Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91681 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Adobe Acrobat Reader Key Problem


  • This topic is locked This topic is locked
16 replies to this topic

#1 LifeOnAString

LifeOnAString

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 22 September 2009 - 10:37 AM

When I try to install Adobe Acrobat Reader, Version 8 or 9, I get this error:

Error 1402.Could not open key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS
Verify that you have sufficient access to that key, or contact your support personnel.

I went to the Adobe.com support, and tried Solution 1, and Solution 2: http://kb2.adobe.com...329/329137.html

Neither was effective. When I tried to Import the backup registry from Soution 2, I got this error:

Some keys are open by the system or other processes.

Solution 4 and 5 have to do with spyware and viruses. I downloaded and scanned with http://www.microsoft...re/default.mspx but found nothing. Also scanned with MalwareBytes, Avast and SUPERAntiSpyware with nothing found.

Please help. Thanks.

(Please note that this problem is with my desktop and not my laptop, on which I had another problem - that now seems to have been fixed.)

    Advertisements

Register to Remove


#2 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 27 September 2009 - 01:54 PM

Hi

Let's have a look.

Download OTL to your desktop.
  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#3 LifeOnAString

LifeOnAString

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 27 September 2009 - 08:46 PM

Thanks. Here is what OTL.Txt says:

OTL logfile created on: 9/27/2009 10:35:39 PM - Run 1
OTL by OldTimer - Version 3.0.16.0	 Folder = C:\Documents and Settings\CEO\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1013.54 Mb Total Physical Memory | 507.32 Mb Available Physical Memory | 50.05% Memory free
2.38 Gb Paging File | 1.92 Gb Available in Paging File | 80.36% Paging File free
Paging file location(s): D:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.01 Gb Total Space | 4.10 Gb Free Space | 10.26% Space Free | Partition Type: NTFS
Drive D: | 149.01 Gb Total Space | 39.36 Gb Free Space | 26.41% Space Free | Partition Type: NTFS
Drive E: | 399.80 Mb Total Space | 296.00 Mb Free Space | 74.04% Space Free | Partition Type: FAT
Drive F: | 439.01 Mb Total Space | 295.40 Mb Free Space | 67.29% Space Free | Partition Type: FAT
Drive G: | 423.33 Mb Total Space | 225.92 Mb Free Space | 53.37% Space Free | Partition Type: FAT
Drive H: | 509.58 Mb Total Space | 118.54 Mb Free Space | 23.26% Space Free | Partition Type: FAT
Drive I: | 305.73 Mb Total Space | 202.02 Mb Free Space | 66.08% Space Free | Partition Type: FAT
Drive J: | 305.73 Mb Total Space | 302.73 Mb Free Space | 99.02% Space Free | Partition Type: FAT
Drive K: | 666.55 Mb Total Space | 320.45 Mb Free Space | 48.08% Space Free | Partition Type: FAT
Drive L: | 105.98 Gb Total Space | 73.47 Gb Free Space | 69.32% Space Free | Partition Type: NTFS
Drive S: | 1.87 Gb Total Space | 1.29 Gb Free Space | 68.95% Space Free | Partition Type: FAT32
Drive T: | 432.93 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive U: | 472.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: D57T30C1
Current User Name: CEO
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe ()
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe (mozilla.org)
PRC - C:\Program Files\Virtual CD v4\System\VCDTray.exe (H+H Software GmbH)
PRC - C:\Program Files\Virtual CD v4\system\VCDPlay.exe (H+H Software GmbH)
PRC - C:\WINDOWS\System32\pmxmiced.exe (Primax Electronics Ltd.)
PRC - C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe ()
PRC - C:\Program Files\Virtual CD v4\System\vcdsecs.exe (H+H Software GmbH)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Documents and Settings\CEO\Desktop\OTL.exe (OldTimer Tools)
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ASFIPmon [Auto | Running]) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CCALib8 [Auto | Running]) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (ccEvtMgr [Disabled | Stopped]) --  File not found
SRV - (ccSetMgr [Disabled | Stopped]) --  File not found
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CLTNetCnService [Disabled | Stopped]) --  File not found
SRV - (comHost [On_Demand | Stopped]) --  File not found
SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (ISPwdSvc [Disabled | Stopped]) --  File not found
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LiveUpdate Notice Ex [Auto | Stopped]) --  File not found
SRV - (LiveUpdate Notice Service [Auto | Stopped]) --  File not found
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ppped [Auto | Running]) -- C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe ()
SRV - (RPSUpdaterR [On_Demand | Stopped]) --  File not found
SRV - (Symantec Core LC [Disabled | Stopped]) --  File not found
SRV - (SymAppCore [Disabled | Stopped]) --  File not found
SRV - (VCDSecS [Auto | Running]) -- C:\Program Files\Virtual CD v4\System\vcdsecs.exe (H+H Software GmbH)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (ADIHdAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (BASFND [Auto | Running]) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLADResN [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLARTL_N [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (DSproct [On_Demand | Stopped]) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows (R) Server 2003 DDK provider)
DRV - (HidBatt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys (Intel Corporation)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\LVPr2Mon.sys ()
DRV - (LVRS [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\lvrs.sys (Logitech Inc.)
DRV - (LVUSBSta [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (mamotou [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mamotou.sys (Mobile Action Technology Inc.)
DRV - (MaRdPnp [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\MaRdP2K.sys (Mobile Action Technology Inc.)
DRV - (MaVctrl [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\MaVc2K.sys (Mobile Action Technology Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\mf.sys (Microsoft Corporation)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (motccgpfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\motccgpfl.sys (Motorola)
DRV - (motmodem [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\motmodem.sys (Motorola)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (pepifilter [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\lv302af.sys (Logitech Inc.)
DRV - (PID_PEPI [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LV302V32.SYS (Logitech Inc.)
DRV - (pmxmouse [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\pmxmouse.sys (Primax Electronics Ltd.)
DRV - (pmxusblf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\pmxusblf.sys (Primax Electronics Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SenFiltService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Senfilt.sys (Sensaura)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (SRTSP [System | Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS (Symantec Corporation)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (SYMDNS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usbser [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usbser.sys (Microsoft Corporation)
DRV - (usbsermpt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usbsermpt.sys (Microsoft Corporation)
DRV - (vcdmpdrv [System | Running]) -- C:\WINDOWS\System32\DRIVERS\vcdmpdrv.sys (H+H Software GmbH)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061023
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061023
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061023
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.quicken.com/investments/portfolio/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://www.quicken.com/investments/portfolio/"
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/01/27 16:31:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/12 23:29:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/09/24 04:30:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/27 20:18:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/27 22:08:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.18\Extensions\\Components: C:\Program Files\mozilla.org\SeaMonkey\Components [2009/09/27 20:36:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.18\Extensions\\Plugins: C:\Program Files\mozilla.org\SeaMonkey\Plugins [2009/09/27 22:08:54 | 00,000,000 | ---D | M]
 
