Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Desktop Icons Won't Move & No Sound


  • This topic is locked This topic is locked
24 replies to this topic

#1 jamiehart

jamiehart

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 13 May 2012 - 03:58 AM

Hi,

I have a computer with Windows XP installed. It's getting a little old now and recently the operating system would not load when I started the computer. I took it to a local computer repair shop who said the disk had numerous errors which they claim to have "repaired".

Anyway they got the machine to work again after a fashion but I have 3 residual problems which they can't fix.

1) I cannot move any icons/folders on the desktop
2) I cannot open some, not all, items on the desktop as its claimed I don't have permissions to do this
3) I have no sound at all

With the exception of a popup error message I get when I start the machine, which says wshelper.exe cannot load, all else is functioning fine - internet etc

I did look through the forum at length before posting and did find a similar thread. Resultantly I ran Farbar Service Scanner and MiniToolbox and I'm pasting the result below and hope this helps.

Farbar Service Scanner Version: 11-05-2012
Ran by N800C (administrator) on 13-05-2012 at 10:34:37
Running from "D:\Internet Security"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

netman Service is not running. Checking service configuration:
The start type of netman service is OK.
The ImagePath of netman service is OK.
The ServiceDll of netman service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".

cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is OK.
The ImagePath of cryptsvc service is OK.
The ServiceDll of cryptsvc service is OK.


Windows Autoupdate Disabled Policy:
============================

RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs: "%SystemRoot%\system32\svchost.exe -k rpcss".
The ServiceDll of RpcSs service is OK.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(4) IPSec(6) irda(3) NetBT(7) PSched(8) Tcpip(5)
0x080000000600000001000000020000000300000004000000050000000700000008000000
IpSec Tag value is correct.

**** End of log ****


MiniToolBox by Farbar
Ran by N800C (administrator) on 13-05-2012 at 10:37:21
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Could not flush the DNS Resolver Cache: Function failed during execution.




========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 49333
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
1 2 7 . 0 . 0 . 1 l o c a l h o s t

: : 1 l o c a l h o s t



127.0.0.1 localhost

========================= IP Configuration: ================================
WARNING: Could not obtain host information from machine: [COMPAQ-C71F7BA3]. Some commands may not be available.
The RPC server is unavailable.



# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp

# Interface IP Configuration for "Local Area Connection 6"

set address name="Local Area Connection 6" source=dhcp
set dns name="Local Area Connection 6" source=dhcp register=PRIMARY
set wins name="Local Area Connection 6" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 15"

set address name="Wireless Network Connection 15" source=dhcp
set dns name="Wireless Network Connection 15" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 15" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : compaq-c71f7ba3

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Mixed

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-08-02-66-1B-E5



Ethernet adapter Wireless Network Connection 2:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Sony Ericsson 802.11g Wireless LAN Adapter

Physical Address. . . . . . . . . : 00-0F-DE-57-E0-2D



Ethernet adapter Local Area Connection 6:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : TAP-Win32 Adapter V9

Physical Address. . . . . . . . . : 00-FF-98-23-5B-AB



Ethernet adapter Wireless Network Connection 15:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : GlobeTrotter GI515m - Network Interface #3

Physical Address. . . . . . . . . : 00-F1-D0-00-F1-D0

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 31.61.85.42

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 31.61.85.44

DHCP Server . . . . . . . . . . . : 31.61.85.43

DNS Servers . . . . . . . . . . . : 79.163.127.70

217.116.100.65

Lease Obtained. . . . . . . . . . : Sunday, May 13, 2012 9:37:09 AM

Lease Expires . . . . . . . . . . : Friday, May 18, 2029 4:25:41 AM

Server: dns-pub02.centertel.pl
Address: 79.163.127.70

Name: google.com
Addresses: 173.194.35.133, 173.194.35.142, 173.194.35.134, 173.194.35.131
173.194.35.129, 173.194.35.132, 173.194.35.128, 173.194.35.130, 173.194.35.136
173.194.35.137, 173.194.35.135



Pinging google.com [173.194.35.128] with 32 bytes of data:



Reply from 173.194.35.128: bytes=32 time=84ms TTL=49

Reply from 173.194.35.128: bytes=32 time=82ms TTL=49



Ping statistics for 173.194.35.128:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 82ms, Maximum = 84ms, Average = 83ms

Server: dns-pub02.centertel.pl
Address: 79.163.127.70

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=184ms TTL=44

Reply from 98.139.183.24: bytes=32 time=185ms TTL=44



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 184ms, Maximum = 185ms, Average = 184ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 08 02 66 1b e5 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
0x3 ...00 0f de 57 e0 2d ...... Sony Ericsson 802.11g Wireless LAN Adapter - Packet Scheduler Miniport
0x4 ...00 ff 98 23 5b ab ...... TAP-Win32 Adapter V9 - Packet Scheduler Miniport
0x10006 ...00 f1 d0 00 f1 d0 ...... GlobeTrotter GI515m - Network Interface #3 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 31.61.85.44 31.61.85.42 30
31.61.85.0 255.255.255.0 31.61.85.42 31.61.85.42 30
31.61.85.42 255.255.255.255 127.0.0.1 127.0.0.1 30
31.255.255.255 255.255.255.255 31.61.85.42 31.61.85.42 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 31.61.85.42 31.61.85.42 30
255.255.255.255 255.255.255.255 31.61.85.42 31.61.85.42 1
255.255.255.255 255.255.255.255 31.61.85.42 3 1
255.255.255.255 255.255.255.255 31.61.85.42 2 1
255.255.255.255 255.255.255.255 31.61.85.42 4 1
Default Gateway: 31.61.85.44
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 49 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 50 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 51 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 52 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 53 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/13/2012 10:34:41 AM) (Source: Userenv) (User: NETWORK SERVICE)NETWORK SERVICE
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.


DETAIL - Access is denied.

Error: (05/13/2012 10:31:19 AM) (Source: Userenv) (User: NETWORK SERVICE)NETWORK SERVICE
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.


DETAIL - Access is denied.

Error: (05/13/2012 10:11:53 AM) (Source: Userenv) (User: NETWORK SERVICE)NETWORK SERVICE
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.


DETAIL - Access is denied.

Error: (05/13/2012 09:39:55 AM) (Source: Userenv) (User: NETWORK SERVICE)NETWORK SERVICE
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.


DETAIL - Access is denied.

Error: (05/13/2012 09:39:28 AM) (Source: Userenv) (User: NETWORK SERVICE)NETWORK SERVICE
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.


DETAIL - Access is denied.

Error: (05/13/2012 09:38:53 AM) (Source: Userenv) (User: NETWORK SERVICE)NETWORK SERVICE
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.


DETAIL - Access is denied.

Error: (05/13/2012 09:38:21 AM) (Source: Userenv) (User: NETWORK SERVICE)NETWORK SERVICE
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.


DETAIL - Access is denied.

Error: (05/13/2012 09:37:47 AM) (Source: Userenv) (User: NETWORK SERVICE)NETWORK SERVICE
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.


DETAIL - Access is denied.

Error: (05/13/2012 09:37:44 AM) (Source: Userenv) (User: NETWORK SERVICE)NETWORK SERVICE
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.


DETAIL - Access is denied.

Error: (05/13/2012 09:37:43 AM) (Source: Userenv) (User: NETWORK SERVICE)NETWORK SERVICE
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.


DETAIL - Access is denied.


System errors:
=============
Error: (05/13/2012 09:37:08 AM) (Source: Dhcp) (User: )
Description: The IP address lease 178.56.62.14 for the Network Card with network address 00F1D000F1D0 has been
denied by the DHCP server 31.61.85.43 (The DHCP Server sent a DHCPNACK message).

Error: (05/11/2012 08:18:08 PM) (Source: Dhcp) (User: )
Description: The IP address lease 178.56.98.143 for the Network Card with network address 00F1D000F1D0 has been
denied by the DHCP server 178.56.95.13 (The DHCP Server sent a DHCPNACK message).

Error: (05/11/2012 09:33:29 AM) (Source: Dhcp) (User: )
Description: The IP address lease 31.60.148.165 for the Network Card with network address 00F1D000F1D0 has been
denied by the DHCP server 178.56.98.126 (The DHCP Server sent a DHCPNACK message).

Error: (05/10/2012 05:05:30 PM) (Source: Dhcp) (User: )
Description: The IP address lease 10.10.149.82 for the Network Card with network address 00FF98235BAB has been
denied by the DHCP server 10.11.175.49 (The DHCP Server sent a DHCPNACK message).

