Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

please check my log


  • This topic is locked This topic is locked
19 replies to this topic

#1 1450

1450

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 20 November 2011 - 09:08 PM

Hi, I am new to the forum and not very computer tech savvy I was wondering if you could check my Hijack this log and see if there is any action needed.

Thanks


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:46:33 PM, on 11/20/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing-tray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\freecell.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\VIDEOD~1\ARCURL~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\PROGRA~1\ArcSoft\RAWTHU~1\EXIFToolBar.dll
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] "C:\WINDOWS\system32\regsvr32.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Search - http://tbedits.mywebsearch.com/one-toolbaredits/menusearch.jhtml?s=100000546&p=Y9xdm002YYus&si=&a=BF3A285F-7297-49A5-9085-145148CEA166&n=2011051914
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c993cb91a5afee) (gupdate1c993cb91a5afee) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 7627 bytes

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:03 PM

Posted 21 November 2011 - 04:10 PM

Good evening. :)

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

So long, and thanks for all the fish.

 

 


#3 1450

1450
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 22 November 2011 - 11:23 PM

OTL.txt
OTL logfile created on: 11/22/2011 11:04:42 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\DUDSI\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.48 Mb Total Physical Memory | 66.56 Mb Available Physical Memory | 14.87% Memory free
1.03 Gb Paging File | 0.31 Gb Available in Paging File | 29.85% Paging File free
Paging file location(s): C:\pagefile.sys 670 670 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 131.43 Gb Free Space | 88.18% Space Free | Partition Type: NTFS

Computer Name: BOB | User Name: DUDSI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/22 23:02:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DUDSI\My Documents\Downloads\OTL.scr
PRC - [2011/11/11 13:57:04 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/11/09 12:55:13 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/01 15:15:22 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/09/10 05:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/08/18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/18 13:38:26 | 000,232,104 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2011/02/11 16:27:58 | 000,200,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing-tray.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/12/17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
PRC - [2010/12/17 09:33:06 | 001,103,184 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
PRC - [2010/11/30 17:26:12 | 000,749,384 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 11:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 14:00:00 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\freecell.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/22 22:01:18 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/11/22 22:01:18 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/11/09 12:55:11 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/01 15:01:33 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/11/01 15:01:27 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/10/21 21:17:27 | 008,522,400 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/02/11 16:27:58 | 000,200,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing-tray.exe
MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/11/30 17:26:54 | 000,350,024 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madExcept_.bpl
MOD - [2010/11/30 17:26:52 | 000,184,136 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madBasic_.bpl
MOD - [2010/11/30 17:26:52 | 000,050,504 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl
MOD - [2010/08/24 19:06:46 | 000,085,840 | ---- | M] () -- C:\Program Files\Trend Micro\RUBotted\hc_help.dll
MOD - [2009/07/20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (SLService)
SRV - [2011/11/01 15:15:22 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/12/17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe -- (RUBotSrv)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/27 18:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/10/22 10:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/10/22 10:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/06/17 11:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 11:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/04/13 22:53:48 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2008/04/13 22:53:48 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2008/04/13 22:53:46 | 000,404,990 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2008/04/13 22:53:42 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2008/04/13 22:53:42 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2008/04/13 22:53:40 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2005/09/29 08:34:58 | 000,056,960 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ousb2hub.sys -- (ousb2hub)
DRV - [2005/09/29 08:34:50 | 000,045,824 | ---- | M] (OrangeWare Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
DRV - [2004/08/03 21:41:40 | 000,013,776 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\recagent.sys -- (RecAgent)
DRV - [2004/05/25 14:58:04 | 000,396,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2004/05/25 14:58:02 | 000,048,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2003/05/02 18:52:00 | 000,033,920 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sunkfilt.sys -- (SunkFilt)
DRV - [2002/11/26 14:52:00 | 000,080,896 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [1999/04/23 21:22:00 | 000,087,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\modem.dsp -- (Modem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z129&install_date=20110927
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=Z129&install_date=20110927"
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1.1
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: tabprogressbar@studio17.wordpress.com:0.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.5.20110120033202
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.51
FF - prefs.js..extensions.enabledItems: {E6C1199F-E687-42da-8C24-E7770CC3AE66}:1.7.2
FF - prefs.js..extensions.enabledItems: RAWThumbnailViewer@arcsoft.com.cn:2.0.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..extensions.enabledItems: 4effxtbr@RadioPI_4e.com:1.2
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z129&form=ZGAADF&install_date=20110927&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\RAWThumbnailViewer@arcsoft.com.cn: C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2009/11/16 11:53:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2009/11/16 11:54:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/09/19 14:53:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 12:55:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/15 12:22:06 | 000,000,000 | ---D | M]

