Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anti spyware, Google redirect, keeps reinfecting


  • This topic is locked This topic is locked
38 replies to this topic

#1 galoot

galoot

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 08 August 2011 - 12:04 PM

.
DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by Administrator at 10:37:17 on 2011-08-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.393 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Security Client\msseces.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QwestTouchPointAgent] "c:\program files\qwest\desktop\QwestTouchPointAgent.exe" /autostart
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [nwiz] nwiz.exe /install
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249756183347
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/chuzzle/popcaploader_v6.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{B7A03571-65BC-4335-8A81-2EE5BA5D2A21} : DhcpNameServer = 192.168.0.1 205.171.3.25
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\hsfm0tdp.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
FF - plugin: c:\program files\common files\doubletwist\NPPodcast.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\DivXHTML5
FF - Ext: XULRunner: {AAFBEA90-D882-4AC0-B360-D48F232E7EB7} - c:\documents and settings\randall\local settings\application data\{AAFBEA90-D882-4AC0-B360-D48F232E7EB7}
.
============= SERVICES / DRIVERS ===============
.
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-7-18 123264]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
S1 MpKsl27216be6;MpKsl27216be6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc31591f-14ea-49d6-a943-3bad7b8666c7}\mpksl27216be6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc31591f-14ea-49d6-a943-3bad7b8666c7}\MpKsl27216be6.sys [?]
S1 MpKsl433d1feb;MpKsl433d1feb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{df363413-bb46-475e-844c-0093e7e34402}\mpksl433d1feb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{df363413-bb46-475e-844c-0093e7e34402}\MpKsl433d1feb.sys [?]
S1 MpKsl492aefc5;MpKsl492aefc5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a7229d58-4a71-415b-92b1-9ec1544f19d8}\mpksl492aefc5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a7229d58-4a71-415b-92b1-9ec1544f19d8}\MpKsl492aefc5.sys [?]
S1 MpKsl6098cfad;MpKsl6098cfad;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{84844c6e-b0b5-453d-a082-a1fa2d755d83}\mpksl6098cfad.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{84844c6e-b0b5-453d-a082-a1fa2d755d83}\MpKsl6098cfad.sys [?]
S1 MpKsl6685ad52;MpKsl6685ad52;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{08f1c1e1-0025-4192-9ba6-c05247b455d7}\mpksl6685ad52.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{08f1c1e1-0025-4192-9ba6-c05247b455d7}\MpKsl6685ad52.sys [?]
S1 MpKsl80879dcc;MpKsl80879dcc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6eb559c1-860e-46a3-a1fb-e518da34efc7}\mpksl80879dcc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6eb559c1-860e-46a3-a1fb-e518da34efc7}\MpKsl80879dcc.sys [?]
S1 MpKsla0d4d4b4;MpKsla0d4d4b4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17a5e6d3-8282-4099-b42f-e3993b1a25a3}\mpksla0d4d4b4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17a5e6d3-8282-4099-b42f-e3993b1a25a3}\MpKsla0d4d4b4.sys [?]
S1 MpKsld89e932d;MpKsld89e932d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{888e30c0-00b1-49b0-83c2-c1d856d58949}\mpksld89e932d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{888e30c0-00b1-49b0-83c2-c1d856d58949}\MpKsld89e932d.sys [?]
S1 MpKslddb8b68f;MpKslddb8b68f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9d5381de-1841-4474-abd2-7d74554e5695}\mpkslddb8b68f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9d5381de-1841-4474-abd2-7d74554e5695}\MpKslddb8b68f.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-4-14 6656]
S2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
S2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-9-8 237056]
S2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-9-8 1034752]
S2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-9-8 484352]
S3 cpuz132;cpuz132;\??\c:\docume~1\randall\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\randall\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2012-1-17 11520]
.
=============== Created Last 30 ================
.
2012-01-18 22:05:33 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2012-01-18 22:05:32 -------- d-----w- c:\program files\WinMerge
2012-01-18 04:42:41 -------- d-----w- c:\documents and settings\all users\application data\Western Digital
2012-01-18 04:42:09 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2012-01-18 04:41:00 -------- d-----w- c:\program files\Western Digital
2011-08-08 09:00:27 -------- d-----w- c:\windows\LastGood.Tmp
2011-08-08 05:31:05 -------- dc-h--w- c:\windows\ie8
2011-08-08 05:30:17 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-08-07 01:57:05 -------- d-----w- C:\autoruns
2011-08-06 02:14:34 -------- d-----w- c:\documents and settings\administrator\application data\SUPERAntiSpyware.com
2011-08-06 02:10:37 -------- d-----w- c:\documents and settings\all users\application data\!SASCORE
2011-08-06 02:10:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-06 02:10:32 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-08-05 15:24:37 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6eb559c1-860e-46a3-a1fb-e518da34efc7}\mpengine.dll
2011-08-05 04:19:29 -------- d-----w- c:\program files\Microsoft Security Client
2011-08-05 00:36:46 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-08-05 00:36:46 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-01 00:25:05 -------- d-----w- c:\documents and settings\all users\application data\ParetoLogic
2011-07-30 02:21:29 0 ---ha-w- c:\windows\Qsasafec.bin
2011-07-30 02:20:40 63488 --sha-r- c:\windows\system32\MFC71ITA5.dll
2011-07-30 02:20:40 63488 --sha-r- c:\windows\system32\langwrbkz.dll
2011-07-30 02:20:40 63488 --sha-r- c:\windows\system32\gcdef6.dll
2011-07-30 02:20:36 -------- d-----w- c:\program files\Yontoo Layers Runtime
2011-07-30 02:20:26 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2011-07-30 02:19:21 177664 ---ha-w- c:\windows\Sfanya.exe
.
==================== Find3M ====================
.
2011-07-14 16:28:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-07 01:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 01:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 17:53:02 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-16 00:56:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-16 00:56:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 10:38:28.09 ===============
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-08 10:47:14
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 MAXTOR_6L040L2 rev.A93.0500
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxryrpoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 galoot