Error: (05/10/2012 10:57:29 AM) (Source: Dhcp) (User: )
Description: The IP address lease 10.10.87.86 for the Network Card with network address 00FF98235BAB has been
denied by the DHCP server 10.10.149.81 (The DHCP Server sent a DHCPNACK message).

Error: (05/10/2012 10:27:33 AM) (Source: Dhcp) (User: )
Description: The IP address lease 31.62.31.211 for the Network Card with network address 00F1D000F1D0 has been
denied by the DHCP server 31.60.148.164 (The DHCP Server sent a DHCPNACK message).

Error: (05/09/2012 00:56:08 PM) (Source: Dhcp) (User: )
Description: The IP address lease 31.62.169.222 for the Network Card with network address 00F1D000F1D0 has been
denied by the DHCP server 31.62.31.210 (The DHCP Server sent a DHCPNACK message).

Error: (05/09/2012 00:06:39 PM) (Source: Dhcp) (User: )
Description: The IP address lease 31.60.216.91 for the Network Card with network address 00F1D000F1D0 has been
denied by the DHCP server 31.62.169.221 (The DHCP Server sent a DHCPNACK message).

Error: (05/09/2012 09:10:05 AM) (Source: Dhcp) (User: )
Description: The IP address lease 79.162.127.199 for the Network Card with network address 00F1D000F1D0 has been
denied by the DHCP server 31.60.216.92 (The DHCP Server sent a DHCPNACK message).

Error: (05/07/2012 04:31:40 PM) (Source: Dhcp) (User: )
Description: The IP address lease 87.96.66.113 for the Network Card with network address 00F1D000F1D0 has been
denied by the DHCP server 31.60.217.141 (The DHCP Server sent a DHCPNACK message).


Microsoft Office Sessions:
=========================
Error: (05/13/2012 10:34:41 AM) (Source: Userenv)(User: NETWORK SERVICE)NETWORK SERVICE
Description: Access is denied.

Error: (05/13/2012 10:31:19 AM) (Source: Userenv)(User: NETWORK SERVICE)NETWORK SERVICE
Description: Access is denied.

Error: (05/13/2012 10:11:53 AM) (Source: Userenv)(User: NETWORK SERVICE)NETWORK SERVICE
Description: Access is denied.

Error: (05/13/2012 09:39:55 AM) (Source: Userenv)(User: NETWORK SERVICE)NETWORK SERVICE
Description: Access is denied.

Error: (05/13/2012 09:39:28 AM) (Source: Userenv)(User: NETWORK SERVICE)NETWORK SERVICE
Description: Access is denied.

Error: (05/13/2012 09:38:53 AM) (Source: Userenv)(User: NETWORK SERVICE)NETWORK SERVICE
Description: Access is denied.

Error: (05/13/2012 09:38:21 AM) (Source: Userenv)(User: NETWORK SERVICE)NETWORK SERVICE
Description: Access is denied.

Error: (05/13/2012 09:37:47 AM) (Source: Userenv)(User: NETWORK SERVICE)NETWORK SERVICE
Description: Access is denied.

Error: (05/13/2012 09:37:44 AM) (Source: Userenv)(User: NETWORK SERVICE)NETWORK SERVICE
Description: Access is denied.

Error: (05/13/2012 09:37:43 AM) (Source: Userenv)(User: NETWORK SERVICE)NETWORK SERVICE
Description: Access is denied.


=========================== Installed Programs ============================

7-Zip 9.20
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.62)
Adobe Flash Player 11 Plugin (Version: 11.1.102.63)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Anonymail Pro V-10 Free Edition
Any Video Converter 3.2.5
Apple Application Support (Version: 2.0.1)
Apple Software Update (Version: 2.1.3.127)
Article Submit Pro 1.4
ATI Display Driver (Version: 8.143-050607a-020515C)
Audacity 1.2.6
AVSDK5 (Version: 5.2.9)
BackAndLay - Version 0.9
Bet Angel - Basic (Version: 2.0.0)
Betdaq Assistant (Version: 1.0.25)
Betometer v10109
Camera RAW Plug-In for EPSON Creativity Suite (Version: 2.2.0.0)
CamStudio OSS Desktop Recorder (Version: 2.6 Beta r294)
CherryPicker (Version: 1)
CherryPicker (Version: v1)
CoffeeCup Free DHTML Menu Builder
CoffeeCup Free FTP (Version: 6)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Domain Samurai (Version: 0.1.40)
DupeFree Pro (Version: 1.0.0)
Easy Text To HTML Converter (Version: 3.0.0)
EFGrabber 2.0 (Version: 2.0.0.0)
EmailList Master
EPSON Attach To Email (Version: 1.01.0000)
EPSON Copy Utility 3 (Version: 3.3.0.0)
EPSON Easy Photo Print (Version: 1.5.0.0)
EPSON File Manager (Version: 1.3.0.0)
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant (Version: 1.10.00)
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual
EPSON Web-To-Page
ESET Online Scanner v3
FaJo XP File Security Extension v1.2 (Version: v1.2)
File Type Assistant
FlipToast (Version: 1.0.50)
Free File Viewer 2011
GIMP 2.4.5
iPlus Manager 1.7
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 7 Update 3 (Version: 7.0.30)
JavaFX 2.0.3 (Version: 2.0.3)
K-Lite Codec Pack 7.0.0 (Standard) (Version: 7.0.0)
Keyword Blaze (Version: 1.0.0)
Keyword Optimizer Pro 2 (Version: 2.0.1.6)
MacroSoft Email Spider Full (Version: 1.0.0.0)
Mail List Validator 2.0 (Version: 2.0)
MakeTorrent v2.1
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Market Samurai (Version: 0.86.10)
Marketing Mail Master 1.1
Micro Niche Finder (Version: 4.6.4.0)
Micro Niche Finder 5.0 (Version: 5.7.0.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft XML Parser (Version: 8.70.1104.04)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)
Nuance PDF Reader (Version: 7.00.0000)
OFFLINE GOLD LEAD GENERATOR (Version: 1.0.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
PADutchbook 1.0
ParetoLogic PC Health Advisor (Version: 3.1.0.0)
Profile Backlink Engine (Version: 1.0.2)
QuickTime (Version: 7.70.80.34)
Scanned Text Editor 1
SecurityKISS Tunnel v0.2.2
Smart Racing Trader version 1.5 (Version: 1.5)
Swiftebook (Version: 1.00.0000)
Traffic Launch Pad (Version: 1.0.14)
Traffic Launch Pad (Version: v1.0.14)
uCAN driver package (Version: 1.2.1.173)
Umailer v3.0
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Resource Kit Tools - SubInAcl.exe (Version: 5.2.3790.1164)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPcap 3.1 (Version: 3.1.0.27)
Wisdom-soft Set up ScreenHunter 5.1 Free
XHeader (Version: 1.108)
XHeader Bonus Download (Version: 1.00)
XML Paper Specification Shared Components Pack 1.0
XSite v1.1

========================= Memory info: ===================================

Percentage of memory in use: 72%
Total physical RAM: 511.36 MB
Available physical RAM: 141.79 MB
Total Pagefile: 1250.65 MB
Available Pagefile: 786.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1995.23 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:17.58 GB) (Free:2.83 GB) NTFS
2 Drive d: () (Fixed) (Total:19.68 GB) (Free:11.95 GB) NTFS
4 Drive f: (uCAN) (CDROM) (Total:0.07 GB) (Free:0 GB) CDFS
5 Drive g: (ORANGE_PL) (Removable) (Total:3.69 GB) (Free:3.33 GB) FAT32

========================= Users: ========================================

User accounts for \\COMPAQ-C71F7BA3

Administrator ASPNET Guest
HelpAssistant N800C SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini041712-01.dmp

**** End of log ****

Hope this helps and that you an help.

Thanks

Jamie

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:44 PM

Posted 15 May 2012 - 10:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

Please just paste the contents of the DDS.txt log in your next post.
===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#3 jamiehart

jamiehart
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 16 May 2012 - 05:00 AM

Hi Nasdaq

Not a lot of joy with either of these !

DDS froze completely and after about 20 minutes I had to turn the computer off.

The security check looked as if it might do something but after about 20 seconds it returned a pop up with AUTOLT error

Line 1 error: variable must be of type object

Wait to hear from you

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:44 PM

Posted 16 May 2012 - 08:02 AM

Please run this tool and post the log if you can.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

#5 jamiehart

jamiehart
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 17 May 2012 - 06:08 AM

Downloaded and ran combofix.

There was no mention or popup with Windows Recovery Console.

