Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with Rootkit.Win32.ZAccess.e, HiddenFile.Multi.Generic, Trojan.Win32.Patched.mf,, Backdoor.Agent.Gen) -> Value: Shell ->


  • This topic is locked This topic is locked
70 replies to this topic

#1 mda

mda

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 02 November 2011 - 01:17 AM

m ades, windows xp sp3


to whomever can help- i tried to remove some viruses
using info from bleeping, but am not having any luck.

i downloaded a file that i thought could help me on another
matter, but it had a virus that zone alarm's active scan did not
catch.

it was a rootkit virus. i tried tdsskiller several times as well as
malwarebytes, and thought i finally got rid of it. then another
virus popped up despite my not having connected to the internet.

another was this patch virus that kept redirecting my opera
browser. malwarebytes did not see this, but zone alarm did.
i tried to get rid of it and used tdsskiller, and thought i did.
i had to keep switching between safe mode and
normal mode to do it. i had no problems for two weeks, then
both seemed to pop up again. my guess is that i never
actually got rid of them. i tried zone alarm, malwarebytes,
and tdsskiller over and over again, with no luck. then my
ability to connect to the net went away. i gave up and restored
my hdd using the file i made just after i thought i had gotten
rid of the problems, so that though i would still have the viruses,
i would get back the net. using tdsskiller and malwarebytes
still did not work, and a new virus showed up. .

i'm including the logs from zone alarm, malwarebytes, and tdsskiller.

i would really appreciate help.



first to show up. used tdsskiller, seemed to be removed, kept showing back up.

(Forged): C:\WINDOWS\system32\DRIVERS\intelppm.sys.
Real md5: 8bcdcdc99c2a7d37306c0b64a77a48f3,
Fake md5: 8c953733d8f36eb2133f5bb58808b66b 04:53:26.0649 3620
intelppm ( Rootkit.Win32.ZAccess.e )

second to show up, used mbam, seemed to be removed, kept showing back up.

HKLM\SYSTEM\ControlSet001\services\1cf6efbe - will be deleted on reboot
HKLM\SYSTEM\ControlSet003\services\1cf6efbe - will be deleted on reboot
C:\WINDOWS\3203397148:3809022017.exe - will be deleted on reboot1cf6efbe
( HiddenFile.Multi.Generic ) - User select action: Delete
C:\WINDOWS\system32\DRIVERS\intelppm.sys - will be cured on reboot
intelppm ( Rootkit.Win32.ZAccess.e ) - User select action: Cure

third to show up- shown in zone alarm, not in mbam or tdsskiller. since i needed
the files, i removed by replacing file and deleting no-name file in dos. some have
shown back up.

Trojan.Win32.Patched.mf,c:\program files\widcomm\bluetooth software\bin\btwdins.exe
Trojan.Win32.Patched.mf,c:\program files\lsi softmodem\agrsmsvc.exe
Trojan.Win32.Patched.mf,c:\program files\java\jre6\bin\jqs.exe
Trojan.Win32.Patched.mf,c:\program files\visioneer\onetouch 4.0\otservice.exe
Trojan.Win32.Patched.mf,c:\program files\intel\intel matrix storage manager\iaantmon.exe
Trojan.Win32.Patched.mf,c:\program files\hewlett-packard\shared\hpqwmiex.exe
Trojan.Win32.Patched.mf,c:\program files\common files\acronis\schedule2\schedul2.exe
Trojan.Win32.Patched.mf,c:\program files\hewlett-packard\hp quick launch buttons\com4qlbex.exe


fourth to show up, mbam, will not delete

Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent.Gen) -> Value: Shell ->

BC AdBot (Login to Remove)

 


#2 mda

mda
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 02 November 2011 - 01:22 AM

ps i have mbam, zone alarm,tdss,
and hijack logs, but was not sure
how to post them since the number
of text characters on this page
was limited.

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,009 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:15 AM

Posted 03 November 2011 - 10:06 AM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 mda

mda
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 03 November 2011 - 06:20 PM

sorry, no can do. cannot connect to web again by any method other than by cellphone. due to virus. cannot dl amything. cannot upload my hijack logs.

Edited by Orange Blossom, 03 November 2011 - 06:29 PM.
Removed unnecessary quote. ~ OB


#5 mda

mda
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 03 November 2011 - 07:26 PM

got net access working, at least temporarily
by going back two restore points.