galoot
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 08 August 2011 - 02:25 PM

Here is the attach file. I have been working with moderator:boopme. It looked like we were all cleaned up but couldn't do windows update this morning and browsers began redirecting again.

#3 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:01 AM

Posted 08 August 2011 - 03:14 PM

Good evening. :)

Here is the attach file.

Where? I suggest you just copy and paste it rather than trying to attach it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You have a couple of entries in your log that point to files on your PC that I would like to have checked - if they are still present.

Please go to Jotti's and click on the Browse... button at the top and navigate to the following files in turn, and then click on Submit:

c:\windows\system32\MFC71ITA5.dll
c:\windows\system32\langwrbkz.dll
c:\windows\system32\gcdef6.dll
c:\windows\Sfanya.exe


When all the scans have been completed, for each file in turn, please copy and paste the "Permalink" that you'll find in the "Jotti's malware scan" box in the upper left hand part of the page into your next reply.

If this site is busy, try VirusTotal: Click the Browse ... button, navigate to the file and double click it and then click the Send button.

You may need to set Windows to show All Hidden Files and Folders - Instructions can be found here.
* These files are hidden to stop you accidentally removing something important.
It is advisable to hide them again after you have done.
*

So long, and thanks for all the fish.

 

 


#4 galoot

galoot
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 08 August 2011 - 03:24 PM

I don't see c:\windows. Could it be hidden?

#5 galoot

galoot
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 08 August 2011 - 03:33 PM

It was hidden. Did the Malware do that????

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:01 AM

Posted 08 August 2011 - 03:35 PM

Taken from the page that I linked to -

By default Windows hides certain files from being seen with Windows Explorer or My Computer. This is done to protect these files, which are usually system files, from accidentally being modified or deleted by the user.


So long, and thanks for all the fish.