After scanning for 5 or 6 minutes a popup loaded informing me that I was infected with Rootkit.zeroaccess located in the tcp/ip stack

That's it - no log or anything

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:44 PM

Posted 17 May 2012 - 08:04 AM

Download Rootkit Unhooker and save it to your Desktop.

Close all open programs and browsers, then double-click RKUnhookerLE.exe to run it.
Vista/Windows 7 users right-click and select Run As Administrator.

  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • UNcheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait until the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

    Note: You may get the following warning---just ignore it, click OK and continue.
    Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?


#7 jamiehart

jamiehart
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 18 May 2012 - 02:39 AM

Here it is Nasdaq


RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF0B4000 C:\WINDOWS\System32\ati3duag.dll 2351104 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF800000 Win32k 1863680 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1863680 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF8165000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1273856 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF2F2000 C:\WINDOWS\System32\ativvaxx.dll 618496 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xF80BC000 C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys 610304 bytes (LT, LT Windows Modem)
0xF832B000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBA641000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF7E5F000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF8061000 C:\WINDOWS\system32\DRIVERS\semwl5.sys 372736 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xBA74C000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB821E000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF389000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 245760 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF04E000 C:\WINDOWS\System32\ati2cqag.dll 208896 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF081000 C:\WINDOWS\System32\atikvmag.dll 208896 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xF8467000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB82C6000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF82FE000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xBA6B1000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xBA724000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xBA6FE000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB7E86000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF7FAD000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF8020000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF7FE9000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xBA6DC000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF83E1000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF8419000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF8438000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF8044000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 118784 bytes (Intel Corporation, NDIS 5 driver)
0xB7FC2000 C:\WINDOWS\system32\DRIVERS\gtuhs51.sys 110592 bytes (Option N.V., NDIS driver)
0xF82E4000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7FD1000 C:\WINDOWS\system32\drivers\ac97intc.sys 98304 bytes (Intel Corporation, Intel® Integrated Controller Hub Audio Driver)
0xF8401000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xBA601000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF83B8000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF7F96000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB83BB000 C:\WINDOWS\system32\DRIVERS\irda.sys 90112 bytes (Microsoft Corporation, IRDA Protocol Driver)
0xF800C000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF8151000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806EF000 ACPI_HAL 81152 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 81152 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xBA7A5000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF83CF000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB7FDD000 C:\WINDOWS\system32\DRIVERS\gtuhsbus.sys 69632 bytes (Option N.V., -)
0xF8456000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF7F5D000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF8536000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF8616000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF85E6000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF8636000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF8626000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF86D6000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF84F6000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF85F6000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF8646000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF84D6000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF8666000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8506000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF8716000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF8606000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF84C6000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF8656000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8686000 C:\WINDOWS\system32\DRIVERS\tap0901.sys 45056 bytes (The OpenVPN Project, TAP-Win32 Virtual Network Driver)
0xF84B6000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF86A6000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF8696000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB8313000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF84E6000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF85D6000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF8676000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF8706000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF86F6000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF880E000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF876E000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF875E000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF877E000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF878E000 C:\WINDOWS\system32\DRIVERS\nscirda.sys 28672 bytes (National Semiconductor Corporation, NSC Fast Infrared Driver.)
0xF8736000 C:\WINDOWS\system32\drivers\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF881E000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF87BE000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF87CE000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF88AE000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF88BE000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF873E000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF879E000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF8876000 C:\WINDOWS\system32\DRIVERS\rasirda.sys 20480 bytes (Microsoft Corporation, IrDA WAN Miniport Driver)
0xF87AE000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF8886000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF8896000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF882E000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF88CE000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF89B2000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF82A4000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB84F1000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF898A000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF88D2000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF88C6000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF88CA000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF7F86000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF8992000 C:\WINDOWS\system32\DRIVERS\irenum.sys 12288 bytes (Microsoft Corporation, Infra-Red Bus Enumerator)
0xF82B8000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF897A000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF89A2000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF89DA000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF89F2000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF89D6000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8A58000 C:\WINDOWS\system32\DRIVERS\gtuhsser.sys 8192 bytes (Option N.V., -)
0xF89BA000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF89B6000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF89DE000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8A26000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF89E2000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF89C8000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF89D0000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF89B8000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8C06000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8B65000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8AC1000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8A7F000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF8A7E000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
!-->[Opened for exclusive access by other app or by System] C:\Documents and Settings\N800C\Desktop\Chrysanthemum-610x255.jpg::$DATA
!-->[Opened for exclusive access by other app or by System] C:\Documents and Settings\N800C\Desktop\Chrysanthemum-610x255.jpg:Zone.Identifier:$DATA
!-->[Opened for exclusive access by other app or by System] C:\Documents and Settings\N800C\Desktop\ComboFix.exe::$DATA
!-->[Opened for exclusive access by other app or by System] C:\Documents and Settings\N800C\Desktop\ComboFix.exe:Zone.Identifier:$DATA
!-->[Opened for exclusive access by other app or by System] C:\Documents and Settings\N800C\Desktop\make_money_with_wsos.pdf::$DATA
!-->[Opened for exclusive access by other app or by System] C:\Documents and Settings\N800C\Desktop\make_money_with_wsos.pdf:Zone.Identifier:$DATA
!-->[Opened for exclusive access by other app or by System] C:\Documents and Settings\N800C\Desktop\Offline Gold Lead Generator\OfflineGoldLeadGeneratorLetter (2).doc::$DATA
!-->[Opened for exclusive access by other app or by System] C:\Documents and Settings\N800C\Desktop\Offline Gold Lead Generator\OfflineGoldLeadGeneratorLetter (2).doc:Zone.Identifier:$DATA
!-->[Opened for exclusive access by other app or by System] C:\Documents and Settings\N800C\Desktop\Offline Gold Lead Generator\OfflineGoldLeadGeneratorLetter (3).doc::$DATA
!-->[Opened for exclusive access by other app or by System] C:\Documents and Settings\N800C\Desktop\Offline Gold Lead Generator\OfflineGoldLeadGeneratorLetter (3).doc:Zone.Identifier:$DATA
!-->[Opened for exclusive access by other app or by System] C:\Documents and Settings\N800C\Desktop\SCESP4I.EXE::$DATA
!-->[Opened for exclusive access by other app or by System] C:\Documents and Settings\N800C\Desktop\SCESP4I.EXE:Zone.Identifier:$DATA
!-->[Opened for exclusive access by other app or by System] C:\Documents and Settings\N800C\Desktop\SecurityTabHE.zip::$DATA
!-->[Opened for exclusive access by other app or by System] C:\Documents and Settings\N800C\Desktop\SecurityTabHE.zip:Zone.Identifier:$DATA
!-->[Opened for exclusive access by other app or by System] C:\Documents and Settings\N800C\Desktop\subinacl.msi::$DATA
!-->[Opened for exclusive access by other app or by System] C:\Documents and Settings\N800C\Desktop\subinacl.msi:Zone.Identifier:$DATA
!-->[Opened for exclusive access by other app or by System] C:\Documents and Settings\N800C\Desktop\uncut22j\survey1.zip::$DATA
!-->[Opened for exclusive access by other app or by System] C:\Documents and Settings\N800C\Desktop\uncut22j\survey1.zip:Zone.Identifier:$DATA
!-->[Hidden] C:\WINDOWS\$NtUninstallKB27552$\1243960160
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
[312]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->5CB77774 [shimeng.dll]
[312]explorer.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A81188-->5CB77774 [shimeng.dll]
[312]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->5CB77774 [shimeng.dll]
[312]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->5CB77774 [shimeng.dll]
[312]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->5CB77774 [shimeng.dll]
[312]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->5CB77774 [shimeng.dll]
[312]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->5CB77774 [shimeng.dll]
[312]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->5CB77774 [shimeng.dll]
[688]chrome.exe-->kernel32.dll+0x000027D0, Type: Code Mismatch 0x7C8027D0 + 10192 [10 00 EC 83]
[688]chrome.exe-->kernel32.dll-->CreateNamedPipeW, Type: IAT modification 0x0049B15C-->006C0010 [unknown_code_page]
[688]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x7C90D0AE + 6 [28 00 55 00]
[688]chrome.exe-->ntdll.dll-->NtCreateFile, Type: Code Mismatch 0x7C90D0AE + 11 [E2]
[688]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x7C90D51E + 6 [28]
[688]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x7C90D51E + 8 [55 00]
[688]chrome.exe-->ntdll.dll-->NtMapViewOfSection, Type: Code Mismatch 0x7C90D51E + 11 [E2]
[688]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x7C90D59E + 6 [68 00 55 00]
[688]chrome.exe-->ntdll.dll-->NtOpenFile, Type: Code Mismatch 0x7C90D59E + 11 [E2]
[688]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x7C90D5FE + 6 [A8 01 55 00]
[688]chrome.exe-->ntdll.dll-->NtOpenProcess, Type: Code Mismatch 0x7C90D5FE + 11 [E2]
[688]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x7C90D614-->7B912B1A [unknown_code_page]
[688]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Code Mismatch 0x7C90D60E + 11 [E2]
[688]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x7C90D61E + 6 [A8 02 55 00]
[688]chrome.exe-->ntdll.dll-->NtOpenProcessTokenEx, Type: Code Mismatch 0x7C90D61E + 11 [E2]
[688]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x7C90D65E + 6 [68 01 55 00]
[688]chrome.exe-->ntdll.dll-->NtOpenThread, Type: Code Mismatch 0x7C90D65E + 11 [E2]
[688]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x7C90D66E + 6 [68 02 55 00]
[688]chrome.exe-->ntdll.dll-->NtOpenThreadToken, Type: Code Mismatch 0x7C90D66E + 11 [E2]
[688]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x7C90D684-->7B912B8B [unknown_code_page]
[688]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Code Mismatch 0x7C90D67E + 11 [E2]
[688]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x7C90D70E + 6 [A8 00 55 00]
[688]chrome.exe-->ntdll.dll-->NtQueryAttributesFile, Type: Code Mismatch 0x7C90D70E + 11 [E2]
[688]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x7C90D7B4-->7B912CB9 [unknown_code_page]
[688]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Code Mismatch 0x7C90D7AE + 11 [E2]
[688]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x7C90DC5E + 6 [28 01 55 00]
[688]chrome.exe-->ntdll.dll-->NtSetInformationFile, Type: Code Mismatch 0x7C90DC5E + 11 [E2]
[688]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x7C90DCAE + 6 [28 02 55 00]
[688]chrome.exe-->ntdll.dll-->NtSetInformationThread, Type: Code Mismatch 0x7C90DCAE + 11 [E2]
[688]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x7C90DF0E + 6 [68]
[688]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x7C90DF0E + 8 [55 00]
[688]chrome.exe-->ntdll.dll-->NtUnmapViewOfSection, Type: Code Mismatch 0x7C90DF0E + 11 [E2]