[2008/07/10 04:20:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\mozilla\Extensions
[2008/07/10 04:20:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/27 01:34:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\mozilla\Firefox\Profiles\ca4mkm2h.default\extensions
[2009/07/13 00:33:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\mozilla\Firefox\Profiles\ca4mkm2h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/08 01:14:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\mozilla\Firefox\Profiles\ca4mkm2h.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/09/27 01:34:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/01/05 20:53:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/09/22 15:55:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/27 22:14:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2009/09/27 22:16:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2009/09/27 22:15:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2009/09/27 22:14:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/09/27 22:14:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2009/09/27 22:13:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/11/27 20:06:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/03/13 16:47:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/07 09:09:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/09 17:30:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/09/24 04:30:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/09/22 15:55:12 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/22 15:55:13 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/06/18 02:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/09/24 04:30:15 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/22 12:54:28 | 00,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2009/09/22 15:55:15 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/01/27 16:31:38 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/06/04 19:53:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/04 19:53:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/04 19:53:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/04 19:53:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/04 19:53:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/04 19:53:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/04 19:53:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/01/27 16:31:53 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/01/27 16:31:29 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/08/28 16:59:19 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/28 16:59:19 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/28 16:59:19 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/28 16:59:19 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/28 16:59:19 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/28 16:59:19 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/28 16:59:19 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
 