 

 


#7 galoot

galoot
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 08 August 2011 - 03:48 PM

Silly me missed that last paragraph of your post :whistle:

#8 galoot

galoot
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 08 August 2011 - 04:04 PM

I did not find those file but found these that are close all posted the same results. Sfanya was one of the files that win patrol kept reporting as trying to run.

c:\windows\system32\MFC71ITA.dll
c:\windows\system32\langwrbk.dll
c:\windows\system32\gcdef.dll


Filename: MFC71ITA.DLL
Status:
Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Tue 8 Feb 2011 06:29:05 (CET) Permalink

Filename: Sfanya.exe
Status:
Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Mon 8 Aug 2011 23:00:36 (CET) Permalink

#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:01 AM

Posted 08 August 2011 - 04:55 PM

Here is the attach file.

Where? I suggest you just copy and paste it rather than trying to attach it.

Will you let me have a copy of Attach.txt.

So long, and thanks for all the fish.

 

 


#10 galoot

galoot
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 08 August 2011 - 05:42 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/7/2009 10:32:05 PM
System Uptime: 8/8/2011 10:10:07 AM (0 hours ago)
.
Motherboard: Intel Corporation | | D845EPT2
Processor: Intel® Pentium® 4 CPU 2.53GHz | X1 | 2525/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 15.365 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_8086&DEV_24CD&SUBSYS_01321028&REV_01\3&267A616A&0&EF
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_8086&DEV_24CD&SUBSYS_01321028&REV_01\3&267A616A&0&EF
Service:
.
==== System Restore Points ===================
.
RP969: 7/30/2011 12:51:09 AM - System Checkpoint
RP970: 7/30/2011 12:58:34 AM - Restore Operation
RP971: 7/31/2011 9:31:33 AM - System Checkpoint
RP972: 8/1/2011 10:35:48 AM - System Checkpoint
RP973: 8/2/2011 11:22:43 AM - System Checkpoint
RP974: 8/3/2011 1:29:51 PM - Software Distribution Service 3.0
RP975: 8/4/2011 6:20:14 PM - Restore Operation
RP976: 8/4/2011 6:31:03 PM - Software Distribution Service 3.0
RP977: 8/4/2011 6:34:26 PM - Restore Operation
RP978: 8/5/2011 9:24:14 AM - Software Distribution Service 3.0
RP979: 8/6/2011 3:16:49 PM - System Checkpoint
RP980: 8/7/2011 5:47:42 PM - System Checkpoint
RP981: 8/7/2011 11:33:18 PM - Installed Windows Internet Explorer 8.
RP982: 8/7/2011 11:34:31 PM - Software Distribution Service 3.0
RP983: 8/8/2011 3:00:19 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AiO_Scan_CDA
AiOSoftwareNPI
Amazon MP3 Downloader 1.0.12
Apple Application Support
Apple Software Update
Battleship - Fleet Command (remove only)
Bonjour
BufferChm
Byki
Byki Express
C3100
c3100_Help
CCleaner
CDBurnerXP
Chessmaster Challenge
Chessmaster Challenge (remove only)
Compatibility Pack for the 2007 Office system
CustomerResearchQFolder
Dell ResourceCD
Destinations
DeviceManagementQFolder
DivX Setup
DocProc
DocProcQFolder
doubleTwist
eSupportQFolder
Family Feud Holiday Edition (remove only)
Fax_CDA
ffdshow [rev 2527] [2008-12-19]
Foxit PDF Editor
Foxit Reader
Free M4a to MP3 Converter 6.2
Graboid Video 2.06
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Product Detection
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
Idaho Child Support Program
Initio USB Default Controller Driver 32-bit
InstantShareDevicesMFC
Intkey
Java Auto Updater
Java™ 6 Update 25
Malwarebytes' Anti-Malware version 1.51.1.1800
MarketResearch
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 6-9 Converter
Mozilla Firefox (3.6.18)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NewCopy_CDA
NVIDIA Display Driver
OCR Software by I.R.I.S 7.0
PanoStandAlone
ProductContextNPI
QuickTime
Qwest Installer
Qwest QuickAssist Desktop Tools
Readme
RealPlayer
Risk II (remove only)
Scan
ScannerCopy
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype Toolbars
Skype™ 5.3
SolutionCenter
Spybot - Search & Destroy
Status
SUPERAntiSpyware
Toolbox
TrayApp
TurboTax 2010
TurboTax 2010 widiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.0.1
WD SmartWare
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinMerge 2.12.4
WinPatrol 2009
Yontoo Layers Runtime 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
8/8/2011 10:26:16 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1159.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
8/7/2011 4:47:22 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.
8/7/2011 4:41:43 PM, error: i8042prt [41] - An error occurred while enabling the mouse to transmit information. The device has been reset in an attempt to make the device functional.
8/6/2011 9:37:11 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: intelppm
8/6/2011 9:32:57 PM, error: Service Control Manager [7034] - The WD File Management Shadow Engine service terminated unexpectedly. It has done this 1 time(s).
8/6/2011 9:32:56 PM, error: Service Control Manager [7034] - The WDDMService service terminated unexpectedly. It has done this 1 time(s).
8/6/2011 9:32:56 PM, error: Service Control Manager [7034] - The SupportSoft Listener Service service terminated unexpectedly. It has done this 1 time(s).
8/6/2011 9:32:56 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
8/6/2011 9:32:56 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
8/6/2011 9:32:56 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
8/6/2011 9:32:56 PM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
8/6/2011 9:32:56 PM, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
8/6/2011 9:16:27 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
8/6/2011 12:31:06 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
8/6/2011 12:31:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/6/2011 12:30:28 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/6/2011 11:13:00 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/6/2011 10:12:00 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1159.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
8/6/2011 10:01:44 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ASPI32 Fips intelppm MpFilter OMCI SASDIFSV SASKUTIL
8/6/2011 10:00:39 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/5/2011 8:04:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ASPI32 Fips intelppm MpFilter OMCI
8/4/2011 12:10:57 AM, error: Service Control Manager [7034] - The WD File Management Engine service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

