Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple XP problems after virus removal


  • This topic is locked This topic is locked
10 replies to this topic

#1 abricru

abricru

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 02 March 2012 - 05:26 PM

This is where I first posted my problems : here

I did a whole lot of checking on the list on how to remove malware, found some and removed it, I thought. Then I got confused and posted in the other forum : 2nd post

NeverSayDie (James) had kindly helped me with my drag and drop problems but then discovered that I didn't complete the process for checking for malware and creating logs etc. He also thinks I have some missing registry entries. Not sure if a virus did it, or I may have done it accidentally when I was trying to fix the problems.

The drag and drop seems to be working for the most part, but I cannot install Google Chrome or use Internet Explorer and have experienced various other problems such as the taskbar locking, the yellow shield appearing and disappearing, certain other programs not running etc. MBAM scans every day and has not turned up anything in the last couple of weeks. The whole process of trying to fix my computer has been interrupted by my mother being in the hospital, so I am trying to work on it when I have a break.

Today I have used the DeFogger tool, created the dds.text file and attach.txt file, and am currently running the GMER scan. I see a lot of entries related to avast software that I once used but thought I had uninstalled. Just thought I would mention that I do not use it anymore.

DDS.txt log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Anne at 13:33:57 on 2012-03-02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1073 [GMT -5:00]
.
AV: avast! antivirus 4.8.1296 [VPS 000000-0] *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Charter Security Suite 9.01 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Charter Security Suite 9.01 *Enabled*
FW: ArcaFirewall 2008 *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter Security Suite\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Charter Security Suite\Common\FSHDLL32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\System32\svchost -k DComLaunch
C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Charter Security Suite\Common\FSM32.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\LaunchOnFly\lf.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\Opera\opera.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar =
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: H - No File
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\videod~1\ARCURL~1.DLL
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\charter security suite\nrs\iescript\baselitmus.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\charter security suite\nrs\iescript\baselitmus.dll
uRun: [TClockEx] c:\program files\tclockex\TCLOCKEX.EXE
mRun: [F-Secure Manager] "c:\program files\charter security suite\common\FSM32.EXE" /splash
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [krnlhtml] %APPDATA%\krnlhtml.exe
dRun: [dplaysvr] %APPDATA%\dplaysvr.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\anne\startm~1\programs\startup\launch~1.lnk - c:\program files\launchonfly\lf.exe
IE:
IE: &Download by Orbit
IE: &Grab video by Orbit
IE: Add to Power Favorites
IE: Do&wnload selected by Orbit
IE: Down&load all by Orbit
IE: E&xport to Microsoft Excel
IE: eBay - Home Page
IE: eBay - My eBay
IE: eBay - Powersearch
IE: eBay - Start Search
IE: Google - Search
IE: Google - Start Search
IE: {27914077-B4D6-4A0E-9763-76B6E9DD9A81}
IE: {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {40525A66-DB98-480D-BCF9-7AF88C1AF438} - {40525A66-DB98-480D-BCF9-7AF88C1AF438}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\charter security suite\fsps\program\FSLSP.DLL
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218657274937
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241026376644
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
TCP: Interfaces\{0C5F5C2C-28E8-487D-B65F-3A6ACA2CA01B} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C2B90C3C-392D-459E-BC37-E269E2CAAC41} : DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\anne\application data\mozilla\firefox\profiles\yylygp5m.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=\
FF - component: c:\documents and settings\anne\application data\mozilla\firefox\profiles\yylygp5m.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
FF - component: c:\documents and settings\anne\application data\mozilla\firefox\profiles\yylygp5m.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\anne\application data\mozilla\firefox\profiles\yylygp5m.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\documents and settings\anne\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\anne\application data\mozilla\firefox\profiles\yylygp5m.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\anne\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: app.update.enabled - true
FF - user.js: browser.blink_allowed - true
FF - user.js: browser.cache.disk.capacity - 50000
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.search.suggest.enabled - true
FF - user.js: browser.sessionstore.resume_from_crash - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.event.contextmenu.enabled - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - false
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - false
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: signon.rememberSignons - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2011-9-15 42672]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-9-15 82120]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2011-9-6 57312]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-1-30 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-1-30 69392]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-2-1 111184]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\charter security suite\hips\drivers\fshs.sys [2011-9-15 68064]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-1 20560]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\charter security suite\anti-virus\fsgk32st.exe [2011-9-15 215648]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-5 652872]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\charter security suite\anti-virus\minifilter\fsgk.sys [2011-9-15 148632]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\charter security suite\orsp client\fsorsp.exe [2011-9-15 61088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-11-18 20464]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-1-30 33552]
S0 hafxilqx;hafxilqx; [x]
S0 isxcjqk;isxcjqk; [x]
S0 ssjletno;ssjletno; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2011-1-20 99248]
S3 53098484;53098484;c:\windows\system32\drivers\07694361.sys [2012-2-7 98992]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2011-4-11 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2011-4-11 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2011-4-11 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2011-4-11 25088]
S3 andnetadb;ADB Interface DriverNet; [x]
S3 AndNetDiag;LG AndroidNet USB Serial Port; [x]
S3 AndNetGps;LG AndroidNet USB GPS NMEA Port; [x]
S3 ANDNetModem;LG AndroidNet USB Modem; [x]
S3 andnetndis;LG AndroidNet NDIS Ethernet Adapter; [x]
S3 androidusb;ADB Interface Driver; [x]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [2008-11-9 352256]
S3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [2008-11-10 33792]
S3 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-10-31 66048]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 MAUSBFT;Service for M-Audio Fast Track USB (WDM);c:\windows\system32\drivers\mausbft.sys --> c:\windows\system32\drivers\mausbft.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-8-9 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys --> c:\windows\system32\drivers\motodrv.sys [?]
S3 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-7-4 91392]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2008-12-12 167808]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 !SASCORE;!SASCORE;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 116608]
S4 AdvancedSystemCareService5;AdvancedSystemCareService5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-12-14 497496]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2012-03-01 00:04:40 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-03-01 00:04:40 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-16 16:09:31 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 16:09:31 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-12 08:09:28 -------- d-----w- c:\documents and settings\all users\application data\PassMark
2012-02-12 07:46:05 -------- d-----w- c:\program files\KeyboardTest
2012-02-10 02:04:50 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-02-10 01:30:13 -------- d-----w- C:\Emergency virus programs
2012-02-07 22:33:10 -------- d-----w- c:\documents and settings\all users\application data\backup
2012-02-07 22:32:22 -------- d-----w- c:\documents and settings\all users\application data\explauncher
2012-02-07 22:32:20 -------- d-----w- c:\documents and settings\all users\application data\launcher
2012-02-07 21:34:47 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2012-02-07 21:33:12 -------- d-----w- c:\windows\ERUNT
2012-02-07 21:32:11 -------- d-----w- C:\SDFix
2012-02-07 20:37:25 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-07 20:27:52 98992 ----a-w- c:\windows\system32\drivers\07694361.sys
2012-02-06 18:38:50 -------- d-----w- c:\documents and settings\anne\application data\XYplorer
2012-02-06 18:38:43 -------- d-----w- c:\program files\XYplorer
.
==================== Find3M ====================
.
2012-01-29 07:27:37 355 ----a-w- c:\windows\system32\drivers\etc\hosts.ussclean.tmp
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-06 13:55:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 22:10:31 9925160 ----a-w- c:\program files\common files\lpuninstall.exe
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-01-14 08:43:52 126976 ----a-w- c:\program files\BaUPnP.exe
.
============= FINISH: 13:36:04.35 ===============

My ark.txt file said it was too big to upload?


Thank you for your help and time.

Here is the zipped ark file.

Attached Files


Edited by boopme, 03 March 2012 - 10:34 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:53 PM

Posted 04 March 2012 - 03:29 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 abricru

abricru
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 04 March 2012 - 04:25 PM

OTL logfile created on: 3/4/2012 3:54:03 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\Anne\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.41 Gb Available Physical Memory | 20.60% Memory free
3.85 Gb Paging File | 2.29 Gb Available in Paging File | 59.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.31 Gb Total Space | 48.93 Gb Free Space | 45.60% Space Free | Partition Type: NTFS

Computer Name: ABC | User Name: Anne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/04 15:52:52 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anne\Desktop\OTL.exe
PRC - [2012/02/19 02:18:12 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/26 22:05:48 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2012/01/13 14:53:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/11/08 03:30:57 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsav32.exe
PRC - [2011/10/01 20:45:37 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\FWES\program\fsdfwd.exe
PRC - [2011/09/15 03:55:08 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe
PRC - [2011/09/15 03:08:44 | 001,008,296 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exe
PRC - [2011/09/15 03:08:44 | 000,512,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32.exe
PRC - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2009/08/05 10:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
PRC - [2009/08/05 10:58:50 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSM32.EXE
PRC - [2009/08/05 10:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSHDLL32.EXE
PRC - [2009/08/05 10:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
PRC - [2008/04/13 19:12:31 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\osk.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/25 09:41:38 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxddcoms.exe
PRC - [2007/04/10 18:53:30 | 000,663,552 | ---- | M] (Arturs Sits) -- C:\Program Files\LaunchOnFly\lf.exe
PRC - [2006/04/01 09:37:58 | 004,591,616 | ---- | M] (HipSoft) -- C:\Program Files\Flip Words\Flip Words\FlipWords.exe
PRC - [2004/08/04 05:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msswchx.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/19 02:18:12 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/01/26 22:05:52 | 000,783,360 | ---- | M] () -- C:\Program Files\Opera\gstreamer\gstreamer.dll
MOD - [2012/01/26 22:05:52 | 000,316,928 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2012/01/26 22:05:52 | 000,275,968 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2012/01/26 22:05:52 | 000,168,448 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2012/01/26 22:05:52 | 000,099,840 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll
MOD - [2012/01/26 22:05:52 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2012/01/26 22:05:52 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2012/01/26 22:05:52 | 000,078,336 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2012/01/26 22:05:52 | 000,076,800 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2012/01/26 22:05:52 | 000,068,608 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2012/01/26 22:05:52 | 000,064,000 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2012/01/26 22:05:52 | 000,046,592 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2012/01/26 22:05:52 | 000,045,568 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gsttypefindfunctions.dll
MOD - [2012/01/06 08:55:15 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/10 22:43:26 | 000,138,072 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll
MOD - [2011/11/04 09:54:16 | 000,930,304 | ---- | M] () -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\yylygp5m.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/09/15 03:09:30 | 000,030,888 | ---- | M] () -- C:\Program Files\Charter Security Suite\Anti-Virus\minifilter\hashlib_x86.dll
MOD - [2011/09/15 03:08:44 | 000,768,712 | ---- | M] () -- C:\Program Files\Charter Security Suite\Anti-Virus\fm4av.dll
MOD - [2009/08/05 10:59:08 | 000,199,264 | ---- | M] () -- C:\Program Files\Charter Security Suite\Spam Control\fsas.dll
MOD - [2009/08/05 10:59:02 | 000,001,536 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSPC\fspcfsm.eng
MOD - [2009/08/05 10:58:30 | 000,330,336 | ---- | M] () -- \\?\c:\program files\charter security suite\hips\fshook32.dll
MOD - [2009/08/05 10:58:30 | 000,236,128 | ---- | M] () -- \\?\c:\program files\charter security suite\hips\fsumi.dll
MOD - [2009/08/05 10:57:04 | 000,081,920 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\strres.eng
MOD - [2009/08/05 10:56:50 | 000,045,056 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\fsavures.eng
MOD - [2009/08/05 10:56:32 | 000,838,240 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\about.dll
MOD - [2009/08/05 10:56:32 | 000,088,672 | ---- | M] () -- C:\Program Files\Charter Security Suite\FSGUI\aboutres.dll
MOD - [2009/08/05 10:56:08 | 000,036,864 | ---- | M] () -- C:\Program Files\Charter Security Suite\Anti-Virus\fsavhres.eng
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/02/27 05:16:26 | 000,103,936 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\W32X86\lxdddrpp.dll
MOD - [2007/01/23 19:40:04 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\lxddcaps.dll
MOD - [2007/01/09 17:13:08 | 000,692,224 | ---- | M] () -- C:\WINDOWS\system32\lxdddrs.dll
MOD - [2006/10/06 17:08:04 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\lxddcnv4.dll
MOD - [2006/09/07 12:19:01 | 000,008,704 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2003/05/12 14:02:32 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\W32X86\DLBKPP5C.DLL