[2008/07/25 23:35:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DUDSI\Application Data\Mozilla\Extensions
[2011/11/20 16:20:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DUDSI\Application Data\Mozilla\Firefox\Profiles\fud95lxu.default\extensions
[2011/04/20 15:17:29 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\DUDSI\Application Data\Mozilla\Firefox\Profiles\fud95lxu.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2)
[2011/09/27 17:45:54 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Documents and Settings\DUDSI\Application Data\Mozilla\Firefox\Profiles\fud95lxu.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/04/23 00:50:53 | 000,000,000 | ---D | M] (eBay Sidebar for Firefox) -- C:\Documents and Settings\DUDSI\Application Data\Mozilla\Firefox\Profiles\fud95lxu.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}(2)
[2011/10/25 11:04:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\DUDSI\Application Data\Mozilla\Firefox\Profiles\fud95lxu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/14 05:30:37 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\DUDSI\Application Data\Mozilla\Firefox\Profiles\fud95lxu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2011/03/10 21:49:17 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\DUDSI\Application Data\Mozilla\Firefox\Profiles\fud95lxu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(3)
[2011/04/20 15:17:29 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\DUDSI\Application Data\Mozilla\Firefox\Profiles\fud95lxu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(4)
[2009/06/10 08:07:20 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\DUDSI\Application Data\Mozilla\Firefox\Profiles\fud95lxu.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011/04/23 22:04:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DUDSI\Application Data\Mozilla\Firefox\Profiles\fud95lxu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}-trash
[2011/04/23 00:50:53 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\DUDSI\Application Data\Mozilla\Firefox\Profiles\fud95lxu.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}(2)
[2010/07/14 05:30:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\DUDSI\Application Data\Mozilla\Firefox\Profiles\fud95lxu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2011/04/20 15:17:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\DUDSI\Application Data\Mozilla\Firefox\Profiles\fud95lxu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(3)
[2010/07/14 05:30:38 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Documents and Settings\DUDSI\Application Data\Mozilla\Firefox\Profiles\fud95lxu.default\extensions\nasanightlaunch@example(2).com
[2011/02/20 20:15:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DUDSI\Application Data\Mozilla\Firefox\Profiles\fud95lxu.default\extensions\nostmp
[2011/04/23 00:45:52 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\DUDSI\Application Data\Mozilla\Firefox\Profiles\fud95lxu.default\extensions\searchtoolbar@zugo.com
[2011/04/23 00:46:51 | 000,000,000 | ---D | M] ("Tab Progress Bar") -- C:\Documents and Settings\DUDSI\Application Data\Mozilla\Firefox\Profiles\fud95lxu.default\extensions\tabprogressbar@studio17.wordpress.com
[2011/10/27 19:11:52 | 000,000,410 | ---- | M] () -- C:\Documents and Settings\DUDSI\Application Data\Mozilla\Firefox\Profiles\fud95lxu.default\searchplugins\betty-crocker.xml
[2011/09/27 18:50:00 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\DUDSI\Application Data\Mozilla\Firefox\Profiles\fud95lxu.default\searchplugins\bing-zugo.xml
[2011/11/15 23:11:21 | 000,002,282 | ---- | M] () -- C:\Documents and Settings\DUDSI\Application Data\Mozilla\Firefox\Profiles\fud95lxu.default\searchplugins\surf-canyon.xml
[2011/11/09 12:55:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/08 11:13:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/10/25 10:44:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DUDSI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FUD95LXU.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DUDSI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FUD95LXU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DUDSI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FUD95LXU.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DUDSI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FUD95LXU.DEFAULT\EXTENSIONS\{E6C1199F-E687-42DA-8C24-E7770CC3AE66}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DUDSI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FUD95LXU.DEFAULT\EXTENSIONS\AUTOFILLFORMS@BLUEIMP.NET.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DUDSI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FUD95LXU.DEFAULT\EXTENSIONS\ELEMHIDEHELPER@ADBLOCKPLUS.ORG.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DUDSI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FUD95LXU.DEFAULT\EXTENSIONS\PBUPLOAD@PHOTOBUCKET.COM.XPI
[2011/11/09 12:55:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/11/09 12:55:14 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.122\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\12.0.742.122\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.122\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\DUDSI\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\plugins/avgnpss.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\DUDSI\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: RadioPI Plugin Stub (Enabled) = C:\Program Files\RadioPI_4e\bar\1.bin\NP4eStub.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Documents and Settings\DUDSI\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\