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1	   localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe ()
O4 - HKCU..\Run: [SeaMonkey Quick Launch] C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe (mozilla.org)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\CEO\Start Menu\Programs\Startup\Quick Start program.lnk = C:\Program Files\Virtual CD v4\System\VCDTray.exe (H+H Software GmbH)
O4 - Startup: C:\Documents and Settings\CEO\Start Menu\Programs\Startup\Setting.lnk = C:\WINDOWS\System32\DellPM.exe (Primax Electronics Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 28 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader2.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227308689890 (MUWebControl Class)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://cid-cffff04cb76d019a.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} http://200.9.36.138:82/wg_webeye.cab (Web Camera Server Control)
O16 - DPF: {B82FA17C-F3A9-11D2-B5DD-0050041B7FF6} https://secureshares.wrallp.com/desktopmodules/wrallp.FileManager/SAXFile.cab (SAXFile FileDownload ActiveX Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} http://www.photoworks.com/pixami/DragDropUploader.cab (Pixami Drag/Drop Upload UI Control)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5216/mcfscan.cab (McFreeScan Class)
O16 - DPF: Photobucket Publisher http://s218.photobucket.com/csve/ie_plugin.php (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.250.0.12 68.237.161.12
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter:  - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/CEO/LOCALS~1/Temp/msoclip1/01/clip_image002.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/27 04:40:22 | 00,000,018 | ---- | M] () - C:\autoexe2.bit -- [ NTFS ]
O32 - AutoRun File - [2007/06/28 15:09:02 | 00,000,293 | ---- | M] () - C:\AutoExec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/08/11 17:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BIT -- [ NTFS ]
O32 - AutoRun File - [1999/04/01 00:49:54 | 00,001,724 | R--- | M] () - T:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2009/09/27 22:32:58 | 00,518,144 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\CEO\Desktop\OTL.exe
[2009/09/27 22:27:43 | 00,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2009/09/27 22:19:06 | 10,628,46464 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/27 22:13:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2009/09/27 22:07:44 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/09/27 22:06:07 | 00,000,000 | ---D | C] -- C:\Program Files\CyberPower PowerPanel Personal Edition
[2009/09/27 21:06:40 | 00,000,092 | ---- | C] () -- C:\Documents and Settings\CEO\Desktop\Software CyberPower Systems, Inc..URL
[2009/09/27 20:35:02 | 00,004,299 | ---- | C] () -- C:\Documents and Settings\CEO\Desktop\Kaspersky.html
[2009/09/27 20:24:05 | 00,000,000 | ---D | C] -- C:\Program Files\iPod(2)
[2009/09/27 20:23:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/27 16:10:00 | 00,000,187 | ---- | C] () -- C:\Documents and Settings\CEO\Desktop\BillP Studios Download Page.url
[2009/09/25 16:34:14 | 00,000,000 | ---D | C] -- C:\RFP
[2009/09/25 01:58:21 | 00,000,679 | ---- | C] () -- C:\Documents and Settings\CEO\Desktop\LifeOnAString - Viewing Profile.url
[2009/09/24 04:33:41 | 00,000,000 | ---D | C] -- C:\Program Files\JRE
[2009/09/24 04:30:26 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/09/24 03:32:05 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2009/09/23 14:01:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CEO\Application Data\webex
[2009/09/23 14:01:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CEO\My Documents\WebEx
[2009/09/22 23:51:39 | 00,004,166 | ---- | C] () -- C:\Documents and Settings\CEO\Desktop\DVDs.rtf
[2009/09/22 12:42:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CEO\Application Data\Foxit
[2009/09/22 12:42:19 | 00,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2009/09/22 11:25:55 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/09/22 11:22:50 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/09/22 03:17:56 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\CEO\Desktop\RootRepeal.exe
[2009/09/22 03:17:22 | 00,359,932 | ---- | C] () -- C:\Documents and Settings\CEO\Desktop\dds.scr
[2009/09/21 16:38:30 | 00,001,787 | ---- | C] () -- C:\Windows Search.lnk
[2009/09/21 15:37:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CEO\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/21 15:14:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/09/09 15:14:06 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/09/05 01:54:48 | 00,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009/09/05 01:54:48 | 00,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/02 15:12:48 | 00,000,025 | ---- | C] () -- C:\WINDOWS\BMPLUS.ini
[2009/05/26 23:11:36 | 00,000,115 | ---- | C] () -- C:\WINDOWS\SLIDES.INI
[2009/05/08 10:13:04 | 00,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 16:00:12 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/02/11 07:12:14 | 00,000,281 | ---- | C] () -- C:\WINDOWS\abc.INI
[2008/08/19 22:09:52 | 00,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/10 00:32:29 | 00,000,120 | ---- | C] () -- C:\WINDOWS\PbkUser.INI
[2007/05/28 22:03:18 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2007/04/13 21:33:06 | 00,000,058 | ---- | C] () -- C:\WINDOWS\DRAGDR~1.INI
[2007/01/17 10:23:14 | 00,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2007/01/08 19:19:00 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/12/28 23:05:15 | 00,000,064 | ---- | C] () -- C:\WINDOWS\PSYCALC.INI
[2006/12/28 23:03:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/12/28 12:03:37 | 00,000,026 | ---- | C] () -- C:\WINDOWS\APW.INI
[2006/12/27 11:18:25 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/12/27 08:55:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\EngineExe.INI
[2006/12/27 08:30:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2006/12/27 08:07:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2006/12/27 08:02:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\AlbumExe.INI
[2006/12/27 08:01:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PhoneBkExe.INI
[2006/12/27 06:46:08 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/27 06:46:08 | 00,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/12/27 05:22:32 | 00,000,165 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/12/26 22:13:19 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/10/23 21:04:42 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/23 21:02:33 | 00,000,284 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/23 21:01:02 | 00,131,002 | ---- | C] () -- C:\WINDOWS\System32\DellPM.ini
[2006/10/23 20:41:39 | 00,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2006/10/23 20:41:39 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2006/10/23 20:40:47 | 00,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/18 14:47:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 17:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:00:37 | 00,001,508 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 17:00:35 | 00,000,239 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2004/02/12 22:43:02 | 00,000,309 | ---- | C] () -- C:\WINDOWS\LProST.ini
[2002/01/20 14:04:28 | 00,667,648 | ---- | C] () -- C:\WINDOWS\System32\Dtwain32.dll
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2009/09/27 22:33:01 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CEO\Desktop\OTL.exe
[2009/09/27 22:32:43 | 00,000,679 | ---- | M] () -- C:\Documents and Settings\CEO\Desktop\LifeOnAString - Viewing Profile.url
[2009/09/27 22:32:10 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/09/27 22:29:35 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/27 22:29:12 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2009/09/27 22:29:10 | 00,131,002 | ---- | M] () -- C:\WINDOWS\System32\DellPM.ini
[2009/09/27 22:29:10 | 00,000,626 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SharedProperties.xml
[2009/09/27 22:29:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/27 22:29:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/27 22:29:03 | 10,628,46464 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/27 22:27:50 | 00,000,518 | ---- | M] () -- C:\Documents and Settings\CEO\Application Data\EventStore.xml
[2009/09/27 22:27:50 | 00,000,475 | ---- | M] () -- C:\Documents and Settings\CEO\Application Data\CampaignStore.xml
[2009/09/27 22:27:50 | 00,000,471 | ---- | M] () -- C:\Documents and Settings\CEO\Application Data\UpdateStore.xml
[2009/09/27 22:27:50 | 00,000,376 | ---- | M] () -- C:\Documents and Settings\CEO\Application Data\SoftwarePackageStore.xml
[2009/09/27 22:27:50 | 00,000,376 | ---- | M] () -- C:\Documents and Settings\CEO\Application Data\ConfigurationStore.xml
[2009/09/27 21:06:40 | 00,000,092 | ---- | M] () -- C:\Documents and Settings\CEO\Desktop\Software CyberPower Systems, Inc..URL
[2009/09/27 20:35:02 | 00,004,299 | ---- | M] () -- C:\Documents and Settings\CEO\Desktop\Kaspersky.html
[2009/09/27 19:51:55 | 00,002,628 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/09/27 16:10:00 | 00,000,187 | ---- | M] () -- C:\Documents and Settings\CEO\Desktop\BillP Studios Download Page.url
[2009/09/27 14:58:20 | 00,069,120 | ---- | M] () -- C:\Documents and Settings\CEO\My Documents\DVDs.xls
[2009/09/24 20:39:25 | 00,359,932 | ---- | M] () -- C:\Documents and Settings\CEO\Desktop\dds.scr
[2009/09/24 20:28:52 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/09/24 04:39:54 | 00,031,608 | ---- | M] () -- C:\Documents and Settings\CEO\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/24 04:39:46 | 00,169,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/24 04:30:14 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/09/24 04:30:14 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/09/24 04:30:14 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/09/24 04:30:14 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/09/24 04:30:14 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/09/22 23:57:34 | 00,004,166 | ---- | M] () -- C:\Documents and Settings\CEO\Desktop\DVDs.rtf
[2009/09/22 12:32:37 | 00,463,840 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/22 12:32:37 | 00,078,990 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/09/22 03:17:56 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\CEO\Desktop\RootRepeal.exe
[2009/09/21 20:00:00 | 00,000,572 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Online - Run Full System Scan - CEO.job
[2009/09/17 00:32:36 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\CEO\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/10 14:27:18 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/10 01:03:02 | 00,118,784 | ---- | M] () -- C:\WINDOWS\SeaMonkeyUninstall.exe
[2009/09/10 01:03:02 | 00,022,246 | ---- | M] () -- C:\WINDOWS\mozver.dat
[2009/09/10 01:02:59 | 00,001,508 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/10 01:02:45 | 00,118,784 | ---- | M] () -- C:\WINDOWS\GREUninstall.exe
[2009/09/05 01:54:48 | 00,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009/09/05 01:54:48 | 00,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2009/09/27 22:29:10 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/18 00:02:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2008/05/26 20:55:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{2F7503E5-452B-4E1B-90FE-6E47985E600B}
[2009/09/27 20:25:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/08 00:02:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/05/26 20:57:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BA892C10-A262-42D0-B6AD-2ADE4916F871}
[2007/06/10 00:19:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2007/06/10 00:51:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2006/12/26 22:14:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2006/12/27 05:22:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/02/27 14:21:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2008/11/22 21:48:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2008/10/03 01:55:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MP3 Remix
[2009/02/16 06:34:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2009/02/16 06:51:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/02/22 05:42:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RingCentral
[2004/08/11 17:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/09/27 22:29:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/11/30 05:23:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Verizon
[2007/07/17 18:02:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2009/09/27 22:30:10 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\CEO\Application Data
[2008/11/17 23:59:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\Business Logic
[2009/09/21 15:37:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2007/03/18 22:51:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\CyberLink
[2009/09/22 12:42:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\Foxit
[2006/12/27 05:21:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\Intuit
[2006/12/27 06:48:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\Leadertech
[2008/11/22 22:17:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\Motive
[2009/03/12 20:28:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\NCH Software
[2009/03/03 02:19:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\NCH Swift Sound
[2008/11/21 19:16:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\OfficeUpdate12
[2009/02/01 03:52:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\OpenOffice.org
[2009/02/01 01:47:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\OpenOffice.org2
[2007/05/11 10:01:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\PhotoWorks
[2007/05/11 09:49:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\Seven Zip
[2008/12/18 01:05:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\SoftwareDetectionScripts
[2008/11/19 17:45:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\uTorrent
[2008/11/22 21:26:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\Verizon
[2009/09/23 14:01:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\webex
[2007/06/13 02:55:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\WholeSecurity
[2009/04/21 03:41:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\Windows Desktop Search
[2009/04/21 10:20:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\Windows Search
[2009/08/05 19:25:02 | 00,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/27 22:32:10 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/09/21 20:00:00 | 00,000,572 | ---- | M] () -- C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - CEO.job
[2009/09/27 22:29:12 | 00,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2009/09/27 22:29:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

