Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tablet won't load XP after Combofix


  • This topic is locked This topic is locked
11 replies to this topic

#1 nacma

nacma

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 05 November 2012 - 06:27 PM

Hello. In retrospect, I should have been more thorough in reading more about Combofix. I saw the newfolder virus on my USB, and was afraid it had infected my hard drive too, so I followed some instructions on another site which said to basically run Combofix in safe mode. Well, I've been using a bluetooth keyboard. Without that loaded at start, I couldn't switch to Safe Mode. So I ran it in normal mode, yikes. Everything looked fine, it finished the scan, gave me Recovery console, and a log.

The next day, upon powering on, it went to a screen that said "enter product key to activate Windows XP".

So far, I have been able to bypass this and get into the Recovery Console. I have a command prompt. What should I do now?

HP TC1100 running XP SP3, now with USB keyboard.

BC AdBot (Login to Remove)

 


#2 nacma

nacma
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 06 November 2012 - 12:04 PM

Here is the log that I copied off the tablet, today.

ComboFix 12-11-04.01 - user 11/04/2012 21:31:19.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.187 [GMT -5:00]
Running from: c:\documents and settings\user\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-10-05 to 2012-11-05 )))))))))))))))))))))))))))))))
.
.
2012-11-05 02:16 . 2012-11-05 02:16 -------- d-----w- c:\windows\LastGood
2012-11-01 14:57 . 2005-10-31 14:46 36679 ------w- c:\windows\system32\drivers\NETMD052.sys
2012-11-01 14:55 . 2004-07-16 04:16 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-11-01 14:55 . 2012-11-01 14:55 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2012-11-01 14:55 . 2004-07-16 04:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2012-11-01 14:55 . 2004-07-16 04:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2012-11-01 14:55 . 2004-07-16 04:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2012-11-01 14:55 . 2004-07-16 04:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2012-11-01 14:55 . 2004-07-16 04:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2012-11-01 14:55 . 2012-11-01 14:55 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2012-11-01 14:53 . 2012-11-01 14:53 -------- d-----w- c:\documents and settings\user\Application Data\Sony Corporation
2012-11-01 14:41 . 2003-11-10 16:31 36232 ------w- c:\windows\system32\drivers\NETMD033.sys
2012-11-01 14:41 . 2003-04-01 22:55 35319 ------w- c:\windows\system32\drivers\NETMD031.sys
2012-11-01 14:41 . 2002-08-08 19:51 38951 ------w- c:\windows\system32\drivers\NETMDUSB.sys
2012-11-01 14:41 . 2001-09-13 06:15 90112 ------w- c:\windows\snymsico.dll
2012-10-31 02:20 . 2011-02-17 22:26 81920 ----a-w- c:\windows\eSellerateControl350.dll
2012-10-31 02:20 . 2011-02-17 22:26 356352 ----a-w- c:\windows\eSellerateEngine.dll
2012-10-31 02:20 . 2012-10-31 05:22 -------- d-----w- c:\program files\New Folder Removal Tool
2012-10-19 15:28 . 2012-10-19 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-10-19 15:28 . 2012-10-19 15:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-10-19 15:03 . 2007-06-30 18:29 310899 --sha-r- c:\windows\system32\blastclnnn.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 18:58 . 2012-07-06 17:18 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 18:58 . 2011-06-15 18:38 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-03 14:38 . 2012-10-03 14:38 83760 ----a-w- c:\windows\system32\stkMonitor.dll
2012-09-19 22:38 . 2003-03-19 00:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-09-19 22:38 . 2003-02-21 08:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-10-28 18:17 . 2012-10-28 18:17 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2007-06-30 18:29 310899 --sha-r- c:\windows\system32\blastclnnn.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-10-25 19:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="c:\windows\help\SplshWrp.exe" [2004-08-04 16384]
"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2004-08-04 271872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-09-22 4866048]
"nwiz"="nview.dll" [2003-09-22 852039]
"Q Menu"="c:\program files\HPQ\Q Menu\QICON.EXE" [2004-10-06 221184]
"hpqMcSrv"="c:\program files\HPQ\Q Menu\CpqMcSrV.exe" [2004-10-05 53248]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-19 88209]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Nuance PDF Reader-reminder"="c:\program files\Nuance\PDF Reader\Ereg\Ereg.exe" [2010-07-05 333088]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-09-19 296096]
"CyberPatrolNew"="c:\program files\CyberPatrol\Parental Controls\cphq.exe" [2012-05-08 1975800]
.
c:\documents and settings\user\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-6-2 565309]
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2004-08-04 02:00 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\LoginKey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2006-11-01 14:18 32256 ----a-w- c:\windows\system32\tpgwlnot.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\user\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/16/2011 11:56 AM 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/16/2011 11:55 AM 22344]
R3 WacomSoftPen;Wacom ISD HID MiniDriver;c:\windows\system32\drivers\wacomsoftpen.sys [9/12/2003 12:03 PM 12928]
S3 Background Update Service;Background Update Service;c:\program files\CyberPatrol\Parental Controls\UpdateService.exe [5/23/2011 10:12 AM 301056]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/16/2011 11:56 AM 41272]
S3 PTQHBUS;PANTECH Handset HSUSB Composite Device(MSM6290);c:\windows\system32\drivers\PTQHBUS.sys [3/15/2012 7:31 PM 55056]
S3 PTQHMDM;PANTECH HSUSB Modem(MSM6290);c:\windows\system32\drivers\PTQHMDM.sys [3/15/2012 7:31 PM 161040]
S3 PTQHVSP;PANTECH HSUSB Diagnostic Serial Port(MSM6290);c:\windows\system32\drivers\PTQHVSP.sys [3/15/2012 7:31 PM 161040]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [6/8/2011 7:11 AM 13568]
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-06 18:58]
.
2012-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-19 01:10]
.
2012-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-19 01:10]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1682526488-1060284298-1003Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-14 00:44]
.
2012-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1682526488-1060284298-1003UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-14 00:44]
.
2012-11-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-1682526488-1060284298-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
2012-11-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-1682526488-1060284298-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
.
------- Supplementary Scan -------
.
uStart Page = https://mymcprod.montgomerycollege.edu/cp/home/displaylogin
uInternet Settings,ProxyServer = proxy:3128
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\windows\system32\cplsp.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\1bzxrqr2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - ExtSQL: 2012-09-19 18:38; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKU-Default-Run-TabletWizard - c:\windows\help\wizard.hta
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-04 21:40
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ISUSPM = "c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" -scheduler??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????A?:?????C??????T?_t??????????^tH?????????????_t0????????????J?????? ??|H??????|????????j??|H???0???????[??????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(880)
c:\windows\system32\antiwpa.dll
.
- - - - - - - > 'explorer.exe'(2824)
c:\windows\system32\WININET.dll
c:\windows\system32\nView.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\program files\windows journal\nbmaptip.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-11-04 21:43:25
ComboFix-quarantined-files.txt 2012-11-05 02:43
.
Pre-Run: 13,172,641,792 bytes free
Post-Run: 15,175,712,768 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 1F7867F12ADFDDE66214C82BC0F50719