Attached Files



#11 galoot

galoot
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 08 August 2011 - 05:49 PM

My "add reply" attempts are not always working. The last one took 3 attempts.

#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:01 AM

Posted 09 August 2011 - 02:16 PM

Good evening. :)

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

So long, and thanks for all the fish.

 

 


#13 galoot

galoot
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 09 August 2011 - 04:39 PM

C:\Documents and Settings\Randall\My Documents\My Data Sources\incredimail_install.exe Win32/Downloader.ImLoader.C application
C:\Program Files\FoxTabAudioConverter\AudioConverter.exe a variant of Win32/InstallCore.A application
C:\Program Files\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application
C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
C:\WINDOWS\ovewulaqocu.dll a variant of Win32/Kryptik.RAA trojan

#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:01 AM

Posted 09 August 2011 - 05:13 PM

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

So long, and thanks for all the fish.

 

 


#15 galoot

galoot
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 09 August 2011 - 06:06 PM

OTL logfile created on: 8/9/2011 4:58:14 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Randall\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:

766.80 Mb Total Physical Memory | 321.46 Mb Available Physical Memory | 41.92% Memory free
1.83 Gb Paging File | 1.17 Gb Available in Paging File | 63.78% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 15.11 Gb Free Space | 40.56% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: RELATIONSMART | User Name: Randall | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/09 16:57:15 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Randall\My Documents\Downloads\OTL.scr
PRC - [2011/07/18 18:02:03 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/15 10:50:57 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/21 12:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/09/08 11:45:10 | 001,034,752 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/09/08 11:44:50 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2010/09/08 11:42:28 | 005,185,536 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2010/09/08 11:41:36 | 000,237,056 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/02/12 10:34:13 | 000,045,992 | ---- | M] (Qwest Communications) -- C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe
PRC - [2009/08/23 11:39:01 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/07 13:16:51 | 000,337,216 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | -HS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
PRC - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2001/08/17 16:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2011/08/09 16:57:15 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Randall\My Documents\Downloads\OTL.scr
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/04/07 13:17:03 | 000,062,776 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/18 18:02:03 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/08 11:45:10 | 001,034,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/09/08 11:44:50 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/09/08 11:41:36 | 000,237,056 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2008/01/08 12:02:12 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/14 18:15:34 | 000,006,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iPodDrv.sys -- (iPodDrv)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/02/13 13:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/13 12:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 12:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/02/06 16:05:14 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32)
DRV - [2004/08/03 23:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 13:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001/08/17 07:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 07:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 07:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 07:28:10 | 000,073,279 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_SPKP.sys -- (SpeakerPhone)
DRV - [2001/08/17 07:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 07:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 07:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 07:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 07:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 07:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [2001/08/17 06:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 06:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 06:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 06:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - prefs.js..extensions.enabledItems: {AAFBEA90-D882-4AC0-B360-D48F232E7EB7}:1.9.1
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z039&form=ZGAADF&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\Documents and Settings\All Users\Application Data\RealArcade\npraclient.dll (RealNetworks)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\Randall\Local Settings\Application Data\RobloxVersions\version-20c577f966e441d9\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Randall\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Randall\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/07/29 16:33:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{AAFBEA90-D882-4AC0-B360-D48F232E7EB7}: C:\Documents and Settings\Randall\Local Settings\Application Data\{AAFBEA90-D882-4AC0-B360-D48F232E7EB7} [2011/07/29 20:21:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/15 10:52:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/15 10:52:02 | 000,000,000 | ---D | M]