Here is Extras.txt:
OTL Extras logfile created on: 9/27/2009 10:35:40 PM - Run 1
OTL by OldTimer - Version 3.0.16.0	 Folder = C:\Documents and Settings\CEO\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1013.54 Mb Total Physical Memory | 507.32 Mb Available Physical Memory | 50.05% Memory free
2.38 Gb Paging File | 1.92 Gb Available in Paging File | 80.36% Paging File free
Paging file location(s): D:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.01 Gb Total Space | 4.10 Gb Free Space | 10.26% Space Free | Partition Type: NTFS
Drive D: | 149.01 Gb Total Space | 39.36 Gb Free Space | 26.41% Space Free | Partition Type: NTFS
Drive E: | 399.80 Mb Total Space | 296.00 Mb Free Space | 74.04% Space Free | Partition Type: FAT
Drive F: | 439.01 Mb Total Space | 295.40 Mb Free Space | 67.29% Space Free | Partition Type: FAT
Drive G: | 423.33 Mb Total Space | 225.92 Mb Free Space | 53.37% Space Free | Partition Type: FAT
Drive H: | 509.58 Mb Total Space | 118.54 Mb Free Space | 23.26% Space Free | Partition Type: FAT
Drive I: | 305.73 Mb Total Space | 202.02 Mb Free Space | 66.08% Space Free | Partition Type: FAT
Drive J: | 305.73 Mb Total Space | 302.73 Mb Free Space | 99.02% Space Free | Partition Type: FAT
Drive K: | 666.55 Mb Total Space | 320.45 Mb Free Space | 48.08% Space Free | Partition Type: FAT
Drive L: | 105.98 Gb Total Space | 73.47 Gb Free Space | 69.32% Space Free | Partition Type: NTFS
Drive S: | 1.87 Gb Total Space | 1.29 Gb Free Space | 68.95% Space Free | Partition Type: FAT32
Drive T: | 432.93 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive U: | 472.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: D57T30C1
Current User Name: CEO
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.scr [@ = Icad.load.scr] -- C:\Program Files\IntelliCAD 98\icad.exe (Visio Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business
"{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{177D1318-3E4B-4A7C-A300-AC4E21BE090B}" = Broadcom Management Programs
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2D6ED011-055B-4041-B198-BB903827EBFB}" = Safari
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4216BCC9-8DF8-4159-ADC1-F31C314C6149}" = Virtual CD v4
"{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}" = Foxit PDF IFilter
"{448E2D77-E504-4221-B2C2-93646B344729}" = Mouse Suite for Desktop Computers
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4B7C25BA-480D-4E5F-A986-D153E799ECEE}" = Symantec Real Time Storage Protection Component
"{52CB9287-0F7A-43E8-AC64-8D20D2D7B601}" = Windows XP Creativity Fun Packs - Player Visualizations
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}" = Radialpoint Security Services
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{7A35F91E-1D16-454F-A248-B9B782A2327C}" = Dell Support 3.2.1
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9E9AEBE7-58A9-11D8-80AE-00036D10F3B7}" = LabelCreator Pro
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A532D814-F1F2-41DF-A445-A3B1F8F26892}" = SymNet
"{A918DE8A-98C8-0920-0001-000000000000}" = Multimedia Samples
"{AB4862FB-0396-4E75-A523-850577EBFC73}" = Security Advisor
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3A44800-CDD9-4289-90E9-6E42EF8ADDC8}" = CyberPower PowerPanel Personal Edition 1.2.1
"{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{E0F1D3B6-F50E-49AE-A942-FFDFFA16F9A9}" = PhotoStreamer 2
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{ED57CE70-0DC6-49AB-A33E-FAC212A6AF5E}" = Creative MuVo V100
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"7-Zip" = 7-Zip 4.65
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AT&T Connection Services Software" = AT&T Worldnet Service
"AudibleManager" = AudibleManager
"avast!" = avast! Antivirus
"Bookshelf98" = Microsoft Bookshelf 1998 (Remove ONLY)
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"CompuPic" = CompuPic
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"CSCLIB" = Canon Camera Support Core Library
"EasyTerm 4.3_is1" = EasyTerm 4.3
"EOS Utility" = Canon Utilities EOS Utility
"ExpressRip" = Express Rip
"Family Lawyer 2000" = Family Lawyer 2000
"Foxit Reader" = Foxit Reader
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IntelliCAD 98" = IntelliCAD 98
"IPI DewPoint Calculator" = IPI DewPoint Calculator
"Java Web Start" = Java Web Start
"Legal Search" = Legal Search
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NetMos Technology" = NetMos Multi-IO Controller
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NovaBench 2_is1" = NovaBench 2.0.320.0
"PhotoStitch" = Canon Utilities PhotoStitch
"PhotoStreamer 2" = PhotoStreamer 2
"Precision Mapping Streets v3.0 Unistaller" = Precision Mapping Streets v3.0
"Preservation Calculator" = Preservation Calculator
"Prism" = Prism Video Converter
"PsyCalc 98 Setup" = PsyCalc 98 Setup
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.23
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"RingCentral" = RingCentral Call Controller
"SeaMonkey (1.1.18)" = SeaMonkey (1.1.18)
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SysInfo" = Creative System Information
"The Plain-Language Law Dictionary" = The Plain-Language Law Dictionary
"ToolBox" = NCH Toolbox
"Verizon Yahoo! Applications" = Verizon Yahoo! Applications
"WAV to MP3 Encoder" = WAV to MP3 Encoder
"WavePad" = WavePad Sound Editor
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"WinCleaner OneClick Professional Clean_is1" = WinCleaner OneClick Professional Clean Version 11
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"uTorrent" = µTorrent
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Antivirus Events ]
Error - 6/7/2009 1:32:05 PM | Computer Name = D57T30C1 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\DOCUMENTS AND SETTINGS\CEO\MY DOCUMENTS\MY PICTURES\FAMILY\THUMBS.DB failed,
 00000005.  
 
