Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

This computer is the devil


  • This topic is locked This topic is locked
92 replies to this topic

#1 chaknik

chaknik

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:29 AM

Posted 06 March 2013 - 01:13 PM

I've been trying to connect to this site for over an hour. I've been using IE but had to resort to Firefox and finally got here. With IE, I constantly time out, getting the 'Internet Explorer cannot display the webpage". Even when I click IE icon on desktop,to go to home page, it sometimes immediately displays the same timed out page. I've tried refreshing, tapping the 'go to' arrow, repairing internet connection, retyping URL, and once in a blue moon, the correct page loads. If I can get help, I'd rather use IE but may have to try Firefox.

 

Well, I just clicked the 'Post New Topic' button and Firefox timed out. I'll keep on til it gets there.

Again-#2 Made it on 3 tries


Edited by chaknik, 06 March 2013 - 01:49 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:29 AM

Posted 06 March 2013 - 02:29 PM

Greetings Roy and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the StartNewTopic.gif button but use the AddReply.gif button instead.
  • In the upper right hand corner of the topic you will see the WatchTopic.gif button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Please run this program for me. Download it to a USB device and transfer it to the infected computer if necessary.

===================================================

Complete Internet Repair

--------------------

  • Please download comintrep.exe and save it to your desktop
  • Double click the icon and select Run
  • Click Extract
  • Double click the Complete Internet Repair folder on your desktop
  • Double click the CIntRep.exe icon
  • Place a checkmark next to the following entries:
    • Reset Internet Protocol (TCP/IP)
    • Repair Winsock (Reset Catalog)
    • Renew Internet Connections
    • Flush DNS Resolver Cache
    • Repair Internet Explorer 6.0.2900
    • Clear Windows Update History
    • Repair Windows / Automatic Updates
    • Repair SSL / HTTPS / Cryptography
    • Reset Windows Firewall Configuration
    • Restore the default hosts file
  • Click Go!
  • Ignore any error messages for now
  • Click OK to reboot your computer
  • Check your internet access

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • Any difference?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 chaknik

chaknik
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:29 AM

Posted 06 March 2013 - 03:12 PM

It was amazing for a couple minutes. I went to several websites in a snap. Then all of a sudden, back like it was, slow loading and timing out. Ugh! Had trouble making this post.


Edited by chaknik, 06 March 2013 - 03:15 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:29 AM

Posted 06 March 2013 - 03:20 PM

OK,

Please run this for me. I will just assume that while you are having internet connectivity issues you will know to download programs on a different computer.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------

  • Close all open programs and internet browser
  • Double click on adwcleaner.exe
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt

===================================================

Junkware Removal Tool by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply

===================================================

OTL

--------------------

  • Please download OTL and save it to your desktop
  • Double click on the otlicon.png icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the runscan.png button.
  • Copy and paste the two reports in your next reply.

OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

 

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • AdwCleaner log
  • Junkware log
  • OTL log
  • Extra log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 chaknik

chaknik
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:29 AM

Posted 06 March 2013 - 05:12 PM

Well Gary, I ran into a few bumps trying to keep my ducks in a row. Copying on 1 computer, transfer to flash drive, load into bad computer---back and forth, etc. I have these 3 that went smoothly. The last one(s) I had to look for and when I found them, there are three. I know one of them you and I did when I first dealt with you. I hope it doesn't create havoc. Lots of luck, Roy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.8 (03.04.2013:1)
OS: Microsoft Windows XP x86
Ran by Froy on Wed 03/06/2013 at 15:03:03.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}

~~~ Files

~~~ Folders


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/06/2013 at 15:07:58.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

OTL logfile created on: 3/6/2013 3:24:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Froy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 87.33% Memory free
6.83 Gb Paging File | 6.62 Gb Available in Paging File | 97.03% Paging File free
Paging file location(s): C:\pagefile.sys 4096 12288 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 295.03 Gb Total Space | 207.29 Gb Free Space | 70.26% Space Free | Partition Type: NTFS
Drive K: | 3.74 Gb Total Space | 3.73 Gb Free Space | 99.89% Space Free | Partition Type: FAT32
 
Computer Name: RAS | User Name: Froy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/03/06 15:22:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Froy\Desktop\OTL.exe
PRC - [2013/03/06 11:11:19 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/02/28 13:47:54 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2012/12/18 10:06:36 | 000,219,688 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\attcm_AppStart.exe
PRC - [2012/12/18 10:06:36 | 000,056,360 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\AdminHelper.exe
PRC - [2012/08/23 10:31:24 | 001,532,280 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
PRC - [2012/08/23 10:31:24 | 001,222,008 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
PRC - [2011/06/24 12:10:22 | 000,238,960 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
PRC - [2011/05/31 17:38:30 | 000,167,280 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files\Sierra Wireless Inc\IERA\IERA.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/01 20:00:18 | 000,018,944 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFIHLP.EXE
PRC - [2006/03/01 19:53:36 | 000,717,312 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFISPI.EXE
PRC - [2005/11/08 04:30:42 | 000,016,384 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2003/06/18 00:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe
PRC - [2000/09/16 00:08:16 | 000,068,608 | R--- | M] (EzWare Technology) -- C:\WINDOWS\EzDesk.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/02/28 13:47:54 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
MOD - [2012/12/18 10:06:44 | 000,034,304 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryGeneric.plugin
MOD - [2012/12/18 10:06:44 | 000,030,720 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryVPorts.plugin
MOD - [2012/12/18 10:06:44 | 000,025,088 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryMobileBroadband.plugin
MOD - [2012/12/18 10:06:44 | 000,019,968 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryNdis.plugin
MOD - [2012/12/18 10:06:44 | 000,017,920 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\resources\plugins\ContextSwitcher.plugin
MOD - [2012/12/18 10:06:42 | 001,049,320 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\wxmsw28u_core_vc_custom.dll
MOD - [2012/12/18 10:06:42 | 000,892,136 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\UIToolkit.dll
MOD - [2012/12/18 10:06:42 | 000,727,784 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\wxbase28u_vc_custom.dll
MOD - [2012/12/18 10:06:42 | 000,399,080 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\WebClient.dll
MOD - [2012/12/18 10:06:40 | 000,629,480 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\Toolkit.dll
MOD - [2012/12/18 10:06:40 | 000,148,712 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\pcre3.dll
MOD - [2012/12/18 10:06:40 | 000,123,112 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\System.dll
MOD - [2012/12/18 10:06:40 | 000,051,432 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\Preferences.dll
MOD - [2012/12/18 10:06:38 | 000,376,040 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\Device.dll
MOD - [2012/12/18 10:06:38 | 000,249,064 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\DB.dll
MOD - [2012/12/18 10:06:38 | 000,132,840 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\Discovery.dll
MOD - [2012/12/18 10:06:38 | 000,099,560 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\ComCore.dll
MOD - [2012/12/18 10:06:38 | 000,061,160 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\DriveDetector.dll
MOD - [2012/12/18 10:06:36 | 000,219,688 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\attcm_AppStart.exe
MOD - [2012/12/18 10:06:36 | 000,056,360 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\AdminHelper.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/03/06 11:11:19 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/02/28 13:47:54 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2013/02/27 16:59:40 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/07 14:56:38 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/12/18 10:06:36 | 000,056,360 | ---- | M] () [Auto | Running] -- C:\Program Files\AT&T\AT&T Communication Manager\AdminHelper.exe -- (AdminHelper.exe)
SRV - [2012/08/23 10:31:24 | 001,532,280 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/06/24 12:10:22 | 000,238,960 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe -- (SwiCardDetectSvc)
SRV - [2011/06/13 21:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011/05/31 17:38:30 | 000,167,280 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files\Sierra Wireless Inc\IERA\IERA.exe -- (IERA)
SRV - [2009/12/03 15:02:18 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2007/05/02 18:09:20 | 000,202,800 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2007/03/19 11:44:44 | 000,070,656 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/20 12:57:32 | 000,110,592 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE -- (LBTServ)
SRV - [2006/07/06 06:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2004/10/29 15:29:16 | 000,086,016 | ---- | M] (NetGroup - Politecnico di Torino) [Disabled | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (SWUMX20)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (HSF_DPV)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013/02/28 13:47:54 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/07/04 14:26:12 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/19 09:49:54 | 000,209,536 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8ua3.sys -- (SWNC8UA3)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/16 12:44:17 | 000,083,968 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swiwdmbx.sys -- (swiwdmbx)
DRV - [2011/05/13 14:53:00 | 000,215,552 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swg3kser00.sys -- (swg3kser00)
DRV - [2008/04/13 12:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/06/14 12:59:26 | 000,032,160 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2007/05/25 10:26:52 | 000,073,600 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx12.sys -- (swumx12)
DRV - [2007/05/25 10:26:10 | 000,101,632 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8u12.sys -- (SWNC8U12)
DRV - [2007/03/26 14:18:00 | 000,020,352 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swivspnt.sys -- (swivsp)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/01/11 18:15:16 | 000,032,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/01/11 18:15:06 | 000,032,272 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2006/12/03 21:33:36 | 000,067,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/12/03 21:33:36 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/12/03 21:33:34 | 000,863,402 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/12/03 21:33:34 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/12/03 21:33:34 | 000,047,907 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006/12/03 21:33:34 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/12/03 21:33:32 | 000,329,901 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/06/05 02:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/02/14 22:40:24 | 001,096,192 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2005/11/08 04:15:38 | 000,439,680 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2005/11/08 04:15:38 | 000,007,168 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2005/11/08 04:14:54 | 000,114,688 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/11/08 04:14:46 | 000,143,360 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/11/08 04:14:44 | 000,077,824 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2005/11/08 04:14:40 | 000,502,272 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/07/13 01:18:48 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2004/10/29 15:14:04 | 000,032,000 | ---- | M] (NetGroup - Politecnico di Torino) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2003/05/10 14:19:02 | 000,029,228 | ---- | M] (Motive) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VWAN2K.sys -- (VWan2k)
DRV - [2002/07/17 07:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-949347910-1819743217-893941977-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-949347910-1819743217-893941977-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-949347910-1819743217-893941977-1006\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-949347910-1819743217-893941977-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-949347910-1819743217-893941977-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Froy\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Froy\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/07/09 14:32:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/11 11:45:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/23 16:30:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\superfish@superfish.com: C:\Documents and Settings\Froy\Application Data\Mozilla\Firefox\Profiles/ae57pzsf.default\extensions\superfish@superfish.com
 