========== Win32 Services (SafeList) ==========

SRV - [2011/12/29 22:29:04 | 000,497,496 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/01 20:45:37 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2011/09/15 03:55:08 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2011/09/15 00:48:52 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009/11/25 13:20:02 | 000,091,392 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/08/05 10:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Charter Security Suite\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/08/05 10:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2008/08/18 02:53:36 | 000,112,176 | ---- | M] (SingleClick Systems) [Disabled | Stopped] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2008/03/11 11:44:38 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2007/05/25 09:41:54 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 09:41:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2007/03/03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- -- (ssjletno)
DRV - File not found [Kernel | Auto | Stopped] -- -- (PfModNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MotDev)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (motccgp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MAUSBFT) Service for M-Audio Fast Track USB (WDM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot | Stopped] -- -- (isxcjqk)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (androidusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (andnetndis)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (ANDNetModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (AndNetGps)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (AndNetDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (andnetadb)
DRV - [2012/02/07 15:27:52 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\07694361.sys -- (53098484)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/05 15:46:58 | 000,082,120 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2011/09/15 03:28:10 | 000,042,672 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2011/09/15 03:09:30 | 000,148,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2011/08/29 12:19:54 | 000,057,312 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hotcore3.sys -- (hotcore3)
DRV - [2011/08/16 07:53:16 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/16 07:53:16 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/02/22 13:57:52 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2011/02/22 13:57:52 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2011/02/22 13:57:50 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/12/07 13:23:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2010/12/07 13:23:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2010/12/07 13:23:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandgps.sys -- (AndGps)
DRV - [2010/12/07 13:22:58 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandbus.sys -- (Andbus)
DRV - [2010/03/25 22:55:56 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/10/27 11:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/08/05 10:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/02/05 04:01:05 | 000,002,944 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\JiaoIO.sys -- (JiaoIO)
DRV - [2009/02/05 04:00:30 | 000,758,784 | ---- | M] (Jiao System, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\JiaoCap.sys -- (JiaoCap)
DRV - [2009/01/29 03:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/14 19:08:25 | 000,001,104 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\hafxilqx -- (hafxilqx)
DRV - [2008/11/26 12:18:18 | 000,094,032 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2008/11/26 12:17:36 | 000,111,184 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2008/11/26 12:17:25 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/11/26 12:16:38 | 000,050,864 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2008/11/26 12:16:29 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/11/26 12:15:35 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/11/08 23:39:34 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2008/09/05 11:10:11 | 000,004,484 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cpuidlep.sys -- (cpuidlep)
DRV - [2008/08/06 16:12:10 | 004,755,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/30 17:20:30 | 000,352,256 | ---- | M] (BEHRINGER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BUSB2902.sys -- (BEHRINGER_2902)
DRV - [2008/07/30 17:20:30 | 000,033,792 | ---- | M] (BEHRINGER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\busbwdm.sys -- (BUSB_AUDIO_WDM)
DRV - [2008/04/13 13:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/02/29 03:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/01/28 15:56:47 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/01/28 15:56:38 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/01/15 12:50:52 | 000,459,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/11/02 15:51:28 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/08/27 13:25:12 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2007/08/27 13:25:12 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2007/08/04 05:59:50 | 000,096,704 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006/07/31 18:44:24 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov550i.sys -- (APL531)
DRV - [2006/03/27 17:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2006/01/19 02:01:00 | 000,017,280 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3)
DRV - [2005/12/22 11:24:52 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/12/22 11:24:52 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/12/22 11:24:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/08/30 16:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 16:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 16:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2005/05/02 20:15:50 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel ®
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/04 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2002/09/23 13:49:44 | 000,068,672 | ---- | M] (2Wire, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\2WirePCP.sys -- (2WIREPCP)
DRV - [2002/07/17 08:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080612
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080612
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{F9DB42DE-789D-4154-90B1-66BC1EBE0042}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080612
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080612
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.facebook.com/?ref=hp [binary data]
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Internet Explorer\SearchURL\e, = http://www.preispiraten.de/cgi-bin/e/tracker_ebaysuche_us.pl?%s
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Internet Explorer\SearchURL\e,# = %23
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Internet Explorer\SearchURL\e,& = %26
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Internet Explorer\SearchURL\e,? = %3F
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Internet Explorer\SearchURL\e,+ = %2B
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Internet Explorer\SearchURL\e,= = %3D
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Internet Explorer\SearchURL\e,MenuText = eBay.com
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Internet Explorer\SearchURL\eb, = http://www.preispiraten.de/cgi-bin/e/tracker_ebaysuche_us.pl?%s
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Internet Explorer\SearchURL\eb,# = %23
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Internet Explorer\SearchURL\eb,& = %26
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Internet Explorer\SearchURL\eb,? = %3F
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Internet Explorer\SearchURL\eb,+ = %2B
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Internet Explorer\SearchURL\eb,= = %3D
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Internet Explorer\SearchURL\eb,MenuText = eBay.com
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Internet Explorer\SearchURL\eba, = http://www.preispiraten.de/cgi-bin/e/tracker_ebaysuche_us.pl?%s
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Internet Explorer\SearchURL\eba,# = %23
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Internet Explorer\SearchURL\eba,& = %26
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Internet Explorer\SearchURL\eba,? = %3F
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Internet Explorer\SearchURL\eba,+ = %2B
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Internet Explorer\SearchURL\eba,= = %3D
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Internet Explorer\SearchURL\eba,MenuText = eBay.com
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Internet Explorer\SearchURL\ebay, = http://www.preispiraten.de/cgi-bin/e/tracker_ebaysuche_us.pl?%s
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Internet Explorer\SearchURL\ebay,# = %23
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Internet Explorer\SearchURL\ebay,& = %26
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Internet Explorer\SearchURL\ebay,? = %3F
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Internet Explorer\SearchURL\ebay,+ = %2B
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Internet Explorer\SearchURL\ebay,= = %3D
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Internet Explorer\SearchURL\ebay,MenuText = eBay.com
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = http://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IE
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\..\SearchScopes\{0C444C74-06BA-4F4A-AA6A-1BC2A2798614}: "URL" = http://search.ebay.com/search/search.dll?satitle={searchTerms}
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109130&babsrc=SP_ss&mntrId=bc0daeac000000000000001d099a62e1
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\..\SearchScopes\{14734786-331A-4753-95FB-11B5440196DA}: "URL" = http://rapidshare-search-engine.com/index-s_submit=Search&sformval=1&s_type=0&what=1&s={searchTerms}&start=0.html
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\..\SearchScopes\{2BB5A6C9-D9C9-47DD-8E1C-9C03299571A6}: "URL" = http://www.amazon.com/gp/search?ie=UTF8&tag=ie8search-20&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms}
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\..\SearchScopes\{64C55F04-A002-48DA-81F4-BF1B0F2D70BB}: "URL" = http://www.download.com/3120-20_4.html?qt={searchTerms}&tag=srch&tg=dl-20
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\..\SearchScopes\{75D56ECF-4394-4736-8104-8BBB3AAB4EAC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\..\SearchScopes\{84A78AEB-8C11-4004-95EC-D713F6AB982B}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\..\SearchScopes\{AC854C16-CA1E-43f1-8513-0D2F36C726ED}: "URL" = http://www.danble.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&rls=lUCURVK3
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\..\SearchScopes\{CDE02376-00F5-45F4-AC85-4E9D94E958C1}: "URL" = http://search.about.com/fullsearch.htm?terms={searchTerms}
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\..\SearchScopes\{E52BE12D-A44A-4f51-9DC1-34F37A488CC7}: "URL" = http://search.videodownload-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.no_proxies_on: "localhost, 127.0.0.1"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.type: 5
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.no_proxies_on: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.type: 1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.75.0
FF - prefs.js..extensions.enabledItems: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.382
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=\""

FF - user.js..browser.search.suggest.enabled: true

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Anne\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Anne\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Anne\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Anne\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\Charter Security Suite\NRS\litmus-ff@f-secure.com [2012/02/16 21:54:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/19 02:18:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/02 18:55:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2011/10/02 18:55:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2011/10/02 18:55:56 | 000,000,000 | ---D | M]