Error - 6/7/2009 1:32:05 PM | Computer Name = D57T30C1 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\DOCUMENTS AND SETTINGS\CEO\MY DOCUMENTS\MY PICTURES\PRESENTATIONS\THUMBS.DB 
failed, 00000005.  
 
Error - 6/7/2009 1:32:05 PM | Computer Name = D57T30C1 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\DOCUMENTS AND SETTINGS\CEO\MY DOCUMENTS\MY PICTURES\MY GIF FILES\THUMBS.DB failed,
 00000005.  
 
Error - 6/9/2009 8:19:41 AM | Computer Name = D57T30C1 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\DOCUMENTS AND SETTINGS\CEO\MY DOCUMENTS\MY PICTURES\FAMILY\THUMBS.DB failed,
 00000005.  
 
Error - 6/9/2009 8:19:41 AM | Computer Name = D57T30C1 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\DOCUMENTS AND SETTINGS\CEO\MY DOCUMENTS\MY PICTURES\PRESENTATIONS\THUMBS.DB 
failed, 00000005.  
 
Error - 6/9/2009 8:19:41 AM | Computer Name = D57T30C1 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\DOCUMENTS AND SETTINGS\CEO\MY DOCUMENTS\MY PICTURES\MY GIF FILES\THUMBS.DB failed,
 00000005.  
 
Error - 6/25/2009 8:41:40 AM | Computer Name = D57T30C1 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\DOCUMENTS AND SETTINGS\CEO\MY DOCUMENTS\MY PICTURES\FAMILY\THUMBS.DB failed,
 00000005.  
 
Error - 6/25/2009 8:41:40 AM | Computer Name = D57T30C1 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\DOCUMENTS AND SETTINGS\CEO\MY DOCUMENTS\MY PICTURES\PRESENTATIONS\THUMBS.DB 
failed, 00000005.  
 
Error - 6/25/2009 8:41:40 AM | Computer Name = D57T30C1 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\DOCUMENTS AND SETTINGS\CEO\MY DOCUMENTS\MY PICTURES\MY GIF FILES\THUMBS.DB failed,
 00000005.  
 
[ Application Events ]
Error - 9/22/2009 12:18:24 PM | Computer Name = D57T30C1 | Source = MsiInstaller | ID = 11402
Description = Product: Adobe Reader 9.1 -- Error 1402.Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS.
  System error 5.  Verify that you have sufficient access to that key, or contact
 your support personnel.
 
Error - 9/22/2009 12:23:41 PM | Computer Name = D57T30C1 | Source = MsiInstaller | ID = 11402
Description = Product: Adobe Reader 8.1.3 -- Error 1402.Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS.
  System error 5.  Verify that you have sufficient access to that key, or contact
 your support personnel.
 
Error - 9/25/2009 6:30:06 PM | Computer Name = D57T30C1 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 9.0.0.8970, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 9/25/2009 6:30:11 PM | Computer Name = D57T30C1 | Source = Application Hang | ID = 1001
Description = Fault bucket 759644626.
 