Attached File  hijackthis-10-31-11-normal mode.log   9.65KB   3 downloadsAttached File  hijackthis-10-31-11-safemode.log   8.35KB   0 downloadsAttached File  mbam-log-2011-10-31 (20-32-28).txt   1007bytes   1 downloadsAttached File  tdss-scan-result-7.txt   30.03KB   5 downloadsAttached File  ZALog-2011.10.16-C.txt   26.03KB   2 downloadsAttached File  ZALog-2011.11.02.txt   591bytes   1 downloads

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:15 AM

Posted 06 November 2011 - 10:27 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know if the problem persists.

#7 mda

mda
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 06 November 2011 - 11:25 AM

i'll try this as soon as i can, and get back
to you. it may take me several days due to
my medical issues. thanks.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:15 AM

Posted 06 November 2011 - 01:36 PM

No problems.

If you find the topic closed just PM me. (Personal Message).

#9 mda

mda
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 08 November 2011 - 03:04 AM

on cellphone again. ran combofix. got to line 50 after 90 minutes. cursor at bottom of screen has now sat there for five and a half hours Without anything else happening. not sure what to do now. turn off and reboot? then run combo again?

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:15 AM

Posted 08 November 2011 - 09:12 AM

Open your Task manager (Ctrl+ALT+Del) stop the Combofix process.

If a C:\ComboFix.txt file was not created run ComboFix again.

If the program still take more that 30 minutes to run stop it again and let me know.

#11 mda

mda
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 08 November 2011 - 12:11 PM

i ran combofix again, after making sure i turned off the anti-virus programs and the
cd emulator.

pretty much the same thing happened as before.
the first time, the program popped up a bunch of prompts, had ne download the recovery
console, ran for a few minutes, then told me it needed to reboot. after re-booting,
it ran for 90 minutes, got to stage 50, then stopped. i let it run for more than 5 hours
without anything happening.

the second time i ran combofix, it ran without any prompts showing up, got to stage
50 in ten minutes, then sat there seemingly doing nothing. after 30 minutes, i
closed the window and wrote this.

i'm wondering if running this on my netbook with a 500gb drive is making it slow, or
if it is one of the viruses. and, if it would help if i ran in safe mode or pulled the drive
from the computer and put it in a usb enclosure, then put an old but clean drive into
the computer.

please let me know what to to next. going to try to post this from safe mode.

ps. is there some way to put in a delay of 15 seconds on the boot screen where
the recovery console is shown as a choice?

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:15 AM

Posted 08 November 2011 - 02:29 PM

ps. is there some way to put in a delay of 15 seconds on the boot screen where
the recovery console is shown as a choice?


The timeout period currently set to 2 seconds.

Open your boot.ini file with NotePad. Change the timeout.

[boot loader]
timeout=15

Save the file.

Restart the computer.

When all is well I suggest your lower this timer.
===

Let see if this tool will complete.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.


#13 mda

mda
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 09 November 2011 - 02:42 AM

thanks.

i ran otl. am accessing internet only in safe mode, so i ran
it in that first. i then ran it in normal mode, and only the
otl.txt popped up when that completed. i ran it a second time
with the same result. i am posting all three files.


=================otl.txt-safe mode

OTL logfile created on: 11/8/2011 10:31:53 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\z\0-for hp
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 76.06% Memory free
4.82 Gb Paging File | 4.22 Gb Available in Paging File | 87.57% Paging File free
Paging file location(s): C:\pagefile.sys 3048 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 265.75 Gb Total Space | 163.00 Gb Free Space | 61.33% Space Free | Partition Type: NTFS
Drive D: | 30.91 Gb Total Space | 2.07 Gb Free Space | 6.69% Space Free | Partition Type: FAT32
Drive E: | 59.54 Gb Total Space | 4.97 Gb Free Space | 8.35% Space Free | Partition Type: exFAT
Drive G: | 200.01 Gb Total Space | 7.35 Gb Free Space | 3.68% Space Free | Partition Type: NTFS

Computer Name: PC778030793076 | User Name: mda | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\z\0-for hp\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
PRC - C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe ()
PRC - C:\Documents and Settings\mda\Start Menu\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyexpat.pyd ()
MOD - C:\WINDOWS\system32\ZoneLabs\lib\pyd\_socket.pyd ()
MOD - C:\WINDOWS\system32\ZoneLabs\lib\pyd\signedDll.pyd ()
MOD - C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyvsinit.pyd ()
MOD - C:\WINDOWS\system32\libeay32_0.9.6l.dll ()
MOD - C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll ()