[2010/09/13 07:18:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Froy\Application Data\Mozilla\Extensions
[2013/03/01 11:58:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Froy\Application Data\Mozilla\Firefox\Profiles\ae57pzsf.default\extensions
[2009/12/05 13:37:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Froy\Application Data\Mozilla\Firefox\Profiles\ae57pzsf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/26 14:01:32 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Documents and Settings\Froy\Application Data\Mozilla\Firefox\Profiles\ae57pzsf.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2012/09/06 11:51:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Froy\Application Data\Mozilla\Firefox\Profiles\ae57pzsf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012/10/21 16:55:44 | 000,002,362 | ---- | M] () -- C:\Documents and Settings\Froy\Application Data\Mozilla\Firefox\Profiles\ae57pzsf.default\searchplugins\aol-search.xml
[2011/09/30 15:31:41 | 000,003,739 | ---- | M] () -- C:\Documents and Settings\Froy\Application Data\Mozilla\Firefox\Profiles\ae57pzsf.default\searchplugins\avg-secure-search.xml
[2012/09/05 17:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/20 15:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2012/01/20 15:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2012/01/20 15:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012/01/20 15:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012/01/20 15:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/01/20 15:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/01/20 15:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2012/03/03 12:24:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\FROY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AE57PZSF.DEFAULT\EXTENSIONS\{7AFFBFAE-C4E2-4915-8C0F-00FA3EC610A1}
[2012/07/09 14:32:28 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
 
O1 HOSTS File: ([2013/03/06 13:58:11 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [attcm_AppStart.exe] C:\Program Files\AT&T\AT&T Communication Manager\attcm_AppStart.exe ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-949347910-1819743217-893941977-1006..\Run: [attcm.exe] C:\Program Files\AT&T\AT&T Communication Manager\attcm.exe (AT&T)
O4 - HKU\S-1-5-21-949347910-1819743217-893941977-1006..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; FDM)" -"http://pbskids.org/barney/children/games/imagination_game.html" File not found
O4 - Startup: C:\Documents and Settings\Froy\Start Menu\Programs\Startup\EzWare EzDesk.lnk = C:\WINDOWS\EzDesk.exe (EzWare Technology)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-949347910-1819743217-893941977-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-949347910-1819743217-893941977-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 1
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKU\S-1-5-21-949347910-1819743217-893941977-1006\..Trusted Domains: att.net ([my] http in Trusted sites)
O15 - HKU\S-1-5-21-949347910-1819743217-893941977-1006\..Trusted Domains: att.net ([my] https in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {43E3F87D-DE7F-4087-BD4F-0DC854981158} http://download.microsoft.com/download/7/3/8/7384c441-3721-41ee-ae15-b678888f00dd/clearadj.CAB (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.4.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1344814358031 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL (Logitech Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Froy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Froy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (msansspc.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1e48b572-0225-11df-98fb-002275d85776}\Shell - "" = AutoRun
O33 - MountPoints2\{1e48b572-0225-11df-98fb-002275d85776}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1e48b572-0225-11df-98fb-002275d85776}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{e12d05c2-fa9c-11e0-9ab8-b3e89424af48}\Shell - "" = AutoRun
O33 - MountPoints2\{e12d05c2-fa9c-11e0-9ab8-b3e89424af48}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e12d05c2-fa9c-11e0-9ab8-b3e89424af48}\Shell\AutoRun\command - "" = J:\WIN\setup.exe -ap
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/06 15:23:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Froy\Desktop\OTL.exe
[2013/03/06 14:59:55 | 000,547,723 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Froy\Desktop\JRT.exe
[2013/03/06 14:57:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Froy\Desktop\BCFILES
[2013/03/06 13:53:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Froy\Desktop\cintrep
[2013/03/06 11:38:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Froy\Local Settings\Application Data\attcm_AppStart
[2013/03/06 11:38:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AT&T
[2013/03/06 11:37:48 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2013/03/06 11:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\AT&T
[2013/03/06 11:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Froy\Desktop\BleepingComputer
[2013/03/06 11:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Froy\Desktop\OLDTESTS
[2013/03/06 11:11:33 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/03/06 11:11:33 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/03/06 11:11:30 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/03/06 11:11:30 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/03/06 11:11:30 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/03/06 11:11:16 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/03/05 13:07:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Froy\Start Menu\Programs\Google Chrome
[2013/03/02 10:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java(2)
[2013/03/01 10:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Froy\Local Settings\Application Data\Avg2013
[2013/02/28 15:56:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/02/28 15:56:18 | 000,000,000 | ---D | C] -- C:\JRT
[2013/02/28 13:47:58 | 000,033,112 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/02/28 12:17:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Froy\Desktop\OLDBleepingComputer
[2013/02/27 11:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Froy\Local Settings\Application Data\exec
[2013/02/24 15:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
[2013/02/24 15:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\EMET
[2013/02/23 15:11:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AdminHelper
[2013/02/23 15:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/06 15:22:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Froy\Desktop\OTL.exe
[2013/03/06 14:58:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/06 14:53:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/06 14:52:52 | 000,064,980 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2013/03/06 14:52:52 | 000,055,172 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2013/03/06 14:52:52 | 000,055,172 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2013/03/06 14:52:52 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2013/03/06 14:52:52 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2013/03/06 14:43:00 | 000,547,723 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Froy\Desktop\JRT.exe
[2013/03/06 13:59:25 | 000,291,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/06 13:58:11 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/03/06 11:38:23 | 000,000,868 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AT&T Communication Manager.lnk
[2013/03/06 11:11:19 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/03/06 11:11:18 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013/03/06 11:11:18 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/03/06 11:11:18 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/03/06 11:11:18 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/03/06 11:11:18 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/03/06 11:11:18 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/03/05 13:04:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/03 15:28:36 | 000,437,000 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/03 15:28:36 | 000,070,194 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/28 13:47:54 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/02/28 13:14:48 | 000,000,210 | -HS- | M] () -- C:\boot.ini
[2013/02/27 16:59:39 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/02/27 16:59:39 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/02/23 17:09:07 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Froy\.recently-used.xbel
[2013/02/23 15:08:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/02/07 16:40:41 | 000,444,737 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2013/02/07 13:59:41 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/03/06 11:38:23 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AT&T Communication Manager.lnk
[2013/02/23 17:09:07 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Froy\.recently-used.xbel
[2012/09/04 16:54:00 | 000,221,204 | ---- | C] () -- C:\Documents and Settings\Froy\Local Settings\Application Data\census.cache
[2012/09/04 16:53:48 | 000,210,211 | ---- | C] () -- C:\Documents and Settings\Froy\Local Settings\Application Data\ars.cache
[2012/09/04 16:36:56 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Froy\Local Settings\Application Data\housecall.guid.cache
[2012/08/11 08:47:14 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2012/08/11 08:40:35 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2012/08/02 13:19:11 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2012/07/09 15:21:35 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2012/05/09 14:35:04 | 000,000,153 | ---- | C] () -- C:\Documents and Settings\Froy\.gtkrc-2.0
[2012/01/13 09:46:37 | 000,001,536 | ---- | C] () -- C:\Documents and Settings\Froy\Application Data\dvd.bmk
[2012/01/12 13:02:17 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/01/12 13:02:17 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/12/18 21:18:17 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml
[2009/12/03 15:01:54 | 000,061,224 | ---- | C] () -- C:\Documents and Settings\Froy\GoToAssistDownloadHelper.exe
[2007/09/21 08:28:21 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Froy\Local Settings\Application Data\fusioncache.dat
[2007/09/20 18:58:52 | 000,149,504 | ---- | C] () -- C:\Documents and Settings\Froy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/18 13:37:02 | 000,309,454 | ---- | C] () -- C:\Documents and Settings\Froy\TRANSFORMS=1033.mst
 