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:02 AM

Posted 10 November 2012 - 06:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/474228 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 nacma

nacma
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 12 November 2012 - 02:50 PM

Hi. I still need help. I have not touched my tablet since it lost its Windows, except to confirm that I can get to Recovery Console and the command prompt. But being mostly non-techie, I have no idea what to do next. It was an HP TC1100 tablet running Windows XP SP3 (i think) prob 32bit. The system was loaded by the reseller who had rehabbed the tablet. He does not have the activation key anymore. I can get you more info from the recovery console, if you tell me how to get it.

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:02 AM

Posted 15 November 2012 - 01:24 PM

Greetings nacma and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:


===================================================


Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I truly do appreciate it and you can be assured I will be very attentive to your situation now.

Please do this for me and see if we can get you back to booting successfully.


===================================================


Restoring ERUNT Registry Back-up Via the Recovery Console in Windows XP

--------------

  • Restart your computer
  • Before Windows loads, you will be prompted to choose which Operating System to start
  • Use the up and down arrow key to select Microsoft Windows Recovery Console
  • Type 1 and press Enter (should be the Recovery Console)
  • Type the following and press Enter

    cd erdnt\hiv-backup
  • Type the following and press Enter

    batch erdnt.con
  • The erunt backups will begin copying
  • When completed type the following and press Enter

    exit
  • Windows will now begin loading

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • Were you able to boot successfully?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 nacma

nacma
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 17 November 2012 - 07:05 PM

Hi Gary! The commands worked! I see my desktop exactly as I left it. Firefox is loading and running fine. I am glad I sat tight and waited for your help. Thanks many many times over,

Nasima

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:02 AM

Posted 17 November 2012 - 07:53 PM

Hi Nasima,

Excellent!

We still need to take a look at your computer to see if there is any malware present. Please do this for me.


===================================================


OTL

--------------------

Please download OTL here.

  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Copy and paste the two reports in your next reply.