========== Win32 Services (SafeList) ==========

SRV - (OneTouch 4.0 Monitor) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (0297071241189270mcinstcleanup) McAfee Application Installer Cleanup (0297071241189270) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (Agere Systems)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (LSI Corporation)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (JRAID) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (hpdskflt) -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (Accelerometer) -- C:\WINDOWS\system32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)
DRV - (SFAUDIO) -- C:\WINDOWS\system32\drivers\sfaudio.sys (Sonic Focus, Inc)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC)
DRV - (hcw72DTV) -- C:\WINDOWS\system32\drivers\hcw72DTV.sys (Hauppauge Computer Works, Inc.)
DRV - (hcw72ATV) -- C:\WINDOWS\system32\drivers\hcw72ATV.sys (Hauppauge Computer Works, Inc.)
DRV - (hcw72ADFilter) -- C:\WINDOWS\system32\drivers\hcw72ADFilter.sys (Hauppauge Computer Works, Inc.)
DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc)
DRV - (SiRemFil) -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc)
DRV - (SI3132) -- C:\WINDOWS\system32\DRIVERS\SI3132.sys (Silicon Image, Inc)
DRV - (audiobridge) -- C:\WINDOWS\system32\drivers\aubridge.sys (SoundGenetics)
DRV - (TSP) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (HpqKbFiltr) -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: " "
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: printpdf@pavlov.net:0.76
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/19 16:12:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/11/04 23:08:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/12 06:14:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/12 06:15:30 | 000,000,000 | ---D | M]