========== ZeroAccess Check ==========
 
[2004/08/10 12:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Froy\Desktop\PackList.jpg:Roxio EMC Stream
@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

 

 

OTL Extras logfile created on: 3/6/2013 3:24:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Froy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 87.33% Memory free
6.83 Gb Paging File | 6.62 Gb Available in Paging File | 97.03% Paging File free
Paging file location(s): C:\pagefile.sys 4096 12288 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 295.03 Gb Total Space | 207.29 Gb Free Space | 70.26% Space Free | Partition Type: NTFS
Drive K: | 3.74 Gb Total Space | 3.73 Gb Free Space | 99.89% Space Free | Partition Type: FAT32
 
Computer Name: RAS | User Name: Froy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_USERS\S-1-5-21-949347910-1819743217-893941977-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\AT&T\AT&T Communication Manager\SwiApiMuxX.exe" = C:\Program Files\AT&T\AT&T Communication Manager\SwiApiMuxX.exe:*:Enabled:SwiApiMuxX -- (Sierra Wireless, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel® PRO Network Connections
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = QualxServ Service Agreement
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2260632D-9998-4ADC-8D81-D228FEA8F9FE}" = BroadJump PPPoE
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{39A13F18-2AA2-4AB2-B7E3-5D356BCD48F7}" = AT&T Communication Manager
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Advanced Decoder Patch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{56364334-9530-11D2-BFFC-00C04FA329AA}" = Microsoft Works 2000
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.9
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F8CBBFB-7986-4140-91EC-D8C7F1EC8DF3}" = AVG 2013
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E44C354-10A8-4214-9C56-F3F00775E415}_is1" = Stykz for Windows 1.0.2
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{84BBFA13-C40E-4287-85EF-E8B1034451AA}" = Windows Media Encoder 9 Series SDK
"{8C0DF485-DB3E-453C-BFB3-4C47E636ECF9}" = Serif WebPlus 10
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8F311E2E-C275-4CF0-8154-B63991832668}_is1" = SUPER © v2012.build.52 (July 7, 2012) version v2012.build.52
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}" = KhalSetup
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}" = AVG PC TuneUp
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{DE7A5DDF-47B3-42FF-A082-E158DEA37392}" = EMET
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{FB03A941-815E-42F2-B604-FCE5636DB90B}" = AVG PC TuneUp Language Pack (en-US)
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AnalogX NetStat Live" = AnalogX NetStat Live
"AnalogX Vocal Remover (WinAmp)" = AnalogX Vocal Remover (WinAmp)
"Any Video Converter_is1" = Any Video Converter 3.4.2
"Audio Conversion Wizard_is1" = Audio Conversion Wizard 1.68.1
"AutoPlay Media Studio 5.0 Professional Trial" = AutoPlay Media Studio 5.0 Professional Trial
"AVG PC TuneUp" = AVG PC TuneUp
"BitMeter" = BitMeter
"Canon MP610 series User Registration" = Canon MP610 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CoffeeCup Free HTML Editor" = CoffeeCup Free HTML Editor
"DivX Setup" = DivX Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"FormatFactory" = FormatFactory 2.95
"Free Easy Burner_is1" = Free Easy Burner V 5.1
"FreeCell Plus" = FreeCell Plus
"Frhed" = Frhed 1.7.1
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Indeo® Software" = Indeo® Software
"Info Center_is1" = Info Center 1.0.0.7
"Inkscape" = Inkscape 0.48.2
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MediaProSoft Free FLV Video Converter_is1" = MediaProSoft Free FLV Video Converter 5.2.3
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Streets & Trips 2000" = Microsoft Expedia Streets & Trips 2000
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Prism" = Prism Video File Converter
"Quake III Arena" = Quake III Arena
"QuicktimeAlt_is1" = QuickTime Alternative 1.81
"RegScrubXP_is1" = RegScrubXP 3.25
"Revo Uninstaller" = Revo Uninstaller 1.93
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"synfigstudio" = Synfig Studio
"SystemRequirementsLab" = System Requirements Lab
"Tweak UI 2.10" = Tweak UI
"VCDEasy_is1" = VCDEasy
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 1.1.11
"WatchWAN" = WatchWAN v1.0 Pre-Release
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinPcapInst" = WinPcap 3.1 beta4
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2kSetup" = Microsoft Works 2000 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-949347910-1819743217-893941977-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"SmartDraw 6" = SmartDraw 6
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2/28/2013 3:23:18 PM | Computer Name = RAS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 2/28/2013 3:34:06 PM | Computer Name = RAS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 3/3/2013 5:34:07 PM | Computer Name = RAS | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.70.0.9, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 3/5/2013 3:09:19 PM | Computer Name = RAS | Source = JavaQuickStarterService | ID = 1
Description =
 
Error - 3/6/2013 11:34:03 AM | Computer Name = RAS | Source = JavaQuickStarterService | ID = 1
Description =
 
Error - 3/6/2013 11:41:38 AM | Computer Name = RAS | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.70.0.9, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 3/6/2013 11:45:41 AM | Computer Name = RAS | Source = JavaQuickStarterService | ID = 1
Description =
 
Error - 3/6/2013 12:45:01 PM | Computer Name = RAS | Source = JavaQuickStarterService | ID = 1
Description =
 
Error - 3/6/2013 1:03:52 PM | Computer Name = RAS | Source = JavaQuickStarterService | ID = 1
Description =
 
Error - 3/6/2013 1:16:04 PM | Computer Name = RAS | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.70.0.9, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
[ System Events ]
Error - 3/6/2013 2:19:30 PM | Computer Name = RAS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 3/6/2013 2:19:30 PM | Computer Name = RAS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 3/6/2013 3:52:37 PM | Computer Name = RAS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
 arguments ""  in order to run the server:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 3/6/2013 3:59:58 PM | Computer Name = RAS | Source = Dhcp | ID = 1002
Description = The IP address lease 10.217.246.129 for the Network Card with network
 address 00A0D5FFFFAE has been  denied by the DHCP server 10.15.133.253 (The DHCP
Server sent a DHCPNACK message).
 
Error - 3/6/2013 4:05:30 PM | Computer Name = RAS | Source = Dhcp | ID = 1002
Description = The IP address lease 10.15.133.145 for the Network Card with network
 address 00A0D5FFFFAE has been  denied by the DHCP server 10.239.115.253 (The DHCP
 Server sent a DHCPNACK message).
 
Error - 3/6/2013 4:19:36 PM | Computer Name = RAS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
 arguments ""  in order to run the server:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 3/6/2013 4:44:31 PM | Computer Name = RAS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
 arguments ""  in order to run the server:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 3/6/2013 4:58:47 PM | Computer Name = RAS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
 arguments ""  in order to run the server:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 3/6/2013 4:59:45 PM | Computer Name = RAS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
 arguments ""  in order to run the server:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 3/6/2013 5:23:28 PM | Computer Name = RAS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
 arguments ""  in order to run the server:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
 
< End of report >
 

 

 

 

# AdwCleaner v2.113 - Logfile created 02/28/2013 at 15:48:14
# Updated 23/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Froy - RAS
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Froy\Desktop\BleepingComputer\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Documents and Settings\Froy\Application Data\Mozilla\Firefox\Profiles\ae57pzsf.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Froy\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Froy\Application Data\Mozilla\Firefox\Profiles\ae57pzsf.default\extensions\staged
Folder Deleted : C:\Program Files\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.28 (en-US)

File : C:\Documents and Settings\Froy\Application Data\Mozilla\Firefox\Profiles\ae57pzsf.default\prefs.js

C:\Documents and Settings\Froy\Application Data\Mozilla\Firefox\Profiles\ae57pzsf.default\user.js ... Deleted !