[2009/09/27 01:31:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Randall\Application Data\Mozilla\Extensions
[2009/09/27 01:31:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Randall\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2011/07/30 10:29:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Randall\Application Data\Mozilla\Firefox\Profiles\j31wv7a1.default\extensions
[2011/04/08 23:03:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Randall\Application Data\Mozilla\Firefox\Profiles\j31wv7a1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2011/06/12 15:57:03 | 000,000,000 | ---D | M] (Veehd Plugin) -- C:\Documents and Settings\Randall\Application Data\Mozilla\Firefox\Profiles\j31wv7a1.default\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}(2)
[2011/02/03 14:57:25 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Randall\Application Data\Mozilla\Firefox\Profiles\j31wv7a1.default\searchplugins\bing-zugo.xml
[2010/03/16 11:33:24 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\Randall\Application Data\Mozilla\Firefox\Profiles\j31wv7a1.default\searchplugins\conduit.xml
[2011/08/08 13:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/16 12:16:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/04/08 23:02:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/15 18:57:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/07/29 20:21:16 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\RANDALL\LOCAL SETTINGS\APPLICATION DATA\{AAFBEA90-D882-4AC0-B360-D48F232E7EB7}
[2011/07/29 16:33:10 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011/05/15 18:57:01 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/08 23:03:59 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT
[2010/03/09 04:00:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/05/15 18:56:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/08/12 18:06:26 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2009/03/30 17:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npraclient.dll

O1 HOSTS File: ([2010/07/21 13:16:10 | 000,413,985 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14321 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QwestTouchPointAgent] C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe (Qwest Communications)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249756183347 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/chuzzle/popcaploader_v6.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Randall\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Randall\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/07 22:29:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/08/06 20:03:14 | 000,000,000 | ---D | M] - C:\autoruns -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/18 16:05:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinMerge
[2012/01/18 16:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\WinMerge
[2012/01/17 22:44:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randall\Local Settings\Application Data\Western_Digital
[2012/01/17 22:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2012/01/17 22:42:09 | 000,011,520 | ---- | C] (Western Digital Technologies) -- C:\WINDOWS\System32\drivers\wdcsam.sys
[2012/01/17 22:41:00 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2012/01/17 22:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WD SmartWare
[2012/01/17 22:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randall\Local Settings\Application Data\Western Digital
[2011/08/09 16:13:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/08/09 14:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/08/08 08:30:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Randall\IECompatCache
[2011/08/07 23:31:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8
[2011/08/06 19:57:05 | 000,000,000 | ---D | C] -- C:\autoruns
[2011/08/05 23:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randall\Application Data\SUPERAntiSpyware.com
[2011/08/05 20:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/08/05 20:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/08/05 20:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/08/05 20:10:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/05 19:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randall\My Documents\virus clean
[2011/08/04 22:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/08/04 18:35:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Randall\Recent
[2011/07/31 18:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randall\Application Data\DriverCure
[2011/07/31 18:25:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randall\Application Data\ParetoLogic
[2011/07/31 18:25:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/07/29 20:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randall\Local Settings\Application Data\{AAFBEA90-D882-4AC0-B360-D48F232E7EB7}
[2011/07/29 20:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Runtime
[2011/07/29 20:20:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/07/29 16:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Randall\Application Data\DDMSettings