[2010/05/05 12:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Extensions
[2010/05/05 12:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008/10/30 03:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2009/04/13 10:19:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Extensions\prism@developer.mozilla.org
[2011/12/10 17:13:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\pye5wyyw.New profile\extensions
[2010/11/22 08:45:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\pye5wyyw.New profile\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2010/11/22 08:45:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\pye5wyyw.New profile\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/11/22 08:45:16 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\pye5wyyw.New profile\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/11/22 08:34:07 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\pye5wyyw.New profile\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}(2)
[2010/11/22 08:45:16 | 000,000,000 | ---D | M] (MyAshampoo Toolbar) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\pye5wyyw.New profile\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2010/11/22 08:45:17 | 000,000,000 | ---D | M] (Gamers Unite! Snag Bar) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\pye5wyyw.New profile\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}(2)
[2010/11/22 08:45:16 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\pye5wyyw.New profile\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/11/22 08:33:58 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\pye5wyyw.New profile\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}(2)
[2010/11/22 08:45:15 | 000,000,000 | ---D | M] (Fantasy Football Rankings and News) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\pye5wyyw.New profile\extensions\fantasyfootball@fantasyfootballnerd.com
[2010/11/22 08:45:15 | 000,000,000 | ---D | M] ("pickemfirst") -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\pye5wyyw.New profile\extensions\pickemfirst@pickemfirst.com
[2010/11/22 08:34:10 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\pye5wyyw.New profile\extensions\support@lastpass(2).com
[2010/11/22 08:34:09 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\pye5wyyw.New profile\extensions\support@lastpass(4).com
[2010/11/22 08:34:09 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\pye5wyyw.New profile\extensions\support@lastpass(5).com
[2011/12/10 17:10:28 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\pye5wyyw.New profile\extensions\support@lastpass.com
[2012/03/02 13:11:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\yylygp5m.default\extensions
[2011/09/02 21:19:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\yylygp5m.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}(2)
[2012/02/17 14:20:00 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\yylygp5m.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/09/02 21:19:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\yylygp5m.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}(2)
[2012/03/01 19:48:42 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\yylygp5m.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/09/02 21:19:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\yylygp5m.default\extensions\support@lastpass(2).com
[2012/01/28 22:32:42 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\yylygp5m.default\extensions\support@lastpass(3).com
[2011/09/02 21:19:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\yylygp5m.default\extensions\support@lastpass(4).com
[2011/09/02 21:19:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\yylygp5m.default\extensions\support@lastpass(5).com
[2012/01/28 23:17:57 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\yylygp5m.default\extensions\support@lastpass.com
[2011/09/02 21:19:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\yylygp5m.default\extensions(2)
[2011/09/02 21:19:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\yylygp5m.default\extensions(2)\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2011/09/02 21:19:07 | 000,000,000 | ---D | M] (Gamers Unite! Snag Bar) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\yylygp5m.default\extensions(2)\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}(2)
[2011/09/02 21:19:29 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\yylygp5m.default\extensions(2)\support@lastpass.com
[2011/12/10 17:13:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\yylygp5m.default\extensions(2)\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}(2)\chrome\content\extensions
[2011/12/10 17:10:29 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\yylygp5m.default\extensions(2)\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}(2)\chrome\content\extensions\support@lastpass.com
[2010/11/22 20:53:25 | 000,001,248 | ---- | M] () -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\yylygp5m.default\searchplugins\facebook.xml
[2010/11/22 20:58:59 | 000,001,792 | ---- | M] () -- C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\yylygp5m.default\searchplugins\google-language-en.xml
[2012/02/07 02:06:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ANNE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\YYLYGP5M.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
[2012/02/19 02:18:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/16 15:10:32 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/29 08:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/29 08:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/?q={searchTerms}&AF=109130&babsrc=SP_ss&mntrId=bc0daeac000000000000001d099a62e1
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Anne\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Anne\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Anne\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: nplastpass (Enabled) = C:\Documents and Settings\Anne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.75.1_0\nplastpass.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Anne\Application Data\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Anne\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Anne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Anne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Documents and Settings\Anne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/29 18:03:33 | 000,000,949 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Charter Security Suite\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe File not found
O4 - HKU\.DEFAULT..\Run: [krnlhtml] %APPDATA%\krnlhtml.exe File not found
O4 - HKU\S-1-5-18..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe File not found
O4 - HKU\S-1-5-18..\Run: [krnlhtml] %APPDATA%\krnlhtml.exe File not found
O4 - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE (Dale Nurden)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator.ABC\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Documents and Settings\Administrator.ABC\Start Menu\Programs\Startup\LaunchOnFly.lnk = C:\Program Files\LaunchOnFly\lf.exe (Arturs Sits)
O4 - Startup: C:\Documents and Settings\Anne\Start Menu\Programs\Startup\LaunchOnFly.lnk = C:\Program Files\LaunchOnFly\lf.exe (Arturs Sits)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - Reg Error: Value error. File not found
O8 - Extra context menu item: &Grab video by Orbit - Reg Error: Value error. File not found
O8 - Extra context menu item: Add to Power Favorites - Reg Error: Value error. File not found
O8 - Extra context menu item: Do&wnload selected by Orbit - Reg Error: Value error. File not found
O8 - Extra context menu item: Down&load all by Orbit - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - Reg Error: Value error. File not found
O8 - Extra context menu item: eBay - Home Page - Reg Error: Value error. File not found
O8 - Extra context menu item: eBay - My eBay - Reg Error: Value error. File not found
O8 - Extra context menu item: eBay - Powersearch - Reg Error: Value error. File not found
O8 - Extra context menu item: eBay - Start Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Google - Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Google - Start Search - Reg Error: Value error. File not found
O9 - Extra Button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - Reg Error: Value error. File not found
O9 - Extra Button: Pricepirates 4 - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - Reg Error: Value error. File not found
O9 - Extra Button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000077 - C:\Program Files\Charter Security Suite\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218657274937 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241026376644 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C5F5C2C-28E8-487D-B65F-3A6ACA2CA01B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2B90C3C-392D-459E-BC37-E269E2CAAC41}: DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2963588e-608c-11df-88e2-001d099a62e1}\Shell - "" = AutoRun
O33 - MountPoints2\{2963588e-608c-11df-88e2-001d099a62e1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2fef7010-ac02-11df-891a-001d099a62e1}\Shell\usermanualEnglish\command - "" = F:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{2fef7010-ac02-11df-891a-001d099a62e1}\Shell\usermanualFrench\command - "" = F:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{2fef7010-ac02-11df-891a-001d099a62e1}\Shell\usermanualSpanish\command - "" = F:\rcaeasyrip_setup.exe /pdf_Spanish
O33 - MountPoints2\{a1cda17c-5e00-11de-8817-001d099a62e1}\Shell\usermanualEnglish\command - "" = F:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{a1cda17c-5e00-11de-8817-001d099a62e1}\Shell\usermanualFrench\command - "" = F:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{a1cda17c-5e00-11de-8817-001d099a62e1}\Shell\usermanualSpanish\command - "" = F:\rcaeasyrip_setup.exe /pdf_Spanish
O33 - MountPoints2\{b288e666-ed23-11dd-87a9-001d099a62e1}\Shell - "" = AutoRun
O33 - MountPoints2\{b288e666-ed23-11dd-87a9-001d099a62e1}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2228734940-2627067488-2539913443-1006\...exe [@ = exefile] -- Reg Error: Key error. File not found


SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: 53098484.sys - C:\WINDOWS\system32\drivers\07694361.sys (Kaspersky Lab, GERT)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: IMFservice - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} -
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} -
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {593CA178-C2BC-16EE-6288-F00816643044} - Adobe Shockwave Director 11.0
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {F4B2380F-9F83-482B-B51F-FD18C7EDD923} - Installation Helper
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: l3codecp.acm - Fraunhofer IIS MPEG Layer-3 Codec File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mpg2 - C:\WINDOWS\System32\gpeg2.dll (GPU-Tech.)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/03/04 15:52:57 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Anne\Desktop\OTL.exe
[2012/03/04 04:14:03 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/03/03 14:33:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Anne\Recent
[2012/03/02 13:32:28 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Anne\Desktop\dds.scr
[2012/02/29 09:50:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anne\Desktop\Friskies_files
[2012/02/23 21:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anne\Desktop\New Folder (2)
[2012/02/23 18:41:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anne\Desktop\pm
[2012/02/12 03:09:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2012/02/12 02:46:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KeyboardTest
[2012/02/12 02:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\KeyboardTest
[2012/02/09 21:04:50 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012/02/09 20:30:13 | 000,000,000 | ---D | C] -- C:\Emergency virus programs
[2012/02/09 19:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anne\Desktop\HostsXpert
[2012/02/07 17:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\backup
[2012/02/07 17:32:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\explauncher
[2012/02/07 17:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\launcher
[2012/02/07 16:34:47 | 000,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2012/02/07 16:33:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2012/02/07 16:32:11 | 000,000,000 | ---D | C] -- C:\SDFix
[2012/02/07 16:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anne\Desktop\SDFix
[2012/02/07 15:37:25 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/07 15:27:52 | 000,098,992 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\07694361.sys
[2012/02/06 19:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2012/02/06 13:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anne\Application Data\XYplorer
[2012/02/06 13:38:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\XYplorer
[2012/02/06 13:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\XYplorer
[2011/10/19 16:54:57 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Anne\Application Data\pcouffin.sys
[2011/09/06 16:56:13 | 009,925,160 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[85 C:\Documents and Settings\Anne\My Documents\*.tmp files -> C:\Documents and Settings\Anne\My Documents\*.tmp -> ]
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/04 15:52:52 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anne\Desktop\OTL.exe
[2012/03/04 15:13:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2228734940-2627067488-2539913443-1006UA.job
[2012/03/04 04:14:03 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/03/04 00:13:02 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2228734940-2627067488-2539913443-1006Core.job
[2012/03/04 00:03:27 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2012/03/03 17:21:09 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\ASC5_AutoUpdate.job
[2012/03/03 16:08:08 | 000,029,584 | ---- | M] () -- C:\Documents and Settings\Anne\Desktop\ark.zip
[2012/03/03 16:05:55 | 000,017,615 | ---- | M] () -- C:\Documents and Settings\Anne\Desktop\ark.rar
[2012/03/03 15:13:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/03 05:19:16 | 000,049,171 | ---- | M] () -- C:\Documents and Settings\Anne\Desktop\article-2109077-11FF2663000005DC-334_634x478.jpg
[2012/03/03 04:45:33 | 000,057,382 | ---- | M] () -- C:\Documents and Settings\Anne\Desktop\253335_1909058930292_4038735_n.jpg
[2012/03/03 04:43:25 | 000,036,078 | ---- | M] () -- C:\Documents and Settings\Anne\Desktop\215129_2300140188353_1394619828_32769881_3330375_n.jpg
[2012/03/02 13:38:24 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Anne\Desktop\gmer.zip
[2012/03/02 13:32:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Anne\Desktop\dds.scr
[2012/03/02 13:31:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Anne\defogger_reenable
[2012/03/02 13:30:32 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Anne\Desktop\Defogger.exe
[2012/03/02 13:10:32 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\Anne\Desktop\cc_20120302_131025.reg
[2012/03/02 05:41:49 | 016,613,376 | ---- | M] () -- C:\Documents and Settings\Anne\My Documents\GORdb1.mdb
[2012/02/29 19:06:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/29 18:03:33 | 000,000,949 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2012/02/29 17:24:38 | 000,019,785 | ---- | M] () -- C:\Documents and Settings\Anne\Desktop\desktop problem.jpg
[2012/02/21 02:39:08 | 000,000,385 | ---- | M] () -- C:\Documents and Settings\Anne\Desktop\ddchange.reg
[2012/02/20 23:03:57 | 000,000,175 | ---- | M] () -- C:\Documents and Settings\Anne\Desktop\ddreg.bat
[2012/02/17 08:00:00 | 000,000,000 | ---- | M] () -- C:\infect.fstmp
[2012/02/17 08:00:00 | 000,000,000 | ---- | M] () -- C:\error.fstmp
[2012/02/16 23:39:56 | 000,178,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/16 22:16:33 | 000,570,156 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/16 22:16:33 | 000,118,968 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/12 10:21:22 | 000,038,752 | ---- | M] () -- C:\Documents and Settings\Anne\My Documents\cc_20120212_102118.reg
[2012/02/12 04:51:33 | 000,191,872 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/02/12 03:37:52 | 000,038,132 | ---- | M] () -- C:\Documents and Settings\Anne\My Documents\cc_20120212_033746.reg
[2012/02/11 18:33:18 | 000,114,176 | ---- | M] () -- C:\Documents and Settings\Anne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/11 18:19:27 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Anne\Desktop\wh.VSP
[2012/02/11 18:02:05 | 000,000,055 | ---- | M] () -- C:\WINDOWS\Gpeg2.ini
[2012/02/09 23:04:18 | 000,440,974 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS.TRB
[2012/02/09 22:51:55 | 000,000,698 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120209-230418.backup
[2012/02/09 21:34:37 | 000,238,765 | ---- | M] () -- C:\Documents and Settings\Anne\Local Settings\Application Data\census.cache
[2012/02/09 21:34:09 | 000,312,698 | ---- | M] () -- C:\Documents and Settings\Anne\Local Settings\Application Data\ars.cache
[2012/02/09 01:16:29 | 000,001,570 | ---- | M] () -- C:\Documents and Settings\Anne\Start Menu\Programs\Startup\LaunchOnFly.lnk
[2012/02/07 16:34:47 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2012/02/07 16:19:30 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/07 15:27:52 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\07694361.sys
[2012/02/06 11:33:17 | 000,000,468 | ---- | M] () -- C:\Documents and Settings\Anne\My Documents\cc_20120206_113302.reg
[85 C:\Documents and Settings\Anne\My Documents\*.tmp files -> C:\Documents and Settings\Anne\My Documents\*.tmp -> ]
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\etc\*.tmp files -> C:\WINDOWS\System32\drivers\etc\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/03 16:08:08 | 000,029,584 | ---- | C] () -- C:\Documents and Settings\Anne\Desktop\ark.zip
[2012/03/03 16:05:55 | 000,017,615 | ---- | C] () -- C:\Documents and Settings\Anne\Desktop\ark.rar
[2012/03/03 05:19:16 | 000,049,171 | ---- | C] () -- C:\Documents and Settings\Anne\Desktop\article-2109077-11FF2663000005DC-334_634x478.jpg
[2012/03/03 04:45:33 | 000,057,382 | ---- | C] () -- C:\Documents and Settings\Anne\Desktop\253335_1909058930292_4038735_n.jpg
[2012/03/03 04:43:24 | 000,036,078 | ---- | C] () -- C:\Documents and Settings\Anne\Desktop\215129_2300140188353_1394619828_32769881_3330375_n.jpg
[2012/03/02 13:38:29 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Anne\Desktop\gmer.zip
[2012/03/02 13:31:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Anne\defogger_reenable
[2012/03/02 13:30:37 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Anne\Desktop\Defogger.exe
[2012/03/02 13:10:32 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\Anne\Desktop\cc_20120302_131025.reg
[2012/02/29 17:24:37 | 000,019,785 | ---- | C] () -- C:\Documents and Settings\Anne\Desktop\desktop problem.jpg
[2012/02/21 02:39:08 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Anne\Desktop\ddchange.reg
[2012/02/20 23:03:57 | 000,000,175 | ---- | C] () -- C:\Documents and Settings\Anne\Desktop\ddreg.bat
[2012/02/16 11:09:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 11:09:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/13 08:00:00 | 000,000,000 | ---- | C] () -- C:\infect.fstmp
[2012/02/13 08:00:00 | 000,000,000 | ---- | C] () -- C:\error.fstmp
[2012/02/12 10:21:20 | 000,038,752 | ---- | C] () -- C:\Documents and Settings\Anne\My Documents\cc_20120212_102118.reg
[2012/02/12 03:37:49 | 000,038,132 | ---- | C] () -- C:\Documents and Settings\Anne\My Documents\cc_20120212_033746.reg
[2012/02/11 18:13:26 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Anne\Desktop\wh.VSP
[2012/02/09 21:34:37 | 000,238,765 | ---- | C] () -- C:\Documents and Settings\Anne\Local Settings\Application Data\census.cache
[2012/02/09 21:34:09 | 000,312,698 | ---- | C] () -- C:\Documents and Settings\Anne\Local Settings\Application Data\ars.cache
[2012/02/06 11:33:06 | 000,000,468 | ---- | C] () -- C:\Documents and Settings\Anne\My Documents\cc_20120206_113302.reg
[2012/01/12 19:58:48 | 000,009,182 | ---- | C] () -- C:\Documents and Settings\Anne\Application Data\2c194714
[2012/01/12 19:58:48 | 000,009,175 | ---- | C] () -- C:\Documents and Settings\Anne\Local Settings\Application Data\9838648
[2012/01/12 19:58:48 | 000,009,167 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\41b7a51b
[2011/10/19 16:54:57 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Anne\Application Data\inst.exe
[2011/10/19 16:54:57 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Anne\Application Data\pcouffin.cat
[2011/10/19 16:54:57 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Anne\Application Data\pcouffin.inf
[2011/09/15 03:03:02 | 000,042,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2011/07/30 11:58:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/04/06 18:12:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ScratchRemoval.dll
[2011/03/23 21:31:07 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2011/03/23 21:31:07 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011/01/20 20:37:49 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2011/01/20 20:37:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2011/01/20 20:37:43 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2011/01/20 20:37:43 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2011/01/20 20:37:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2011/01/20 20:37:21 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2011/01/20 20:35:20 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2011/01/20 20:35:20 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2011/01/20 20:35:20 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
[2011/01/20 20:35:20 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2011/01/20 20:35:20 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2011/01/20 20:35:20 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2011/01/20 20:35:20 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcoms.exe
[2011/01/20 20:35:20 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2011/01/20 20:35:20 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2011/01/20 20:35:20 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2011/01/20 20:35:20 | 000,394,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcfg.exe
[2011/01/20 20:35:20 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddih.exe
[2011/01/20 20:35:20 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2011/01/20 20:35:20 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2011/01/20 20:35:20 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2011/01/20 20:35:20 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2011/01/20 20:35:20 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2010/12/16 21:48:14 | 000,000,055 | ---- | C] () -- C:\WINDOWS\Gpeg2.ini
[2010/05/21 04:01:36 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/17 03:04:37 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Anne\Application Data\$_hpcst$.hpc
[2010/03/25 23:02:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010/03/25 22:49:33 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 241 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 191 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F68098AE
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2F2F703
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE61C65A
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9D8E22
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EF0B145
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44807EFA
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:242231A9
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC359956
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794
@Alternate Data Stream - 108 bytes -> C:\WINDOWS:
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >


OTL Extras logfile created on: 3/4/2012 3:54:03 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\Anne\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.41 Gb Available Physical Memory | 20.60% Memory free
3.85 Gb Paging File | 2.29 Gb Available in Paging File | 59.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.31 Gb Total Space | 48.93 Gb Free Space | 45.60% Space Free | Partition Type: NTFS