O1 HOSTS File: ([2010/11/27 15:04:05 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Video Downloader\ARCURL~1.DLL (ArcSoft, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Reg Error: Value error.) - AutorunsDisabled - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (RAW Thumbnail Viewer) - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\WINDOWS\System32\regsvr32.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\AutorunsDisabled: McAfee = C:\Documents and Settings\DUDSI\Application Data\csrss.exe
O8 - Extra context menu item: &Search - http://tbedits.mywebsearch.com/one-toolbaredits/menusearch.jhtml?s=100000546&p=Y9xdm002YYus&si=&a=BF3A285F-7297-49A5-9085-145148CEA166&n=2011051914 File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1AD9EBF-3836-48DC-860C-CC0C165A51DC}: DhcpNameServer = 192.168.1.1 71.243.0.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop WallPaper: C:\Documents and Settings\DUDSI\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DUDSI\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/23 05:26:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/11/17 23:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft File Transfer Manager
[2011/11/17 21:20:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DUDSI\My Documents\2011 LOBSTER SALES
[2011/11/15 23:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/13 02:46:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\DUDSI\Recent
[2011/11/09 22:22:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPcap
[2011/11/09 22:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2011/11/09 22:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trend Micro RUBotted
[2011/11/01 15:01:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DUDSI\Application Data\SUPERAntiSpyware.com
[2011/11/01 14:50:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/11/01 14:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/11/01 14:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/11/01 14:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/01 14:27:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DUDSI\Application Data\Malwarebytes
[2011/11/01 14:27:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/01 14:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/01 14:27:34 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/01 14:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/29 15:03:25 | 000,000,000 | ---D | C] -- C:\a15bf35523c97b15bb43
[2011/10/26 23:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2010/08/25 12:10:56 | 000,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/22 22:47:25 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/22 22:15:38 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FEEB9AEB-E214-44A6-A2C7-81348D59685C}.job
[2011/11/22 21:58:51 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2011/11/22 21:58:23 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/22 21:58:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/22 21:58:13 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/20 19:43:10 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\DUDSI\Desktop\HiJackThis.lnk
[2011/11/20 13:17:01 | 000,000,820 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/11/18 12:50:47 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2011/11/18 12:49:08 | 000,001,687 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011/11/18 12:49:08 | 000,001,681 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Mouse and Keyboard Settings.lnk
[2011/11/17 23:59:42 | 000,005,968 | ---- | M] () -- C:\Documents and Settings\DUDSI\My Documents\cc_20111117_235907.reg
[2011/11/17 23:14:46 | 000,001,850 | ---- | M] () -- C:\Documents and Settings\DUDSI\Desktop\File Transfer Manager.lnk
[2011/11/17 22:58:57 | 030,904,320 | ---- | M] () -- C:\Documents and Settings\DUDSI\Desktop\FishermanVTR.mde
[2011/11/17 22:55:48 | 000,002,214 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011/11/17 21:52:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/11/17 21:20:05 | 000,001,841 | ---- | M] () -- C:\Documents and Settings\DUDSI\My Documents\2011 LOBSTER SALES.zip
[2011/11/17 21:19:15 | 024,407,526 | R--- | M] () -- C:\Documents and Settings\DUDSI\Desktop\openofficesuite-setup.exe
[2011/11/15 23:49:36 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/10 15:04:29 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/09 23:48:18 | 000,364,402 | ---- | M] () -- C:\Documents and Settings\DUDSI\Local Settings\Application Data\census.cache
[2011/11/09 23:44:22 | 000,166,066 | ---- | M] () -- C:\Documents and Settings\DUDSI\Local Settings\Application Data\ars.cache
[2011/11/09 23:18:38 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\DUDSI\Local Settings\Application Data\housecall.guid.cache
[2011/11/09 22:22:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\-1
[2011/11/07 10:53:51 | 000,608,084 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/07 10:53:51 | 000,123,624 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/01 17:01:21 | 000,013,916 | ---- | M] () -- C:\Documents and Settings\DUDSI\My Documents\cc_20111101_180109.reg
[2011/11/01 14:49:47 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/01 14:27:46 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/01 00:24:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/31 20:32:14 | 136,547,245 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/10/27 16:37:07 | 000,196,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/10/27 11:13:21 | 000,204,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/18 12:50:47 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2011/11/18 12:49:08 | 000,001,681 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech Mouse and Keyboard Settings.lnk
[2011/11/17 23:59:12 | 000,005,968 | ---- | C] () -- C:\Documents and Settings\DUDSI\My Documents\cc_20111117_235907.reg
[2011/11/17 23:14:45 | 000,001,850 | ---- | C] () -- C:\Documents and Settings\DUDSI\Desktop\File Transfer Manager.lnk