========== Files - Modified Within 30 Days ==========

[2012/01/18 16:05:35 | 000,000,635 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinMerge.lnk
[2012/01/17 22:42:21 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/08/08 18:26:12 | 000,000,322 | -HS- | M] () -- C:\WINDOWS\tasks\Yecdan.job
[2011/08/08 18:26:12 | 000,000,318 | -HS- | M] () -- C:\WINDOWS\tasks\IDGHWFJTT.job
[2011/08/08 18:26:12 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\tasks\Rpqnjkdbn.job
[2011/08/08 18:26:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/08 15:31:41 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/08 08:12:50 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Randall\Desktop\Microsoft Office Word 2003.lnk
[2011/08/08 07:54:20 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Randall\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/08 03:01:14 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/07 16:36:34 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/08/07 15:55:58 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Mhufeseh.dat
[2011/08/07 12:00:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Qsasafec.bin
[2011/08/06 12:39:27 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/06 06:01:20 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Randall\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/06 06:01:19 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Randall\Desktop\Google Chrome.lnk
[2011/08/05 20:13:27 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/04 22:20:55 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/08/04 22:18:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/03 14:01:59 | 000,177,664 | ---- | M] () -- C:\WINDOWS\Sfanya.exe
[2011/07/31 18:14:38 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/07/29 20:20:40 | 000,063,488 | RHS- | M] () -- C:\WINDOWS\System32\MFC71ITA5.dll
[2011/07/29 20:20:40 | 000,063,488 | RHS- | M] () -- C:\WINDOWS\System32\langwrbkz.dll
[2011/07/29 20:20:40 | 000,063,488 | RHS- | M] () -- C:\WINDOWS\System32\gcdef6.dll
[2011/07/29 16:33:19 | 000,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2011/07/29 16:33:18 | 000,001,449 | ---- | M] () -- C:\Documents and Settings\Randall\Desktop\DivX Movies.lnk
[2011/07/29 16:32:40 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2011/07/28 03:04:33 | 000,704,870 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/07/14 10:24:42 | 000,181,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/01/18 16:05:35 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinMerge.lnk
[2011/08/07 23:33:58 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/08/06 21:00:20 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/08/06 21:00:20 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/08/05 20:13:27 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/05 09:28:04 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/04 22:19:56 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/07/29 20:21:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Qsasafec.bin
[2011/07/29 20:21:26 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Mhufeseh.dat
[2011/07/29 20:20:44 | 000,000,322 | -HS- | C] () -- C:\WINDOWS\tasks\Yecdan.job
[2011/07/29 20:20:44 | 000,000,318 | -HS- | C] () -- C:\WINDOWS\tasks\IDGHWFJTT.job
[2011/07/29 20:20:44 | 000,000,316 | -HS- | C] () -- C:\WINDOWS\tasks\Rpqnjkdbn.job
[2011/07/29 20:20:40 | 000,063,488 | RHS- | C] () -- C:\WINDOWS\System32\MFC71ITA5.dll
[2011/07/29 20:20:40 | 000,063,488 | RHS- | C] () -- C:\WINDOWS\System32\langwrbkz.dll
[2011/07/29 20:20:40 | 000,063,488 | RHS- | C] () -- C:\WINDOWS\System32\gcdef6.dll
[2011/07/29 20:19:21 | 000,177,664 | ---- | C] () -- C:\WINDOWS\Sfanya.exe
[2011/07/29 16:32:40 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2011/04/21 15:26:06 | 000,099,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/15 03:45:47 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/11/22 16:44:47 | 000,117,132 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2010/11/22 16:39:22 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2010/11/21 21:50:42 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/11/21 21:44:21 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/07/10 19:41:16 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/12 12:04:44 | 000,000,253 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/06/10 00:40:57 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Randall\Local Settings\Application Data\housecall.guid.cache
[2010/01/27 01:35:33 | 000,024,716 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/25 10:15:45 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Randall\Application Data\Launch Internet Explorer Browser.lnk
[2009/12/05 01:32:29 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/05 01:32:29 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/12/05 01:32:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/10/07 12:30:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Randall\Local Settings\Application Data\prvlcl.dat