Computer Name: ABC | User Name: Anne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2228734940-2627067488-2539913443-1006\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [print] -- Reg Error: Key error.
txtfile [printto] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"18768:TCP" = 18768:TCP:*:Enabled:Opera
"45682:TCP" = 45682:TCP:*:Enabled:uTorrent
"45682:UDP" = 45682:UDP:*:Enabled:uTorrent
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Lexmark 2500 Series\app4r.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Torrents\utorrent.exe" = C:\Torrents\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\WINDOWS\system32\lxddcoms.exe" = C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe" = C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Lexmark Device Monitor -- ()
"C:\Program Files\Lexmark 2500 Series\App4R.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- ()
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe" = C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: -- ()
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Enabled: -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled: -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{0521D127-7242-4748-AB63-AF8A4EFA4247}" = Sudoku_Puzzle
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{174D5678-D941-433C-BD23-58A5C7B0D36D}" = Jasc Animation Shop 3
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2A6F953D-E20A-4484-8E82-4A0BE2C25D21}" = Motorola Phone Tools
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C080B57-0D1E-4C73-B03B-68A9EF9F23F3}" =
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{403EF592-953B-4794-BCEF-ECAB835C2095}" =
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C2CEEBA-A5EB-496E-B24D-C26D93157EB7}" = DSound GT Player Express
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{555D5F00-9CEE-4FE5-8C2A-5856A4DF94F4}" = Intel® Network Connections 13.3.46.0
"{5710D2D9-9907-41BA-85AA-B2CE2C2BCA86}" =
"{582876EC-A178-44D4-9823-C10D6C62EAFF}" =
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}" =
"{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}" =
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6332AE1B-FD23-4448-B237-A63900602D72}" = ArcSoft Video Downloader
"{63A317D0-60A6-43FC-848A-9FE4A53B29CE}" =
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = AusLogics BoostSpeed
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B03B4E6-E3F9-11D5-B9D9-00D0B75C082C}" = Polaroid Dust and Scratch Removal v1.0.0.15.2e
"{7BBDFB3E-F8BE-4D52-98BA-B6087F8F1D58}" = PS7700
"{816EA7C2-9B8D-48CA-A424-3DE3C80A5033}" = Motorola Driver Installation 4.2.0
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 ESD
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{922D9CCA-4317-425F-9AA5-94829DF8BA6D}" = Motorola Software Update
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{986A654F-F1E4-11DD-9FCA-005056C00008}" = Paragon Partition Manager™ 11 Personal Special Edition
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A746CE98-A755-4AD7-B4B8-346DC74CDECD}" = OVT Scanner
"{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}" = Inpaint
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C679B41F-EE6E-4727-B131-47101785420A}" =
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CACC48EB-D46A-44A3-97D7-28E499516764}" = Gpeg2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{DE2EBD6F-81B6-4E9A-B137-C11FD6790CFF}" = PSShortcutsP
"{E0F252A6-DE85-4E93-A93B-DFC3537B3965}" = WG111v2 Configuration Utility
"{E2AE8456-CCFE-46C0-8629-71CC507660FC}" = LG SP USB Driver
"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites
"{E34D953E-FE88-4828-B407-8FD29341D36B}" = Motorola Phone Tools
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EFE26D3B-2789-4068-A5BB-77E389FAEB98}" = PSUsage
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2440AC3-8438-43B8-99A3-EB4BD0A0ED21}" = RSDLite
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FAAEB46F-6BEE-409B-8983-264C21B9C415}" = Pixo
"{FBA0CA60-8BF2-4381-B819-74F020E165A9}" = LG USB WML Modem Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"AC3File_is1" = AC3File 0.7b
"AC3Filter_is1" = AC3Filter 1.63b
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica MP3 CD Burner" = Acoustica MP3 CD Burner
"Active@ UNDELETE" = Active@ UNDELETE
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Aiseesoft Total Media Converter_is1" = Aiseesoft Total Media Converter 5.2.30
"Alldj DVD Ripper Platium_is1" = Alldj DVD Ripper Platium 4.0
"Alldj DVD To AVI Converter_is1" = Alldj DVD To AVI Converter 2.7
"Almeza MultiSet Professional 6.1_is1" = Almeza MultiSet Professional 6.1
"AnyDVD" = AnyDVD
"Aplus DVD Copy_is1" = Aplus DVD Copy 8.79
"Aplus DVD Creator_is1" = Aplus DVD Creator 8.68
"Aplus DVD Ripper_is1" = Aplus DVD Ripper 8.59
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"Audacity_is1" = Audacity 1.2.6
"Audio Editor Gold_is1" = Audio Editor Gold v9.2.15
"AudioLabel" = AudioLabel
"AVIcodec" = AVIcodec (remove only)
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVSDiscCreator_is1" = AVS Disc Creator version 2.1
"bitRipper" = bitRipper
"BroadJump Client Foundation" = BroadJump Client Foundation
"CCleaner" = CCleaner
"Color Picker Pro" = Color Picker Pro 1.0
"Connection Manager" =
"ConvertVid_is1" = Nuclear Coffee - ConvertVid
"Creative File Manager" =
"Creative Lyrics Editor" =
"Creative MuVo N200 Media Explorer" = Creative MuVo N200 Media Explorer
"Creative MuVo V100 Media Explorer" =
"Creative SmartFill" =
"CyberPower Audio Editing Lab 12.8_is1" = CyberPower Audio Editing Lab 12.8
"Dexster_is1" = Dexster V3.2
"Digital Media Converter_is1" = Digital Media Converter 2.7
"Digital Support" = PC Fixer
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDx_is1" = DVDx
"Easy Macro Recorder_is1" = Easy Macro Recorder 4.25
"eCover Engineer for GiveAwayoftheDay_is1" = eCover Engineer 5.5
"EMDB_is1" = EMDB 0.80
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Extra Video Effect Editor_is1" = Extra Video Effect Editor 6.02
"Foxit Reader" = Foxit Reader
"Framing Studio_is1" = Framing Studio 2.65
"Freecorder4.1" = Freecorder
"F-Secure Product 444" = Charter Security Suite
"FTP Commander Pro" = FTP Commander Pro
"GoldWave v5.20" = GoldWave v5.20
"GrabJPG" = GrabJPG
"Graph paper printer" = Graph paper printer
"Graph_is1" = Graph 4.3
"GSpot" = GSpot Codec Information Appliance
"HijackThis" = HijackThis 2.0.2
"HyperSnap 6" = HyperSnap 6
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"Imikimi Plugin" = Imikimi Plugin
"InFlac" = InFlac 1.1.1
"InstallShield Uninstall Information" =
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.3
"KeyboardTest_is1" = KeyboardTest V3.0
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.5.0
"LaunchOnFly_is1" = LaunchOnFly 1.32
"Lexmark 2500 Series" = Lexmark 2500 Series
"LView Pro 2006 - Full Version" = LView Pro 2006 - Full Version
"Magic ISO Maker v5.5 (build 0261)" = Magic ISO Maker v5.5 (build 0261)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"MediaInfo" = MediaInfo 0.7.10
"mflGameDay_is1" = myfantasyleague.com Game Day 2011
"MGI_PHOTOSUITE_V806" = MGI PhotoSuite 8.06 (Remove Only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Interactive Training" =
"MOVAVI VideoSuite 3.4" = MOVAVI VideoSuite 3.4
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"Mpeg2Decoder_is1" = Mpeg2Decoder 1.3
"mpegable DS" = mpegable DS decoder
"Mplayer" = Mplayer 0.6.9
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MultiStage Recovery_is1" = MultiStage Recovery 3.6
"MuVo Driver" = MuVo Driver
"Netscape Navigator (9.0.0.6)" = Netscape Navigator (9.0.0.6)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OJOsoft Audio Converter_is1" = OJOsoft Audio Converter
"Opera 11.61.1250" = Opera 11.61
"Orbit_is1" = Orbit Downloader
"Paint.NET_is1" = Paint.NET 3.8
"PCHealth" =
"PeerGuardian_is1" = PeerGuardian 2.0
"Photo Stamp Remover_is1" = Photo Stamp Remover 4.2
"PhotoScape" = PhotoScape
"PlayerRecoveryDriver" = Player Recovery Drivers
"Process Tamer_is1" = Process Tamer 2.08.01
"Quick Screenshot Maker 2.1_is1" = Quick Screenshot Maker 2.1
"RealPlayer 6.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.88
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SysInfo" = Creative System Information
"t@b ZS4 Video Editor_is1" = t@b ZS4 Video Editor v0.958-686
"The Font Thing" = The Font Thing
"The KMPlayer" = The KMPlayer (remove only)
"The Ultimate Troubleshooter" = The Ultimate Troubleshooter
"ThumbsPlus7" = ThumbsPlus version 7.0
"TreeSize Professional_is1" = TreeSize Professional 4.3
"Trojan Remover_is1" = Trojan Remover 6.8.2
"Ultra AVI Converter_is1" = Ultra AVI Converter 5.0.1123
"Unlocker" = Unlocker 1.8.5
"USB_AUDIO_DEusb-audio.deBehringer2902" = BEHRINGER USB AUDIO DRIVER
"uTorrent" = µTorrent
"VobSub" = VobSub v2.23 (Remove Only)
"Wdf01000" =
"Wdf01001" =
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winmx Community 1" = Winmx Community 1
"WinRAR archiver" = WinRAR archiver
"WinUpdatesList" = WinUpdatesList
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 6.0.0
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wondershare Video Converter Platinum_is1" = Wondershare Video Converter Platinum(Build 3.2.47) Trial Versio
"Wondershare Video to DVD Burner_is1" = Wondershare Video to DVD Burner(Build 2.1.25)
"Xilisoft DVD Creator" = Xilisoft DVD Creator
"Xilisoft DVD Ripper Platinum" = Xilisoft DVD Ripper Platinum
"XP Repair Pro_is1" = 2.5.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"XYplorer" = XYplorer 10.80
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2228734940-2627067488-2539913443-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Button Shop 4" = Button Shop 4
"Google Chrome" = Google Chrome
"LastPass" = LastPass (uninstall only)
"Move Media Player" = Move Media Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 2/8/2010 8:59:43 AM | Computer Name = ABC | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.

Error - 2/8/2010 9:00:01 AM | Computer Name = ABC | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().

Error - 2/12/2010 1:58:14 AM | Computer Name = ABC | Source = avast! | ID = 33554522
Description = AAVM - initialization error: AavmStart: avworkInitialize failed, 0000A438.


Error - 2/12/2010 1:58:15 AM | Computer Name = ABC | Source = avast! | ID = 33554522
Description = During the parsing of C:\Program Files\Alwil Software\Avast4\deftasks.xml
XML document, following error occurred: C.

Error - 2/12/2010 2:59:29 PM | Computer Name = ABC | Source = avast! | ID = 33554522
Description = AAVM - initialization error: AavmStart: avworkInitialize failed, 0000A438.


Error - 2/12/2010 2:59:29 PM | Computer Name = ABC | Source = avast! | ID = 33554522
Description = During the parsing of C:\Program Files\Alwil Software\Avast4\deftasks.xml
XML document, following error occurred: C.

Error - 2/12/2010 4:25:32 PM | Computer Name = ABC | Source = avast! | ID = 33554522
Description = AAVM - initialization error: AavmStart: avworkInitialize failed, 0000A438.


Error - 2/12/2010 4:25:32 PM | Computer Name = ABC | Source = avast! | ID = 33554522
Description = During the parsing of C:\Program Files\Alwil Software\Avast4\deftasks.xml
XML document, following error occurred: C.

Error - 2/12/2010 4:29:50 PM | Computer Name = ABC | Source = avast! | ID = 33554522
Description = AAVM - initialization error: AavmStart: avworkInitialize failed, 0000A438.


Error - 2/12/2010 4:29:50 PM | Computer Name = ABC | Source = avast! | ID = 33554522
Description = During the parsing of C:\Program Files\Alwil Software\Avast4\deftasks.xml
XML document, following error occurred: C.

[ Application Events ]
Error - 2/12/2012 5:28:25 AM | Computer Name = ABC | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 2/12/2012 6:26:14 AM | Computer Name = ABC | Source = F-Secure Anti-Virus | ID = 103
Description = 1 2012-02-12 05:26:11-04:00 ABC ABC\Anne F-Secure Anti-Virus
Malicious code found in file C:\TDSSKiller_Quarantine\07.02.2012_15.35.02\mbr0000\tdlfs0000\tsk0005.dta.
Infection: Rootkit.TDSS.BK Action: failed.