[2011/11/17 23:14:32 | 000,001,898 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\File Transfer Manager.lnk
[2011/11/17 21:20:05 | 000,001,841 | ---- | C] () -- C:\Documents and Settings\DUDSI\My Documents\2011 LOBSTER SALES.zip
[2011/11/15 23:49:36 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/13 03:18:39 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\DUDSI\Start Menu\Programs\Outlook Express.lnk
[2011/11/13 02:02:51 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\DUDSI\Desktop\HiJackThis.lnk
[2011/11/10 15:04:29 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/09 23:48:18 | 000,364,402 | ---- | C] () -- C:\Documents and Settings\DUDSI\Local Settings\Application Data\census.cache
[2011/11/09 23:44:22 | 000,166,066 | ---- | C] () -- C:\Documents and Settings\DUDSI\Local Settings\Application Data\ars.cache
[2011/11/09 23:18:38 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\DUDSI\Local Settings\Application Data\housecall.guid.cache
[2011/11/09 22:22:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\-1
[2011/11/01 17:01:14 | 000,013,916 | ---- | C] () -- C:\Documents and Settings\DUDSI\My Documents\cc_20111101_180109.reg
[2011/11/01 14:49:47 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/01 14:27:46 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/18 02:31:19 | 000,184,794 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/11/18 21:14:27 | 000,042,900 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/25 12:10:56 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2010/08/25 12:10:55 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\slmh.exe
[2010/08/25 12:10:55 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\minirec.exe
[2010/08/25 12:10:54 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2010/08/25 12:10:54 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SmCfg.exe
[2010/08/25 12:09:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2010/06/14 11:26:31 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\DUDSI\Application Data\setup_ldm.iss
[2010/05/28 09:18:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\CNMCP14.EXE
[2010/04/13 20:49:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/09 16:18:56 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/07/23 19:21:55 | 000,010,752 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2009/05/05 23:07:15 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\mmc.exe.config
[2009/03/31 19:10:24 | 000,000,284 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2009/02/21 07:25:20 | 000,691,592 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/11/25 22:33:03 | 000,002,214 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/01/13 17:39:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2008/01/12 16:51:43 | 000,001,167 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/12/29 18:10:24 | 000,001,396 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/02 15:58:34 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/09/13 20:14:32 | 000,036,962 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2007/08/15 20:39:34 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/08/04 20:15:54 | 000,210,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\dosxapi.dll
[2007/08/04 20:15:54 | 000,073,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\dosxutl.dll
[2007/08/04 20:15:54 | 000,037,105 | ---- | C] () -- C:\WINDOWS\System32\drivers\discrimd.dll
[2007/08/04 20:15:54 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\bitmani.dll
[2007/08/04 20:15:54 | 000,030,748 | ---- | C] () -- C:\WINDOWS\System32\drivers\blcklstd.dll
[2007/08/04 20:15:54 | 000,027,510 | ---- | C] () -- C:\WINDOWS\System32\drivers\blcklstw.dll
[2007/08/04 20:15:54 | 000,019,302 | ---- | C] () -- C:\WINDOWS\System32\drivers\emu87.dll
[2007/08/04 20:15:54 | 000,018,711 | ---- | C] () -- C:\WINDOWS\System32\drivers\clmode65.bin
[2007/08/04 20:15:54 | 000,017,104 | ---- | C] () -- C:\WINDOWS\System32\drivers\clmode62.bin
[2007/08/04 20:15:54 | 000,017,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\clmode64.bin
[2007/08/04 20:15:54 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\ctymsgd.dll
[2007/08/04 20:15:54 | 000,008,225 | ---- | C] () -- C:\WINDOWS\System32\drivers\cwbaudio.bin
[2007/08/04 20:15:54 | 000,008,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\audhlp.dll
[2007/08/04 20:15:40 | 000,362,957 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwgw95.dll
[2007/08/04 20:15:40 | 000,359,114 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwmdos.dll
[2007/08/04 20:15:40 | 000,280,994 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwmloadw.dll
[2007/08/04 20:15:40 | 000,189,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\mixer.dll
[2007/08/04 20:15:40 | 000,148,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwave.dll
[2007/08/04 20:15:40 | 000,136,564 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwmparsw.dll
[2007/08/04 20:15:40 | 000,080,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\meid0460.dll
[2007/08/04 20:15:40 | 000,070,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwagent.dll
[2007/08/04 20:15:40 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwblwin.dll
[2007/08/04 20:15:40 | 000,052,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\meid0422.dll
[2007/08/04 20:15:40 | 000,051,731 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwaudio.dll
[2007/08/04 20:15:40 | 000,049,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwwttblw.dll
[2007/08/04 20:15:40 | 000,049,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\hpvui.dll
[2007/08/04 20:15:40 | 000,047,462 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwwttbld.dll
[2007/08/04 20:15:40 | 000,035,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwagentd.dll
[2007/08/04 20:15:40 | 000,034,948 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwbldos.dll