Error - 9/26/2009 10:13:24 AM | Computer Name = D57T30C1 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\CEO\MY DOCUMENTS\DVDS.XLS> in
 the hash map cannot be updated.  Context:  Application, SystemIndex Catalog  Details:
	A
 device attached to the system is not functioning.   (0x8007001f) 
 
Error - 9/27/2009 6:25:21 PM | Computer Name = D57T30C1 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 9/27/2009 10:19:32 PM | Computer Name = D57T30C1 | Source = Windows Search Service | ID = 7040
Description = The search service has detected corrupted data files in the index.
 The service will attempt to automatically correct this problem by rebuilding the
 index.  Context: Windows Application, SystemIndex Catalog  Details:   0xc0041801 (0xc0041801)

 
Error - 9/27/2009 10:19:32 PM | Computer Name = D57T30C1 | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.TripoliIndexer> cannot be initialized.  Context:
 Windows Application, SystemIndex Catalog  Details:  The content index cannot be read.
   (0xc0041800) 
 
Error - 9/27/2009 10:19:32 PM | Computer Name = D57T30C1 | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized.  Context: Windows Application,
 SystemIndex Catalog  Details:  The content index cannot be read.   (0xc0041800) 
 
Error - 9/27/2009 10:19:33 PM | Computer Name = D57T30C1 | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized.  Context: Windows Application

Details:
	The
 content index cannot be read.   (0xc0041800) 
 
[ System Events ]
Error - 9/27/2009 10:19:19 PM | Computer Name = D57T30C1 | Source = SRTSP | ID = 524293
Description = Error loading Symantec real time Anti-Virus driver.
 
Error - 9/27/2009 10:19:26 PM | Computer Name = D57T30C1 | Source = UPS | ID = 2482
Description = The UPS service could not access the specified Comm Port.
 
Error - 9/27/2009 10:20:35 PM | Computer Name = D57T30C1 | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
 error:   %%2482
 
Error - 9/27/2009 10:20:35 PM | Computer Name = D57T30C1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   eeCtrl  SRTSP
 
Error - 9/27/2009 10:20:36 PM | Computer Name = D57T30C1 | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error 
2147749155 (0x80040D23).
 
Error - 9/27/2009 10:29:18 PM | Computer Name = D57T30C1 | Source = UPS | ID = 2482
Description = The UPS service could not access the specified Comm Port.
 
Error - 9/27/2009 10:29:23 PM | Computer Name = D57T30C1 | Source = SRTSP | ID = 524292
Description = Error loading virus definitions.
 
Error - 9/27/2009 10:29:23 PM | Computer Name = D57T30C1 | Source = SRTSP | ID = 524293
Description = Error loading Symantec real time Anti-Virus driver.
 
Error - 9/27/2009 10:30:32 PM | Computer Name = D57T30C1 | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
 error:   %%2482
 
Error - 9/27/2009 10:30:32 PM | Computer Name = D57T30C1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   eeCtrl  SRTSP
 
 
< End of report >

FYI, this evening I had to do a system restore, because a previously transient problem of a UPS shutdown as Windows loads became an always problem. (Previously I could stop it by unplugging to USB to my CyberPower UPS, but it started the shut downs even with the UPS unplugged!) Don't know if it is related. Earlier scans by MABM, SUPERAntiSpyWare, and Avast this afternoon were all clear, as they have been for the past week or more.

Thank you very much for your contiunued help!

Edited by LifeOnAString, 27 September 2009 - 09:42 PM.


#4 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 27 September 2009 - 10:31 PM

Hi LifeOnAString,

System Restore may explain the multiple instances of some Norton entries in the uninstall list. I take it since you are now using Avast that you are finished with Norton (Symantec)? If that the case we'll remove it at the same time as we remove the old versions of java.

Go to Add/Remove programs and uninstall the following,

J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 10
Java 2 Runtime Environment, SE v1.4.1_02
J2SE Runtime Environment 5.0 Update 11
Java™ SE Runtime Environment 6
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 4
Java™ 6 Update 7


LiveUpdate Notice (Symantec Corporation)
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Protection Center
Symantec Real Time Storage Protection Component


Do not uninstall Java™ 6 Update 16



Next, clear the java cache

To clear the Java Plug-in cache:
  • Click Start > Control Panel.
  • Double-click the Java icon in the control panel.
  • On the General tab, Click Settings under Temporary Internet Files.
  • On the Temporary Files Settings screen, Click Delete Files.
  • check all boxes
  • Click OK


Download the Norton Removal Tool from HERE and save it to your desktop.

Next Double click on Norton_Removal_Tool.exe to run the tool.

Follow the on-screen instructions.
Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.



Let's see if we can see anything with that key

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield
  • Do not copy the word CODE , please note the script starts with the :
    :reg
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Post back with the SystemLook results and how you made out with Norton.

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#5 LifeOnAString

LifeOnAString

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 28 September 2009 - 12:24 AM

These could be removed without any problem:
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java™ SE Runtime Environment 6
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 4
Java™ 6 Update 7


(This one I left: Java™ 6 Update 16)

This one gave a 'file not found' sort of error:
Java 2 Runtime Environment, SE v1.4.1_02
It persists on the program list after the Norton re-boot.

These did not appear on the program list:
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Protection Center
Symantec Real Time Storage Protection Component


This did appear, but gave an error when I tried to remove it:
LiveUpdate Notice (Symantec Corporation)
It disappeared after the Norton re-boot.

I gave up on Norton (my third time in my computer tenure) about a year ago. I used what appears to be the same removal tool. As I recall, I removed, or tried to remove many Norton programs after the "removal" tool. I had MANY residual problems, including it still being in my DOS prompt environment. (Finally changed that one manually to the Avast link.) BTW, I do lots of my daily work in DOS windows, including running PC-Write, and some programs I wrote in Turbo Pascal.


Here is what SystemLook said:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 02:17 on 28/09/2009 by CEO (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"


-=End Of File=-


Hope this is going something along the lines you expected. Thanks.

#6 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 28 September 2009 - 06:04 PM

Hi LifeOnAString,

Just wanted to tidy a few things up and see if we could at least access that key.

No seeing anything out of the ordinary, but we'll have a little deeper look.

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please post back with the combofix log.