[2009/08/22 21:41:40 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Randall\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/10 10:55:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/08/09 00:24:23 | 000,118,010 | ---- | C] () -- C:\WINDOWS\hpoins09.dat.temp
[2009/08/09 00:24:23 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat.temp
[2009/08/08 22:55:51 | 000,118,010 | ---- | C] () -- C:\WINDOWS\hpoins09.dat
[2009/08/08 22:55:51 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat
[2009/08/08 22:55:41 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/08/08 12:48:44 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/08/08 08:46:36 | 000,000,477 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/07 22:35:37 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2009/08/07 22:32:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/08/07 22:26:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/10/06 15:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/25 15:44:16 | 000,435,990 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/06/25 15:44:16 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/06/25 15:44:15 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/06/25 15:44:14 | 000,068,694 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/06/25 15:43:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/06/25 15:43:52 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/06/25 15:43:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/06/25 15:40:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/06/25 15:40:47 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/06/25 15:37:54 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/06/25 15:37:20 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/12/31 20:50:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/12/31 20:49:27 | 000,181,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/08/05 20:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2010/11/01 18:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/01/15 03:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/11/21 21:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\doubleTwist Corporation
[2009/08/08 17:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2010/05/25 14:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/08/14 21:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2011/08/04 22:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/05/25 13:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/01/03 16:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/06/12 20:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Qwest
[2010/05/25 14:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2011/07/29 20:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/08/04 22:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/15 16:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2010/01/14 22:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2012/01/17 22:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2009/12/01 15:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/04/15 16:31:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7D4B3D1D-104E-4507-9123-568BC721B7E2}
[2011/01/20 22:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randall\Application Data\Amazon
[2009/12/05 23:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randall\Application Data\AnvSoft
[2009/10/30 01:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randall\Application Data\AVG9
[2010/03/06 00:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randall\Application Data\Blender Foundation
[2011/01/15 03:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randall\Application Data\Canneverbe Limited
[2010/07/28 18:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randall\Application Data\Chessmaster Challenge
[2011/07/29 16:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randall\Application Data\DDMSettings
[2011/07/31 18:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randall\Application Data\DriverCure
[2009/08/12 18:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randall\Application Data\Foxit
[2011/06/07 17:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randall\Application Data\Image Zone Express
[2009/09/27 01:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randall\Application Data\IMVUClient
[2011/01/05 22:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randall\Application Data\iWin
[2010/05/11 12:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randall\Application Data\OpenOffice.org
[2011/07/31 18:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randall\Application Data\ParetoLogic
[2009/09/20 00:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randall\Application Data\W Photo Studio Viewer
[2010/01/31 18:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randall\Application Data\WinPatrol
[2011/08/08 18:26:12 | 000,000,318 | -HS- | M] () -- C:\WINDOWS\Tasks\IDGHWFJTT.job
[2011/08/08 15:31:41 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/08/08 18:26:12 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\Tasks\Rpqnjkdbn.job
[2011/08/08 18:26:12 | 000,000,322 | -HS- | M] () -- C:\WINDOWS\Tasks\Yecdan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