[2009/05/09 12:09:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mda\Application Data\Mozilla\Extensions
[2009/05/09 12:09:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mda\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/10/13 23:41:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mda\Application Data\Mozilla\Firefox\Profiles\iuhmvpoq.default\extensions
[2011/01/24 14:41:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mda\Application Data\Mozilla\Firefox\Profiles\iuhmvpoq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/08 08:33:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\mda\Application Data\Mozilla\Firefox\Profiles\iuhmvpoq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/24 14:41:33 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\mda\Application Data\Mozilla\Firefox\Profiles\iuhmvpoq.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/01/24 14:41:31 | 000,000,000 | ---D | M] (printpdf) -- C:\Documents and Settings\mda\Application Data\Mozilla\Firefox\Profiles\iuhmvpoq.default\extensions\printpdf@pavlov.net
[2011/10/13 23:41:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/03 11:28:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/11/04 23:08:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/16 02:17:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/05 02:12:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/08 10:03:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/08/03 11:28:10 | 000,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/03 11:28:10 | 000,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/08/03 11:28:14 | 000,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/06/11 21:45:28 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2010/09/01 15:51:58 | 000,035,136 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2009/08/03 11:28:16 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/03 11:28:16 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/03 11:28:16 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/03 11:28:16 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/03 11:28:16 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/03 11:28:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/03 11:28:16 | 000,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2004/08/04 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [1A:Stardock TrayMonitor] File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPCam_Menu] C:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Say the Time] C:\Program Files\Say the Time\SayTime.exe (Provenio Software Corporation)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [zCpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKLM..\RunServices: [1A:Stardock TrayMonitor] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\mda\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - - - No CLSID value found.
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - Unable to open key or key not present!
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/11/08 08:09:31 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/11/07 16:47:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/07 16:43:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/07 16:43:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/07 16:43:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/07 16:43:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/07 16:36:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/07 16:35:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/07 16:35:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\mda\Start Menu\Programs\Administrative Tools
[2011/11/03 16:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/10/31 15:43:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Options
[2011/10/31 13:13:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mda\Z
[2011/10/14 03:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mda\Application Data\Malwarebytes
[2011/10/14 03:44:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/14 03:44:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/14 03:44:49 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/14 03:44:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/13 21:25:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\mda\Local Settings\Application Data\1cf6efbe
[2009/12/20 07:10:16 | 002,091,544 | ---- | C] (CoreCodec, Inc.) -- C:\Documents and Settings\mda\Application Data\coreavc_professional_edition-setup.exe
[2009/04/30 18:01:59 | 000,195,120 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009/04/30 18:01:56 | 000,186,920 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[18 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/11/08 22:24:39 | 000,000,562 | ---- | M] () -- C:\Documents and Settings\mda\Desktop\OTL.exe.lnk
[2011/11/08 22:22:26 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2011/11/08 22:16:58 | 000,355,091 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/11/08 22:16:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/08 08:55:44 | 022,290,720 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2011/11/08 08:55:44 | 000,304,832 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2011/11/08 08:07:29 | 000,648,680 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/08 08:07:29 | 000,133,244 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/08 08:03:43 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack dir 0.job
[2011/11/08 08:03:40 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack EUDORA.job
[2011/11/08 08:03:20 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2801879974-2447935852-2941287461-1007.job
[2011/11/07 16:42:13 | 000,000,593 | ---- | M] () -- C:\Documents and Settings\mda\Desktop\ComboFix.exe.lnk
[2011/11/07 16:29:41 | 000,000,434 | ---- | M] () -- C:\WINDOWS\settings.cM
[2011/11/06 08:02:06 | 000,002,876 | ---- | M] () -- C:\rollback.ini
[2011/11/03 16:02:38 | 000,331,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/03 06:44:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/01 20:06:03 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\mda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/31 17:58:57 | 000,016,360 | ---- | M] () -- C:\WINDOWS\chimes.INI
[2011/10/31 16:11:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/31 12:57:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/14 11:03:56 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/10/14 08:10:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\3203397148
[2011/10/14 03:44:54 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/14 02:08:09 | 000,000,545 | ---- | M] () -- C:\Documents and Settings\mda\Desktop\one.exe.lnk
[2011/10/13 21:27:06 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[18 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/08 22:24:39 | 000,000,562 | ---- | C] () -- C:\Documents and Settings\mda\Desktop\OTL.exe.lnk
[2011/11/07 16:47:28 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/11/07 16:47:26 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/07 16:43:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/07 16:43:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/07 16:43:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/07 16:43:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/07 16:43:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/07 16:42:13 | 000,000,593 | ---- | C] () -- C:\Documents and Settings\mda\Desktop\ComboFix.exe.lnk
[2011/10/31 17:58:43 | 000,016,360 | ---- | C] () -- C:\WINDOWS\chimes.INI
[2011/10/31 15:19:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/14 03:44:54 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/14 02:08:09 | 000,000,545 | ---- | C] () -- C:\Documents and Settings\mda\Desktop\one.exe.lnk
[2011/10/14 00:35:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\3203397148
[2011/10/13 21:27:06 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/18 23:14:49 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/03/09 22:59:36 | 007,277,568 | ---- | C] () -- C:\WINDOWS\System32\3gpcore.dll
[2011/02/24 22:17:00 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2011/02/23 00:12:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2011/02/23 00:11:40 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2011/01/02 04:10:33 | 000,294,120 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/01 04:20:25 | 000,000,918 | ---- | C] () -- C:\Documents and Settings\mda\Application Data\coreavc.ini
[2010/04/15 21:17:30 | 000,032,135 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2010/04/15 21:16:47 | 000,000,135 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/04/15 21:16:03 | 000,142,337 | ---- | C] () -- C:\WINDOWS\System32\Wait.exe
[2010/04/15 21:12:43 | 000,003,925 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2010/04/15 21:11:07 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/04/10 04:54:30 | 022,290,720 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/04/10 04:50:57 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2010/04/10 01:47:46 | 000,003,323 | ---- | C] () -- C:\WINDOWS\sdesk.ini
[2010/04/09 18:06:53 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/06/28 04:55:23 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\mda\Application Data\iRotate.INI
[2009/05/29 01:40:39 | 000,047,104 | ---- | C] () -- C:\Documents and Settings\mda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/10 10:03:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/05/03 07:03:52 | 000,001,172 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2009/05/03 06:06:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/02 19:00:18 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/05/02 19:00:13 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/05/02 19:00:06 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/08 22:27:36 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/04/08 22:26:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2009/04/08 22:22:44 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/10/09 03:33:06 | 000,027,184 | ---- | C] () -- C:\WINDOWS\snuvcdsm.exe
[2008/10/09 03:32:46 | 001,810,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008/10/09 03:31:10 | 000,034,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2008/03/31 13:30:34 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2006/05/19 18:39:58 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2005/08/26 14:28:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2005/08/26 14:27:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2004/08/07 05:16:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 05:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 05:10:30 | 000,648,680 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 05:10:30 | 000,133,244 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 05:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 05:02:54 | 000,331,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 04:57:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 04:54:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 00:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 00:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2011/05/20 00:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/05/04 00:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/05/01 07:27:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/04/09 18:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/04/30 18:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2011/04/01 15:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visioneer
[2011/05/20 00:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mda\Application Data\ACD Systems
[2009/08/15 18:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mda\Application Data\Acronis
[2011/11/03 05:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mda\Application Data\cMail
[2011/08/18 01:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mda\Application Data\FreeFileViewer
[2011/04/01 15:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mda\Application Data\LinkManager 4.0
[2010/04/10 04:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mda\Application Data\MailFrontier
[2010/10/30 02:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mda\Application Data\Opera
[2011/04/24 05:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mda\Application Data\Softland
[2009/05/10 00:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mda\Application Data\Windows Search
[2011/11/08 08:03:43 | 000,000,360 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack dir 0.job
[2011/11/08 08:03:40 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack EUDORA.job

