Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection system restore


  • This topic is locked This topic is locked
36 replies to this topic

#1 Steven1279

Steven1279

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 03 November 2011 - 01:56 PM

Hello

I got hit with System Restore and I was following those step to remove it. Somehow my system still running slow, pop up web error and has no sound at all. Please help. Here are those log for my system. Thanks

OTL logfile created on: 11/2/2011 4:19:08 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Windows XP Embedded Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 58.09% Memory free
3.82 Gb Paging File | 2.96 Gb Available in Paging File | 77.64% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 133.44 Gb Free Space | 89.55% Space Free | Partition Type: NTFS

Computer Name: POS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/02 16:11:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/10/29 15:01:31 | 000,246,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
PRC - [2011/10/29 15:01:29 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/09/23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/09/13 06:32:40 | 001,227,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/09 13:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/12/09 09:18:50 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\inetsrv\inetinfo.exe
PRC - [2009/08/26 12:49:00 | 002,691,072 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RTDCPL.EXE
PRC - [2009/03/25 10:48:56 | 001,503,290 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
PRC - [2008/10/09 15:58:26 | 001,040,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/27 13:24:34 | 000,467,028 | ---- | M] (Atheros) -- C:\Windows\system32\acs.exe
PRC - [2007/12/12 15:21:06 | 000,065,536 | ---- | M] () -- C:\Program Files\CREUpdateEngine\UpdateEngine.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/29 15:01:31 | 000,246,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
MOD - [2011/10/29 15:01:29 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/10/29 15:01:28 | 001,451,336 | ---- | M] () -- C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
MOD - [2011/10/13 12:11:52 | 001,712,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\24331b719aa25ac2b21099e32232840c\Microsoft.VisualBasic.ni.dll
MOD - [2011/10/13 12:08:28 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/13 12:08:17 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 12:08:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/13 12:07:57 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/13 12:06:37 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/13 12:06:32 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/13 12:06:17 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/13 12:05:03 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 12:04:55 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2010/02/12 12:50:06 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC\SKLibrary\1.7.2600.2180__31bf3856ad364e35\SKLibrary.dll
MOD - [2010/02/12 12:50:06 | 000,012,800 | ---- | M] () -- C:\Windows\assembly\GAC\SoftKeyboardLogic\1.7.2600.2180__31bf3856ad364e35\SoftKeyboardLogic.dll
MOD - [2010/02/12 12:50:06 | 000,009,216 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.SoftKeyboardInterface\1.7.2600.2180__31bf3856ad364e35\Interop.SoftKeyboardInterface.dll
MOD - [2007/12/12 15:21:06 | 000,065,536 | ---- | M] () -- C:\Program Files\CREUpdateEngine\UpdateEngine.exe
MOD - [2007/08/22 16:35:18 | 000,020,480 | ---- | M] () -- C:\Program Files\CREUpdateEngine\UpdateEngine-RemotingLibrary.dll
MOD - [2007/08/22 16:35:18 | 000,016,384 | ---- | M] () -- C:\Program Files\CREUpdateEngine\UpdateEngine-superglobals.dll
MOD - [2007/08/22 16:35:18 | 000,016,384 | ---- | M] () -- C:\Program Files\CREUpdateEngine\UpdateEngine-library.dll
MOD - [2007/08/22 16:35:16 | 000,016,384 | ---- | M] () -- C:\Program Files\CREUpdateEngine\UpdateEngine-logger.dll
MOD - [2007/08/22 15:57:56 | 000,028,672 | ---- | M] () -- C:\Program Files\CREUpdateEngine\SharedAPI.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ekrn)
SRV - File not found [On_Demand | Stopped] -- -- (EHttpSrv)
SRV - [2011/10/29 15:01:31 | 000,246,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2009/12/09 09:21:10 | 000,042,056 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Point Of Service\Microsoft.PointOfService.Service.exe -- (POSPerformanceCounters)
SRV - [2009/12/09 09:18:50 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2009/12/09 09:18:50 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2009/12/09 09:18:50 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2009/12/09 09:18:50 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/06/27 13:24:34 | 000,467,028 | ---- | M] (Atheros) [Auto | Running] -- C:\Windows\system32\acs.exe -- (ACS)
SRV - [2008/04/14 02:42:04 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/03/31 15:37:14 | 000,032,768 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Aldelo\Aldelo EDC AutoDialer\AldeloConnectionManager.exe -- (AldeloConnectionManager)
SRV - [2008/03/14 12:06:12 | 000,192,512 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Aldelo\Aldelo Financial Integrator\Aldelo.FI.WinService.exe -- (Aldelo FI Win Service)
SRV - [2008/02/27 08:54:52 | 000,360,547 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
SRV - [2007/12/12 15:21:06 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\CREUpdateEngine\UpdateEngine.exe -- (CRE Update Engine)
SRV - [2007/05/27 11:13:26 | 000,098,304 | ---- | M] (Star Micronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files\StarMicronics\TSP100\Software\20070601\portemu.exe -- (PortEmulator) Port Emulator (Star)
SRV - [2004/08/31 11:04:02 | 000,123,904 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\DUAgent.exe -- (DUAgent)