Deleted : user_pref("aol_toolbar.buttons.layout", "aol_mail_5496;facebook_40839;youtube_40850;mapquest_40872;t[...]
Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.homepage.url", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000019");
Deleted : user_pref("aol_toolbar.default.search.check", true);
Deleted : user_pref("aol_toolbar.default.search.label", "AOL Search");
Deleted : user_pref("aol_toolbar.default.search.url", "hxxp://search.aol.com/search/search?query={searchTerms}[...]
Deleted : user_pref("aol_toolbar.firsttime.showwindow", false);
Deleted : user_pref("aol_toolbar.guid", "{A6F8C14E-BF15-C2D9-1A7E-CCE423884DE2}");
Deleted : user_pref("aol_toolbar.install.homepage", "hxxp://www.aol.com/?mtmhp={mtmhp}");
Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.7990");
Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010");
Deleted : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000019");
Deleted : user_pref("aol_toolbar.install.ncid", "");
Deleted : user_pref("aol_toolbar.metrics.activestampdate", "28");
Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "1");
Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2013");
Deleted : user_pref("aol_toolbar.metrics.originalDate", "15");
Deleted : user_pref("aol_toolbar.metrics.originalHours", "2");
Deleted : user_pref("aol_toolbar.metrics.originalMinutes", "16");
Deleted : user_pref("aol_toolbar.metrics.originalMonth", "8");
Deleted : user_pref("aol_toolbar.metrics.originalSeconds", "7");
Deleted : user_pref("aol_toolbar.metrics.originalYear", "2012");
Deleted : user_pref("aol_toolbar.relatednews.enabled", false);
Deleted : user_pref("aol_toolbar.remote.publish.xml", "1362070327601");
Deleted : user_pref("aol_toolbar.rtw.active", false);
Deleted : user_pref("aol_toolbar.search.button", true);
Deleted : user_pref("aol_toolbar.search.cid", "15-08-2012");
Deleted : user_pref("aol_toolbar.search.instd", "20120811143732468");
Deleted : user_pref("aol_toolbar.search.oid", "15-08-2012");
Deleted : user_pref("aol_toolbar.search.populateoncomplete", false);
Deleted : user_pref("aol_toolbar.search.savehistory", false);
Deleted : user_pref("aol_toolbar.search.searchtype", "web");
Deleted : user_pref("aol_toolbar.search.source", "tb50-ff-amonetizetest1");
Deleted : user_pref("aol_toolbar.skin.custom", false);
Deleted : user_pref("aol_toolbar.surf.date", "6");
Deleted : user_pref("aol_toolbar.surf.lastDate", "28");
Deleted : user_pref("aol_toolbar.surf.lastMonth", "1");
Deleted : user_pref("aol_toolbar.surf.lastYear", "2013");
Deleted : user_pref("aol_toolbar.surf.month", "115");
Deleted : user_pref("aol_toolbar.surf.prevMonth", "102");
Deleted : user_pref("aol_toolbar.surf.total", "340");
Deleted : user_pref("aol_toolbar.surf.week", "7");
Deleted : user_pref("aol_toolbar.surf.year", "216");
Deleted : user_pref("aol_toolbar.ticker.active", false);
Deleted : user_pref("aol_toolbar.upgrade.showwindow", false);
Deleted : user_pref("aol_toolbar.weather.degc", "8");
Deleted : user_pref("aol_toolbar.weather.degf", "47");
Deleted : user_pref("aol_toolbar.weather.image", "chrome://aoltoolbar/skin/weather/34.png");
Deleted : user_pref("aol_toolbar.weather.metric", true);
Deleted : user_pref("aol_toolbar.weather.tooltip", "New York , NY : Mostly Sunny");
Deleted : user_pref("aol_toolbar.weather.update", "1362070328750");
Deleted : user_pref("aol_toolbar.weather.zipcode", "10065");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?query={searchTerms}&invo[...]
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("keyword.URL", "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocatio[...]

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\Froy\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.49] : icon_url = "hxxps://isearch.avg.com/favicon.ico",
Deleted [l.52] : keyword = "isearch.avg.com",
Deleted [l.55] : search_url = "hxxps://isearch.avg.com/search?cid={D29A36C4-FE10-4CDF-AB21-C2799BCF1E0B}&mid=&[...]

*************************

AdwCleaner[S1].txt - [9644 octets] - [28/02/2013 15:48:14]

########## EOF - C:\AdwCleaner[S1].txt - [9704 octets] ##########

 

 

# AdwCleaner v2.114 - Logfile created 03/06/2013 at 14:52:14
# Updated 05/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Froy - RAS
# Boot Mode : Normal
# Running from : K:\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.28 (en-US)

File : C:\Documents and Settings\Froy\Application Data\Mozilla\Firefox\Profiles\ae57pzsf.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [9773 octets] - [28/02/2013 15:48:14]
AdwCleaner[S2].txt - [787 octets] - [06/03/2013 14:52:14]

########## EOF - C:\AdwCleaner[S2].txt - [846 octets] ##########

 

 

 

# AdwCleaner v2.114 - Logfile created 03/06/2013 at 15:44:18
# Updated 05/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Froy - RAS
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Froy\Desktop\BCFILES\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.28 (en-US)

File : C:\Documents and Settings\Froy\Application Data\Mozilla\Firefox\Profiles\ae57pzsf.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [9773 octets] - [28/02/2013 15:48:14]
AdwCleaner[S2].txt - [914 octets] - [06/03/2013 14:52:14]
AdwCleaner[S3].txt - [890 octets] - [06/03/2013 15:44:18]

########## EOF - C:\AdwCleaner[S3].txt - [949 octets] ##########



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:29 AM

Posted 06 March 2013 - 06:17 PM

Greetings Roy,

Yes it may be a bumpy ride until we get some things cleared up.

Please complete these steps.

===================================================

Run OTL Fix

--------------------
  • Double click on the otlicon.png icon on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.
:OTL
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (SWUMX20)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (HSF_DPV)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
O4 - HKU\S-1-5-21-949347910-1819743217-893941977-1006..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; FDM)" -"http://pbskids.org/barney/children/games/imagination_game.html" File not found
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (Reg Error: Key error.)
O16 - DPF: {43E3F87D-DE7F-4087-BD4F-0DC854981158} http://download.microsoft.com/download/7/3/8/7384c441-3721-41ee-ae15-b678888f00dd/clearadj.CAB (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
O29 - HKLM SecurityProviders - (msansspc.dll) -  File not found
O33 - MountPoints2\{1e48b572-0225-11df-98fb-002275d85776}\Shell - "" = AutoRun
O33 - MountPoints2\{1e48b572-0225-11df-98fb-002275d85776}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1e48b572-0225-11df-98fb-002275d85776}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{e12d05c2-fa9c-11e0-9ab8-b3e89424af48}\Shell - "" = AutoRun
O33 - MountPoints2\{e12d05c2-fa9c-11e0-9ab8-b3e89424af48}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e12d05c2-fa9c-11e0-9ab8-b3e89424af48}\Shell\AutoRun\command - "" = J:\WIN\setup.exe -ap
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Froy\Desktop\PackList.jpg:Roxio EMC Stream
@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
===================================================

ComboFix Windows XP

--------------------

For a more detailed explanation on running Combofix and the prompts you will be following please see here.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista/Windows 7, ComboFix will skip the below Recovery Console pop ups and continue its malware removal procedure.
Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issueIf Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • OTL log
  • Combofix log
  • FSS log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 chaknik

chaknik
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:29 AM

Posted 06 March 2013 - 07:53 PM

No go on this computer. Had to get back on the laptop. Here are the log files:
 