OTL Extras logfile created on: 8/9/2011 4:58:14 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Randall\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:

766.80 Mb Total Physical Memory | 321.46 Mb Available Physical Memory | 41.92% Memory free
1.83 Gb Paging File | 1.17 Gb Available in Paging File | 63.78% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 15.11 Gb Free Space | 40.56% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: RELATIONSMART | User Name: Randall | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{056268CC-BC9E-4948-83BF-0C1E0E955883}" = Initio USB Default Controller Driver 32-bit
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{8386E3AD-7DEA-1D17-601E-644D9C84C19B}" = Chessmaster Challenge
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98D451C4-4ACA-4273-BB47-57CFE46B048E}" = WD SmartWare
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools
"{A8D4A9E2-9654-445A-93EC-54089D5B64EA}" = Idaho Child Support Program
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AE29CC62-C835-40FD-99C6-292F90D58DF8}" = TurboTax 2010 widiper
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C96FF998-45BD-411E-9253-B7F2660FE280}" = Qwest Installer
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"Battleship - Fleet Command" = Battleship - Fleet Command (remove only)
"Byki Express" = Byki Express
"CCleaner" = CCleaner
"Chessmaster Challenge" = Chessmaster Challenge (remove only)
"DivX Setup.divx.com" = DivX Setup
"doubleTwist" = doubleTwist
"ESET Online Scanner" = ESET Online Scanner v3
"Family Feud Holiday Edition" = Family Feud Holiday Edition (remove only)
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Graboid Video" = Graboid Video 2.06
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Intkey" = Intkey
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Driver" = NVIDIA Display Driver
"RealPlayer 12.0" = RealPlayer
"Risk II" = Risk II (remove only)
"TurboTax 2010" = TurboTax 2010
"VLC media player" = VLC media player 1.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMerge_is1" = WinMerge 2.12.4
"WinPatrol" = WinPatrol 2009
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Randall
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/7/2011 1:24:29 AM | Computer Name = RELATIONSMART | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.51.1.1076, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/8/2011 10:15:01 AM | Computer Name = RELATIONSMART | Source = Application Error | ID = 1000
Description = Faulting application hpqtra08.exe, version 70.0.170.0, faulting module
unknown, version 0.0.0.0, fault address 0x00ee7de0.

Error - 8/8/2011 12:26:16 PM | Computer Name = RELATIONSMART | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 8/9/2011 2:18:10 PM | Computer Name = RELATIONSMART | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4182, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/9/2011 2:18:22 PM | Computer Name = RELATIONSMART | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4182, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.

Error - 8/9/2011 4:09:21 PM | Computer Name = RELATIONSMART | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/9/2011 4:09:21 PM | Computer Name = RELATIONSMART | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/9/2011 4:09:36 PM | Computer Name = RELATIONSMART | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 8/9/2011 4:09:36 PM | Computer Name = RELATIONSMART | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/9/2011 4:09:36 PM | Computer Name = RELATIONSMART | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

[ System Events ]
Error - 8/8/2011 4:31:02 PM | Computer Name = RELATIONSMART | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/8/2011 4:33:09 PM | Computer Name = RELATIONSMART | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/8/2011 4:34:18 PM | Computer Name = RELATIONSMART | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/8/2011 5:30:40 PM | Computer Name = RELATIONSMART | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/8/2011 5:33:09 PM | Computer Name = RELATIONSMART | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
intelppm

Error - 8/8/2011 6:39:05 PM | Computer Name = RELATIONSMART | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/8/2011 6:40:08 PM | Computer Name = RELATIONSMART | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ASPI32 Fips intelppm MpFilter OMCI SASDIFSV SASKUTIL

Error - 8/8/2011 6:42:16 PM | Computer Name = RELATIONSMART | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/8/2011 8:25:13 PM | Computer Name = RELATIONSMART | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/8/2011 8:27:44 PM | Computer Name = RELATIONSMART | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
intelppm


< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users