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#7 LifeOnAString

LifeOnAString

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 28 September 2009 - 07:43 PM

That was different. I don't recall Combofix running on my laptop restarting Windows - twice. Here is the log file:

ComboFix 09-09-28.01 - CEO 09/28/2009 21:21.1.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.440 [GMT -4:00]
Running from: c:\documents and settings\CEO\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090928-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
(((((((((((((((((((((((((   Files Created from 2009-08-28 to 2009-09-29  )))))))))))))))))))))))))))))))
.

2009-09-28 02:17 . 2009-09-28 02:17	--------	d-----w-	c:\windows\system32\wbem\Repository
2009-09-28 02:07 . 2009-09-28 02:07	--------	d-----w-	c:\program files\iPod
2009-09-28 02:06 . 2009-09-29 01:26	--------	d-----w-	c:\program files\CyberPower PowerPanel Personal Edition
2009-09-28 01:39 . 2009-09-28 02:06	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Business Logic
2009-09-28 00:24 . 2009-09-28 02:07	--------	d-----w-	c:\program files\iPod(2)
2009-09-28 00:23 . 2009-09-28 00:25	--------	d-----w-	c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-25 20:34 . 2009-09-28 02:16	--------	d-----w-	C:\RFP
2009-09-24 08:33 . 2009-09-24 08:33	--------	d-----w-	c:\program files\JRE
2009-09-24 07:32 . 2009-09-24 07:32	--------	d-----w-	c:\program files\7-Zip
2009-09-23 18:01 . 2009-09-23 18:01	--------	d-----w-	c:\documents and settings\CEO\Application Data\webex
2009-09-22 16:42 . 2009-09-22 16:42	--------	d-----w-	c:\documents and settings\CEO\Application Data\Foxit
2009-09-22 16:42 . 2009-09-22 16:55	--------	d-----w-	c:\program files\Foxit Software
2009-09-22 15:22 . 2009-09-22 15:22	--------	d-----w-	c:\program files\Windows Defender
2009-09-21 19:37 . 2009-09-21 19:37	--------	d-----w-	c:\documents and settings\CEO\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-09-21 19:14 . 2009-09-22 20:02	--------	d-----w-	c:\documents and settings\All Users\Application Data\NOS
2009-09-09 19:14 . 2009-06-21 21:44	153088	------w-	c:\windows\system32\dllcache\triedit.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 01:26 . 2008-11-18 21:06	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2009-09-28 22:22 . 2006-12-27 20:28	--------	d-----w-	c:\program files\CompuPic
2009-09-28 15:15 . 2007-12-12 04:51	--------	d-----w-	c:\documents and settings\CEO\Application Data\Skype
2009-09-28 06:04 . 2007-11-20 05:58	--------	d-----w-	c:\documents and settings\All Users\Application Data\Symantec
2009-09-28 05:53 . 2006-10-24 00:55	--------	d-----w-	c:\program files\Java
2009-09-28 02:09 . 2008-06-12 20:19	--------	d-----w-	c:\program files\Safari
2009-09-28 02:08 . 2008-01-23 19:59	--------	d-----w-	c:\program files\QuickTime
2009-09-28 02:07 . 2008-01-23 20:01	--------	d-----w-	c:\program files\iTunes
2009-09-28 02:07 . 2007-08-11 20:32	--------	d-----w-	c:\program files\Common Files\Apple
2009-09-26 14:51 . 2006-10-24 01:00	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-09-24 08:39 . 2006-12-27 02:07	31608	----a-w-	c:\documents and settings\CEO\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-24 08:33 . 2009-02-01 07:48	--------	d-----w-	c:\program files\OpenOffice.org 3
2009-09-24 08:30 . 2008-11-28 00:06	411368	----a-w-	c:\windows\system32\deploytk.dll
2009-09-22 16:23 . 2006-12-27 06:05	--------	d-----w-	c:\program files\Common Files\Adobe
2009-09-21 21:01 . 2008-11-17 08:04	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-09-21 20:54 . 2008-11-17 11:52	--------	d-----w-	c:\program files\SUPERAntiSpyware
2009-09-21 20:52 . 2008-11-17 11:42	--------	d-----w-	c:\program files\SpywareBlaster
2009-09-10 18:54 . 2008-11-18 20:46	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-11-18 20:46	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-09-10 05:03 . 2009-03-22 19:15	118784	----a-w-	c:\windows\SeaMonkeyUninstall.exe
2009-09-10 05:03 . 2006-12-27 05:39	22246	----a-w-	c:\windows\mozver.dat
2009-09-10 05:02 . 2006-12-27 05:39	118784	----a-w-	c:\windows\GREUninstall.exe
2009-08-26 12:02 . 2007-12-12 04:54	--------	d-----w-	c:\documents and settings\CEO\Application Data\skypePM
2009-08-17 16:10 . 2008-11-23 01:31	1279456	----a-w-	c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-11-23 01:31	93392	----a-w-	c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-11-23 01:31	94160	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-11-23 01:31	114768	----a-w-	c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-11-23 01:31	20560	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-11-23 01:31	51376	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-11-23 01:31	23152	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-11-23 01:31	26944	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-11-23 01:31	97480	----a-w-	c:\windows\system32\AvastSS.scr
2009-08-05 09:01 . 2004-08-11 21:00	204800	----a-w-	c:\windows\system32\mswebdvd.dll
2009-08-04 23:12 . 2009-08-04 23:12	29072	---ha-w-	c:\windows\system32\mlfcache.dat
2009-08-04 23:12 . 2007-02-13 22:36	--------	d-----w-	c:\documents and settings\CEO\Application Data\Apple Computer
2009-08-03 19:07 . 2009-08-03 19:07	403816	----a-w-	c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07 . 2009-08-03 19:07	322928	----a-w-	c:\windows\system32\OGAAddin.dll
2009-08-03 19:07 . 2009-08-03 19:07	230768	----a-w-	c:\windows\system32\OGAEXEC.exe
2009-07-17 19:01 . 2004-08-11 21:00	58880	----a-w-	c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-11 21:00	286208	----a-w-	c:\windows\system32\wmpdxm.dll
.