Error - 2/13/2012 9:27:23 AM | Computer Name = ABC | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {ACCD7F94-B3DF-41C4-99B8-662A39A74388} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.702 s

Error - 2/13/2012 9:27:23 AM | Computer Name = ABC | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {E12B91FA-34F2-4425-B50C-3D96C8FC446A} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.702 s

Error - 2/13/2012 9:27:24 AM | Computer Name = ABC | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {49DD7C13-CB8E-4170-8317-5EFF8BCD345F} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.702 s

Error - 2/13/2012 9:27:29 AM | Computer Name = ABC | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {5198960C-0669-49B1-891C-5D2709F52642} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.702 s

Error - 2/13/2012 9:27:33 AM | Computer Name = ABC | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {CCAE0B5F-8C87-40FF-9DBD-28004F515183} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.702 s

Error - 2/13/2012 9:27:34 AM | Computer Name = ABC | Source = COM+ | ID = 135894
Description = A condition has occurred that indicates this COM+ application is in
an unstable state or is not functioning correctly. Assertion Failure: SUCCEEDED(hr)

Server
Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance
ID: {459EE481-A6B0-4386-9880-549CCB9700F5} Server Application Name: System Application
The
serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff
: Catastrophic failure COM+ Services Internals Information: File: f:\xpsp3\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl.cpp,
Line: 3000 Comsvcs.dll file version: ENU 2001.12.4414.702 s

Error - 2/13/2012 9:27:34 AM | Computer Name = ABC | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 80080005: InitEventCollector fail

Error - 2/17/2012 12:40:25 AM | Computer Name = ABC | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

[ System Events ]
Error - 3/3/2012 4:09:32 PM | Computer Name = ABC | Source = F-Secure Gatekeeper | ID = 327681
Description =

Error - 3/3/2012 4:09:33 PM | Computer Name = ABC | Source = F-Secure Gatekeeper | ID = 327681
Description =

Error - 3/3/2012 4:11:11 PM | Computer Name = ABC | Source = F-Secure Gatekeeper | ID = 327681
Description =

Error - 3/3/2012 4:11:11 PM | Computer Name = ABC | Source = F-Secure Gatekeeper | ID = 327681
Description =

Error - 3/3/2012 4:13:24 PM | Computer Name = ABC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxddCATSCustConnectService
service to connect.

Error - 3/3/2012 4:13:24 PM | Computer Name = ABC | Source = Service Control Manager | ID = 7000
Description = The lxddCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 3/3/2012 4:13:24 PM | Computer Name = ABC | Source = Service Control Manager | ID = 7000
Description = The PfModNT service failed to start due to the following error: %%2

Error - 3/3/2012 4:13:29 PM | Computer Name = ABC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
hafxilqx

Error - 3/3/2012 4:13:33 PM | Computer Name = ABC | Source = Service Control Manager | ID = 7024
Description = The Routing and Remote Access service terminated with service-specific
error 340 (0x154).

Error - 3/3/2012 4:15:16 PM | Computer Name = ABC | Source = F-Secure Gatekeeper | ID = 327681
Description =


< End of report >


Thanks for your help. I have a Windows disk but it is cracked, so I don't think I can use it.

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:53 PM

Posted 04 March 2012 - 04:35 PM

hi,

please run ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 abricru

abricru
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 05 March 2012 - 07:26 AM