[2007/08/04 20:15:40 | 000,032,028 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwcm.dll
[2007/08/04 20:15:40 | 000,029,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwnotdos.dll
[2007/08/04 20:15:40 | 000,025,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\hpviol.dll
[2007/08/04 20:15:40 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwmmsgw.dll
[2007/08/04 20:15:40 | 000,019,430 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwprior.dll
[2007/08/04 20:15:40 | 000,019,031 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwcnamed.dll
[2007/08/04 20:15:40 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwmmsgd.dll
[2007/08/04 20:15:40 | 000,016,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\meiodapi.dll
[2007/08/04 20:15:40 | 000,014,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwshdw.dll
[2007/08/04 20:15:40 | 000,014,423 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwcnamew.dll
[2007/08/04 20:15:40 | 000,013,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\hpvmon.dll
[2007/08/04 20:15:40 | 000,012,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwqtestm.dll
[2007/08/04 20:15:40 | 000,011,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\meiowapi.dll
[2007/08/04 20:15:40 | 000,003,612 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwfax.dll
[2007/08/04 20:15:27 | 000,072,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\s3dtkw.dll
[2007/08/04 20:15:27 | 000,067,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\tiff.dll
[2007/08/04 20:15:27 | 000,044,874 | ---- | C] () -- C:\WINDOWS\System32\drivers\wtif.dll
[2007/08/04 20:15:27 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\spktrn32.dll
[2007/08/04 20:15:27 | 000,017,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\slider.dll
[2007/08/04 20:15:03 | 000,283,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\dpcpcl.drv
[2007/08/04 20:15:03 | 000,181,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\deskjetc.drv
[2007/08/04 20:15:03 | 000,028,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\bull9b.drv
[2007/08/04 20:14:50 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\mciphone.drv
[2007/08/04 20:14:50 | 000,161,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\mcimsg.drv
[2007/08/04 20:14:50 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\mcifax.drv
[2007/08/04 20:14:50 | 000,048,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\meiw0422.drv
[2007/08/04 20:14:50 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\meiw0460.drv
[2007/08/04 20:14:50 | 000,031,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwnotwin.drv
[2007/08/04 20:14:50 | 000,020,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwcontnd.drv
[2007/08/04 20:14:36 | 000,435,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\showedge.exe
[2007/08/04 20:14:36 | 000,292,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwqtest.exe
[2007/08/04 20:14:36 | 000,224,138 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwcfg.exe
[2007/08/04 20:14:36 | 000,195,568 | ---- | C] () -- C:\WINDOWS\System32\drivers\discapp.exe
[2007/08/04 20:14:36 | 000,168,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\dosmgr.exe
[2007/08/04 20:14:36 | 000,156,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\dosxmgr.exe
[2007/08/04 20:14:36 | 000,153,212 | ---- | C] () -- C:\WINDOWS\System32\drivers\country.exe
[2007/08/04 20:14:36 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\dvdplay.exe
[2007/08/04 20:14:36 | 000,108,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sf4029.exe
[2007/08/04 20:14:36 | 000,093,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwlevels.exe
[2007/08/04 20:14:36 | 000,091,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\dosmidi.exe
[2007/08/04 20:14:36 | 000,073,324 | ---- | C] () -- C:\WINDOWS\System32\drivers\diags.exe
[2007/08/04 20:14:36 | 000,071,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwmwin.exe
[2007/08/04 20:14:36 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\dvdrgn.exe
[2007/08/04 20:14:36 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\hpsjvxd.exe
[2007/08/04 20:14:36 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwselcty.exe
[2007/08/04 20:14:36 | 000,042,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\effects.exe
[2007/08/04 20:14:36 | 000,035,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\dmfree.exe
[2007/08/04 20:14:36 | 000,031,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwtsr.exe
[2007/08/04 20:14:36 | 000,018,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\doslevel.exe
[2007/08/04 20:14:36 | 000,018,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwremove.exe
[2007/08/04 20:14:36 | 000,015,029 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwmidi.exe
[2007/08/04 20:14:36 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwcpyrt.exe
[2007/08/04 20:14:36 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\appmws.exe
[2007/08/04 20:14:36 | 000,002,843 | ---- | C] () -- C:\WINDOWS\System32\drivers\vhd50420.exe
[2007/08/04 20:14:36 | 000,002,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwdrestr.exe
[2007/08/04 20:14:36 | 000,000,567 | ---- | C] () -- C:\WINDOWS\System32\drivers\checkos.exe
[2007/08/04 20:14:02 | 000,000,365 | ---- | C] () -- C:\WINDOWS\System32\drivers\pscript.ini
[2007/08/04 20:14:01 | 000,103,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\5631_swc.ini
[2007/08/04 20:14:01 | 000,047,471 | ---- | C] () -- C:\WINDOWS\System32\drivers\8814_dig.ini
[2007/08/04 20:14:01 | 000,038,690 | ---- | C] () -- C:\WINDOWS\System32\drivers\5631_dig.ini
[2007/08/04 20:14:01 | 000,038,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\5631_hwc.ini
[2007/08/04 20:14:01 | 000,037,651 | ---- | C] () -- C:\WINDOWS\System32\drivers\8814_swc.ini
[2007/08/04 20:14:01 | 000,037,651 | ---- | C] () -- C:\WINDOWS\System32\drivers\8814_hwc.ini
[2007/08/04 20:14:01 | 000,036,613 | ---- | C] () -- C:\WINDOWS\System32\drivers\8811_swc.ini