========== Purity Check ==========



< End of report >

===================extras.txt safe mode

OTL Extras logfile created on: 11/8/2011 10:31:53 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\z\0-for hp
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 76.06% Memory free
4.82 Gb Paging File | 4.22 Gb Available in Paging File | 87.57% Paging File free
Paging file location(s): C:\pagefile.sys 3048 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 265.75 Gb Total Space | 163.00 Gb Free Space | 61.33% Space Free | Partition Type: NTFS
Drive D: | 30.91 Gb Total Space | 2.07 Gb Free Space | 6.69% Space Free | Partition Type: FAT32
Drive E: | 59.54 Gb Total Space | 4.97 Gb Free Space | 8.35% Space Free | Partition Type: exFAT
Drive G: | 200.01 Gb Total Space | 7.35 Gb Free Space | 3.68% Space Free | Partition Type: NTFS

Computer Name: PC778030793076 | User Name: mda | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with ACDSee] -- "C:\acdsee\ACDSee32.exe" "%1" (ACD Systems, Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01B3D254-6843-412A-BBF1-02D5C70DF920}" = HP User Guides 0120
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{1DF396A6-8A93-4539-A226-0FFE7301A567}" = OneTouch 4.0
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = AcronisáDisk Director Suite
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 26
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = AcronisáTrueáImageáHome
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 2.10 A2
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.9
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7FD8231E-3991-48D7-A2C8-2C42A7075FB1}" = HP User Guide Bluetooth Addendum 0062
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel« Matrix Storage Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}" = Opera 9.64
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6142247-58B1-40C7-B8E0-965C1A8026A5}" = ACDSee Photo Editor 2008
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Franšais, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Franšais, Deutsch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4830EE9-E795-4CCA-AA7A-612A4E565977}" = SnapAPI
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F2498378-DB5D-45D2-8C86-46D0C7B2CCC1}" = HP 3D DriveGuard
"{F639E2A2-FE6B-4527-B8BE-C1C423B81844}" = HP Webcam
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.5
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Attribute Changer" = Attribute Changer 6.0a
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"doPDF 6 printer_is1" = doPDF 6.2 printer
"FreeFileViewer_is1" = Free File Viewer 2011
"Freez 3GP Video Converter_is1" = Freez 3GP Video Converter 2.0
"HaaliMkx" = Haali Media Splitter
"Hauppauge English Help Files and Resources" = Hauppauge English Help Files and Resources
"Hauppauge Signal Monitor Utility" = Hauppauge Signal Monitor Utility
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV Soft PVR" = Hauppauge WinTV Soft PVR
"HDMI" = Intel® Graphics Media Accelerator Driver
"Hibernate Trigger_is1" = Hibernate Trigger
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{F639E2A2-FE6B-4527-B8BE-C1C423B81844}" = HP Webcam
"iRotate" = iRotate
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.8.0 (Full)
"Loupe" = Loupe
"LSI Soft Modem" = LSI USB 2.0 Soft Modem
"MagicDisc 2.7.97" = MagicDisc 2.7.97
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MIKSOFT Mobile AMR converter_is1" = MIKSOFT Mobile AMR converter
"Mobile Media Converter_is1" = MIKSOFT Mobile Media Converter
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Say the Time" = Say the Time
"SyncBack_is1" = SyncBack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tweak UI 2.10" = Tweak UI
"Virtual Magnifying Glass_is1" = Virtual Magnifying Glass v3.5
"WAV to MP3 Encoder" = WAV to MP3 Encoder
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"yBook_is1" = yBook
"ZoneAlarm Security Suite" = ZoneAlarm Security Suite

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/3/2011 5:18:22 PM | Computer Name = PC778030793076 | Source = Application Error | ID = 1000
Description = Faulting application eudora.exe, version 7.1.0.9, faulting module
x1lib.dll, version 1852.51.38.0, fault address 0x0006e235.