  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • OTL log
  • Extra log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 nacma

nacma
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 18 November 2012 - 01:24 PM

OTL.txt

OTL logfile created on: 11/18/2012 1:11:59 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\user\Desktop
Windows XP Tablet PC Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.98 Mb Total Physical Memory | 439.55 Mb Available Physical Memory | 42.97% Memory free
2.40 Gb Paging File | 1.78 Gb Available in Paging File | 73.86% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 14.54 Gb Free Space | 39.04% Space Free | Partition Type: NTFS

Computer Name: USER-CCE8668447 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/18 12:17:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2012/10/28 13:17:14 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/10/26 13:17:52 | 000,079,384 | ---- | M] (Google) -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2012/09/19 17:38:38 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/09/14 21:57:43 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/05/08 15:07:36 | 001,111,544 | ---- | M] (CyberPatrol LLC.) -- C:\Program Files\CyberPatrol\Parental Controls\cpserver.exe
PRC - [2012/04/04 14:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/04/08 07:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/02/27 21:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/05 19:02:50 | 000,221,184 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HPQ\Q Menu\QIcon.exe
PRC - [2004/10/05 10:59:40 | 000,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HPQ\Q Menu\CPQMCSRV.exe
PRC - [2004/06/02 19:48:22 | 000,565,309 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2004/06/02 19:46:52 | 001,249,364 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/28 13:17:13 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/10/08 13:58:41 | 009,814,968 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/05/01 09:41:56 | 000,687,608 | ---- | M] () -- C:\Program Files\CyberPatrol\Parental Controls\CATSDK.dll
MOD - [2011/09/08 11:31:45 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
MOD - [2011/09/08 11:31:39 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
MOD - [2011/09/08 07:32:27 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
MOD - [2011/09/08 07:32:14 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
MOD - [2011/09/08 07:31:45 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll
MOD - [2011/09/08 07:28:37 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
MOD - [2011/09/08 07:28:15 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
MOD - [2011/08/20 10:45:51 | 002,027,520 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.0.3705\system.xml\1.0.3300.0__b77a5c561934e089_d4979157\system.xml.dll
MOD - [2011/08/20 10:45:27 | 001,855,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.0.3705\system\1.0.3300.0__b77a5c561934e089_ce804334\system.dll
MOD - [2011/08/20 10:45:22 | 003,301,376 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_88be06b5\mscorlib.dll
MOD - [2011/06/08 14:17:06 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC\SKLibrary\1.7.2600.2180__31bf3856ad364e35\SKLibrary.dll
MOD - [2011/06/08 14:17:06 | 000,073,728 | ---- | M] () -- c:\windows\assembly\gac\contexttagger\1.7.2600.2180__31bf3856ad364e35\contexttagger.dll
MOD - [2011/06/08 14:17:06 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\tiplibrary\1.7.2600.2180__31bf3856ad364e35\tiplibrary.dll
MOD - [2011/06/08 14:17:06 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC\KbcResources\1.7.2600.2180_en_31bf3856ad364e35\KbcResources.dll
MOD - [2011/06/08 14:17:06 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\interop.tipcomponents\1.7.2600.2180__31bf3856ad364e35\interop.tipcomponents.dll
MOD - [2011/06/08 14:17:06 | 000,012,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC\SoftKeyboardLogic\1.7.2600.2180__31bf3856ad364e35\SoftKeyboardLogic.dll
MOD - [2011/06/08 14:17:06 | 000,009,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.SoftKeyboardInterface\1.7.2600.2180__31bf3856ad364e35\Interop.SoftKeyboardInterface.dll
MOD - [2011/06/08 14:16:41 | 001,302,528 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.3300.0__b77a5c561934e089\system.xml.dll
MOD - [2011/06/08 14:16:41 | 001,179,648 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.3300.0__b77a5c561934e089\system.dll
MOD - [2011/06/08 14:16:40 | 000,008,704 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.3300.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2009/01/30 05:31:11 | 000,060,416 | R--- | M] () -- C:\WINDOWS\system32\antiwpa.dll
MOD - [2006/02/27 21:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/02/27 21:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2004/06/02 19:49:38 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll


========== Services (SafeList) ==========

SRV - [2012/10/28 13:17:13 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/08 13:58:41 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/08 14:52:10 | 000,301,056 | ---- | M] (CyberPatrol LLC) [On_Demand | Stopped] -- C:\Program Files\CyberPatrol\Parental Controls\UpdateService.exe -- (Background Update Service)
SRV - [2012/04/04 14:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/23 20:21:24 | 000,025,704 | R--- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2007/02/05 09:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 09:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 01:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 01:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 00:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/04/04 14:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/06 18:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/12/15 01:30:46 | 000,161,040 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTQHVSP.sys -- (PTQHVSP)
DRV - [2009/12/15 01:30:46 | 000,161,040 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTQHMDM.sys -- (PTQHMDM)
DRV - [2009/12/15 01:30:46 | 000,055,056 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTQHBUS.sys -- (PTQHBUS)
DRV - [2006/08/07 10:03:58 | 000,674,560 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51)
DRV - [2005/04/19 12:03:26 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/06/02 19:13:32 | 000,016,896 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2004/06/02 19:07:28 | 001,240,938 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2004/06/02 19:00:10 | 000,147,864 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004/06/02 18:59:58 | 000,030,235 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2004/06/02 18:50:56 | 000,043,683 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2004/06/02 18:50:16 | 000,053,816 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2003/10/14 16:04:00 | 000,009,344 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tiumflt.sys -- (DevUpper)
DRV - [2003/09/26 11:41:12 | 000,044,032 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/09/12 12:03:08 | 000,012,928 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomsoftpen.sys -- (WacomSoftPen)
DRV - [2003/02/18 17:02:06 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2002/06/26 19:04:06 | 000,009,600 | ---- | M] (HP Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1078081533-1682526488-1060284298-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mymcprod.montgomerycollege.edu/cp/home/displaylogin
IE - HKU\S-1-5-21-1078081533-1682526488-1060284298-1003\..\SearchScopes,DefaultScope = {900F3BA3-1553-4195-B0FA-EB5AE02849E7}
IE - HKU\S-1-5-21-1078081533-1682526488-1060284298-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1078081533-1682526488-1060284298-1003\..\SearchScopes\{2A696BCE-44CF-45a4-B905-59CDFA08531A}: "URL" = http://del.icio.us/search/?fr=del_icio_us&p={searchTerms}&type=all
IE - HKU\S-1-5-21-1078081533-1682526488-1060284298-1003\..\SearchScopes\{900F3BA3-1553-4195-B0FA-EB5AE02849E7}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1078081533-1682526488-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-1682526488-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy:3128

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3
FF - prefs.js..extensions.enabledAddons: Noia4Options@ArisT2:1.7.5
FF - prefs.js..extensions.enabledAddons: tiletabs@DW-dev:8.2
FF - prefs.js..network.proxy.ftp: "proxy"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "proxy"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.socks: "proxy"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "proxy"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/19 17:38:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/28 13:17:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/28 13:17:04 | 000,000,000 | ---D | M]