[2007/08/04 20:14:01 | 000,034,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\8811_hwc.ini
[2007/08/04 20:14:01 | 000,033,422 | ---- | C] () -- C:\WINDOWS\System32\drivers\8811_dig.ini
[2007/08/04 20:14:01 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\atixbar.sys
[2007/08/04 20:14:01 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\atitunep.sys
[2007/08/04 20:14:01 | 000,014,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwparms.ini
[2007/08/04 20:14:01 | 000,008,622 | ---- | C] () -- C:\WINDOWS\System32\drivers\avwin.ini
[2007/08/04 20:14:01 | 000,000,802 | ---- | C] () -- C:\WINDOWS\System32\drivers\mixer.ini
[2007/08/04 20:14:01 | 000,000,402 | ---- | C] () -- C:\WINDOWS\System32\drivers\mparts.ini
[2007/08/04 20:14:01 | 000,000,201 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwconfig.ini
[2007/08/04 20:14:01 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwcontnd.ini
[2007/08/04 20:11:39 | 000,064,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\dwcfgmg.sys
[2007/08/04 20:11:39 | 000,005,035 | ---- | C] () -- C:\WINDOWS\System32\drivers\mwd50460.sys
[2007/07/28 17:24:03 | 000,000,935 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007/07/27 22:07:01 | 000,000,281 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2007/07/24 19:23:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/07/23 05:28:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/07/23 05:23:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/07/23 01:14:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/07/23 01:11:06 | 000,204,120 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,608,084 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,123,624 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/11/26 14:52:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\jedih2rx.bin
[2002/11/26 14:52:00 | 000,000,122 | ---- | C] () -- C:\WINDOWS\System32\drivers\ramsed.bin
[2002/08/22 18:12:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\USBRESET.DLL
[2002/05/28 12:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 12:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2011/11/01 14:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/05/19 13:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
[2011/06/30 09:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2009/07/23 19:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2010/10/06 21:39:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/04/06 16:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2010/11/16 22:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2011/11/01 16:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/04/06 21:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/11/27 19:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/11/22 23:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/19 16:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/12/03 07:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2008/01/08 12:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
[2010/04/18 21:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/07 20:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/01/23 11:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DUDSI\Application Data\alot
[2008/10/12 19:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DUDSI\Application Data\Audacity
[2011/11/10 00:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DUDSI\Application Data\AVG
[2010/10/06 21:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DUDSI\Application Data\AVG10
[2011/02/17 22:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DUDSI\Application Data\butel
[2011/02/17 22:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DUDSI\Application Data\butelsoap
[2008/01/03 21:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DUDSI\Application Data\Chessmaster Challenge
[2009/08/23 21:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DUDSI\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/11 13:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DUDSI\Application Data\DriverCure
[2011/04/23 00:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DUDSI\Application Data\GetRightToGo
[2011/06/23 21:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DUDSI\Application Data\Goodsol
[2010/07/05 15:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DUDSI\Application Data\licenses
[2008/05/03 19:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DUDSI\Application Data\LimeWire
[2007/07/24 21:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DUDSI\Application Data\MSNInstaller
[2009/03/24 22:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DUDSI\Application Data\OfficeUpdate12
[2010/07/05 15:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DUDSI\Application Data\PCMM2009
[2010/07/05 15:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DUDSI\Application Data\PCMM2010
[2011/04/23 21:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DUDSI\Application Data\PriceGong
[2011/02/17 22:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DUDSI\Application Data\Radioshack
[2010/10/16 20:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DUDSI\Application Data\Registry Mechanic
[2008/01/02 21:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DUDSI\Application Data\SpinTop
[2011/05/05 13:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DUDSI\Application Data\SystemRequirementsLab
[2010/05/03 22:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DUDSI\Application Data\Uniblue
[2011/11/22 21:58:51 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2011/11/22 22:15:38 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FEEB9AEB-E214-44A6-A2C7-81348D59685C}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\DUDSI\Desktop\openofficesuite-setup.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\DUDSI\Desktop\FishermanVTR.mde:SummaryInformation
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D158BAF9
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93E9C78D

