • Save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version(s) shown below:
    Java™ 6 Update 21
    J2SE Runtime Environment 5.0 Update 6
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u25-windows-i586-s.exe to install the newest version.




Step 2

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :OTL
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O3 - HKU\S-1-5-21-248480588-4011437580-1029270233-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [DXDllRegExe] File not found
    O4 - HKLM..\Run: [TFncKy] File not found
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
    :Commands
    [EmptyTemp]
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 3

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Step 4

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image



Step 5

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 PM

Posted 08 July 2011 - 06:31 AM

still with me?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 PM

Posted 10 July 2011 - 05:46 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users