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:44 PM

Posted 18 May 2012 - 08:48 AM

Ok good.

Can you now run ComboFix and post the log if you can.

#9 jamiehart

jamiehart
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 19 May 2012 - 03:56 AM

Hi,

No good I'm afraid.

Ran for 11 minutes and got same pop up as previously. Continued for another 7 minutes and got further popup telling me again about rootkit and to be patient and a couple of minutes later the cursor stopped blinking and froze. Had to force shutdown.

Is this non movement of icons not something to do with permissions ? Reason I say this is because certain items on the desktop open OK, most that were there before my computer went for repair and the disk was repaired, but newer items downloaded don't allow me access. Access denied messages and you don't have permission etc It seems that the computer does not recognize me as having authority so to speak...

Just a thought

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:44 PM

Posted 19 May 2012 - 08:42 AM

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

===

Do not restart the computer. Run ComboFix and post the log if you can.

If still no log. Run this tool.

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

#11 jamiehart

jamiehart
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 21 May 2012 - 03:57 AM

Hi,

rkill.exe downloaded OK and ran. Just terminated my web browser and modem.

Combofix identical pop ups and no log.

OTL logs posted below:


OTL logfile created on: 05/21/2012 10:35:49 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = D:\Internet Security
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

511.36 Mb Total Physical Memory | 319.36 Mb Available Physical Memory | 62.45% Memory free
1.22 Gb Paging File | 0.93 Gb Available in Paging File | 76.05% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17.58 Gb Total Space | 2.78 Gb Free Space | 15.79% Space Free | Partition Type: NTFS
Drive D: | 19.68 Gb Total Space | 11.94 Gb Free Space | 60.66% Space Free | Partition Type: NTFS
Drive F: | 71.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 3.69 Gb Total Space | 3.33 Gb Free Space | 90.45% Space Free | Partition Type: FAT32

Computer Name: COMPAQ-C71F7BA3 | User Name: N800C | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\N800C\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - D:\Internet Security\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Micro Niche Finder\bggoogle.exe ( James J. Jones, LLC.)
PRC - F:\usbgo_proxy.exe ()
PRC - F:\uCAN.exe (Option nv)
PRC - C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\PSIService.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\N800C\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll ()
MOD - C:\Documents and Settings\N800C\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\pdf.dll ()
MOD - C:\Documents and Settings\N800C\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\avutil-51.dll ()
MOD - C:\Documents and Settings\N800C\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\avformat-53.dll ()
MOD - C:\Documents and Settings\N800C\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - F:\usbgo_proxy.exe ()
MOD - C:\WINDOWS\system32\PSIService.exe ()


========== Win32 Services (SafeList) ==========

SRV - (ThreatFire) -- File not found
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (vvdsvc) -- C:\WINDOWS\system32\nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.)
SRV - (astcc) -- C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (Micro Niche Finder Background Download Service) -- C:\Program Files\Micro Niche Finder\srvany.exe ()


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (GTUHSBUS) -- C:\WINDOWS\system32\drivers\gtuhsbus.sys (Option N.V.)
DRV - (GTUHSSER) -- C:\WINDOWS\system32\drivers\gtuhsser.sys (Option N.V.)
DRV - (GTUHSNDISIPXP) -- C:\WINDOWS\system32\drivers\gtuhs51.sys (Option N.V.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (SEMWModem) -- C:\WINDOWS\system32\drivers\GCXX.sys (Sony Ericsson)
DRV - (SEMWWNIC) -- C:\WINDOWS\system32\drivers\GCXXNet.sys (Sony Ericsson)
DRV - (Sony_EricssonWWSC) -- C:\WINDOWS\system32\drivers\GCXXSC.sys (Sony Ericsson)
DRV - (LSWPCv4) -- C:\WINDOWS\system32\drivers\rtl8180.sys (Realtek Semiconductor Corporation )
DRV - (SEM43XX) -- C:\WINDOWS\system32\drivers\semwl5.SYS (Broadcom Corporation)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\N800C\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\N800C\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/09 12:10:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/13 13:06:22 | 000,000,000 | ---D | M]

[2010/06/23 10:51:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\N800C\Application Data\Mozilla\Extensions
[2010/06/23 10:51:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\N800C\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2012/03/02 10:27:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\N800C\Application Data\Mozilla\Firefox\Profiles\2y5xp3z2.default\extensions
[2010/10/05 10:29:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\N800C\Application Data\Mozilla\Firefox\Profiles\2y5xp3z2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/02 10:27:51 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\N800C\Application Data\Mozilla\Firefox\Profiles\2y5xp3z2.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012/01/09 13:29:06 | 000,000,000 | ---D | M] (DomainsOnFirefox) -- C:\Documents and Settings\N800C\Application Data\Mozilla\Firefox\Profiles\2y5xp3z2.default\extensions\domainsonfirefox@domainsonfire.com
[2012/03/02 10:19:56 | 000,000,000 | ---D | M] (SEO Workers Analysis Tool) -- C:\Documents and Settings\N800C\Application Data\Mozilla\Firefox\Profiles\2y5xp3z2.default\extensions\seoanalysistool@seoworkers
[2012/03/24 16:56:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/21 09:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/21 06:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 06:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\N800C\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\N800C\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\N800C\Local Settings\Application Data\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\N800C\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\N800C\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: DocuCom PDF Plus (Enabled) = C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: Java™ Platform SE 7 U3 (Enabled) = C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\N800C\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\N800C\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\N800C\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/14 19:48:55 | 000,000,123 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 1 2 7 . 0 . 0 . 1 l o c a l h o s t
O1 - Hosts: : : 1 l o c a l h o s t
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKCU..\Run: [Adobe Reader Synchronizer] C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [VPNReactor] C:\Program Files\VPNReactor\VPNReactor.exe ()
O4 - Startup: C:\Documents and Settings\N800C\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_803138DCE93649E4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Open with WordPerfect - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx (get_atlcom Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228161618984 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} http://dl.uc.sina.com/cab/downloader.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.116.100.65 79.163.127.70
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AC28965-6A01-4E94-BCE9-E498CEFA07CA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7579511E-10DF-45D0-80EA-5F56880B004A}: DhcpNameServer = 217.116.100.65 79.163.127.70
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5AE351D-BE7F-4CBA-91B3-513A21E04B1D}: DhcpNameServer = 217.116.100.65 79.163.127.70
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\N800C\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\N800C\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/01 14:17:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/12/10 11:26:19 | 000,000,000 | ---D | M] - D:\AutoContentPro.2314 -- [ NTFS ]
O32 - AutoRun File - [1980/10/11 15:37:00 | 000,000,071 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011/02/05 13:30:36 | 000,000,053 | RHS- | M] () - G:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[4108/12/01 15:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[4108/12/01 15:40:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[4108/12/01 14:46:43 | 000,000,000 | ---D | C] -- D:\Dokumenty\RKSFax
[4108/12/01 14:45:16 | 000,000,000 | ---D | C] -- D:\Dokumenty\OpenOffice.org 2.3 Installation Files
[4108/12/01 14:44:25 | 000,000,000 | R--D | C] -- D:\Dokumenty\My Pictures
[4108/12/01 14:44:13 | 000,000,000 | R--D | C] -- D:\Dokumenty\My Music
[4108/12/01 14:44:12 | 000,000,000 | ---D | C] -- D:\Dokumenty\My Web CEO Projects
[4108/12/01 14:44:11 | 000,000,000 | ---D | C] -- D:\Dokumenty\Monkey Folder
[4108/12/01 14:43:52 | 000,000,000 | ---D | C] -- D:\Dokumenty\HSBC Info
[4108/12/01 14:43:23 | 000,000,000 | ---D | C] -- D:\Dokumenty\Cartus
[4108/12/01 14:43:20 | 000,000,000 | ---D | C] -- D:\Dokumenty\Capital First Info
[2012/05/21 10:17:31 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/05/16 11:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N800C\Cookies
[2012/05/03 13:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\FaJo
[2012/05/03 11:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\N800C\Application Data\Nuance