========== OTL ==========
Service stllssvr stopped successfully!
Service stllssvr deleted successfully!
File C:\Program Files\Common Files\SureThing Shared\stllssvr.exe not found.
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
File %SystemRoot%\System32\appmgmts.dll not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service SWUMX20 stopped successfully!
Service SWUMX20 deleted successfully!
Service SABProcEnum stopped successfully!
Service SABProcEnum deleted successfully!
File C:\Program Files\Internet Explorer\SABProcEnum.sys not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service MRESP50a64 stopped successfully!
Service MRESP50a64 deleted successfully!
File C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS not found.
Service MRESP50 stopped successfully!
Service MRESP50 deleted successfully!
File C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS not found.
Service MREMP50a64 stopped successfully!
Service MREMP50a64 deleted successfully!
File C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS not found.
Service MREMP50 stopped successfully!
Service MREMP50 deleted successfully!
File C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service Lavasoft Kernexplorer stopped successfully!
Service Lavasoft Kernexplorer deleted successfully!
File C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys not found.
Service HSF_DPV stopped successfully!
Service HSF_DPV deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Registry value HKEY_USERS\S-1-5-21-949347910-1819743217-893941977-1006\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Shockwave Updater deleted successfully.
Starting removal of ActiveX control {0E5F0222-96B9-11D3-8997-00104BD12D94}
C:\WINDOWS\Downloaded Program Files\PCMatic.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0E5F0222-96B9-11D3-8997-00104BD12D94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E5F0222-96B9-11D3-8997-00104BD12D94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0E5F0222-96B9-11D3-8997-00104BD12D94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E5F0222-96B9-11D3-8997-00104BD12D94}\ not found.
Starting removal of ActiveX control {43E3F87D-DE7F-4087-BD4F-0DC854981158}
C:\WINDOWS\Downloaded Program Files\ClearAdjust2.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{43E3F87D-DE7F-4087-BD4F-0DC854981158}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43E3F87D-DE7F-4087-BD4F-0DC854981158}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{43E3F87D-DE7F-4087-BD4F-0DC854981158}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43E3F87D-DE7F-4087-BD4F-0DC854981158}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:msansspc.dll deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e48b572-0225-11df-98fb-002275d85776}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e48b572-0225-11df-98fb-002275d85776}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e48b572-0225-11df-98fb-002275d85776}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e48b572-0225-11df-98fb-002275d85776}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e48b572-0225-11df-98fb-002275d85776}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e48b572-0225-11df-98fb-002275d85776}\ not found.
File J:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e12d05c2-fa9c-11e0-9ab8-b3e89424af48}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e12d05c2-fa9c-11e0-9ab8-b3e89424af48}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e12d05c2-fa9c-11e0-9ab8-b3e89424af48}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e12d05c2-fa9c-11e0-9ab8-b3e89424af48}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e12d05c2-fa9c-11e0-9ab8-b3e89424af48}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e12d05c2-fa9c-11e0-9ab8-b3e89424af48}\ not found.
File J:\WIN\setup.exe -ap not found.
ADS C:\Documents and Settings\Froy\Desktop\PackList.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 deleted successfully.
 