========== Driver Services (SafeList) ==========

DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:30 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/04/03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\system32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/10/23 08:14:08 | 005,876,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\RtDHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/07 08:39:12 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\SNMP\BASFND.sys -- (BASFND)
DRV - [2009/05/30 23:41:00 | 000,209,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\k57xp32.sys -- (k57w2k) Broadcom NetLink ™
DRV - [2009/05/22 12:15:50 | 000,090,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2009/05/19 03:43:42 | 000,103,937 | R--- | M] () [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\xTouch.sys -- (xTouch)
DRV - [2009/01/13 23:23:00 | 000,458,752 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\WN111v2.sys -- (WN111v2)
DRV - [2008/10/09 13:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/10/01 13:45:52 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/07/14 12:29:00 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/07/14 12:29:00 | 000,023,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\regflt.sys -- (RegFilter)
DRV - [2008/07/14 12:28:52 | 000,078,464 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\Fbwf.sys -- (FBWF)
DRV - [2008/04/14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 00:16:32 | 000,036,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\BTHPRINT.SYS -- (BTHprint)
DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/14 00:15:34 | 000,011,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\scsiscan.sys -- (scsiscan)
DRV - [2008/04/14 00:11:24 | 000,020,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\ramdisk.sys -- (Ramdisk)
DRV - [2008/04/14 00:06:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\mf.sys -- (mf)
DRV - [2008/04/13 21:09:46 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\mqac.sys -- (MQAC)
DRV - [2007/12/14 01:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2005/11/15 07:25:40 | 000,053,376 | ---- | M] (OEM) [Kernel | System | Running] -- C:\Windows\system32\drivers\oxser.sys -- (oxser)
DRV - [2005/11/15 07:24:04 | 000,005,376 | ---- | M] (OEM) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\oxmfuf.sys -- (Oxmfuf)
DRV - [2005/11/15 07:23:34 | 000,016,512 | ---- | M] (OEM) [Kernel | System | Running] -- C:\Windows\system32\drivers\oxmf.sys -- (oxmf)
DRV - [2005/11/15 07:23:04 | 000,004,736 | ---- | M] (OEM) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\oxmep.sys -- (oxmep)
DRV - [2005/09/06 09:35:36 | 000,048,896 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vserial.sys -- (vserial)
DRV - [2005/09/06 09:35:36 | 000,018,272 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\vsb.sys -- (vsbus)
DRV - [2003/07/24 09:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2001/08/17 21:38:10 | 000,019,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdspx.sys -- (TDSPX)
DRV - [2001/08/17 21:38:04 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdipx.sys -- (TDIPX)
DRV - [2001/08/17 21:38:00 | 000,013,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdasync.sys -- (TDASYNC)
DRV - [2001/08/17 12:54:20 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/17 12:54:20 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 12:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\irsir.sys -- (irsir)
DRV - [2001/08/17 12:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\irstusb.sys -- (STIrUsb)
DRV - [2001/08/17 12:49:04 | 000,023,552 | ---- | M] (MKNet Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\irmk7.sys -- (SIERRA) MKNet MK7100-based VFIR (16Mbps)
DRV - [2001/08/17 12:49:02 | 000,026,624 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\alifir.sys -- (ALiIRDA)
DRV - [2001/08/17 12:48:50 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\MSRIFFWV.sys -- (MSRIFFWV)
DRV - [2001/08/17 12:48:36 | 000,006,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\MSFSIO.sys -- (MSFSIO)
DRV - [2001/08/17 11:10:30 | 000,035,871 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\wbfirdma.sys -- (WBFIRDMA)
DRV - [2001/08/17 11:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 11:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\smcirda.sys -- (NECIRDA)