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2099/01/01 12:00:00 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\N800C\Desktop\Launch Internet Explorer Browser.lnk
[2012/05/21 09:57:23 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/21 09:57:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/17 12:44:08 | 004,495,594 | ---- | M] () -- C:\Documents and Settings\N800C\Desktop\ComboFix.exe
[2012/05/16 14:00:05 | 000,000,285 | ---- | M] () -- C:\Documents and Settings\N800C\.JavaPowUpload.properties
[2012/05/10 17:05:40 | 000,000,246 | ---- | M] () -- C:\Documents and Settings\N800C\SecurityKISSTunnel.config
[2012/05/03 12:38:10 | 000,000,567 | ---- | M] () -- C:\Documents and Settings\N800C\Desktop\SecurityTabHE.zip
[2012/05/03 12:34:49 | 002,816,112 | ---- | M] () -- C:\Documents and Settings\N800C\Desktop\SCESP4I.EXE
[2012/05/03 12:03:30 | 000,379,392 | ---- | M] () -- C:\Documents and Settings\N800C\Desktop\subinacl.msi
[2012/05/03 11:05:38 | 000,954,607 | ---- | M] () -- C:\Documents and Settings\N800C\Desktop\make_money_with_wsos.pdf
[2012/05/02 10:40:15 | 002,516,067 | ---- | M] () -- C:\Documents and Settings\N800C\Desktop\IMGP7986.JPG
[2012/05/02 10:40:15 | 000,029,161 | ---- | M] () -- C:\Documents and Settings\N800C\Desktop\Reiki hands.jpg
[2012/05/02 10:40:15 | 000,019,195 | ---- | M] () -- C:\Documents and Settings\N800C\Desktop\reiki healing.jpg
[2012/05/02 10:40:14 | 000,549,757 | ---- | M] () -- C:\Documents and Settings\N800C\Desktop\DSCF5366.JPG
[2012/05/02 10:40:14 | 000,082,462 | ---- | M] () -- C:\Documents and Settings\N800C\Desktop\body chakras.jpg
[2012/05/02 10:32:53 | 000,457,489 | ---- | M] () -- C:\Documents and Settings\N800C\Desktop\001.jpg
[2012/04/28 16:13:35 | 000,002,591 | ---- | M] () -- C:\Documents and Settings\N800C\Desktop\Bet Angel - Basic.lnk
[2012/04/28 15:01:10 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\N800C\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/28 11:46:08 | 000,000,385 | ---- | M] () -- C:\0.bak
[2012/04/24 10:51:17 | 000,011,842 | ---- | M] () -- C:\Documents and Settings\N800C\Desktop\Chrysanthemum-610x255.jpg
[2012/04/21 15:37:23 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI

========== Files Created - No Company Name ==========

[2012/05/17 12:44:07 | 004,495,594 | ---- | C] () -- C:\Documents and Settings\N800C\Desktop\ComboFix.exe
[2012/05/03 12:38:19 | 000,000,567 | ---- | C] () -- C:\Documents and Settings\N800C\Desktop\SecurityTabHE.zip
[2012/05/03 12:34:40 | 002,816,112 | ---- | C] () -- C:\Documents and Settings\N800C\Desktop\SCESP4I.EXE
[2012/05/03 12:03:53 | 000,379,392 | ---- | C] () -- C:\Documents and Settings\N800C\Desktop\subinacl.msi
[2012/05/03 11:06:02 | 000,954,607 | ---- | C] () -- C:\Documents and Settings\N800C\Desktop\make_money_with_wsos.pdf
[2012/05/02 10:40:15 | 000,029,161 | ---- | C] () -- C:\Documents and Settings\N800C\Desktop\Reiki hands.jpg
[2012/05/02 10:40:15 | 000,019,195 | ---- | C] () -- C:\Documents and Settings\N800C\Desktop\reiki healing.jpg
[2012/05/02 10:40:14 | 002,516,067 | ---- | C] () -- C:\Documents and Settings\N800C\Desktop\IMGP7986.JPG
[2012/05/02 10:40:14 | 000,549,757 | ---- | C] () -- C:\Documents and Settings\N800C\Desktop\DSCF5366.JPG
[2012/05/02 10:40:13 | 000,082,462 | ---- | C] () -- C:\Documents and Settings\N800C\Desktop\body chakras.jpg
[2012/05/02 10:32:53 | 000,457,489 | ---- | C] () -- C:\Documents and Settings\N800C\Desktop\001.jpg
[2012/04/28 15:01:10 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\N800C\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/28 11:46:08 | 000,000,385 | ---- | C] () -- C:\0.bak
[2012/04/26 10:59:32 | 000,000,285 | ---- | C] () -- C:\Documents and Settings\N800C\.JavaPowUpload.properties
[2012/04/24 10:51:35 | 000,011,842 | ---- | C] () -- C:\Documents and Settings\N800C\Desktop\Chrysanthemum-610x255.jpg
[2012/02/16 19:52:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/03 15:05:52 | 000,000,277 | ---- | C] () -- C:\WINDOWS\maketorrent.ini
[2012/01/17 11:41:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2011/11/13 14:38:02 | 000,000,272 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/09/07 14:25:51 | 000,000,102 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2011/09/07 14:25:51 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2011/09/07 14:25:51 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2011/05/07 12:56:46 | 000,009,955 | ---- | C] () -- C:\Documents and Settings\N800C\Application Data\4426.A7C
[2011/03/04 17:29:40 | 000,000,052 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
[2010/10/06 10:31:06 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/06 10:31:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/06 10:31:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/06 10:31:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/06 10:31:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/06 09:14:41 | 000,000,078 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2010/10/05 14:56:15 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/10/05 14:56:15 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/10/05 14:56:15 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/10/05 14:56:15 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/09/01 14:14:14 | 000,184,088 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/06 10:14:42 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/07/06 09:51:06 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2010/06/14 12:20:14 | 000,022,536 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/11 15:11:26 | 000,163,601 | ---- | C] () -- C:\WINDOWS\XHeader Bonus Download Uninstaller.exe
[2010/02/11 14:47:09 | 000,203,288 | ---- | C] () -- C:\WINDOWS\XHeader Uninstaller.exe
[2009/10/10 17:55:12 | 000,145,920 | ---- | C] () -- C:\WINDOWS\spellm32.DLL
[2009/10/09 14:53:55 | 000,000,594 | ---- | C] () -- C:\WINDOWS\dev.ini
[2009/09/04 17:36:04 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\N800C\Local Settings\Application Data\fusioncache.dat
[2009/08/11 12:56:49 | 000,000,053 | ---- | C] () -- C:\WINDOWS\ArticleAssistant.ini
[2009/08/11 12:56:37 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ovas.ini
[2009/08/11 12:55:58 | 000,000,496 | ---- | C] () -- C:\WINDOWS\aasinst.ini
[2009/05/16 10:50:04 | 000,163,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/05/14 11:10:37 | 000,042,304 | ---- | C] () -- C:\WINDOWS\System32\fmrsslink.dll
[2008/12/19 13:02:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/07 10:56:00 | 000,143,096 | ---- | C] () -- C:\WINDOWS\System32\guard32(2).dll
[2008/09/08 19:03:38 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/09/08 19:03:38 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/09/08 19:03:34 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/09/08 19:03:33 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/08 19:03:33 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/08 19:03:31 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/07/29 13:09:59 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\swk.ini
[2008/07/14 13:04:48 | 000,000,288 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/15 12:17:26 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\COMCTLW32.DLL
[2008/04/29 14:42:24 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2008/03/15 19:03:13 | 000,000,026 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2008/02/27 13:27:46 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\rksfaxpm.dll
[2008/02/16 14:25:25 | 000,000,013 | ---- | C] () -- C:\WINDOWS\msgtn.ini
[2008/02/15 16:46:08 | 000,003,140 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/02/15 16:46:08 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\A4FA5FE004.sys
[2007/12/27 15:32:24 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/12/27 15:32:23 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/12/27 15:32:23 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/12/27 15:32:23 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/12/27 15:32:23 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/12/27 15:32:23 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/12/27 15:32:23 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/12/27 15:32:23 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/12/27 15:32:23 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/12/27 15:32:23 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/12/27 15:32:23 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2007/12/27 15:32:23 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/12/27 15:32:23 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/12/27 15:32:23 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/12/27 15:32:23 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/12/27 15:32:23 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/12/27 15:32:23 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2007/12/27 15:32:23 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2007/12/27 15:32:23 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/12/27 15:28:13 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEDX8400EXPORT.ini
[2007/12/20 16:21:35 | 000,000,031 | ---- | C] () -- C:\WINDOWS\bluevoda.ini
[2007/12/13 12:48:18 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/11/26 18:19:28 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\N800C\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/08 16:10:01 | 000,072,192 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
[2007/04/04 14:28:40 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/03/13 17:50:08 | 001,188,914 | -H-- | C] () -- C:\WINDOWS\wkp100301_1173804670_588395.exe
[2007/03/01 14:20:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/03/01 14:13:58 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/03/01 06:05:46 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/03/01 06:04:16 | 001,438,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/11/02 21:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2006/02/28 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 14:00:00 | 000,521,528 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 14:00:00 | 000,093,430 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/02 23:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/05/05 09:36:02 | 000,000,489 | ---- | C] () -- C:\WINDOWS\System32\Codejock.CommandBars.9700.lic
[2005/05/04 02:18:54 | 000,093,878 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