OTL by OldTimer - Version 3.2.69.0 log created on 03062013_180044
 
 
ComboFix 13-03-05.01 - Froy 03/06/2013  18:09:15.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3070.2515 [GMT -6:00]
Running from: c:\documents and settings\Froy\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Froy\GoToAssistDownloadHelper.exe
c:\documents and settings\Froy\WINDOWS
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\NetMonInstaller.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\iun6002.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SET126.tmp
c:\windows\system32\SET128.tmp
c:\windows\system32\SET136.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-07 to 2013-03-07  )))))))))))))))))))))))))))))))
.
.
2013-03-07 00:00 . 2013-03-07 00:00 -------- d-----w- C:\_OTL
2013-03-06 17:38 . 2013-03-06 17:38 -------- d-----w- c:\documents and settings\Froy\Local Settings\Application Data\attcm_AppStart
2013-03-06 17:37 . 2013-03-06 17:37 -------- d-----w- c:\program files\LG Electronics
2013-03-06 17:29 . 2013-03-06 17:29 -------- d-----w- c:\program files\AT&T
2013-03-06 17:11 . 2013-03-06 17:11 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-06 17:11 . 2013-03-06 17:11 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-06 17:11 . 2013-03-06 17:11 -------- d-----w- c:\program files\Java
2013-03-05 19:07 . 2013-03-05 19:07 -------- d-----w- c:\windows\system32\wbem\Repository
2013-03-01 16:26 . 2013-03-01 16:26 -------- d-----w- c:\documents and settings\Froy\Local Settings\Application Data\Avg2013
2013-02-28 21:56 . 2013-02-28 21:56 -------- d-----w- c:\windows\ERUNT
2013-02-28 21:56 . 2013-03-06 21:02 -------- d-----w- C:\JRT
2013-02-28 19:47 . 2013-02-28 19:47 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-02-27 17:53 . 2013-02-27 17:53 -------- d-----w- c:\documents and settings\Froy\Local Settings\Application Data\exec
2013-02-24 21:02 . 2013-02-24 21:02 -------- d-----w- c:\program files\EMET
2013-02-23 21:11 . 2013-02-23 21:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AdminHelper
2013-02-23 21:10 . 2013-03-06 17:37 -------- d-----w- c:\program files\Common Files\Research In Motion
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-06 17:11 . 2012-09-04 20:38 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-06 17:11 . 2010-05-05 17:47 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-27 22:59 . 2012-05-26 00:52 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-27 22:59 . 2011-05-17 13:22 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-26 03:55 . 2004-08-10 17:51 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19 . 2004-08-10 17:51 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2004-08-04 03:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2004-08-10 17:51 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-10 17:51 1292288 ----a-w- c:\windows\system32\quartz.dll
2013-01-02 06:49 . 2004-08-10 17:51 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2012-12-26 20:16 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16 . 2004-08-10 17:51 43520 ------w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2004-08-10 17:51 385024 ------w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2004-08-10 17:50 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 22:49 . 2012-05-18 22:35 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2006-05-03 17:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 18:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 20:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 05:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
.
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll
[-] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\$hf_mig$\KB2705219\SP3QFE\browser.dll
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2705219$\browser.dll
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[7] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[7] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
.
[-] 2012-10-03 . 6FE42512AB1B89F32A7407F261B1D2D0 . 990208 . . [5.1.2600.6293] . . c:\windows\system32\kernel32.dll
[-] 2012-10-03 . 6FE42512AB1B89F32A7407F261B1D2D0 . 990208 . . [5.1.2600.6293] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2012-10-03 . 6CBFEEB384F04681AF75F495AA48DD32 . 991744 . . [5.1.2600.6293] . . c:\windows\$hf_mig$\KB2758857\SP3QFE\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\$NtUninstallKB2758857$\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
.
[-] 2013-01-09 . 99E9E2606FB13ADB711935FE8E8E29C1 . 6011904 . . [8.00.6001.23468] . . c:\windows\$hf_mig$\KB2792100-IE8\SP3QFE\mshtml.dll
[-] 2013-01-08 . 727C9E97CB26879C17A30484C2C76E98 . 6010368 . . [8.00.6001.19400] . . c:\windows\system32\mshtml.dll
[-] 2013-01-08 . 727C9E97CB26879C17A30484C2C76E98 . 6010368 . . [8.00.6001.19400] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2013-01-06 . BDF6CC938C0644FE3643BC0D6A678E26 . 6009856 . . [8.00.6001.19394] . . c:\windows\ie8updates\KB2792100-IE8\mshtml.dll
[-] 2013-01-06 . 14FD1CAEFB6D2749019AC2F54859568C . 6011392 . . [8.00.6001.23462] . . c:\windows\$hf_mig$\KB2799329-IE8\SP3QFE\mshtml.dll
[-] 2012-11-13 . 02D8509E2362D777DEBFFC05C022CBF2 . 6010880 . . [8.00.6001.23461] . . c:\windows\$hf_mig$\KB2761465-IE8\SP3QFE\mshtml.dll
[-] 2012-11-12 . 9C46E5C82F94D9AEDD2CE798F0DF1158 . 6008832 . . [8.00.6001.19393] . . c:\windows\ie8updates\KB2799329-IE8\mshtml.dll
[-] 2012-08-28 . DF3C3CA94CBC9DE07AC3EB49440A8D45 . 6008832 . . [8.00.6001.19328] . . c:\windows\ie8updates\KB2761465-IE8\mshtml.dll
[-] 2012-08-28 . CF6B381C3518AB328382429CAE206D64 . 6010368 . . [8.00.6001.23415] . . c:\windows\$hf_mig$\KB2744842-IE8\SP3QFE\mshtml.dll
[-] 2012-07-03 . 5002046A4B47335C64B8726D569D43D0 . 3618816 . . [7.00.6000.17112] . . c:\windows\ie8\mshtml.dll
[-] 2012-07-03 . C15985F6480E70820FD4573F76A25020 . 3620864 . . [7.00.6000.21314] . . c:\windows\$hf_mig$\KB2722913-IE7\SP3QFE\mshtml.dll
[-] 2012-07-02 . 13D2E016B784730A98F24D6E5BEED22F . 6008320 . . [8.00.6001.19298] . . c:\windows\ie8updates\KB2744842-IE8\mshtml.dll
[-] 2012-07-02 . DF599AC52B62DE001E42D36F92B45E68 . 6010368 . . [8.00.6001.23385] . . c:\windows\$hf_mig$\KB2722913-IE8\SP3QFE\mshtml.dll
[-] 2012-03-01 . 5DBB0C997AD276BCE9D30CD609BDBF67 . 5980672 . . [8.00.6001.23318] . . c:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\mshtml.dll
[-] 2011-11-04 . DD8D655E1881B70A5259A23A6018A6C2 . 5978112 . . [8.00.6001.19170] . . c:\windows\ie8updates\KB2722913-IE8\mshtml.dll
[-] 2011-11-04 . 699421E2E1313C18671A703953CAE14B . 5978624 . . [8.00.6001.23266] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mshtml.dll
[-] 2011-10-03 . 1240A6B7B470BED0AA6C9FEC7AB0EA26 . 5972992 . . [8.00.6001.23250] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll
[-] 2011-07-25 . BCE7CCEBAD6C8955D2B4C3B246BD0E57 . 5971456 . . [8.00.6001.23216] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll
[-] 2011-05-30 . D0B1DB576941CB0B6669B8752FFAC79A . 5967360 . . [8.00.6001.23181] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\mshtml.dll
[-] 2011-02-22 . 3422847AA07E37076A87D0B7D5044DC6 . 5964800 . . [8.00.6001.23141] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll
[-] 2010-12-20 . 2A2C070EC691CE410533A1DA7AA3CD86 . 5962240 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll
[-] 2010-11-06 . 864E69F32656A7121444BA0193D7B64B . 5960704 . . [8.00.6001.23091] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll
[-] 2010-09-10 . 8A03CC037E6B7D1796192815231B0C3F . 5958656 . . [8.00.6001.23067] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . 94DC7E938C57F3C3D1BC4A0F68FC5830 . 5954560 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll
[-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
[-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[-] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[-] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[-] 2009-10-22 . A6CF28C6E0B6D10098AB601D85EE55E8 . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[-] 2009-08-29 . B68F6E6C66D17D9EDABF3D5DA71046DA . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[-] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\ie7updates\KB2722913-IE7\mshtml.dll
[-] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[-] 2009-07-19 . F25D866DD486AD30E05E5596CB363C3E . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[-] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[-] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[-] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2008-03-01 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2007-08-22 . 885E3BF99EA4B2213901EBC35B34CF12 . 3064832 . . [6.00.2900.3199] . . c:\windows\ie7\mshtml.dll
[-] 2007-08-20 . E267EE248CDA7667C19001C069DE867B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[7] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-02-20 . 2991727809C7AC3A33E4178CC73244D8 . 3063296 . . [6.00.2900.3086] . . c:\windows\$hf_mig$\KB931768\SP2QFE\mshtml.dll
[-] 2006-02-01 . 51C91AC189321A320FC4BC90B56255A3 . 3073024 . . [6.00.2900.2838] . . c:\windows\$hf_mig$\KB912945\SP2QFE\mshtml.dll
.
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[7] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
.
[-] 2012-12-26 . D175F91A4C98B8848818C9B5089F88A2 . 916480 . . [8.00.6001.19394] . . c:\windows\system32\wininet.dll
[-] 2012-12-26 . D175F91A4C98B8848818C9B5089F88A2 . 916480 . . [8.00.6001.19394] . . c:\windows\system32\dllcache\wininet.dll
[-] 2012-12-26 . B8BEF9519A1B124DEAF94081F6C5A767 . 920064 . . [8.00.6001.23462] . . c:\windows\$hf_mig$\KB2792100-IE8\SP3QFE\wininet.dll
[-] 2012-11-01 . 9AD88EA663124336E88EB031F917CE20 . 916992 . . [8.00.6001.19389] . . c:\windows\ie8updates\KB2792100-IE8\wininet.dll
[-] 2012-11-01 . ACC92628CFFF9BB6F8886329888014A8 . 920064 . . [8.00.6001.23458] . . c:\windows\$hf_mig$\KB2761465-IE8\SP3QFE\wininet.dll
[-] 2012-08-28 . FF1C14BCA1A797CE45DD359FA2C9EDA8 . 916992 . . [8.00.6001.19328] . . c:\windows\ie8updates\KB2761465-IE8\wininet.dll
[-] 2012-08-28 . DCEA3B3193B7181CF818ECC4EAB30A66 . 920064 . . [8.00.6001.23415] . . c:\windows\$hf_mig$\KB2744842-IE8\SP3QFE\wininet.dll
[-] 2012-07-03 . A4AF4F29A1653CD9552617CDA990A6D1 . 832512 . . [7.00.6000.17112] . . c:\windows\ie8\wininet.dll
[-] 2012-07-03 . CDB2036117C14BD29D3E27B528F6FBFA . 841216 . . [7.00.6000.21314] . . c:\windows\$hf_mig$\KB2722913-IE7\SP3QFE\wininet.dll
[-] 2012-07-02 . C4300CB4D20B1159DC77E01E8A2525EC . 916992 . . [8.00.6001.19298] . . c:\windows\ie8updates\KB2744842-IE8\wininet.dll
[-] 2012-07-02 . EFB2241DE3AA6480521A16D0CB67B0EC . 920064 . . [8.00.6001.23385] . . c:\windows\$hf_mig$\KB2722913-IE8\SP3QFE\wininet.dll
[-] 2012-03-01 . 4EC67FAB39F37626AD6D9895FC094ABF . 919552 . . [8.00.6001.23318] . . c:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\wininet.dll
[-] 2011-11-04 . 552263502EA8C24D301A0C43FF90B3ED . 916992 . . [8.00.6001.19165] . . c:\windows\ie8updates\KB2722913-IE8\wininet.dll
[-] 2011-11-04 . 4E4716CAF514717814D07113AD0425B6 . 919552 . . [8.00.6001.23261] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll
[-] 2011-08-22 . 19630AEBBFAEB06984CAB91848270AAF . 919552 . . [8.00.6001.23227] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll
[-] 2011-06-23 . 509CF67AE762A38E23A5455A0053853C . 919552 . . [8.00.6001.23192] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
[-] 2011-04-25 . 7F4F1697001B9E9A7924D219DC215903 . 919552 . . [8.00.6001.23165] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\wininet.dll
[-] 2011-02-22 . A9FA95F0D7F511959AC721E4843E5967 . 919552 . . [8.00.6001.23139] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll
[-] 2010-12-20 . 5504B4ECCE892EB82CD2C5FA71940AC1 . 919552 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
[-] 2010-11-06 . 9357C4249F4810FB0E49C13387A8A77C . 919552 . . [8.00.6001.23084] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
[-] 2010-09-10 . 0555E190DCD06B8998E6DDCA42DAEB82 . 919552 . . [8.00.6001.23060] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . 60237E50D575FBA9BEC9BC043F157149 . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2618444-IE8\wininet.dll
[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[-] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[-] 2009-08-29 . 972B226BDAD71C55F3CC9A72BBF8F1C1 . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 . 38114DAB42FB2EB84D1726C42B8D80C5 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[-] 2009-06-29 . 4C6B4138165A4C53FE8A5B1D809526C3 . 828928 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 . A39B7BA7AB9B1CC2A0009F59772DB83C . 827392 . . [7.00.6000.16876] . . c:\windows\ie7updates\KB2722913-IE7\wininet.dll
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[-] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll
[-] 2009-03-03 . C8667854873938CA13C986F16B0CD183 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2008-10-16 . 6741EAF7B7F110E803A6E38F6E5FA6B0 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-10-16 . 0D5B75171FF51775B630A431B6C667E8 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-03-01 . AD21461AEF8244EDEC2EF18E55E1DCF3 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 . 806D274C9A6C3AAEA5EAE8E4AF841E04 . 824832 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2007-12-07 . B5B411BB229AE6EAD7652A32ED47BFB9 . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 . 30C1E0F34AD2972C72A01DB5C74AB065 . 824832 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-10-10 . 0E5D918F87EFA7D2424D66B499C7EB04 . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-08-22 . A1BC17EB3758D73C3938B2318820F5B4 . 665600 . . [6.00.2900.3199] . . c:\windows\ie7\wininet.dll
[-] 2007-08-20 . 774435E499D8E9643EC961A6103C361F . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-08-20 . 357D54BF94FE9D6D8505A96B5C2A3BCA . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[7] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-02-20 . B258C922D22DEEC880B60720531D7627 . 665600 . . [6.00.2900.3086] . . c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll
[-] 2006-01-09 . DDE9597A3311748C1519444E2BC147BD . 662016 . . [6.00.2900.2823] . . c:\windows\$hf_mig$\KB912945\SP2QFE\wininet.dll
.
[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\ole32.dll
[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\dllcache\ole32.dll
[-] 2011-11-01 . 7D9DDE1AB4B00DDB173F5A16E9206517 . 1289216 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
.
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[7] 2004-08-04 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
.
[-] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll
[-] 2009-02-09 . B0913005EE3FC15D7F72472D0B8A30EB . 715264 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll
[7] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll
[7] 2004-08-04 . BB5CBFFC096497506167BCE1D9690EF2 . 708096 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntdll.dll
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
.
[-] 2013-01-07 . 1251D608DFCE4B6801AD27A59B74985C . 2069760 . . [5.1.2600.6335] . . c:\windows\$hf_mig$\KB2799494\SP3QFE\ntkrnlpa.exe
[-] 2013-01-07 . 2C9091C3350E369BBB2464AABE2FD7CA . 2027520 . . [5.1.2600.6335] . . c:\windows\system32\ntkrnlpa.exe
[-] 2013-01-07 . 864E6F476699C1E3E020CE66462785FE . 2069760 . . [5.1.2600.6335] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2013-01-07 . 864E6F476699C1E3E020CE66462785FE . 2069760 . . [5.1.2600.6335] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2012-08-21 . B326D5E256D2F32B23E64F49DEBCE31B . 2069632 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntkrnlpa.exe
[-] 2012-08-21 . 61027EE2D9859A2B41D588D92F256CFB . 2027520 . . [5.1.2600.6284] . . c:\windows\$NtUninstallKB2799494$\ntkrnlpa.exe
[-] 2012-05-04 . 8E99A0CE02C1BEDA6C0935A4DDE9CEAA . 2069120 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntkrnlpa.exe
[-] 2012-05-04 . 87763BB6C95901818050E52C378C9E15 . 2026496 . . [5.1.2600.6223] . . c:\windows\$NtUninstallKB2724197$\ntkrnlpa.exe
[-] 2012-04-11 . 063A0F8A90D8E2B802E5243FE9AABCF3 . 2069120 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe
[-] 2012-04-11 . 61CCE48F7BD00E0E4D5CDE206F2DDC1B . 2026496 . . [5.1.2600.6206] . . c:\windows\$NtUninstallKB2707511$\ntkrnlpa.exe
[-] 2011-10-25 . DB19FFF0C805664CB95062C027B11FE9 . 2069376 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe
[-] 2010-12-10 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[-] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-08-05 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 . 2DFB215E291E3D9B1CF9A6739B3BF16C . 2017280 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
[-] 2013-01-07 . AE2FEE63789F5DF6B19DD9A39E26D03E . 2193152 . . [5.1.2600.6335] . . c:\windows\$hf_mig$\KB2799494\SP3QFE\ntoskrnl.exe
[-] 2013-01-07 . DD5A89274B47499CCFF7ADCA3A3C560E . 2148864 . . [5.1.2600.6335] . . c:\windows\system32\ntoskrnl.exe
[-] 2013-01-07 . CB8E341AFD9042EE70E51715D9A23B1E . 2193024 . . [5.1.2600.6335] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2013-01-07 . CB8E341AFD9042EE70E51715D9A23B1E . 2193024 . . [5.1.2600.6335] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2012-08-21 . ECA5980E1A78DBF9CB7F49F76791C0D1 . 2193024 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntoskrnl.exe
[-] 2012-08-21 . B9A14D5875CE262774388BD43BA56FF3 . 2148864 . . [5.1.2600.6284] . . c:\windows\$NtUninstallKB2799494$\ntoskrnl.exe
[-] 2012-05-04 . 099A0F80A563EBE935F4A9750F96C219 . 2192640 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntoskrnl.exe
[-] 2012-05-04 . AC4B3C4A6DC31867034C66663B9B8A38 . 2148352 . . [5.1.2600.6223] . . c:\windows\$NtUninstallKB2724197$\ntoskrnl.exe
[-] 2012-04-11 . 8D061BB825BC606C2B1C6F7452D1BAAA . 2192640 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe
[-] 2012-04-11 . A144D60B35E6DD14CCB9649B5E0D1092 . 2148352 . . [5.1.2600.6206] . . c:\windows\$NtUninstallKB2707511$\ntoskrnl.exe
[-] 2011-10-25 . F512C662874D7545E5BD8005E6800A44 . 2192768 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[-] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . E6679C3023B17D8B78946BC5DF53FA20 . 2137600 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\common files\installshield\updateservice\issch.exe" [2006-09-11 86960]
"attcm.exe"="c:\program files\AT&T\AT&T Communication Manager\attcm.exe" [2012-12-18 211496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2006-09-11 86960]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 18944]
"CTHelper"="CTHELPER.EXE" [2005-11-08 16384]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-03-05 1603152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-11 8429568]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"attcm_AppStart.exe"="c:\program files\AT&T\AT&T Communication Manager\attcm_AppStart.exe" [2012-12-18 219688]
.
c:\documents and settings\Froy\Start Menu\Programs\Startup\
EzWare EzDesk.lnk - c:\windows\EzDesk.exe [2010-11-15 68608]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCABattery"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-12-03 21:02 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-02-20 18:57 65536 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk
backup=c:\windows\pss\SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Froy^Start Menu^Programs^Startup^EzWare EzAutorun Version 1.1.lnk]
path=c:\documents and settings\Froy\Start Menu\Programs\Startup\EzWare EzAutorun Version 1.1.lnk
backup=c:\windows\pss\EzWare EzAutorun Version 1.1.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Froy^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Froy\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HughesNetTools_McciTrayApp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech BT Wizard]
LBTWiz.exe -silent [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\attcm.exe]
2012-12-18 17:06 211496 ----a-w- c:\program files\AT&T\AT&T Communication Manager\attcm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\attcm_AppStart.exe]
2012-12-18 16:06 219688 ----a-w- c:\program files\AT&T\AT&T Communication Manager\attcm_AppStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
2004-02-19 11:23 61440 ----a-w- c:\dell\bldbubg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-04-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 17:09 460784 -c--a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2007-05-03 00:08 198704 -c--a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2006-04-06 16:51 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EMET Notifier]
2012-05-09 20:25 152152 ----a-w- c:\program files\EMET\EMET_notifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-09-06 23:25 116648 ----atw- c:\documents and settings\Froy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2006-07-06 12:15 151552 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Info Center]
2011-09-26 18:27 24216 ----a-w- c:\program files\PCPitstop\Info Center\InfoCenter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-01-12 00:15 101136 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2007-01-12 00:15 101136 -c--a-w- c:\program files\Common Files\Logitech\khalshared\KHALMNPR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetStat Live]
2011-12-20 17:37 184304 ----a-w- c:\program files\AnalogX\NetStat Live\nsl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-06-11 02:46 8429568 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 17:02 79400 -c--a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 14:03 210472 -c--a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2013-02-07 20:56 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
2005-10-14 16:01 122880 ------w- c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McSysmon"=3 (0x3)
"McProxy"=2 (0x2)
"SwiCardDetectSvc"=2 (0x2)
"NAUpdate"=2 (0x2)
"Lavasoft Ad-Aware Service"=3 (0x3)
"stisvc"=3 (0x3)
"PlugPlay"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AT&T\\AT&T Communication Manager\\SwiApiMuxX.exe"=
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2/28/2013 1:47 PM 33112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 AdminHelper.exe;AdminHelper.exe;c:\program files\AT&T\AT&T Communication Manager\AdminHelper.exe [12/18/2012 10:06 AM 56360]
R2 IERA;Sierra Wireless Error Reporting Agent;c:\program files\Sierra Wireless Inc\IERA\IERA.exe [10/19/2011 3:56 PM 167280]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\Sierra Wireless Inc\Common\SwiCardDetect.exe [6/24/2011 12:10 PM 238960]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [8/23/2012 10:31 AM 1532280]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2/28/2013 1:47 PM 968880]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [7/4/2012 2:26 PM 10088]
S3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 5:38 PM 116608]
S3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;c:\windows\system32\drivers\swg3kser00.sys [10/19/2011 3:56 PM 215552]
S3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [3/26/2007 2:18 PM 20352]
S3 swiwdmbx;Sierra Wireless USB Bus Service;c:\windows\system32\drivers\swiwdmbx.sys [10/19/2011 3:56 PM 83968]
S3 SWNC8U12;Sierra Wireless MUX NDIS Driver (UMTS12);c:\windows\system32\drivers\swnc8u12.sys [11/4/2007 4:15 PM 101632]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [10/19/2011 3:56 PM 209536]
S3 swumx12;Sierra Wireless USB MUX Driver (UMTS12);c:\windows\system32\drivers\swumx12.sys [11/4/2007 4:15 PM 73600]
S3 VWan2k;BroadJump PPPoE Adapter;c:\windows\system32\drivers\VWAN2K.sys [3/13/2008 12:25 PM 29228]
S4 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 9:09 PM 267568]
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 22:59]
.
2012-09-20 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2012-08-14 22:08]
.
2012-09-06 c:\windows\Tasks\videopadSevenDays.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2012-08-14 22:09]
.
2012-09-06 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2012-08-14 22:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=Gfo9sFi-kJw7P1yLaLnhKlvnjBo
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: att.net\my
FF - ProfilePath - c:\documents and settings\Froy\Application Data\Mozilla\Firefox\Profiles\ae57pzsf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - ExtSQL: !HIDDEN! 2009-11-16 18:05; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-DMXLauncher - c:\program files\Dell\Media Experience\DMXLauncher.exe
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
AddRemove-AutoPlay Media Studio 5.0 Professional Trial - c:\windows\iun6002.exe
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-06 18:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-949347910-1819743217-893941977-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(420)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(912)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-03-06  18:18:10 - machine was rebooted
ComboFix-quarantined-files.txt  2013-03-07 00:18
.
Pre-Run: 222,473,789,440 bytes free
Post-Run: 222,476,845,056 bytes free
.
- - End Of File - - 4E360EC2568970EA50459418A3BE1E08
Farbar Service Scanner Version: 03-03-2013
Ran by Froy (administrator) on 06-03-2013 at 18:20:47
Running from "C:\Documents and Settings\Froy\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Yahoo IP is unreachable
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2004-08-10 12:02] - [2008-04-13 18:12] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2004-08-10 11:51] - [2009-02-06 05:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) Tcpip(3)
0x0D0000000400000001000000020000000300000009000000080000000B0000000C0000000D0000000500000006000000070000000A000000
IpSec Tag value is correct.
**** End of log ****
 