Error - 11/7/2011 8:36:45 PM | Computer Name = PC778030793076 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00e812d0.

Error - 11/7/2011 9:01:12 PM | Computer Name = PC778030793076 | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 18532, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 11/7/2011 9:01:12 PM | Computer Name = PC778030793076 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 11/7/2011 9:01:15 PM | Computer Name = PC778030793076 | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 18532, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

[ System Events ]
Error - 11/8/2011 12:59:56 PM | Computer Name = PC778030793076 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm KLIF

Error - 11/8/2011 1:12:45 PM | Computer Name = PC778030793076 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/9/2011 2:17:56 AM | Computer Name = PC778030793076 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/9/2011 2:18:01 AM | Computer Name = PC778030793076 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm KLIF

Error - 11/9/2011 2:20:22 AM | Computer Name = PC778030793076 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/9/2011 2:20:22 AM | Computer Name = PC778030793076 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/9/2011 2:24:36 AM | Computer Name = PC778030793076 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/9/2011 2:27:13 AM | Computer Name = PC778030793076 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/9/2011 2:27:13 AM | Computer Name = PC778030793076 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/9/2011 2:27:14 AM | Computer Name = PC778030793076 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

=====================otl.txt normal mode

OTL logfile created on: 11/8/2011 10:57:45 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\z\0-for hp
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.92% Memory free
4.82 Gb Paging File | 4.48 Gb Available in Paging File | 92.94% Paging File free
Paging file location(s): C:\pagefile.sys 3048 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 265.75 Gb Total Space | 160.99 Gb Free Space | 60.58% Space Free | Partition Type: NTFS
Drive D: | 30.91 Gb Total Space | 2.07 Gb Free Space | 6.69% Space Free | Partition Type: FAT32
Drive E: | 59.54 Gb Total Space | 4.97 Gb Free Space | 8.35% Space Free | Partition Type: exFAT
Drive G: | 200.01 Gb Total Space | 7.35 Gb Free Space | 3.68% Space Free | Partition Type: NTFS

Computer Name: PC778030793076 | User Name: mda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\z\0-for hp\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Documents and Settings\mda\Start Menu\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (Agere Systems)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\btwicons.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Program Files\Common Files\Acronis\Common\gc.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (OneTouch 4.0 Monitor) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (0297071241189270mcinstcleanup) McAfee Application Installer Cleanup (0297071241189270) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (Agere Systems)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (LSI Corporation)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (JRAID) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (hpdskflt) -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (Accelerometer) -- C:\WINDOWS\system32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)
DRV - (SFAUDIO) -- C:\WINDOWS\system32\drivers\sfaudio.sys (Sonic Focus, Inc)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC)
DRV - (hcw72DTV) -- C:\WINDOWS\system32\drivers\hcw72DTV.sys (Hauppauge Computer Works, Inc.)
DRV - (hcw72ATV) -- C:\WINDOWS\system32\drivers\hcw72ATV.sys (Hauppauge Computer Works, Inc.)
DRV - (hcw72ADFilter) -- C:\WINDOWS\system32\drivers\hcw72ADFilter.sys (Hauppauge Computer Works, Inc.)
DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc)
DRV - (SiRemFil) -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc)
DRV - (SI3132) -- C:\WINDOWS\system32\DRIVERS\SI3132.sys (Silicon Image, Inc)
DRV - (audiobridge) -- C:\WINDOWS\system32\drivers\aubridge.sys (SoundGenetics)
DRV - (TSP) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (HpqKbFiltr) -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: " "
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: printpdf@pavlov.net:0.76
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/19 16:12:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/11/04 23:08:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/12 06:14:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/12 06:15:30 | 000,000,000 | ---D | M]