[2011/06/13 20:08:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2012/11/17 19:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\1bzxrqr2.default\extensions
[2012/01/10 19:04:29 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\1bzxrqr2.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2012/10/03 08:27:40 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\1bzxrqr2.default\extensions\foxmarks@kei.com
[2012/05/04 12:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\1bzxrqr2.default\extensions\staged(2)
[2012/10/21 15:19:10 | 000,154,926 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\1bzxrqr2.default\extensions\Noia4Options@ArisT2.xpi
[2012/11/17 19:11:28 | 000,101,881 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\1bzxrqr2.default\extensions\tiletabs@DW-dev.xpi
[2012/09/18 08:42:32 | 000,173,194 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\1bzxrqr2.default\extensions\{477c4c36-24eb-11da-94d4-00e08161165f}.xpi
[2011/06/13 20:35:44 | 000,006,148 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\1bzxrqr2.default\extensions\{a5e2af92-ffa6-4dbb-8f4a-f7cdb5de936a}.xpi
[2012/10/21 13:01:22 | 001,556,566 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\1bzxrqr2.default\extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi
[2012/05/04 12:07:22 | 000,082,261 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\1bzxrqr2.default\extensions\staged(2)\tiletabs@DW-dev.xpi
[2012/10/28 13:17:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/28 13:17:02 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/28 13:17:14 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/09/19 17:38:43 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/09/16 14:32:43 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/23 21:03:11 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: DocuCom PDF Plus (Enabled) = C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2006/02/27 21:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (CDelHotkeys Object) - {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Delicious Toolbar) - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O3 - HKU\S-1-5-21-1078081533-1682526488-1060284298-1003\..\Toolbar\WebBrowser: (Delicious Toolbar) - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O4 - HKLM..\Run: [CyberPatrolNew] C:\Program Files\CyberPatrol\Parental Controls\cphq.exe (CyberPatrol LLC.)
O4 - HKLM..\Run: [hpqMcSrv] C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Q Menu] C:\Program Files\HPQ\Q Menu\QICON.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [TabletWizard] %windir%\help\wizard.hta File not found
O4 - HKU\S-1-5-18..\Run: [TabletWizard] %windir%\help\wizard.hta File not found
O4 - HKU\S-1-5-21-1078081533-1682526488-1060284298-1003..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-1078081533-1682526488-1060284298-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-1682526488-1060284298-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1078081533-1682526488-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1078081533-1682526488-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1078081533-1682526488-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\WINDOWS\System32\cplsp.dll (CyberPatrol LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3790D483-EA0C-47FF-832A-CF4D56A54FA9}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (WIDCOMM, Inc.)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-9998709378-8175227349-238761687-0898\mwau.exe) - File not found
O20 - Winlogon\Notify\Antiwpa: DllName - (antiwpa.dll) - C:\WINDOWS\System32\antiwpa.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/08 14:20:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/18 12:17:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2012/11/17 21:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/11/04 22:50:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/11/04 22:19:47 | 000,000,000 | ---D | C] -- C:\Program Files\Alex Feinman
[2012/11/04 21:29:06 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/11/04 21:26:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/11/04 21:26:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/11/04 21:26:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/11/04 21:26:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/11/04 21:26:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/04 21:26:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Administrative Tools
[2012/11/04 21:26:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/11/04 19:18:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/11/01 09:57:26 | 000,036,679 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\NETMD052.sys
[2012/11/01 09:56:40 | 000,770,048 | ---- | C] (Gracenote) -- C:\WINDOWS\System32\CDDBUISony.dll
[2012/11/01 09:56:40 | 000,655,360 | ---- | C] (Gracenote, Inc.) -- C:\WINDOWS\System32\CDDBControlSony.dll
[2012/11/01 09:56:40 | 000,589,824 | ---- | C] (Gracenote) -- C:\WINDOWS\System32\CddbMusicIDSony.dll
[2012/11/01 09:56:40 | 000,073,728 | ---- | C] (Gracenote) -- C:\WINDOWS\System32\CddbLinkSony.dll
[2012/11/01 09:56:39 | 000,118,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2012/11/01 09:56:39 | 000,116,472 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2012/11/01 09:56:39 | 000,064,760 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2012/11/01 09:56:39 | 000,064,760 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2012/11/01 09:56:39 | 000,002,560 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2012/11/01 09:56:39 | 000,002,432 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2012/11/01 09:56:38 | 000,129,784 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2012/11/01 09:56:38 | 000,072,440 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2012/11/01 09:56:37 | 001,329,912 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2012/11/01 09:56:37 | 000,498,424 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2012/11/01 09:56:37 | 000,379,640 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2012/11/01 09:56:37 | 000,183,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2012/11/01 09:56:37 | 000,039,672 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2012/11/01 09:56:36 | 000,527,096 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2012/11/01 09:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Sony Corporation
[2012/11/01 09:41:00 | 000,090,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\snymsico.dll
[2012/11/01 09:41:00 | 000,038,951 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\NETMDUSB.sys
[2012/11/01 09:41:00 | 000,036,232 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\NETMD033.sys
[2012/11/01 09:41:00 | 000,035,319 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\NETMD031.sys
[2012/10/30 21:20:35 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll
[2012/10/30 21:20:35 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateControl350.dll
[2012/10/30 21:20:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\New Folder Removal Tool
[2012/10/30 21:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\New Folder Removal Tool
[2012/10/28 13:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/18 13:02:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/18 12:58:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/18 12:37:42 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1682526488-1060284298-1003UA.job
[2012/11/18 12:37:25 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Google Chrome.lnk