DRV - [2001/08/17 11:10:26 | 000,028,232 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\tos4mo.sys -- (OBOE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4064713392-2562539939-1164050061-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-4064713392-2562539939-1164050061-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/10/29 15:01:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/02 16:06:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/11/02 16:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/11/02 16:06:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/29 15:01:50 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011/08/25 19:18:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/02/10 08:59:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/28 23:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 17:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2001/08/23 04:00:00 | 000,000,734 | ---- | M]) - C:\Windows\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-4064713392-2562539939-1164050061-1002\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WN111v2\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [RTHDCPL] C:\Windows\RTDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe (NETGEAR)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4064713392-2562539939-1164050061-1002\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-4064713392-2562539939-1164050061-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\system32\pnrpnsp.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265814931421 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1320006084281 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F1802AD-91CB-4B80-8ADB-D79A15FCB3A4}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O18 - Protocol\Handler\vnd.ms.radio - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (%windir%\system32\userinit.exe) -C:\Windows\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SSOExec: DllName - (%windir%\temp\sso\ssoexec.dll) - File not found
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2202a4ca-1580-11df-943f-860da6ee1ac1}\Shell - "" = AutoRun
O33 - MountPoints2\{2202a4ca-1580-11df-943f-860da6ee1ac1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2202a4ca-1580-11df-943f-860da6ee1ac1}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
O33 - MountPoints2\{2202a4ca-1580-11df-943f-860da6ee1ac1}\Shell\Open\command - "" = E:\autorun.exe
O33 - MountPoints2\{a9c70024-e002-11e0-a998-30469a15c9ec}\Shell - "" = AutoRun
O33 - MountPoints2\{a9c70024-e002-11e0-a998-30469a15c9ec}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a9c70024-e002-11e0-a998-30469a15c9ec}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{d934f80b-17d8-11df-a940-002564b6f754}\Shell - "" = AutoRun
O33 - MountPoints2\{d934f80b-17d8-11df-a940-002564b6f754}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d934f80b-17d8-11df-a940-002564b6f754}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
O33 - MountPoints2\{d934f80b-17d8-11df-a940-002564b6f754}\Shell\Open\command - "" = E:\autorun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/02 16:11:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/11/02 16:06:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2011/11/02 16:06:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/11/02 16:06:05 | 014,045,800 | ---- | C] (Mozilla) -- C:\Documents and Settings\Owner\My Documents\Firefox Setup 7.0.1.exe
[2011/11/01 18:22:50 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/10/31 12:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/10/30 15:31:26 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mucltui.dll
[2011/10/30 15:31:26 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mucltui.dll.mui
[2011/10/30 14:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PCHealth
[2011/10/30 12:39:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\NtmsData
[2011/10/29 16:28:23 | 004,277,404 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/10/29 16:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/10/29 16:12:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/29 16:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Speeding Up My PC
[2011/10/29 16:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\RegistryKeys
[2011/10/29 15:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG2012
[2011/10/29 15:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/10/29 15:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG Secure Search
[2011/10/29 15:01:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/10/29 15:01:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011/10/29 15:01:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/10/29 15:01:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/10/29 15:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/10/29 14:52:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/10/29 14:51:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/10/29 14:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TightVNC
[2011/10/29 14:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\ShowMyPCService
[2011/10/29 13:34:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/29 13:11:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/29 13:11:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Videos
[2011/10/29 13:11:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/10/29 13:11:29 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/10/29 12:04:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Recent
[2011/10/14 18:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Identities
[2008/11/20 23:03:14 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\DUAgent.exe