[2009/05/09 12:09:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mda\Application Data\Mozilla\Extensions
[2009/05/09 12:09:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mda\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/10/13 23:41:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mda\Application Data\Mozilla\Firefox\Profiles\iuhmvpoq.default\extensions
[2011/01/24 14:41:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mda\Application Data\Mozilla\Firefox\Profiles\iuhmvpoq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/08 08:33:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\mda\Application Data\Mozilla\Firefox\Profiles\iuhmvpoq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/24 14:41:33 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\mda\Application Data\Mozilla\Firefox\Profiles\iuhmvpoq.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/01/24 14:41:31 | 000,000,000 | ---D | M] (printpdf) -- C:\Documents and Settings\mda\Application Data\Mozilla\Firefox\Profiles\iuhmvpoq.default\extensions\printpdf@pavlov.net
[2011/10/13 23:41:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/03 11:28:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/11/04 23:08:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/16 02:17:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/05 02:12:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/08 10:03:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/08/03 11:28:10 | 000,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/03 11:28:10 | 000,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/08/03 11:28:14 | 000,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/06/11 21:45:28 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2010/09/01 15:51:58 | 000,035,136 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2009/08/03 11:28:16 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/03 11:28:16 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/03 11:28:16 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/03 11:28:16 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/03 11:28:16 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/03 11:28:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/03 11:28:16 | 000,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2004/08/04 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [1A:Stardock TrayMonitor] File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPCam_Menu] C:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Say the Time] C:\Program Files\Say the Time\SayTime.exe (Provenio Software Corporation)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [zCpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKLM..\RunServices: [1A:Stardock TrayMonitor] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\mda\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\system32\pnrpnsp.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - - - No CLSID value found.
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - Unable to open key or key not present!
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/11/08 08:09:31 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/11/07 16:47:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/07 16:43:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/07 16:43:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/07 16:43:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/07 16:43:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/07 16:36:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/07 16:35:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/07 16:35:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\mda\Start Menu\Programs\Administrative Tools
[2011/11/03 16:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/10/31 15:43:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Options
[2011/10/31 13:13:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mda\Z
[2011/10/14 03:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mda\Application Data\Malwarebytes
[2011/10/14 03:44:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/14 03:44:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/14 03:44:49 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/14 03:44:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/13 21:25:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\mda\Local Settings\Application Data\1cf6efbe
[2009/12/20 07:10:16 | 002,091,544 | ---- | C] (CoreCodec, Inc.) -- C:\Documents and Settings\mda\Application Data\coreavc_professional_edition-setup.exe
[2009/04/30 18:01:59 | 000,195,120 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009/04/30 18:01:56 | 000,186,920 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[18 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/11/08 22:52:10 | 022,297,888 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2011/11/08 22:48:54 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack dir 0.job
[2011/11/08 22:48:40 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack EUDORA.job
[2011/11/08 22:48:31 | 000,355,091 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/11/08 22:48:14 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2801879974-2447935852-2941287461-1007.job
[2011/11/08 22:47:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/08 22:47:31 | 2138,492,928 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/08 22:24:39 | 000,000,562 | ---- | M] () -- C:\Documents and Settings\mda\Desktop\OTL.exe.lnk
[2011/11/08 22:22:26 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2011/11/08 08:55:44 | 000,304,832 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2011/11/08 08:07:29 | 000,648,680 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/08 08:07:29 | 000,133,244 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/07 16:42:13 | 000,000,593 | ---- | M] () -- C:\Documents and Settings\mda\Desktop\ComboFix.exe.lnk
[2011/11/07 16:29:41 | 000,000,434 | ---- | M] () -- C:\WINDOWS\settings.cM
[2011/11/06 08:02:06 | 000,002,876 | ---- | M] () -- C:\rollback.ini
[2011/11/03 16:02:38 | 000,331,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/03 06:44:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/01 20:06:03 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\mda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/31 17:58:57 | 000,016,360 | ---- | M] () -- C:\WINDOWS\chimes.INI
[2011/10/31 16:11:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/31 12:57:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/14 11:03:56 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/10/14 08:10:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\3203397148
[2011/10/14 03:44:54 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/14 02:08:09 | 000,000,545 | ---- | M] () -- C:\Documents and Settings\mda\Desktop\one.exe.lnk
[2011/10/13 21:27:06 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[18 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/08 22:47:31 | 2138,492,928 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/08 22:24:39 | 000,000,562 | ---- | C] () -- C:\Documents and Settings\mda\Desktop\OTL.exe.lnk