ComboFix 12-03-04.02 - Anne 03/05/2012 6:42.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1029 [GMT -5:00]
Running from: c:\documents and settings\Anne\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 000000-0] *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Charter Security Suite 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: ArcaFirewall 2008 *Disabled* {B640009B-6FF6-4CA7-9CE8-7DA160B95A5B}
FW: Charter Security Suite 9.01 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\SPL132.tmp
c:\documents and settings\Anne\Application Data\.#
c:\documents and settings\Anne\Application Data\.#\MBX@6C4@CF38B0.###
c:\documents and settings\Anne\Application Data\.#\MBX@6C4@CF38C0.###
c:\documents and settings\Anne\Application Data\.#\MBX@6C4@CF38D0.###
c:\documents and settings\Anne\Application Data\.#\MBX@6C4@CF3900.###
c:\documents and settings\Anne\Application Data\.#\MBX@6C4@CF3950.###
c:\documents and settings\Anne\Application Data\.#\MBX@6C4@CF3970.###
c:\documents and settings\Anne\Application Data\.#\MBX@720@CF38B0.###
c:\documents and settings\Anne\Application Data\.#\MBX@720@CF38C0.###
c:\documents and settings\Anne\Application Data\.#\MBX@720@CF38D0.###
c:\documents and settings\Anne\Application Data\.#\MBX@720@CF3900.###
c:\documents and settings\Anne\Application Data\.#\MBX@720@CF3950.###
c:\documents and settings\Anne\Application Data\.#\MBX@720@CF3970.###
c:\documents and settings\Anne\Application Data\inst.exe
c:\documents and settings\Anne\Application Data\Local
c:\documents and settings\Anne\Application Data\Local\Temp\DDM\Settings\.ddr
c:\documents and settings\Anne\Application Data\Local\Temp\DDM\Settings\0.ddi
c:\documents and settings\Anne\Application Data\Local\Temp\DDM\Settings\1.ddi
c:\documents and settings\Anne\Application Data\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\documents and settings\Anne\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\Anne\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\documents and settings\Anne\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\documents and settings\Anne\Application Data\vso_ts_preview.xml
c:\documents and settings\Anne\My Documents\~WRL0002.tmp
c:\documents and settings\Anne\My Documents\~WRL0003.tmp
c:\documents and settings\Anne\My Documents\~WRL0004.tmp
c:\documents and settings\Anne\My Documents\~WRL0005.tmp
c:\documents and settings\Anne\My Documents\~WRL0006.tmp
c:\documents and settings\Anne\My Documents\~WRL0007.tmp
c:\documents and settings\Anne\My Documents\~WRL0008.tmp
c:\documents and settings\Anne\My Documents\~WRL0025.tmp
c:\documents and settings\Anne\My Documents\~WRL0110.tmp
c:\documents and settings\Anne\My Documents\~WRL0123.tmp
c:\documents and settings\Anne\My Documents\~WRL0145.tmp
c:\documents and settings\Anne\My Documents\~WRL0193.tmp
c:\documents and settings\Anne\My Documents\~WRL0370.tmp
c:\documents and settings\Anne\My Documents\~WRL0398.tmp
c:\documents and settings\Anne\My Documents\~WRL0423.tmp
c:\documents and settings\Anne\My Documents\~WRL0450.tmp
c:\documents and settings\Anne\My Documents\~WRL0468.tmp
c:\documents and settings\Anne\My Documents\~WRL0571.tmp
c:\documents and settings\Anne\My Documents\~WRL0572.tmp
c:\documents and settings\Anne\My Documents\~WRL0647.tmp
c:\documents and settings\Anne\My Documents\~WRL0692.tmp
c:\documents and settings\Anne\My Documents\~WRL0704.tmp
c:\documents and settings\Anne\My Documents\~WRL0846.tmp
c:\documents and settings\Anne\My Documents\~WRL0866.tmp
c:\documents and settings\Anne\My Documents\~WRL1089.tmp
c:\documents and settings\Anne\My Documents\~WRL1098.tmp
c:\documents and settings\Anne\My Documents\~WRL1233.tmp
c:\documents and settings\Anne\My Documents\~WRL1239.tmp
c:\documents and settings\Anne\My Documents\~WRL1276.tmp
c:\documents and settings\Anne\My Documents\~WRL1328.tmp
c:\documents and settings\Anne\My Documents\~WRL1364.tmp
c:\documents and settings\Anne\My Documents\~WRL1408.tmp
c:\documents and settings\Anne\My Documents\~WRL1491.tmp
c:\documents and settings\Anne\My Documents\~WRL1615.tmp
c:\documents and settings\Anne\My Documents\~WRL1619.tmp
c:\documents and settings\Anne\My Documents\~WRL1622.tmp
c:\documents and settings\Anne\My Documents\~WRL1684.tmp
c:\documents and settings\Anne\My Documents\~WRL1725.tmp
c:\documents and settings\Anne\My Documents\~WRL1813.tmp
c:\documents and settings\Anne\My Documents\~WRL1844.tmp
c:\documents and settings\Anne\My Documents\~WRL1915.tmp
c:\documents and settings\Anne\My Documents\~WRL2065.tmp
c:\documents and settings\Anne\My Documents\~WRL2076.tmp
c:\documents and settings\Anne\My Documents\~WRL2077.tmp
c:\documents and settings\Anne\My Documents\~WRL2094.tmp
c:\documents and settings\Anne\My Documents\~WRL2129.tmp
c:\documents and settings\Anne\My Documents\~WRL2170.tmp
c:\documents and settings\Anne\My Documents\~WRL2200.tmp
c:\documents and settings\Anne\My Documents\~WRL2262.tmp
c:\documents and settings\Anne\My Documents\~WRL2312.tmp
c:\documents and settings\Anne\My Documents\~WRL2372.tmp
c:\documents and settings\Anne\My Documents\~WRL2392.tmp
c:\documents and settings\Anne\My Documents\~WRL2399.tmp
c:\documents and settings\Anne\My Documents\~WRL2430.tmp
c:\documents and settings\Anne\My Documents\~WRL2476.tmp
c:\documents and settings\Anne\My Documents\~WRL2491.tmp
c:\documents and settings\Anne\My Documents\~WRL2521.tmp
c:\documents and settings\Anne\My Documents\~WRL2615.tmp
c:\documents and settings\Anne\My Documents\~WRL2629.tmp
c:\documents and settings\Anne\My Documents\~WRL2682.tmp
c:\documents and settings\Anne\My Documents\~WRL2695.tmp
c:\documents and settings\Anne\My Documents\~WRL2849.tmp
c:\documents and settings\Anne\My Documents\~WRL2885.tmp
c:\documents and settings\Anne\My Documents\~WRL2937.tmp
c:\documents and settings\Anne\My Documents\~WRL2973.tmp
c:\documents and settings\Anne\My Documents\~WRL2979.tmp
c:\documents and settings\Anne\My Documents\~WRL3024.tmp
c:\documents and settings\Anne\My Documents\~WRL3038.tmp
c:\documents and settings\Anne\My Documents\~WRL3106.tmp
c:\documents and settings\Anne\My Documents\~WRL3163.tmp
c:\documents and settings\Anne\My Documents\~WRL3172.tmp
c:\documents and settings\Anne\My Documents\~WRL3236.tmp
c:\documents and settings\Anne\My Documents\~WRL3529.tmp
c:\documents and settings\Anne\My Documents\~WRL3560.tmp
c:\documents and settings\Anne\My Documents\~WRL3570.tmp
c:\documents and settings\Anne\My Documents\~WRL3603.tmp
c:\documents and settings\Anne\My Documents\~WRL3612.tmp
c:\documents and settings\Anne\My Documents\~WRL3675.tmp
c:\documents and settings\Anne\My Documents\~WRL3719.tmp
c:\documents and settings\Anne\My Documents\~WRL3813.tmp
c:\documents and settings\Anne\My Documents\~WRL3833.tmp
c:\documents and settings\Anne\My Documents\~WRL3883.tmp
c:\documents and settings\Anne\My Documents\~WRL4011.tmp
c:\documents and settings\Anne\My Documents\~WRL4025.tmp
c:\documents and settings\Anne\My Documents\~WRL4061.tmp
c:\documents and settings\Anne\WINDOWS
c:\windows\neoqaz2.dll
c:\windows\system\l3codecp.acm
c:\windows\system32\~GLH002b.TMP
c:\windows\system32\DC120fc7_32.dll
c:\windows\system32\gotomon.log
c:\windows\system32\SET4D9.tmp
c:\windows\system32\SETEF35.tmp
c:\windows\system32\SETEF37.tmp
c:\windows\system32\SETEF45.tmp
c:\windows\system32\spool\prtprocs\w32x86\GoToPrintProcessor.dll
c:\windows\UA000059.DLL
c:\windows\UA000106.DLL
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-03-01 00:04 . 2012-03-01 00:04 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-17 03:07 . 2012-02-17 03:07 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2012-02-16 16:09 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 16:09 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-12 08:09 . 2012-02-12 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PassMark
2012-02-12 07:46 . 2012-02-12 08:09 -------- d-----w- c:\program files\KeyboardTest
2012-02-10 02:04 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-02-10 01:30 . 2012-02-16 20:46 -------- d-----w- C:\Emergency virus programs
2012-02-07 22:33 . 2012-02-07 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\backup
2012-02-07 22:32 . 2012-02-07 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\explauncher
2012-02-07 22:32 . 2012-02-07 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\launcher
2012-02-07 21:34 . 2012-02-07 21:34 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2012-02-07 21:33 . 2012-02-07 21:33 -------- d-----w- c:\windows\ERUNT
2012-02-07 21:32 . 2012-02-10 00:28 -------- d-----w- C:\SDFix
2012-02-07 20:37 . 2012-02-07 20:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-07 20:27 . 2012-02-07 20:27 98992 ----a-w- c:\windows\system32\drivers\07694361.sys
2012-02-07 07:06 . 2012-02-07 07:06 -------- d-----w- c:\documents and settings\Administrator.ABC\Application Data\Simply Super Software
2012-02-07 00:58 . 2012-02-07 00:58 -------- d-----w- c:\documents and settings\Administrator.ABC\Application Data\LaunchOnFly
2012-02-07 00:19 . 2012-02-07 00:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2012-02-06 18:38 . 2012-02-07 07:06 -------- d-----w- c:\documents and settings\Anne\Application Data\XYplorer
2012-02-06 18:38 . 2012-02-07 07:06 -------- d-----w- c:\program files\XYplorer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 07:27 . 2012-01-29 07:27 355 ----a-w- c:\windows\system32\drivers\etc\hosts.ussclean.tmp
2012-01-12 16:53 . 2004-08-04 10:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-06 13:55 . 2011-09-03 14:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-17 19:46 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 22:10 . 2011-09-06 21:56 9925160 ----a-w- c:\program files\Common Files\lpuninstall.exe
2011-12-10 20:24 . 2008-11-18 11:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-01-14 08:43 . 2009-01-14 08:43 126976 ----a-w- c:\program files\BaUPnP.exe
2012-02-19 07:18 . 2011-04-29 08:22 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TClockEx"="c:\program files\TClockEx\TCLOCKEX.EXE" [2000-03-09 89088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\program files\Charter Security Suite\Common\FSM32.EXE" [2009-08-05 199264]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Administrator.ABC\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2011-9-6 9925160]
LaunchOnFly.lnk - c:\program files\LaunchOnFly\lf.exe [2008-7-11 663552]
.
c:\documents and settings\Anne\Start Menu\Programs\Startup\
LaunchOnFly.lnk - c:\program files\LaunchOnFly\lf.exe [2008-7-11 663552]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-16 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Torrents\\utorrent.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18768:TCP"= 18768:TCP:Opera
"45682:TCP"= 45682:TCP:uTorrent
"45682:UDP"= 45682:UDP:uTorrent
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [9/15/2011 3:03 AM 42672]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [9/15/2011 3:02 AM 82120]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [9/6/2011 11:40 PM 57312]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [1/30/2012 2:41 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [1/30/2012 2:41 PM 69392]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2/1/2010 7:09 AM 111184]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Charter Security Suite\HIPS\drivers\fshs.sys [9/15/2011 3:02 AM 68064]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 1:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/1/2010 7:09 AM 20560]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/5/2010 10:04 PM 652872]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [9/15/2011 3:01 AM 148632]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Charter Security Suite\ORSP Client\fsorsp.exe [9/15/2011 3:02 AM 61088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/18/2008 6:06 AM 20464]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/19/2011 4:54 PM 47360]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [1/30/2012 2:41 PM 33552]
S0 hafxilqx;hafxilqx; [x]
S0 isxcjqk;isxcjqk; [x]
S0 ssjletno;ssjletno; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [1/20/2011 8:37 PM 99248]
S3 53098484;53098484;c:\windows\system32\drivers\07694361.sys [2/7/2012 3:27 PM 98992]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [4/11/2011 4:34 AM 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [4/11/2011 4:34 AM 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [4/11/2011 4:34 AM 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [4/11/2011 4:34 AM 25088]
S3 andnetadb;ADB Interface DriverNet; [x]
S3 AndNetDiag;LG AndroidNet USB Serial Port; [x]
S3 AndNetGps;LG AndroidNet USB GPS NMEA Port; [x]
S3 ANDNetModem;LG AndroidNet USB Modem; [x]
S3 andnetndis;LG AndroidNet NDIS Ethernet Adapter; [x]
S3 androidusb;ADB Interface Driver; [x]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [7/31/2006 6:44 PM 580992]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [11/9/2008 9:50 PM 352256]
S3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [11/10/2008 1:38 AM 33792]
S3 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/31/2008 3:10 PM 66048]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
S3 MAUSBFT;Service for M-Audio Fast Track USB (WDM);c:\windows\system32\DRIVERS\mausbft.sys --> c:\windows\system32\DRIVERS\mausbft.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/9/2009 3:13 PM 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [7/4/2010 2:58 PM 91392]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [12/12/2008 2:06 PM 167808]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 5:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 !SASCORE;!SASCORE;c:\program files\SUPERAntiSpyware\SASCORE.EXE [5/4/2011 12:54 PM 116608]
S4 AdvancedSystemCareService5;AdvancedSystemCareService5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [12/14/2011 5:28 PM 497496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-04 c:\windows\Tasks\ASC5_AutoUpdate.job
- c:\program files\IObit\Advanced SystemCare 5\AutoUpdate.exe [2011-12-14 23:19]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2228734940-2627067488-2539913443-1006Core.job
- c:\documents and settings\Anne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-03 10:36]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2228734940-2627067488-2539913443-1006UA.job
- c:\documents and settings\Anne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-03 10:36]
.
2012-03-05 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\CHARTE~1\ANTI-V~1\fsav.exe [2011-09-15 15:56]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>;*.local
IE:
IE: &Download by Orbit
IE: &Grab video by Orbit
IE: Add to Power Favorites
IE: Do&wnload selected by Orbit
IE: Down&load all by Orbit
IE: E&xport to Microsoft Excel
IE: eBay - Home Page
IE: eBay - My eBay
IE: eBay - Powersearch
IE: eBay - Start Search
IE: Google - Search
IE: Google - Start Search
IE: {{27914077-B4D6-4A0E-9763-76B6E9DD9A81}
IE: {{40525A66-DB98-480D-BCF9-7AF88C1AF438} - {40525A66-DB98-480D-BCF9-7AF88C1AF438} -
LSP: c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
FF - ProfilePath - c:\documents and settings\Anne\Application Data\Mozilla\Firefox\Profiles\yylygp5m.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=\
FF - user.js: app.update.enabled - true
FF - user.js: browser.blink_allowed - true
FF - user.js: browser.cache.disk.capacity - 50000
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.search.suggest.enabled - true
FF - user.js: browser.sessionstore.resume_from_crash - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.event.contextmenu.enabled - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - false
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - false
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: signon.rememberSignons - true
FF - user.js: ui.submenuDelay - 0
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-Run-krnlhtml - c:\documents and settings\Anne\Application Data\krnlhtml.exe
HKU-Default-Run-dplaysvr - c:\documents and settings\Anne\Application Data\dplaysvr.exe
SafeBoot-53098484.sys
AddRemove-{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E} - c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\setup\hpzscr01.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-05 06:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D66C4FBB-361B-416D-0BAD-5D821FEA43D3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaholajkenhhligbccolonhjoknmdp"=hex:61,69,62,6c,6e,64,61,69,67,63,68,6b,63,6b,
61,6b,67,6e,6f,66,64,6e,62,64,70,6b,6f,69,6a,6a,65,63,6b,69,63,65,6b,69,6c,\
"iacnodkkaofcpmpjhm"=hex:6a,61,6f,6b,62,64,61,68,68,64,64,6f,6c,69,62,6a,6b,67,
69,66,00,88
"hamnjkngfifljmmc"=hex:6a,61,6f,6b,62,64,61,68,68,64,64,6f,6c,69,62,6a,6b,67,
69,66,00,04
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1216)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\charter security suite\hips\fshook32.dll
c:\program files\ThreatFire\TFWAH.dll
c:\program files\ThreatFire\TFNI.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
- - - - - - - > 'lsass.exe'(1288)
c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
c:\program files\charter security suite\hips\fshook32.dll
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'explorer.exe'(4060)
c:\windows\system32\WININET.dll
c:\program files\ThreatFire\TfWah.dll
c:\program files\charter security suite\hips\fshook32.dll
c:\program files\Charter Security Suite\Spam Control\fsscoepl.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\program files\ThreatFire\TFNI.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Charter Security Suite\Anti-Virus\fsgk32st.exe
c:\program files\Charter Security Suite\Common\FSMA32.EXE
c:\program files\Charter Security Suite\Anti-Virus\FSGK32.EXE
c:\program files\Charter Security Suite\Common\FSHDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxddcoms.exe
c:\program files\ThreatFire\TFService.exe
c:\windows\system32\OSK.exe
c:\windows\system32\MSSWCHX.EXE
c:\program files\Charter Security Suite\FWES\Program\fsdfwd.exe
c:\windows\system32\LEXBCES.EXE
c:\program files\Charter Security Suite\Anti-Virus\fssm32.exe
c:\program files\Charter Security Suite\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Completion time: 2012-03-05 07:07:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-05 12:07
ComboFix2.txt 2008-11-08 14:29
.
Pre-Run: 52,324,012,032 bytes free
Post-Run: 52,466,954,240 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - B05D0BFF09F31A5CFC53AC154E62E183

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:53 PM

Posted 05 March 2012 - 07:49 AM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

RegNull::
[HKEY_USERS\S-1-5-21-2228734940-2627067488-2539913443-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D66C4FBB-361B-416D-0BAD-5D821FEA43D3}*]
Driver::
hafxilqx
isxcjqk
ssjletno



Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Has ComboFix helped with your remaining issues?