========== LOP Check ==========

[2008/02/15 17:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2009/04/28 12:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2007/12/27 15:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/10/17 10:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2009/10/13 10:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lencom
[2009/02/20 19:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Micro Niche Finder
[2009/09/10 15:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2012/05/03 11:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/10/07 09:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/10/10 16:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2012/03/26 13:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/11/13 17:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012/02/15 14:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/12/27 15:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2008/02/16 16:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/03/23 21:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XL Delete
[2011/04/06 12:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\AnvSoft
[2009/08/30 11:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\Auto Mailer
[2011/06/09 10:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\Bet Angel
[2011/02/09 11:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\BetdaqAssistant.389FD738CB3FAA05327C60BCB3256FB4301F5711.1
[2012/03/11 13:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\BitZipper
[2009/10/09 15:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\Borg Design
[2010/07/21 14:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\CherryPickerLive
[2008/04/23 14:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\CoffeeCup Software
[2009/08/27 13:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/21 11:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\com.blueprintcentral.keywordblaze
[2012/03/23 20:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\com.w3i.FlipToast
[2011/11/23 10:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\DigiResults
[2010/06/23 14:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2009/09/10 15:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\Downloaded Installations
[2009/04/28 12:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\DriverCure
[2011/05/09 14:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\Efhuva
[2008/02/21 12:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\EPSON
[2009/07/23 13:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\Ewen Chia's My Free Website Builder
[2010/07/24 14:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\FinalMediaPlayer
[2009/04/23 13:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\Free-backup.info
[2011/05/24 07:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\FreeFileViewer
[2009/10/12 13:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\G-Lock Software
[2012/02/14 20:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\GetRightToGo
[2011/11/13 17:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\GlarySoft
[2008/04/09 12:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\Good Keywords v2
[2012/03/27 11:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\GPass
[2012/03/15 13:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\gtk-2.0
[2008/01/22 13:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\ICAClient
[2009/07/09 21:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\iPlus
[2011/04/28 13:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\KCI
[2008/03/06 19:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\Keyword Explorer
[2011/10/01 14:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\KeywordOptimizerPro
[2009/10/12 13:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\LiveSoftware
[2010/06/14 12:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/05/09 14:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\Myad
[2009/02/03 10:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\Niche Inspector
[2009/09/10 15:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\Nitro PDF
[2012/05/03 11:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\Nuance
[2011/07/10 08:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\OpenCandy
[2009/09/10 16:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\OpenOffice.org
[2008/12/19 11:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\Opera
[2012/03/10 12:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\Oracle
[2012/01/06 11:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\PandoraRecovery
[2011/10/07 09:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\ParetoLogic
[2012/03/23 10:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\Philipp Winterberg
[2007/09/28 20:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\PPMate
[2008/03/15 17:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\ppStream
[2010/10/05 10:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\QuickScan
[2011/11/13 17:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\RayV
[2011/05/25 13:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\Resource Tuner
[2008/05/30 17:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\SafeSoft
[2011/11/13 17:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\SpeedyPC Software
[2009/08/30 15:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\Spesoft Text To MP3
[2012/01/06 12:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\Systenance
[2011/11/15 18:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\TrafficInitiator-Air
[2010/06/01 14:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\ubot
[2011/10/15 10:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\WinPatrol
[2011/05/09 13:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\Ywonk
[2011/05/08 11:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\Zebyi
[2012/04/10 19:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\N800C\Application Data\Zeon
[2012/04/20 08:30:56 | 000,000,378 | ---- | M] () -- C:\WINDOWS\Tasks\Free File Viewer Update Checker.job
[2011/11/13 17:31:32 | 000,000,500 | ---- | M] () -- C:\WINDOWS\Tasks\One-Click Tweak.job
[2012/04/19 18:00:02 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2011/10/07 09:19:52 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
[2011/10/07 09:19:51 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor Defrag.job
[2011/10/07 09:19:50 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/10/11 11:51:45 | 000,694,370 | ---- | M] () -- C:\109622-EmailListMaster_Setup.exe
[2010/06/14 12:12:32 | 012,124,624 | ---- | M] (Adobe Systems Inc.) -- C:\AdobeAIRInstaller.exe
[2008/09/13 00:22:26 | 001,652,295 | ---- | M] () -- C:\Anonymail-Pro.exe
[2011/04/06 12:02:49 | 023,098,024 | ---- | M] (Any-Video-Converter.com ) -- C:\avc-free.exe
[2011/01/05 13:00:04 | 004,472,121 | ---- | M] (CamStudio Open Source Dev Team ) -- C:\CamStudio_Setup_v2.6b_r294_(build_24Oct2010).exe
[2009/08/27 12:36:23 | 001,074,244 | ---- | M] (Etru Software Development ) -- C:\capture.exe
[2012/01/27 15:09:42 | 000,606,576 | ---- | M] (Google Inc.) -- C:\ChromeSetup.exe
[2010/08/18 14:11:56 | 001,025,400 | ---- | M] () -- C:\CoffeeFreeDHTMLMenu2.2.exe
[2009/09/12 16:29:50 | 005,512,744 | ---- | M] (Acresso Software Inc.) -- C:\desktopplayer_setup_withjwplayer.exe
[2012/01/17 11:38:37 | 000,272,200 | ---- | M] () -- C:\DM-238.exe
[2009/08/31 16:25:40 | 001,162,691 | ---- | M] (Guadasoft, LLC) -- C:\efgrabber.exe
[2006/05/25 20:37:56 | 000,284,812 | ---- | M] (easy HTools) -- C:\eth_setup.exe
[2011/02/01 15:22:04 | 002,228,630 | ---- | M] (Binteko Software ) -- C:\fairbot.exe
[2010/05/10 11:32:15 | 004,491,768 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\g2m_codec.exe
[2012/01/17 11:39:27 | 006,982,912 | ---- | M] () -- C:\HSS-2.24-install-anchorfree-238-conduit2.exe
[2009/03/03 10:22:18 | 001,878,888 | ---- | M] (Adobe Systems Incorporated) -- C:\install_flash_player.exe
[2009/05/18 10:10:00 | 007,965,504 | ---- | M] () -- C:\jing_setup.exe
[2011/10/19 12:38:10 | 000,910,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\jre-6u29-windows-i586-iftw.exe
[2011/10/28 19:21:39 | 020,197,256 | ---- | M] (Oracle Corporation) -- C:\jre-7u1-windows-i586.exe
[2011/11/26 15:48:26 | 007,708,814 | ---- | M] () -- C:\kop-setup.exe
[2012/02/03 15:04:49 | 000,402,897 | ---- | M] () -- C:\maketorrent-2.1.exe
[2011/05/09 11:32:20 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2009/11/18 13:48:23 | 014,554,824 | ---- | M] (James J. Jones, LLC. ) -- C:\MicroNicheFinder462Setup.exe
[2006/09/15 14:05:26 | 002,347,099 | ---- | M] (Business Software Products ) -- C:\MLVLDE20.exe
[2009/08/30 12:45:51 | 001,212,984 | ---- | M] (Sandor Kovacs ) -- C:\mmailmaster.exe
[2009/09/10 16:17:50 | 157,484,384 | ---- | M] () -- C:\OOo_3.1.1_Win32Intel_install_wJRE_en-US.exe
[2009/05/21 12:18:13 | 000,730,064 | ---- | M] (PuntingAce ) -- C:\PADutchbook_Setup.exe
[2009/10/11 13:49:20 | 002,180,381 | ---- | M] (SERVICE MASTER SOFTWARE ) -- C:\parser.exe
[2009/07/30 18:08:19 | 001,128,916 | ---- | M] (www.hellopdf.com ) -- C:\pdf2wordsetup.exe
[2010/04/09 12:13:36 | 003,709,360 | ---- | M] (RayV) -- C:\rayv_racinguk.exe
[2009/10/12 13:07:26 | 002,969,597 | ---- | M] () -- C:\realvaemailverifier.exe
[2011/03/05 14:31:42 | 004,913,224 | ---- | M] () -- C:\setupscreenhunterfree.exe
[2010/02/26 11:43:01 | 000,349,409 | ---- | M] (BettingProfitSoftware ) -- C:\VHF_v3.49_setup.exe
[2011/04/05 13:33:18 | 008,227,635 | ---- | M] (Digiarty Software,Inc. ) -- C:\winx-wmv-to-mp4.exe
[2010/01/02 14:14:53 | 000,318,904 | ---- | M] (Microsoft Corporation) -- C:\wmpfirefoxplugin.exe
[2010/02/11 14:43:27 | 023,264,212 | ---- | M] () -- C:\xheadersetup1108.exe
[2010/02/11 15:11:14 | 011,825,827 | ---- | M] () -- C:\xheader_bonus_download.exe
[2008/08/25 12:20:28 | 001,773,234 | ---- | M] (Veign, LLC ) -- C:\XSite.exe