[2012/11/18 12:37:25 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/11/18 12:17:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2012/11/18 12:09:42 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-1682526488-1060284298-1003.job
[2012/11/18 12:09:40 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-1682526488-1060284298-1003.job
[2012/11/18 12:09:32 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/18 12:09:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/17 18:45:03 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/04 21:29:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/11/04 12:19:31 | 000,438,896 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/04 12:19:31 | 000,070,170 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/03 15:25:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1682526488-1060284298-1003Core.job
[2012/11/01 09:56:42 | 000,001,598 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SonicStage.lnk
[2012/10/30 19:57:11 | 000,001,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2012/10/29 14:41:08 | 008,569,478 | ---- | M] () -- C:\Documents and Settings\user\My Documents\MaherZain_ILoveYouSoVocalsOnlyNoMusic_436003-01-001_mp3_256k.mp3
[2012/10/29 14:37:30 | 008,049,537 | ---- | M] () -- C:\Documents and Settings\user\My Documents\MaherZain_RadhituBillahiRabbaVocalsOnlyNoMusic_436003-01-010_mp3_256k.mp3
[2012/10/29 14:37:00 | 007,892,385 | ---- | M] () -- C:\Documents and Settings\user\My Documents\MaherZain_MyLittleGirlVocalsOnlyNoMusic_436003-01-004_mp3_256k.mp3
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/04 21:29:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/11/04 21:29:09 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/11/04 21:26:44 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/11/04 21:26:44 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/11/04 21:26:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/11/04 21:26:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/11/04 21:26:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/11/01 09:56:42 | 000,001,598 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SonicStage.lnk
[2012/11/01 09:56:40 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2012/10/29 14:40:48 | 008,569,478 | ---- | C] () -- C:\Documents and Settings\user\My Documents\MaherZain_ILoveYouSoVocalsOnlyNoMusic_436003-01-001_mp3_256k.mp3
[2012/10/29 14:37:17 | 008,049,537 | ---- | C] () -- C:\Documents and Settings\user\My Documents\MaherZain_RadhituBillahiRabbaVocalsOnlyNoMusic_436003-01-010_mp3_256k.mp3
[2012/10/29 14:36:54 | 007,892,385 | ---- | C] () -- C:\Documents and Settings\user\My Documents\MaherZain_MyLittleGirlVocalsOnlyNoMusic_436003-01-004_mp3_256k.mp3
[2012/10/19 13:14:42 | 000,000,125 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/10/19 10:03:03 | 000,000,000 | RHS- | C] () -- C:\WINDOWS\System32\setting.ini
[2012/10/19 10:03:00 | 000,310,899 | RHS- | C] () -- C:\WINDOWS\System32\blastclnnn.exe
[2012/03/15 19:30:22 | 003,566,434 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll
[2012/03/15 19:30:22 | 000,827,392 | ---- | C] () -- C:\WINDOWS\System32\Mpeg4System.dll
[2012/03/15 19:30:22 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\Mpeg4Tools.dll
[2012/03/15 19:30:22 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Mpeg4DSF.dll
[2012/03/15 19:30:22 | 000,042,108 | ---- | C] () -- C:\WINDOWS\System32\fun_avutil.dll
[2012/03/15 19:30:21 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\AMR.dll
[2012/03/15 19:30:21 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\EvrcDecDll.dll
[2012/03/15 19:30:21 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\AMRDSF.dll
[2012/02/15 22:49:16 | 000,008,687 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Comma Separated Values (Windows).TSK
[2012/01/09 15:00:48 | 004,346,880 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2012/01/07 17:22:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\libbluray.dll
[2012/01/07 17:21:50 | 006,366,094 | ---- | C] () -- C:\WINDOWS\System32\avcodec-lav-53.dll
[2012/01/07 17:21:50 | 001,007,151 | ---- | C] () -- C:\WINDOWS\System32\avformat-lav-53.dll
[2012/01/07 17:21:50 | 000,354,979 | ---- | C] () -- C:\WINDOWS\System32\swscale-lav-2.dll
[2012/01/07 17:21:50 | 000,203,306 | ---- | C] () -- C:\WINDOWS\System32\avutil-lav-51.dll
[2012/01/07 17:21:50 | 000,138,727 | ---- | C] () -- C:\WINDOWS\System32\avfilter-lav-2.dll
[2011/12/20 13:50:04 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/12/20 13:49:56 | 000,099,328 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2011/12/20 13:49:54 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2011/12/20 13:49:54 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2011/12/20 13:49:52 | 001,525,248 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2011/12/20 13:49:52 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2011/12/20 13:49:52 | 000,115,200 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2011/12/20 13:49:50 | 000,328,704 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2011/12/20 13:49:50 | 000,260,608 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2011/12/20 13:49:50 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2011/12/07 14:32:24 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\Lagarith.dll
[2011/10/24 23:30:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/19 12:51:53 | 000,110,389 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2011/10/19 12:51:53 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2011/09/08 09:00:52 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2011/09/08 09:00:48 | 000,142,336 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2011/09/08 09:00:42 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2011/09/08 09:00:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2011/09/08 09:00:34 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2011/09/08 09:00:24 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2011/09/08 09:00:10 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2011/09/08 09:00:06 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2011/09/08 08:59:54 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2011/09/08 08:59:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2011/08/19 13:33:45 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2011/08/05 11:59:50 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/30 12:46:13 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\user\webct_upload_applet.properties
[2011/06/13 20:08:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/08 15:29:56 | 000,691,592 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2011/06/08 15:29:56 | 000,528,744 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
[2011/06/08 14:29:46 | 000,060,416 | R--- | C] () -- C:\WINDOWS\System32\antiwpa.dll
[2011/06/08 14:28:54 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
[2011/06/08 14:24:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/08 14:15:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/08 07:09:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/08 07:07:47 | 000,270,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/30 08:42:50 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/05/23 02:46:30 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/03/03 06:39:56 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2011/03/03 06:38:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2011/03/03 06:37:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll

========== ZeroAccess Check ==========

[2011/06/08 14:16:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/01/07 17:20:52 | 001,497,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:20:33 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2006/02/27 21:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 244 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D282699C

< End of report >

---------------------------------------------------------------------------------
Extras.txt

OTL Extras logfile created on: 11/18/2012 12:17:27 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\user\Desktop
Windows XP Tablet PC Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.98 Mb Total Physical Memory | 328.47 Mb Available Physical Memory | 32.11% Memory free
2.40 Gb Paging File | 1.82 Gb Available in Paging File | 75.76% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 14.67 Gb Free Space | 39.39% Space Free | Partition Type: NTFS

Computer Name: USER-CCE8668447 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1078081533-1682526488-1060284298-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
"C:\Documents and Settings\user\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\user\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DE6646A-AFD0-44AC-A493-5A8A7ABB858F}" = CyberPatrol Parental Controls
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2CBB71EE-A4DD-4B4D-A635-608D8D1E6F81}" = Driver Tool
"{2E295B5B-1AD4-4d36-97C2-A316084722CF}" = Python 2.7.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3ACF7A26-1743-4A84-85F1-2450B35925E4}" = Classic Menu for Office
"{3E7F5E50-6956-4446-87BF-F422A8736B7F}" = Secure Online Account Numbers
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DC26D3D-3FA4-40C7-8957-FBC32289BB51}" = Pantech PCSuite
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{54178A9B-7B4B-4B24-B863-7B44EBF28318}" = ODF Add-in for Microsoft Office
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C853 Media Driver Ver.1.02.00.17
"{5B5FE75F-A999-45e7-AE6B-5B85E1DD0577}" = PANTECH Handset USB Driver V2
"{5C3DA2A1-03B2-44BD-B5AA-A44BD6E0C0C1}" = HP Integrated Wireless LAN W400-W500 Driver
"{5F6C549F-78DA-4E0E-AE70-0BD981936D99}" = Nuance PDF Reader
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{84EF5641-174A-4755-A744-6B33B0CD8D2A}" = PCI1620 Ultramedia Controller
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{17591192-46BD-4038-8D12-4B2B8CAFAC27}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = Bluetooth by hp
"{90D82A0A-F838-4D6D-952A-9A2964A0E8AE}" = Applied Vision 4
"{9B3F33D3-E2BC-4BAE-93AB-41700072F680}" = Pantech PCSuite
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B1E8784B-A465-4A00-8D5D-E694A1D34A98}" = TI1620/1520
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C12EB29D-9D64-4ACA-84C2-33D8729AABD3}" = Microsoft Experience Pack for Tablet PC
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DFBA08DA-D6B7-4205-8A30-B27312788288}" = Wacom Pen Driver w/Soft Button Support V1.6.1.3
"{DFD30824-6BD0-34E1-ABE8-308AD3CBB9A0}" = Google Talk Plugin
"{EF67AE1A-6B31-4C98-91A9-F195D8702150}" = Google Drive
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Amazon Kindle" = Amazon Kindle
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Driver
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Delicious Add-on for Internet Explorer" = Delicious Add-on for Internet Explorer
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Calendar Sync" = Google Calendar Sync
"ie8" = Windows Internet Explorer 8
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"InstallShield_{84EF5641-174A-4755-A744-6B33B0CD8D2A}" = PCI 1620 Cardbus Controller and Software
"InstallShield_{B1E8784B-A465-4A00-8D5D-E694A1D34A98}" = PCI 1620 Cardbus Controller and Software
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{DFBA08DA-D6B7-4205-8A30-B27312788288}" = Wacom Pen Driver w/Soft Button Support V1.6.1.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Media Player - Codec Pack" = Media Player Codec Pack 4.1.4
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyTomTom" = MyTomTom 3.2.0.700
"New Folder Removal Tool_is1" = New Folder Removal Tool
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Picasa 3" = Picasa 3
"Q Menu" = Q Menu 2.10 A2
"Quran in Ms Word_is1" = Quran in Ms Word 1.3
"RealPlayer 15.0" = RealPlayer
"SendToKindle" = Amazon Send to Kindle
"Tablet PC Button Driver" = Tablet PC Button Driver 1.00 B1
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1078081533-1682526488-1060284298-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Connect Add-in" = Adobe Connect Add-in
"Balloons and Static Electricity" = Balloons and Static Electricity
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/18/2012 9:39:04 AM | Computer Name = USER-CCE8668447 | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 22.0.1229.94, faulting module
chrome.dll, version 22.0.1229.94, fault address 0x00557c64.

Error - 10/31/2012 12:26:17 AM | Computer Name = USER-CCE8668447 | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

Error - 11/1/2012 5:15:05 PM | Computer Name = USER-CCE8668447 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 16.0.2.4680, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/4/2012 1:18:40 PM | Computer Name = USER-CCE8668447 | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 11/4/2012 1:18:40 PM | Computer Name = USER-CCE8668447 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 11/4/2012 1:19:28 PM | Computer Name = USER-CCE8668447 | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 11/4/2012 1:19:28 PM | Computer Name = USER-CCE8668447 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 11/4/2012 10:26:14 PM | Computer Name = USER-CCE8668447 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 0.0.0.0, faulting module
iexplore.exe, version 0.0.0.0, fault address 0x0008d1c0.