It seems there are leftovers of Avast on your system? Are you still using this anti virus program or have you switched to Charter's? You should not have more than one anti virus running.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 abricru

abricru
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 05 March 2012 - 08:28 AM

ComboFix 12-03-04.02 - Anne 03/05/2012 7:54.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1356 [GMT -5:00]
Running from: c:\documents and settings\Anne\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Anne\Desktop\CFscript.txt
AV: avast! antivirus 4.8.1296 [VPS 000000-0] *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Charter Security Suite 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: ArcaFirewall 2008 *Disabled* {B640009B-6FF6-4CA7-9CE8-7DA160B95A5B}
FW: Charter Security Suite 9.01 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_HAFXILQX
-------\Service_hafxilqx
-------\Service_isxcjqk
-------\Service_ssjletno
.
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-03-01 00:04 . 2012-03-01 00:04 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-17 03:07 . 2012-02-17 03:07 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2012-02-16 16:09 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 16:09 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-12 08:09 . 2012-02-12 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PassMark
2012-02-12 07:46 . 2012-02-12 08:09 -------- d-----w- c:\program files\KeyboardTest
2012-02-10 02:04 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-02-10 01:30 . 2012-02-16 20:46 -------- d-----w- C:\Emergency virus programs
2012-02-07 22:33 . 2012-02-07 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\backup
2012-02-07 22:32 . 2012-02-07 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\explauncher
2012-02-07 22:32 . 2012-02-07 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\launcher
2012-02-07 21:34 . 2012-02-07 21:34 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2012-02-07 21:33 . 2012-02-07 21:33 -------- d-----w- c:\windows\ERUNT
2012-02-07 21:32 . 2012-02-10 00:28 -------- d-----w- C:\SDFix
2012-02-07 20:37 . 2012-02-07 20:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-07 20:27 . 2012-02-07 20:27 98992 ----a-w- c:\windows\system32\drivers\07694361.sys
2012-02-07 07:06 . 2012-02-07 07:06 -------- d-----w- c:\documents and settings\Administrator.ABC\Application Data\Simply Super Software
2012-02-07 00:58 . 2012-02-07 00:58 -------- d-----w- c:\documents and settings\Administrator.ABC\Application Data\LaunchOnFly
2012-02-07 00:19 . 2012-02-07 00:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2012-02-06 18:38 . 2012-02-07 07:06 -------- d-----w- c:\documents and settings\Anne\Application Data\XYplorer
2012-02-06 18:38 . 2012-02-07 07:06 -------- d-----w- c:\program files\XYplorer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 07:27 . 2012-01-29 07:27 355 ----a-w- c:\windows\system32\drivers\etc\hosts.ussclean.tmp
2012-01-12 16:53 . 2004-08-04 10:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-06 13:55 . 2011-09-03 14:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-17 19:46 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 22:10 . 2011-09-06 21:56 9925160 ----a-w- c:\program files\Common Files\lpuninstall.exe
2011-12-10 20:24 . 2008-11-18 11:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-01-14 08:43 . 2009-01-14 08:43 126976 ----a-w- c:\program files\BaUPnP.exe
2012-02-19 07:18 . 2011-04-29 08:22 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-05_11.58.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-05 13:06 . 2012-03-05 13:06 16384 c:\windows\Temp\Perflib_Perfdata_448.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TClockEx"="c:\program files\TClockEx\TCLOCKEX.EXE" [2000-03-09 89088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\program files\Charter Security Suite\Common\FSM32.EXE" [2009-08-05 199264]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Administrator.ABC\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2011-9-6 9925160]
LaunchOnFly.lnk - c:\program files\LaunchOnFly\lf.exe [2008-7-11 663552]
.
c:\documents and settings\Anne\Start Menu\Programs\Startup\
LaunchOnFly.lnk - c:\program files\LaunchOnFly\lf.exe [2008-7-11 663552]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-16 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Torrents\\utorrent.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18768:TCP"= 18768:TCP:Opera
"45682:TCP"= 45682:TCP:uTorrent
"45682:UDP"= 45682:UDP:uTorrent
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [9/15/2011 3:03 AM 42672]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [9/15/2011 3:02 AM 82120]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [9/6/2011 11:40 PM 57312]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [1/30/2012 2:41 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [1/30/2012 2:41 PM 69392]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2/1/2010 7:09 AM 111184]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Charter Security Suite\HIPS\drivers\fshs.sys [9/15/2011 3:02 AM 68064]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 1:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/1/2010 7:09 AM 20560]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/5/2010 10:04 PM 652872]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [9/15/2011 3:01 AM 148632]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Charter Security Suite\ORSP Client\fsorsp.exe [9/15/2011 3:02 AM 61088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/18/2008 6:06 AM 20464]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/19/2011 4:54 PM 47360]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [1/30/2012 2:41 PM 33552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [1/20/2011 8:37 PM 99248]
S3 53098484;53098484;c:\windows\system32\drivers\07694361.sys [2/7/2012 3:27 PM 98992]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [4/11/2011 4:34 AM 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [4/11/2011 4:34 AM 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [4/11/2011 4:34 AM 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [4/11/2011 4:34 AM 25088]
S3 andnetadb;ADB Interface DriverNet; [x]
S3 AndNetDiag;LG AndroidNet USB Serial Port; [x]
S3 AndNetGps;LG AndroidNet USB GPS NMEA Port; [x]
S3 ANDNetModem;LG AndroidNet USB Modem; [x]
S3 andnetndis;LG AndroidNet NDIS Ethernet Adapter; [x]
S3 androidusb;ADB Interface Driver; [x]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [7/31/2006 6:44 PM 580992]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [11/9/2008 9:50 PM 352256]
S3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [11/10/2008 1:38 AM 33792]
S3 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/31/2008 3:10 PM 66048]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
S3 MAUSBFT;Service for M-Audio Fast Track USB (WDM);c:\windows\system32\DRIVERS\mausbft.sys --> c:\windows\system32\DRIVERS\mausbft.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/9/2009 3:13 PM 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [7/4/2010 2:58 PM 91392]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [12/12/2008 2:06 PM 167808]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 5:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 !SASCORE;!SASCORE;c:\program files\SUPERAntiSpyware\SASCORE.EXE [5/4/2011 12:54 PM 116608]
S4 AdvancedSystemCareService5;AdvancedSystemCareService5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [12/14/2011 5:28 PM 497496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-04 c:\windows\Tasks\ASC5_AutoUpdate.job
- c:\program files\IObit\Advanced SystemCare 5\AutoUpdate.exe [2011-12-14 23:19]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2228734940-2627067488-2539913443-1006Core.job
- c:\documents and settings\Anne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-03 10:36]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2228734940-2627067488-2539913443-1006UA.job
- c:\documents and settings\Anne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-03 10:36]
.
2012-03-05 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\CHARTE~1\ANTI-V~1\fsav.exe [2011-09-15 15:56]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>;*.local
IE:
IE: &Download by Orbit
IE: &Grab video by Orbit
IE: Add to Power Favorites
IE: Do&wnload selected by Orbit
IE: Down&load all by Orbit
IE: E&xport to Microsoft Excel
IE: eBay - Home Page
IE: eBay - My eBay
IE: eBay - Powersearch
IE: eBay - Start Search
IE: Google - Search
IE: Google - Start Search
IE: {{27914077-B4D6-4A0E-9763-76B6E9DD9A81}
IE: {{40525A66-DB98-480D-BCF9-7AF88C1AF438} - {40525A66-DB98-480D-BCF9-7AF88C1AF438} -
LSP: c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
FF - ProfilePath - c:\documents and settings\Anne\Application Data\Mozilla\Firefox\Profiles\yylygp5m.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=\
FF - user.js: app.update.enabled - true
FF - user.js: browser.blink_allowed - true
FF - user.js: browser.cache.disk.capacity - 50000
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.search.suggest.enabled - true
FF - user.js: browser.sessionstore.resume_from_crash - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.event.contextmenu.enabled - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - false
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - false
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: signon.rememberSignons - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-05 08:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1184)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\charter security suite\hips\fshook32.dll
c:\program files\ThreatFire\TFWAH.dll
c:\program files\ThreatFire\TFNI.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
- - - - - - - > 'lsass.exe'(1248)
c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
c:\program files\charter security suite\hips\fshook32.dll
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'explorer.exe'(2036)
c:\windows\system32\WININET.dll
c:\program files\ThreatFire\TfWah.dll
c:\program files\charter security suite\hips\fshook32.dll
c:\program files\Charter Security Suite\Spam Control\fsscoepl.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\program files\ThreatFire\TFNI.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\progra~1\TREESI~1\FSizeCol.dll
c:\program files\Common Files\Nero\Lib\NeroDigitalExt.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\MFC80.DLL
c:\windows\system32\nvcpl.dll
c:\windows\system32\nvapi.dll
c:\windows\system32\nvshell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Charter Security Suite\Anti-Virus\fsgk32st.exe
c:\program files\Charter Security Suite\Common\FSMA32.EXE
c:\program files\Charter Security Suite\Anti-Virus\FSGK32.EXE
c:\program files\Charter Security Suite\Common\FSHDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxddcoms.exe
c:\program files\ThreatFire\TFService.exe
c:\windows\system32\OSK.exe
c:\windows\system32\MSSWCHX.EXE
c:\program files\Charter Security Suite\FWES\Program\fsdfwd.exe
c:\windows\system32\LEXBCES.EXE
c:\program files\Charter Security Suite\Anti-Virus\fssm32.exe
c:\program files\Charter Security Suite\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Completion time: 2012-03-05 08:14:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-05 13:14
ComboFix2.txt 2012-03-05 12:07
ComboFix3.txt 2008-11-08 14:29
.
Pre-Run: 52,504,756,224 bytes free
Post-Run: 52,332,298,240 bytes free
.
- - End Of File - - 1510ACE6C482C98DAD64A88AC94B8D16


No, I don't use Avast any more. I will have to use the computer awhile to see if anything weird happens and will report back. I really appreciate your help.

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:53 PM

Posted 05 March 2012 - 03:50 PM

Hi,

Do you know this file: C:\program files\BaUPnP.exe?

ok let's run a removal tool for avast then:
  • Download aswClear.exe on to your desktop
  • Start Windows in Safe Mode
  • Run aswClear.exe
  • If you installed avast! in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!)
  • Click REMOVE
  • 6. Restart your computer

original instructions can be found here:
http://www.avast.com/eng/faq-install-uninstall-avast.html

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 abricru

abricru
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 12 March 2012 - 10:37 PM

Hi,

Please do not delete this topic yet. I am still having problems with my computer, but I haven't been home much to work on it because my mother is in the hospital. I will try to do the next step and then report back asap.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:53 PM

Posted 29 March 2012 - 08:09 AM

Hi,

are you still aorund? You never posted back.

myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:53 PM

Posted 03 April 2012 - 04:32 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users