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-04-12 08:05:06


< MD5 for: AGP440.SYS >
[2006/02/28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/12/02 07:43:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/12/02 07:43:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2006/02/28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/12/02 07:43:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/12/02 07:43:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/02/28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/14 02:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008/04/14 02:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/14 02:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2006/02/28 14:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: BEEP.SYS >
[2006/02/28 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2006/02/28 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2006/02/28 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 13:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2006/02/28 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2006/02/28 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: KERNEL32.DLL >
[2007/04/16 18:07:27 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2006/07/05 12:57:10 | 000,985,088 | ---- | M] (Microsoft Corporation) MD5=0FDD84928A5DDE2510761B7EC76CCEC9 -- C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[2006/02/28 14:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2006/02/28 14:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB917422$\kernel32.dll
[2009/03/21 16:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\ERDNT\cache\kernel32.dll
[2009/03/21 16:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 16:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/14 02:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/14 02:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2006/07/05 12:55:01 | 000,984,064 | ---- | M] (Microsoft Corporation) MD5=D8DB5397DE07577C1CB50BA6D23B3AD4 -- C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
[2009/03/21 15:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 19:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2006/02/28 14:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2006/02/28 14:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 19:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 19:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2008/06/20 19:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2008/06/20 18:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 18:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/14 02:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/14 02:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 19:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 19:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2006/02/28 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006/02/28 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTFS.SYS >
[2007/02/09 13:23:36 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[2008/04/13 21:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ERDNT\cache\ntfs.sys
[2008/04/13 21:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 21:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
[2006/02/28 14:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2006/02/28 14:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/04/14 02:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ERDNT\cache\ntmssvc.dll
[2008/04/14 02:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/14 02:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2006/02/28 14:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2006/02/28 14:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/14 02:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/14 02:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\dllcache\proquota.exe
[2008/04/14 02:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2006/02/28 14:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/14 02:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/14 02:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/14 02:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/14 02:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SCECLI.DLL >
[2006/02/28 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2006/02/28 14:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/14 02:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll
[2008/04/14 02:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/14 02:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2010/08/17 15:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010/08/17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\ERDNT\cache\spoolsv.exe
[2010/08/17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010/08/17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2006/02/28 14:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
[2006/02/28 14:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
[2005/06/11 02:17:13 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/14 02:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
[2008/04/14 02:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/14 02:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ERDNT\cache\srsvc.dll
[2008/04/14 02:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/14 02:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2006/02/28 14:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/02/28 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TERMSRV.DLL >
[2006/02/28 14:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/14 02:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ERDNT\cache\termsrv.dll
[2008/04/14 02:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/14 02:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2006/02/28 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: XMLPROV.DLL >
[2008/04/14 02:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ERDNT\cache\xmlprov.dll
[2008/04/14 02:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/14 02:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2006/02/28 14:00:00 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D6E66F5
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >

OTL Extras logfile created on: 10/25/2011 6:54:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\N800C\Desktop\Internet Security
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

511.36 Mb Total Physical Memory | 196.14 Mb Available Physical Memory | 38.36% Memory free
1.22 Gb Paging File | 0.97 Gb Available in Paging File | 79.34% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17.58 Gb Total Space | 1.36 Gb Free Space | 7.72% Space Free | Partition Type: NTFS
Drive D: | 19.68 Gb Total Space | 18.58 Gb Free Space | 94.38% Space Free | Partition Type: NTFS