Gary, I'm going to have to quit for the evening again. Looks like this one may be a bigger problem. Have a good evening and I'll get back tomorrow. Roy


Edited by Oh My, 06 March 2013 - 08:57 PM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:29 AM

Posted 06 March 2013 - 09:17 PM

Good morning Roy,

Please run this program for me.

===================================================

Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • MiniToolBox log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 chaknik

chaknik
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:29 AM

Posted 07 March 2013 - 08:19 AM

Hello Gary. Here's the Result log:

 

MiniToolBox by Farbar  Version:05-03-2013
Ran by Froy (administrator) on 07-03-2013 at 07:13:24
Running from "C:\Documents and Settings\Froy\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration

 


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Intel® 82566DC Gigabit Network Connection = Local Area Connection (Disconnected)
1394 Net Adapter = 1394 Connection (Disconnected)


# ----------------------------------
# Interface IP Configuration        
# ----------------------------------
pushd interface ip

 

popd
# End of interface IP configuration

 


Windows IP Configuration

 

Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

 

Pinging 127.0.0.1 with 32 bytes of data:

 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/06/2013 11:16:04 AM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.70.0.9, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/06/2013 11:03:52 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (03/06/2013 10:45:01 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (03/06/2013 09:45:41 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (03/06/2013 09:41:38 AM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.70.0.9, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/06/2013 09:34:03 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (03/05/2013 01:09:19 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (03/03/2013 03:34:07 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.70.0.9, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/28/2013 01:34:06 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/28/2013 01:23:18 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (03/06/2013 06:41:55 PM) (Source: DCOM) (User: RAS)
Description: DCOM got error "%%1058" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/06/2013 06:41:37 PM) (Source: DCOM) (User: RAS)
Description: DCOM got error "%%1058" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/06/2013 06:20:03 PM) (Source: DCOM) (User: RAS)
Description: DCOM got error "%%1058" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/06/2013 06:13:11 PM) (Source: PlugPlayManager) (User: )
Description: The device Root\LEGACY_NPF\0000 disappeared from the system without first being prepared for removal.

Error: (03/06/2013 06:09:10 PM) (Source: PlugPlayManager) (User: )
Description: The device Root\LEGACY_MRESP50\0000 disappeared from the system without first being prepared for removal.

Error: (03/06/2013 06:06:35 PM) (Source: DCOM) (User: RAS)
Description: DCOM got error "%%1058" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/06/2013 06:06:28 PM) (Source: DCOM) (User: RAS)
Description: DCOM got error "%%1058" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/06/2013 06:05:02 PM) (Source: DCOM) (User: RAS)
Description: DCOM got error "%%1058" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/06/2013 05:59:58 PM) (Source: DCOM) (User: RAS)
Description: DCOM got error "%%1058" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/06/2013 05:33:14 PM) (Source: DCOM) (User: RAS)
Description: DCOM got error "%%1058" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}


Microsoft Office Sessions:
=========================

**** End of log ****



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:29 AM

Posted 07 March 2013 - 10:18 AM

Hi Roy,

Can you tell me how you have this computer configured for internet access. Is the modem attached to the computer or the router.

Please do this for me.

===================================================

Running ipconfig /all

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type cmd and press Enter
  • Type ipconfig /all then press Enter
  • Copy and paste the results in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • Internet configuration
  • ipconfig information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 chaknik

chaknik
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:29 AM

Posted 07 March 2013 - 10:56 AM

When I try to surf web on the bad computer, the USB modem is plugged directly into that computers usb port. When I have to use the laptop, I remove the modem from bad computer and plug it intp usb port on laptop. I've not been connected via router since early last week.

 

The first ipconfig /all is from the bad computer with no modem attached. The second section is the same computer with modem attached.

 

Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Froy>ipconfig /all

Windows IP Configuration


C:\Documents and Settings\Froy>

 

 

 

Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Froy>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : RAS
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Wireless Network Connection 11:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Sierra Wireless WWAN Network Adapter

        Physical Address. . . . . . . . . : 00-A0-D5-FF-FF-AE
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 10.221.90.209
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 10.221.90.209
        DHCP Server . . . . . . . . . . . : 10.221.90.253
        DNS Servers . . . . . . . . . . . : 172.26.38.1
                                            172.26.38.2
        NetBIOS over Tcpip. . . . . . . . : Disabled
        Lease Obtained. . . . . . . . . . : Thursday, March 07, 2013 9:47:46 AM
        Lease Expires . . . . . . . . . . : Sunday, March 10, 2013 9:47:46 AM

C:\Documents and Settings\Froy>



#12 chaknik

chaknik
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:29 AM

Posted 07 March 2013 - 11:03 AM

The DNS Servers (172.26.38.1) have been a point of concern-I Googled it and also the guy from Geeks2Go didn't understand it.He said it pointed to Stanford University.????

 

Pinging that address doesn't help either.


Edited by chaknik, 07 March 2013 - 11:12 AM.


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:29 AM

Posted 07 March 2013 - 11:19 AM

Hi Roy,

Please insert the USB Modem into the computer we just repaired, make sure it is connected to the internet successfully, then run ipconfig /all on it. Post the results. I want to compare outputs.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 chaknik

chaknik
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:29 AM

Posted 07 March 2013 - 11:31 AM

This is from the laptop which is still looking good.

 

Microsoft Windows [Version 6.0.6002]
Copyright © 2006 Microsoft Corporation.  All rights reserved.

C:\Users\Roy & Freda>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : LapTop
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 4:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Sierra Wireless WWAN Network Adapter #2
   Physical Address. . . . . . . . . : 00-A0-D5-FF-FF-AE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::fd64:b8f1:e3da:6fb7%28(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.69.32.158(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Lease Obtained. . . . . . . . . . : Thursday, March 07, 2013 9:51:27 AM
   Lease Expires . . . . . . . . . . : Sunday, March 10, 2013 9:51:27 AM
   Default Gateway . . . . . . . . . : 172.26.38.1
   DHCP Server . . . . . . . . . . . : 10.69.32.253
   DHCPv6 IAID . . . . . . . . . . . : 587243733
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0E-91-DF-86-00-1C-23-0F-F1-76

   DNS Servers . . . . . . . . . . . : 172.26.38.1
                                       172.26.38.2
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Bluetooth Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
#2
   Physical Address. . . . . . . . . : 00-19-7E-DA-34-2E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : local.tld
   Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Con
nection
   Physical Address. . . . . . . . . : 00-1B-77-D1-43-DB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{4F3E6FD3-3946-4322-A47C-ADDFB1C79
E5B}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : 6TO4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.local.tld
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 21:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 22:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 26:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 27:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #8
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 20:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{6B9D01FF-33B8-4939-9225-0BFF3EA1A
B6C}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

C:\Users\Roy & Freda>



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:29 AM

Posted 07 March 2013 - 04:23 PM

Hi Roy,

Thank you for the information. Can you tell me what you needed to do to install the USB modem when you first used it? Did it automatically load the drivers or did you need an installation disk?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users