[2011/11/07 16:47:28 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/11/07 16:47:26 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/07 16:43:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/07 16:43:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/07 16:43:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/07 16:43:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/07 16:43:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/07 16:42:13 | 000,000,593 | ---- | C] () -- C:\Documents and Settings\mda\Desktop\ComboFix.exe.lnk
[2011/10/31 17:58:43 | 000,016,360 | ---- | C] () -- C:\WINDOWS\chimes.INI
[2011/10/31 15:19:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/14 03:44:54 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/14 02:08:09 | 000,000,545 | ---- | C] () -- C:\Documents and Settings\mda\Desktop\one.exe.lnk
[2011/10/14 00:35:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\3203397148
[2011/10/13 21:27:06 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/18 23:14:49 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/03/09 22:59:36 | 007,277,568 | ---- | C] () -- C:\WINDOWS\System32\3gpcore.dll
[2011/02/24 22:17:00 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2011/02/23 00:12:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2011/02/23 00:11:40 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2011/01/02 04:10:33 | 000,294,120 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/01 04:20:25 | 000,000,918 | ---- | C] () -- C:\Documents and Settings\mda\Application Data\coreavc.ini
[2010/04/15 21:17:30 | 000,032,135 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2010/04/15 21:16:47 | 000,000,135 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/04/15 21:16:03 | 000,142,337 | ---- | C] () -- C:\WINDOWS\System32\Wait.exe
[2010/04/15 21:12:43 | 000,003,925 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2010/04/15 21:11:07 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/04/10 04:54:30 | 022,297,888 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/04/10 04:50:57 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2010/04/10 01:47:46 | 000,003,323 | ---- | C] () -- C:\WINDOWS\sdesk.ini
[2010/04/09 18:06:53 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/06/28 04:55:23 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\mda\Application Data\iRotate.INI
[2009/05/29 01:40:39 | 000,047,104 | ---- | C] () -- C:\Documents and Settings\mda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/10 10:03:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/05/03 07:03:52 | 000,001,172 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2009/05/03 06:06:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/02 19:00:18 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/05/02 19:00:13 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/05/02 19:00:06 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/08 22:27:36 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/04/08 22:26:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2009/04/08 22:22:44 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/10/09 03:33:06 | 000,027,184 | ---- | C] () -- C:\WINDOWS\snuvcdsm.exe
[2008/10/09 03:32:46 | 001,810,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008/10/09 03:31:10 | 000,034,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2008/03/31 13:30:34 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2006/05/19 18:39:58 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2005/08/26 14:28:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2005/08/26 14:27:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2004/08/07 05:16:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 05:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 05:10:30 | 000,648,680 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 05:10:30 | 000,133,244 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 05:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 05:02:54 | 000,331,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 04:57:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 04:54:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 00:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 00:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2011/05/20 00:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/05/04 00:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/05/01 07:27:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/04/09 18:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/04/30 18:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2011/04/01 15:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visioneer
[2011/05/20 00:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mda\Application Data\ACD Systems
[2009/08/15 18:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mda\Application Data\Acronis
[2011/11/03 05:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mda\Application Data\cMail
[2011/08/18 01:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mda\Application Data\FreeFileViewer
[2011/04/01 15:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mda\Application Data\LinkManager 4.0
[2010/04/10 04:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mda\Application Data\MailFrontier
[2010/10/30 02:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mda\Application Data\Opera
[2011/04/24 05:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mda\Application Data\Softland
[2009/05/10 00:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mda\Application Data\Windows Search
[2011/11/08 22:48:54 | 000,000,360 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack dir 0.job
[2011/11/08 22:48:40 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack EUDORA.job

========== Purity Check ==========



< End of report >

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:15 AM

Posted 09 November 2011 - 09:57 AM

Lets clean these empty registry items.

Run OTL - Double-click OTL.exe Posted Image to start it.

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - (OneTouch 4.0 Monitor) -- File not found
    SRV - (AppMgmt) -- File not found
    SRV - (0297071241189270mcinstcleanup) McAfee Application Installer Cleanup (0297071241189270) -- File not found
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\system32\pnrpnsp.dll File not found
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O21 - SSODL: PostBootReminder - - - No CLSID value found.
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
===

Lets see what this tool will find.

Please download to your Desktop:
  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):
  • TDSSKiller_log.txt
how the PC is running now?


#15 mda

mda
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 10 November 2011 - 02:29 AM

using cellphone again. after running otl scanfix with the copied text in the window, i could not boot into safe mode with networking. all i get is a blank screen with .safe mode. in the corners. i could not even run task manager. i could run regular safe mode. i could not run normal windows at all except for task manger. and i could not use it to run explorer. i need to fix whatever scan fix did.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users