< End of report >

#4 1450

1450
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 22 November 2011 - 11:32 PM

Extras.txtOTL Extras logfile created on: 11/22/2011 11:04:42 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\DUDSI\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.48 Mb Total Physical Memory | 66.56 Mb Available Physical Memory | 14.87% Memory free
1.03 Gb Paging File | 0.31 Gb Available in Paging File | 29.85% Paging File free
Paging file location(s): C:\pagefile.sys 670 670 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 131.43 Gb Free Space | 88.18% Space Free | Partition Type: NTFS

Computer Name: BOB | User Name: DUDSI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00180408-78E1-11D2-B60F-006097C998E7}" = Microsoft Access 2000 Runtime
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05E740C4-0F88-4673-9DAF-549E41A6CB21}" = AVG 2011
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A7F8DF6-5A3E-4CDF-BC82-BE26B407E21B}" = The Sims Superstar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{23170F69-40C1-2701-0465-000001000000}" = 7-Zip 4.65
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 29
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C8169AB-B6C1-413B-81B6-73B77127D82F}" = Microsoft File Transfer Manager
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1" = Trend Micro RUBotted 2.0 Beta
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}" = Driver Detective
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D543DFE-6459-462A-9A62-B5B012B1DCF1}" = AVG 2011
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B8726461-A7C6-4628-A67C-FE5FC5FB3E9F}" = Software for Scanners
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C9C8FC30-AD33-4186-A064-46A2C5A80A5B}" = eMachines Bay Reader V1.00
"{CAFECAFE-0013-0001-0122-ABCDEFABCDEF}" = Oracle JInitiator 1.3.1.22
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4576E0D-2295-4B8E-B663-B68086B00EE5}" = Sonic CinePlayer DVD Pack
"{DB1F1933-58B6-4ACD-A7E8-ABE8CC086A07}" = System Requirements Lab for Intel
"{EE55714B-B67C-4D08-97AE-0CF4AC5A3A77}" = StuffIt Expander 2010
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
"7-Zip" = 7-Zip 9.20
"88EB56038379B8B7DCFB4D2448A60F52E064B265" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"AVG" = AVG 2011
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Defraggler" = Defraggler
"filehippo.com" = FileHippo.com Update Checker
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}" = Driver Detective
"InstallShield_{C9C8FC30-AD33-4186-A064-46A2C5A80A5B}" = eMachines Bay Reader V1.00
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NT Drive Recovery_is1" = NT Drive Recovery
"NVIDIA Drivers" = NVIDIA Drivers
"SLAMRNTV" = 56Kbps Internal Modem
"Verizon FiOS Activation_is1" = Verizon FiOS Activation
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.1.1
"WinZip Self-Extractor" = WinZip Self-Extractor
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 11/20/2011 6:43:44 PM | Computer Name = BOB | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Silverlight (KB2617986).

Error - 11/20/2011 7:49:11 PM | Computer Name = BOB | Source = Service Control Manager | ID = 7000
Description = The OrangeWare USB Enhanced Host Controller Service service failed
to start due to the following error: %%1058

Error - 11/21/2011 12:35:29 AM | Computer Name = BOB | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Silverlight (KB2617986).

Error - 11/21/2011 12:17:20 PM | Computer Name = BOB | Source = Service Control Manager | ID = 7000
Description = The OrangeWare USB Enhanced Host Controller Service service failed
to start due to the following error: %%1058

Error - 11/21/2011 12:24:01 PM | Computer Name = BOB | Source = DCOM | ID = 10010
Description = The server {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} did not register
with DCOM within the required timeout.

Error - 11/21/2011 1:39:19 PM | Computer Name = BOB | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Silverlight (KB2617986).

Error - 11/21/2011 4:48:51 PM | Computer Name = BOB | Source = Service Control Manager | ID = 7000
Description = The OrangeWare USB Enhanced Host Controller Service service failed
to start due to the following error: %%1058

Error - 11/21/2011 6:15:56 PM | Computer Name = BOB | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Silverlight (KB2617986).