Computer Name: COMPAQ-C71F7BA3 | User Name: N800C | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-796845957-1935655697-854245398-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\MMailMaster\MMailMaster.exe" = C:\Program Files\MMailMaster\MMailMaster.exe:*:Enabled:Marketing Mail Master -- (Sandor Kovacs)
"C:\Program Files\RayV\RayV\RayV.exe" = C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV
"C:\Program Files\RayV\RayV\RayV.dll" = C:\Program Files\RayV\RayV\RayV.dll:*:Enabled:RayV
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe" = C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe:*:Enabled:Free File Viewer Update Checker -- (Bitberry Software)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Betometer\betometer.exe" = C:\Program Files\Betometer\betometer.exe:*:Enabled:betometer.exe -- (TheBetoMeter.com)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F16518A-A9E4-C135-278C-2B4544B3A74C}" = Domain Samurai
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}" = AVSDK5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A4C1A78-2C31-7F3D-0AFF-F1AD8E04AD3E}" = Betdaq Assistant
"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{4660E3A0-9D8A-4808-A74A-61420B79F3B4}" = EFGrabber 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{67802437-1BE5-4F6D-B34C-5CA08F9E5636}" = Bet Angel - Basic
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{9F185C48-595B-401A-A1D6-AAB324890DC4}" = GiPo@MoveOnBoot 1.9.5
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6535CE4-6135-4BDF-BDC7-67C74A2BC59D}" = MacroSoft Email Spider Full
"{AA29D18E-2ED9-434A-8141-5903A54569B9}" = Sony Ericsson Wireless Modem
"{AAC6E7AC-F7B6-4EB0-9A9C-DC9FFEFBC432}_is1" = Betometer v1.0105
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B566F2E8-FCC6-4DDA-9C51-FA34681E196D}" = Swiftebook
"{B66899F2-C58D-4CEC-9FA8-867883FFB707}" = CoffeeCup Free FTP
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0875B28-DD5C-4508-A930-DC10D3CBC263}" = Sony Ericsson Wireless Modem Driver
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D93E970F-5B4B-4BE6-89CB-E46963E3B1E4}" = DupeFree Pro
"{DBE336CF-4847-41B7-844D-6D7AFACAE984}" = uCAN driver package
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{ED70A541-7F67-8C3D-0363-293A1D446F92}" = Market Samurai
"{F41A9EE5-A6A8-5647-63D0-F0A5D744612A}" = CherryPicker
"{F8E2838E-AA8B-5BCF-D8F5-5645EB13B798}" = KeywordOptimizerPro
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anonymail Pro_is1" = Anonymail Pro V-10 Free Edition
"Any Video Converter_is1" = Any Video Converter 3.2.5
"Article Submit Pro 1.4" = Article Submit Pro 1.4
"ATI Display Driver" = ATI Display Driver
"BackAndLay Calculator_is1" = BackAndLay - Version 0.9
"BACKLINKS CHECK PRO1.0" = BACKLINKS CHECK PRO
"BetdaqAssistant.389FD738CB3FAA05327C60BCB3256FB4301F5711.1" = Betdaq Assistant
"CherryPickerLive" = CherryPicker
"CoffeeCup Free DHTML Menu Builder" = CoffeeCup Free DHTML Menu Builder
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Domain Samurai
"Easy Text To HTML Converter" = Easy Text To HTML Converter
"EmailList Master" = EmailList Master
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus CX7300_CX8300_DX7400_DX8400 Users Guide" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"FreeFileViewer_is1" = Free File Viewer 2011
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"iPlus Manager_is1" = iPlus Manager 1.7
"KeywordOptimizerPro" = KeywordOptimizerPro
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Full)
"Mail List Validator_is1" = Mail List Validator 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Marketing Mail Master_is1" = Marketing Mail Master 1.1
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Micro Niche Finder 5.0_is1" = Micro Niche Finder 5.0
"Micro Niche Finder_is1" = Micro Niche Finder
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PADutchbook_is1" = PADutchbook 1.0
"Scanned Text Editor 1" = Scanned Text Editor 1
"Trusted Software Assistant_is1" = File Type Assistant
"Umailer_is1" = Umailer v3.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.4.5
"WinPcapInst" = WinPcap 3.1
"Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XHeader" = XHeader
"XHeader Bonus Download" = XHeader Bonus Download
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XSite_is1" = XSite v1.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-796845957-1935655697-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{B566F2E8-FCC6-4DDA-9C51-FA34681E196D}" = Swiftebook

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/05/2011 3:05:07 AM | Computer Name = COMPAQ-C71F7BA3 | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.51.1.1076, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/05/2011 5:36:17 AM | Computer Name = COMPAQ-C71F7BA3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/06/2011 6:54:22 AM | Computer Name = COMPAQ-C71F7BA3 | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 10.1.1.33, faulting module
msvcr90.dll, version 9.0.21022.8, fault address 0x00025bc3.

Error - 10/06/2011 8:14:12 AM | Computer Name = COMPAQ-C71F7BA3 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 7.0.1.4288, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/10/2011 3:18:01 AM | Computer Name = COMPAQ-C71F7BA3 | Source = Application Error | ID = 1000
Description = Faulting application new.exe, version 0.0.0.0, faulting module new.exe,
version 0.0.0.0, fault address 0x00011cec.

Error - 10/10/2011 11:56:36 AM | Computer Name = COMPAQ-C71F7BA3 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x000c01dc.

Error - 10/10/2011 11:56:57 AM | Computer Name = COMPAQ-C71F7BA3 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 10/11/2011 3:50:04 AM | Computer Name = COMPAQ-C71F7BA3 | Source = Application Error | ID = 1000
Description = Faulting application new.exe, version 0.0.0.0, faulting module new.exe,
version 0.0.0.0, fault address 0x0000ff01.

Error - 10/13/2011 7:35:54 AM | Computer Name = COMPAQ-C71F7BA3 | Source = Application Error | ID = 1000
Description = Faulting application new.exe, version 0.0.0.0, faulting module new.exe,
version 0.0.0.0, fault address 0x00011b44.

Error - 10/15/2011 4:30:46 AM | Computer Name = COMPAQ-C71F7BA3 | Source = MsiInstaller | ID = 11722
Description = Product: Java™ 6 Update 26 -- Error 1722.There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action patchjre,
location: C:\Program Files\Java\jre6\patchjre.exe, command: -s "C:\Program Files\Java\jre6"


[ System Events ]
Error - 10/20/2011 2:37:12 AM | Computer Name = COMPAQ-C71F7BA3 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom Imapi

Error - 10/20/2011 5:54:41 AM | Computer Name = COMPAQ-C71F7BA3 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom Imapi

Error - 10/20/2011 7:48:32 AM | Computer Name = COMPAQ-C71F7BA3 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom Imapi

Error - 10/21/2011 3:12:45 AM | Computer Name = COMPAQ-C71F7BA3 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom Imapi

Error - 10/21/2011 4:46:54 AM | Computer Name = COMPAQ-C71F7BA3 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom Imapi

Error - 10/21/2011 10:11:16 AM | Computer Name = COMPAQ-C71F7BA3 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom Imapi

Error - 10/22/2011 3:17:28 AM | Computer Name = COMPAQ-C71F7BA3 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom Imapi

Error - 10/25/2011 3:06:27 AM | Computer Name = COMPAQ-C71F7BA3 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom Imapi

Error - 10/25/2011 5:36:56 AM | Computer Name = COMPAQ-C71F7BA3 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom Imapi

Error - 10/25/2011 12:45:54 PM | Computer Name = COMPAQ-C71F7BA3 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom Imapi


< End of report >

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:44 PM

Posted 21 May 2012 - 08:51 AM

With the exception of a popup error message I get when I start the machine, which says wshelper.exe cannot load

This if is attitruted to Wondershare.
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)

Did you remove this application?
We can remove it using OTL - let me know.
===

open a new notepad window and paste the following text into it

REGEDIT4

[-HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Policies\System]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]



then change the "save as type" to "all files" and save it as unlock.reg

double click on the file, and click yes when it asks you if you want to merge the information with the registry.

Reboot normally.

Delete the unlock.reg file.
===

I have no sound at all

Do you have access to your Control Panel?

#13 jamiehart

jamiehart
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 21 May 2012 - 12:28 PM

I didn't even know that I'd downloaded Wondershare - whatever it is ! Anyway if it's any way causing the problem lets get rid !

I've just done the unlock.reg procedure but does not appear to have made any difference.

Yes, I've got access to control panel but some icons are missing Not certain which ones so I'm attaching a screenshot. Interestingly when I was saving the screenshot it said that I was saving to documents and settings - however it was saved to the desktop - don't know if that is at all significant ??

Can't post the screenshot as too big - tried to resize but unreadable

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:44 PM

Posted 21 May 2012 - 01:04 PM

Run OTL - Double-click OTL.exe Posted Image to start it.

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - (ThreatFire) -- File not found
    SRV - (HidServ) -- File not found
    SRV - (AppMgmt) -- File not found
    DRV - (catchme) -- File not found
    IE - HKCU\..\URLSearchHook: - No CLSID value found
    O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_803138DCE93649E4.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Open with WordPerfect - Reg Error: Value error. File not found
    O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
    
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D6E66F5
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
    
    :commands
    [emptytemp]
    [RESETHOSTS]
    [Reboot]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
===

Run ComboFix again and post the log is you can.
You presently have the Tool in your desktop.
C:\Documents and Settings\N800C\Desktop\ComboFix.exe
Create a Temporary folder on your C:\ name it MyNewDesk
Move the ComboFix.exe in that folder and run it.
You may be requested to update the tool. Please do so.
===

Lets check further on the desktop issue.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :reg
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

===

Please post the logs and let me know what problem persists.

Edited by nasdaq, 21 May 2012 - 01:10 PM.


#15 jamiehart

jamiehart
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 22 May 2012 - 05:12 AM

Do this in stages.

Did the OTL bit and thats got rid of the wshelper popup - thanks.

The log is posted below and I'll try combofix now.


All processes killed
========== OTL ==========
Service ThreatFire stopped successfully!
Service ThreatFire deleted successfully!
File File not found not found.
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File File not found not found.
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
File File not found not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File File not found not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe deleted successfully.
C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open with WordPerfect\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TPSvc\ deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3D6E66F5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.COMPAQ-C71F7BA3
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Downloads

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33664 bytes

User: N800C
->Temp folder emptied: 42143019 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49803575 bytes
->Google Chrome cache emptied: 42966584 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1051 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1006758 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49407 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 17751014 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2803 bytes

Total Files Cleaned = 147.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 05222012_120030

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users