========== Files - Modified Within 30 Days ==========

[2011/11/02 16:13:33 | 108,543,528 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/11/02 16:11:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/11/02 16:06:49 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/02 16:06:49 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/02 16:06:25 | 014,045,800 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner\My Documents\Firefox Setup 7.0.1.exe
[2011/11/01 20:18:13 | 000,617,882 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/01 20:18:13 | 000,137,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/01 20:12:52 | 000,002,048 | ---- | M] () -- C:\Windows\bootstat.dat
[2011/11/01 18:56:39 | 000,002,206 | ---- | M] () -- C:\Windows\System32\wpa.dbl
[2011/11/01 18:22:55 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/11/01 18:21:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/11/01 18:21:22 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2011/10/30 18:52:26 | 000,317,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/29 19:49:18 | 000,000,191 | RHS- | M] () -- C:\boot.ini
[2011/10/29 16:27:56 | 004,277,404 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/10/29 16:22:14 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\unhide.exe
[2011/10/29 16:14:29 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\iExplore.exe
[2011/10/29 16:11:35 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.exe
[2011/10/29 15:01:50 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/10/29 11:42:45 | 000,000,424 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP
[2011/10/29 11:42:45 | 000,000,192 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP
[2011/10/29 11:42:45 | 000,000,088 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr
[2011/10/13 12:01:18 | 000,001,393 | ---- | M] () -- C:\Windows\imsins.BAK
[2011/10/12 19:44:16 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk

========== Files Created - No Company Name ==========

[2011/11/02 16:13:33 | 108,543,528 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/11/02 16:06:49 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/02 16:06:49 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/02 16:06:49 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/01 18:21:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/11/01 18:20:51 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2011/10/29 16:43:07 | 000,002,471 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Aldelo Financial Integrator.lnk
[2011/10/29 16:43:07 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shortcut To Aldelo EDC AutoDialer.lnk
[2011/10/29 16:43:07 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/10/29 16:43:07 | 000,001,710 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WN111v2 Smart Wizard.lnk
[2011/10/29 16:43:07 | 000,001,646 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Restaurant Pro Express.lnk
[2011/10/29 16:43:07 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2011/10/29 16:43:04 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/29 16:43:04 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/10/29 16:43:04 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/10/29 16:42:59 | 000,001,797 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/10/29 16:42:59 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk
[2011/10/29 16:42:58 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2011/10/29 16:42:58 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/10/29 16:42:58 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
[2011/10/29 16:42:58 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Remote Assistance.lnk
[2011/10/29 16:22:02 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\unhide.exe
[2011/10/29 16:14:38 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\iExplore.exe
[2011/10/29 16:11:32 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rkill.exe
[2011/10/29 15:01:50 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/10/29 11:42:45 | 000,000,088 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr
[2011/10/29 11:42:44 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP
[2011/10/29 11:41:57 | 000,000,424 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP
[2010/02/12 12:49:24 | 000,007,909 | ---- | C] () -- C:\Windows\System32\ftpctrs.ini
[2010/02/12 12:49:24 | 000,001,793 | ---- | C] () -- C:\Windows\System32\fxsperf.ini
[2010/02/12 12:48:53 | 000,046,258 | ---- | C] () -- C:\Windows\System32\mib.bin
[2010/02/12 12:48:47 | 000,000,741 | ---- | C] () -- C:\Windows\System32\noise.dat
[2010/02/10 10:56:51 | 000,000,061 | ---- | C] () -- C:\Windows\smscfg.ini
[2010/02/10 08:13:01 | 000,103,937 | R--- | C] () -- C:\Windows\System32\drivers\xTouch.sys
[2010/02/10 08:13:01 | 000,001,221 | R--- | C] () -- C:\Windows\System32\Touchkit_reg.ini
[2010/02/10 07:59:49 | 000,021,791 | ---- | C] () -- C:\Windows\System32\smtpctrs.ini
[2010/02/10 07:59:49 | 000,001,037 | ---- | C] () -- C:\Windows\System32\ntfsdrct.ini
[2010/02/10 07:59:42 | 000,038,576 | ---- | C] () -- C:\Windows\System32\w3ctrs.ini
[2010/02/10 07:59:41 | 000,010,225 | ---- | C] () -- C:\Windows\System32\axperf.ini
[2010/02/10 07:59:40 | 000,011,435 | ---- | C] () -- C:\Windows\System32\infoctrs.ini
[2010/02/09 14:47:31 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/02/09 14:47:30 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/02/09 11:53:49 | 000,317,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/09 06:42:18 | 000,021,640 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/02/09 06:37:26 | 000,004,161 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/11/20 23:04:48 | 000,218,003 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2008/11/20 23:04:43 | 000,002,048 | ---- | C] () -- C:\Windows\bootstat.dat
[2008/11/20 23:04:38 | 000,004,463 | ---- | C] () -- C:\Windows\System32\oembios.dat
[2008/11/20 23:04:37 | 013,107,200 | ---- | C] () -- C:\Windows\System32\oembios.bin
[2008/11/20 23:04:01 | 000,617,882 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2008/11/20 23:04:01 | 000,272,128 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2008/11/20 23:04:01 | 000,137,496 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2008/11/20 23:04:01 | 000,028,626 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2008/11/20 23:03:17 | 000,363,520 | ---- | C] () -- C:\Windows\System32\psisdecd.dll
[2008/06/27 13:18:04 | 000,262,216 | ---- | C] () -- C:\Windows\System32\IPTests.dll
[2008/05/26 19:59:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\structuredqueryschematrivial.bin
[2008/05/26 19:59:40 | 000,106,605 | ---- | C] () -- C:\Windows\System32\structuredqueryschema.bin
[2007/09/27 08:51:02 | 000,020,698 | ---- | C] () -- C:\Windows\System32\idxcntrs.ini
[2007/09/27 08:48:48 | 000,030,628 | ---- | C] () -- C:\Windows\System32\gsrvctr.ini
[2007/09/27 08:48:28 | 000,031,698 | ---- | C] () -- C:\Windows\System32\gthrctr.ini
[2005/04/29 15:11:34 | 000,004,746 | ---- | C] () -- C:\Windows\SigPlus.ini
[2004/11/18 19:17:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\sslAtmel.dll
[2004/11/18 19:17:00 | 000,114,688 | ---- | C] () -- C:\Windows\System32\sslCom.dll
[2004/11/18 19:16:34 | 000,077,824 | ---- | C] () -- C:\Windows\System32\ssl.dll
[2004/11/16 12:46:12 | 000,061,440 | ---- | C] () -- C:\Windows\System32\GetImageC500.dll
[2004/11/16 12:40:12 | 000,122,880 | ---- | C] () -- C:\Windows\System32\SmzCmos1.dll
[2004/11/16 12:26:22 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SMZ_API.dll
[2004/11/16 12:26:20 | 000,057,344 | ---- | C] () -- C:\Windows\System32\FingerPrinterDll.dll
[2004/11/16 12:25:56 | 000,647,168 | ---- | C] () -- C:\Windows\System32\FingerChip.dll
[2004/03/18 16:58:54 | 000,114,688 | ---- | C] () -- C:\Windows\System32\VFMatchSrv.exe

< End of report >

OTL Extras logfile created on: 11/2/2011 4:19:08 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Windows XP Embedded Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 58.09% Memory free
3.82 Gb Paging File | 2.96 Gb Available in Paging File | 77.64% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 133.44 Gb Free Space | 89.55% Space Free | Partition Type: NTFS