Error - 11/22/2011 10:59:16 PM | Computer Name = BOB | Source = Service Control Manager | ID = 7000
Description = The OrangeWare USB Enhanced Host Controller Service service failed
to start due to the following error: %%1058

Error - 11/22/2011 11:41:30 PM | Computer Name = BOB | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}


< End of report >

hope that's what you are looking for. Thanks Bob

Edited by 1450, 22 November 2011 - 11:37 PM.


#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:03 PM

Posted 23 November 2011 - 04:00 PM

Good evening. :)

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.
Will you also tell me how the PC is behaving.

So long, and thanks for all the fish.

 

 


#6 1450

1450
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 24 November 2011 - 01:32 AM

C:\Documents and Settings\DUDSI\Application Data\AVG\Rescue\PC Tuneup 2011\111029154404546.rsc Win32/TrojanDownloader.Prodatect.BK trojan
C:\Documents and Settings\DUDSI\Desktop\openofficesuite-setup.exe Win32/DownloadAdmin.A.Gen application
C:\Documents and Settings\DUDSI\My Documents\Downloads\openofficesuite-setup(1).exe Win32/DownloadAdmin.A.Gen application
C:\Documents and Settings\DUDSI\My Documents\Downloads\openofficesuite-setup(2).exe Win32/DownloadAdmin.A.Gen application
C:\Documents and Settings\DUDSI\My Documents\Downloads\openofficesuite-setup.exe Win32/DownloadAdmin.A.Gen application
C:\Documents and Settings\DUDSI\My Documents\Downloads\SoftonicDownloader_for_firefox.exe a variant of Win32/SoftonicDownloader.A application
C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe Win32/SpeedUpMyPC application
Couldn't export txt file, used clipboard. Is this OK

#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:03 PM

Posted 24 November 2011 - 03:10 PM

Good evening. :)

Couldn't export txt file, used clipboard. Is this OK

Yup, fine.

Will you also tell me how the PC is behaving.

Are you having issues with the PC or is this just a look-see?

So long, and thanks for all the fish.

 

 


#8 1450

1450
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 24 November 2011 - 11:49 PM

Happy Thanksgiving Novi,
Brief history of my old E machine,
Purchased around 2007? Crashed around 2009? Didn't have original cd's, purchased new set from E machine. Nuked computer.Ran cd's - nothing. Brother tried to get running, out of desperation inserted a HP printer installation CD and brought the unit back to life. Few programs like games and other accessories remained deleted. Since then the PC runs fine except it takes 3-5 minutes to load at start-up and takes 2-3 minutes to run browsers (firefox takes the longest). When downloading, I can't open a file because "I do not have the necessary program to open the file". ( not all downloads but a few ). Overall after I run AVG tuneup - registry scan & fix, and Super antispyware ( free) and malwarebytes, the PC runs smooth for awhile then programs (firefox and others stop responding. I also get a, "script not responding" message once in a while referring to chrome which has been uninstalled.Also sometimes I get the the message "Could not find paretologic update" that anti-virus program was removed. Silverlight keeps downloading security updates and that program has been removed.When opening T-files program(s) Pc repeatedly opens new tabs I'm sure there are other issues that I haven't noted but can't recall at the moment.

#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:03 PM

Posted 26 November 2011 - 02:35 PM

Good evening. :)

Brother tried to get running, out of desperation inserted a HP printer installation CD and brought the unit back to life.

You'll forgive me if I don't immediately grasp how this worked. How do you get nothing when you run the installation cds but get things working with printer software?

So long, and thanks for all the fish.

 

 


#10 1450

1450
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 26 November 2011 - 05:16 PM

Got me! It just happened.

#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:03 PM

Posted 26 November 2011 - 06:54 PM

Download [b]DDS from here and save it to your Desktop.

  • Double click the file and it will create two logs - exciting I know!
  • I'd like you to copy and paste DDS.txt in your next reply.
  • I'd like you to zip up and attach Attach.txt - named to give you a hint.

So long, and thanks for all the fish.

 

 


#12 1450

1450
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 26 November 2011 - 09:22 PM

Program downloads but does not open.

#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:03 PM

Posted 27 November 2011 - 02:52 PM

Good evening. :)

Right click the file and rename it to dds.com and try again.

So long, and thanks for all the fish.

 

 


#14 1450

1450
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 27 November 2011 - 03:26 PM

Tried it, the black box appears for a second. reads syntax of the command is incorrect, same as dds.scr, there is also some other text in box but I can't read because the box only flashes for an instant.

#15 1450

1450
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 27 November 2011 - 03:30 PM

Will be off-line for an hour or two. Thanks for your patience.

Edited by 1450, 27 November 2011 - 03:30 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users