Error - 11/5/2012 6:47:28 PM | Computer Name = USER-CCE8668447 | Source = Windows Product Activation | ID = 1009
Description = You have not activated Windows within the grace period. To activate
Windows, contact a customer service representative by telephone.

Error - 11/10/2012 4:50:42 PM | Computer Name = USER-CCE8668447 | Source = Windows Product Activation | ID = 1009
Description = You have not activated Windows within the grace period. To activate
Windows, contact a customer service representative by telephone.

[ OSession Events ]
Error - 7/21/2011 5:17:20 PM | Computer Name = USER-CCE8668447 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 517 seconds with 420 seconds of active time. This session ended with a crash.

Error - 11/23/2011 9:08:45 AM | Computer Name = USER-CCE8668447 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 42548
seconds with 1080 seconds of active time. This session ended with a crash.

Error - 1/9/2012 7:46:43 PM | Computer Name = USER-CCE8668447 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 2651 seconds with 720 seconds of active time. This session ended with a
crash.

Error - 10/16/2012 9:32:08 AM | Computer Name = USER-CCE8668447 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 264
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/16/2012 9:11:04 AM | Computer Name = USER-CCE8668447 | Source = Print | ID = 6161
Description = The document Microsoft Word - Midterm Review PY227_1_.docx owned by
user failed to print on printer Canon MP620 series Printer. Data type: NT EMF 1.008.
Size of the spool file in bytes: 65536. Number of bytes printed: 0. Total number
of pages in the document: 2. Number of pages printed: 0. Client machine: \\USER-CCE8668447.
Win32 error code returned by the print processor: 3 (0x3).

Error - 10/17/2012 8:19:37 AM | Computer Name = USER-CCE8668447 | Source = Print | ID = 54
Description = Document Test Page was corrupted and has been deleted. The associated
driver is: Canon MP620 series Printer.

Error - 10/20/2012 9:45:49 PM | Computer Name = USER-CCE8668447 | Source = PSched | ID = 14103
Description = QoS [Adapter {3790D483-EA0C-47FF-832A-CF4D56A54FA9}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 10/20/2012 9:51:37 PM | Computer Name = USER-CCE8668447 | Source = PSched | ID = 14103
Description = QoS [Adapter {3790D483-EA0C-47FF-832A-CF4D56A54FA9}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 10/23/2012 6:00:12 PM | Computer Name = USER-CCE8668447 | Source = PSched | ID = 14103
Description = QoS [Adapter {3790D483-EA0C-47FF-832A-CF4D56A54FA9}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 10/24/2012 10:46:42 AM | Computer Name = USER-CCE8668447 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MUSLIMALI-VAIO that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{3790D483-EA0C. The master browser is stopping or an election is being
forced.

Error - 10/24/2012 1:00:54 PM | Computer Name = USER-CCE8668447 | Source = PSched | ID = 14103
Description = QoS [Adapter {3790D483-EA0C-47FF-832A-CF4D56A54FA9}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 10/25/2012 5:38:52 PM | Computer Name = USER-CCE8668447 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 000CF102536C has been denied by the DHCP server 160.253.4.15 (The DHCP Server
sent a DHCPNACK message).

Error - 11/3/2012 9:11:36 AM | Computer Name = USER-CCE8668447 | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 11/18/2012 1:18:36 PM | Computer Name = USER-CCE8668447 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
DEFAULT-VOSTRO- that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{3790D483-EA0. The master browser is stopping or an election is being
forced.


< End of report >

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:02 AM

Posted 20 November 2012 - 09:03 AM

Hi Nasima,

Although you PM'd me asking to put this on hold and that you would respond on this Post to update me on whether or not you wished to continue, I have not heard back from you. Therefore I am posting this as a reminder.


===================================================


3 Day Bump

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Edited by Oh My, 20 November 2012 - 09:53 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 nacma

nacma
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 20 November 2012 - 10:11 AM

Hi! Thanks for your patience. I don't mean to keep things hanging so i think it would be a good idea to close this thread. I hope you enjoy your time off as well. Thanks for your help and understanding.

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:02 AM

Posted 20 November 2012 - 10:37 AM

Hi Nasima,

Thank you for your consideration. Although this topic will be closed as resolved please feel free to contact me for further assistance on this issue should you desire that.


Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. Posted Image
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:02 AM

Posted 20 November 2012 - 10:49 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users