Computer Name: POS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-4064713392-2562539939-1164050061-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"137:UDP" = 137:UDP:LocalSubnet:Disabled:NetBIOS Name Service
"138:UDP" = 138:UDP:LocalSubnet:Disabled:NetBIOS Datagram Service
"139:TCP" = 139:TCP:LocalSubnet:Disabled:NetBIOS Session Service
"445:TCP" = 445:TCP:LocalSubnet:Disabled:SMB over TCP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:SSDP
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:UPnp Framework over TCP
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"137:UDP" = 137:UDP:LocalSubNet:Disabled:NetBIOS Name Service
"138:UDP" = 138:UDP:LocalSubNet:Disabled:NetBIOS Datagram Service
"139:TCP" = 139:TCP:LocalSubNet:Disabled:NetBIOS Session Service
"445:TCP" = 445:TCP:LocalSubNet:Disabled:SMB over TCP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:SSDP
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:UPnp Framework over TCP
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CRE.NET\CRE2004.exe" = C:\Program Files\CRE.NET\CRE2004.exe:*:Enabled: -- (PC America)
"C:\Program Files\Aldelo\Aldelo Financial Integrator\Aldelo.FI.Client.exe" = C:\Program Files\Aldelo\Aldelo Financial Integrator\Aldelo.FI.Client.exe:*:Enabled:Aldelo.FI.Client -- ()
"C:\Documents and Settings\Owner\Local Settings\Temp\IXP000.TMP\SMPCSetup.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\IXP000.TMP\SMPCSetup.exe:*:Enabled:SMPCSetup
"C:\Documents and Settings\Owner\Local Settings\Temp\IXP000.TMP\smwinvnc.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\IXP000.TMP\smwinvnc.exe:*:Enabled:TightVNC Win32 Server
"C:\Documents and Settings\Owner\Local Settings\Temp\ShowMyPC\-----------ShowMyPC3105(1)\SMPCSetup.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\ShowMyPC\-----------ShowMyPC3105(1)\SMPCSetup.exe:*:Enabled:SMPCSetup -- (ShowMyPC)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07B06252-CE20-43AE-805A-FF3BFF83E105}" = Aldelo EDC AutoDialer
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 27
"{26A4D197-12B4-45EB-9306-B3F9FE479E82}" = Aldelo Financial Integrator
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ALDELO)
"{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{3407FD83-0A2F-475E-BE94-34F1FA342C84}" = ESET NOD32 Antivirus
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AA6BA13-D11B-4DFD-9C74-80EB3907845A}" = Aldelo Prerequisite
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = SQL Server 2008 R2 Database Engine Services
"{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB6A079-178B-4144-B21F-4D1AE71666A2}" = Microsoft SQL Server 2008 R2 Native Client
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5B8A87B3-F137-48B4-9009-0A52C94828CB}" = Microsoft POS for .NET 1.12
"{6FA57AC6-45B1-4964-9F77-5830ED6B4A7B}" = Aldelo EDC
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}" = Microsoft SQL Server 2008 R2 Setup (English)
"{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}" = Restaurant Pro Express
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{7D004944-C4F1-4C44-AAD4-E7F85190ED00}" = AVG 2012
"{8221D145-58E2-42AF-B3BB-7B3E425B8201}" = Aldelo For Restaurants
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{90120000-0014-0000-0000-0000000FF1CE}_PRO_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0014-0000-0000-0000000FF1CE}_PRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98BD9EA5-2DF2-445C-8C8D-057F55B3C633}" = AVG 2012
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = SQL Server 2008 R2 Database Engine Services
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D159E6-FD6E-417D-9D57-7D9EA74C9CFC}" = TSP100 Setup Version 3.0.0
"{C6A750AE-6029-4435-9A8D-06507AA46798}" = TouchKit
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2A8E99B-59D5-42C4-9658-F3C36B9864E3}" = Aldelo For Restaurants
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 Database Engine Shared
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2012
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2
"Lucent Technologies Soft Modem" = Lucent Technologies Soft Modem AMR
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"PRO" = Microsoft Office Professional 2007
"Toshiba Soft Modem" = Toshiba Soft Modem AMR
"WIC" = Windows Imaging Component

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4064713392-2562539939-1164050061-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 08 November 2011 - 02:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/426179 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Steven1279

Steven1279
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 10 November 2011 - 06:35 PM

Hello

Thanks for your reply. I do need help with my computer. My computer got hit by system restore and I followed the instruction how to remove it. I did it, but there are still some problem with it. My computer has no sound, can't play any music on the web and web search pop up error with a man face (iexplore.exe error need to close the window). I try to run DDS, but won't scan and froze my computer. Please help. Thanks

Edited by Steven1279, 11 November 2011 - 04:08 PM.


#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 13 November 2011 - 02:05 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:46 PM

Posted 19 November 2011 - 09:30 PM

This member still needs help.

Edited by boopme, 19 November 2011 - 09:31 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:46 AM

Posted 20 November 2011 - 07:37 AM

Hi,

could you please try running gmer then.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Steven1279

Steven1279
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 20 November 2011 - 09:52 PM

Gmer log is working. Thanks Myrti!!!

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-20 18:49:28
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uxldapow.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midimapper midimap.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wavemapper msacm32.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.mrle msrle32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.msvc msvidc32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.YUY2 msyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.UYVY msyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.YVU9 tsbyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.YVYU msyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.IYUV iyuv_32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.cvid iccvid.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msadpcm msadp32.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.trspch tssoft32.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@MSVideo8 VfWWDM32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wave wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midi wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@mixer wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@aux wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP@midimapper midimap.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP@wavemapper msacm32.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP@MaxBandwidth 22201
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP@wave rdpsnd.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP@EnableMP3Codec 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@ mnmsrvc
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs

---- EOF - GMER 1.0.15 ----

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:46 AM

Posted 21 November 2011 - 06:26 PM

Hi,

please run ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Steven1279

Steven1279
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 22 November 2011 - 03:53 PM

I am unable to run the combofix. The extraction run to the point of output folder: C\32788r22fwjfw\n.3exe then stop and disable the program. I also found pop up error message like below.Please advice. Thanks

Parasites found!!
The following files were trying to attach to combofix. They shall be disabled kindly note down on paper, the name of each file. We may need it later

C\windows\system32\Embdtrst.dll

Edited by Steven1279, 22 November 2011 - 04:20 PM.


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:46 AM

Posted 22 November 2011 - 04:15 PM

Hi,

have you disabled AVG? Please also try running ComboFix from safe mode in that case.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Steven1279

Steven1279
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 23 November 2011 - 03:55 PM

Bad new. I could not run ComboFix in safe mode. The extraction run and then stop working. The AVG has disable. Please advice.

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:46 AM

Posted 23 November 2011 - 05:06 PM

Hi,

ok, do you happen to have a linux CD at hand?

If not we can create one:
Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK and make sure to select the downloaded ISO file as source and don't let the installer get the linux from th internet.
  • It will install a little bootable OS on your USB
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Download xPUDtestdisk.exe and save it to the USB device
  • Double click xPUDtestdisk.exe to extract the contents to your USB device
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Press Tool at the top
  • Choose Open Terminal
  • Type in: dd if=/dev/sda of=MBRbackup.zip bs=512 count=1 and hit Enter.

MBRbackup.zip should be created on your flash drive, please attach it to your next reply.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 Steven1279

Steven1279
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 23 November 2011 - 10:58 PM

I am sorry I got lost here. How do I open the MBRbackup zip and how do I attach to this post. I don't see any attachment file in the reply box? Please advice. Happy Thanksgiving!!

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:46 AM

Posted 25 November 2011 - 08:03 AM

Hi,

you need to click "Use Full Editor" to get additional options, once you've done that you should see the Attachment-option directly underneath the text window you type into. Make sure to select the file and afterwards click Attach this file to upload.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 Steven1279

Steven1279
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 26 November 2011 - 06:24 PM

Here is the attachment of MBRbackup.zip. Thanks Myrti!!!Attached File  MBRbackup.zip   512bytes   1 downloads




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users