(((((((((((((((((((((((((((((((((((((((((((((   AWF   ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-04 17:19 . 2006-12-27 08:40	54272	c:\bitware\NT\bak\bwprnmon.exe

2006-10-24 00:41 . 2006-05-01 12:07	843776	c:\program files\Analog Devices\Core\bak\smax4pnp.exe

2006-10-24 01:01 . 2005-08-11 19:30	81920	c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe
2004-07-27 20:50 . 2004-07-27 20:50	81920	c:\program files\Common Files\InstallShield\UpdateService\issch.exe

2006-10-24 01:01 . 2005-08-11 19:30	249856	c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe
2004-07-27 20:50 . 2004-07-27 20:50	221184	c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

2007-01-06 00:53 . 2008-01-27 20:31	185896	c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

2006-10-24 01:01 . 2005-12-10 00:29	49152	c:\program files\CyberLink\PowerDVD\bak\DVDLauncher.exe

2008-01-15 08:22 . 2008-01-15 08:22	267048	c:\program files\iTunes\bak\iTunesHelper.exe
2009-07-13 18:03 . 2009-07-13 18:03	292128	c:\program files\iTunes\iTunesHelper.exe

2007-10-30 13:48 . 2007-09-25 05:11	132496	c:\program files\Java\jre1.6.0_03\bin\bak\jusched.exe

2008-01-10 20:27 . 2008-01-10 20:27	385024	c:\program files\QuickTime\bak\qttask.exe
2009-05-26 21:18 . 2009-05-26 21:18	413696	c:\program files\QuickTime\QTTask.exe

2006-12-27 10:16 . 2002-09-16 20:32	94208	c:\program files\Virtual CD v4\System\bak\VCDPlay.exe
2008-11-19 23:01 . 2002-09-16 20:32	94208	c:\program files\Virtual CD v4\System\VCDPlay.exe

2006-10-24 00:41 . 2006-07-21 20:50	86016	c:\windows\system32\bak\hkcmd.exe

2006-10-24 00:41 . 2006-07-21 20:47	81920	c:\windows\system32\bak\igfxpers.exe

2006-10-24 00:41 . 2006-07-21 20:48	98304	c:\windows\system32\bak\igfxtray.exe

2007-01-22 01:08 . 2005-09-08 10:20	122940	c:\windows\system32\DLA\bak\DLACTRLW.EXE

2008-11-04 17:10 . 2006-12-27 08:40	54272	d:\backup directories\BITWARE\NT\bak\bwprnmon.exe

.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2007-12-07 315392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-16 39408]
"SeaMonkey Quick Launch"="c:\program files\mozilla.org\SeaMonkey\SeaMonkey.exe" [2009-08-25 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2008-10-20 2303216]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-24 149280]

c:\documents and settings\CEO\Start Menu\Programs\Startup\
Quick Start program.lnk - c:\program files\Virtual CD v4\System\VCDTray.exe [2006-12-27 98304]
Setting.lnk - c:\windows\system32\DellPM.exe [2006-10-23 2277376]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-21 20:54	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymAppCore"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"ISPwdSvc"=3 (0x3)
"iPod Service"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/22/2008 9:31 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/3/2008 3:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 3:07 PM 74480]
R1 vcdmpdrv;vcdmpdrv;c:\windows\system32\drivers\vcdmpdrv.sys [12/27/2006 6:16 AM 49296]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/17/2006 5:25 PM 65536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/22/2008 9:31 PM 20560]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [6/8/2007 10:27 PM 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [6/8/2007 10:27 PM 14336]
S3 mamotou;mamotou;c:\windows\system32\drivers\mamotou.sys [12/27/2006 7:54 AM 49399]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [6/10/2007 2:29 AM 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [8/11/2004 5:00 PM 5120]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 3:07 PM 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-09-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-09-29 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.quicken.com/investments/portfolio/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: Photobucket Publisher - hxxp://s218.photobucket.com/csve/ie_plugin.php
DPF: {B82FA17C-F3A9-11D2-B5DD-0050041B7FF6} - hxxps://secureshares.wrallp.com/desktopmodules/wrallp.FileManager/SAXFile.cab
DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://www.photoworks.com/pixami/DragDropUploader.cab
FF - ProfilePath - c:\documents and settings\CEO\Application Data\Mozilla\Firefox\Profiles\ca4mkm2h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.quicken.com/investments/portfolio/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Java Web Start - c:\program files\Java\jre1.5.0_10\bin\uninst-javaws.exe
AddRemove-RadialpointClientGateway_is1 - c:\program files\Verizon\VSP\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-28 21:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  


c:\windows\TEMP\aswUpdSum.ini
c:\windows\TEMP\TMP0000000C42AB82AC21B52761

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1324)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\pmxscrll.dll
c:\windows\system32\PMXCOMM.dll
c:\windows\system32\PMXHOOKS.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Virtual CD v4\System\VCDPlay.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\windows\system32\pmxmiced.exe
c:\program files\Virtual CD v4\System\VCDSecS.exe
c:\windows\system32\searchindexer.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-09-29 21:30 - machine was rebooted
ComboFix-quarantined-files.txt  2009-09-29 01:30

Pre-Run: 3,975,086,080 bytes free
Post-Run: 4,507,144,192 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

274	--- E O F ---	2009-09-28 23:36


#8 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 29 September 2009 - 08:09 PM

Hi LifeOnAString


Sorry for the delay. You had a few serious infections in the past. Your antivirus or similar program dealt with the infected files, but it took awhile to sort through the mess left behind.

I don't really see a malware issue preventing you from installing Adobe Reader.

We'll use combofix again, but run it differently.

Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

File::

AWF::
c:\bitware\NT\bak\bwprnmon.exe
c:\program files\Analog Devices\Core\bak\smax4pnp.exe
c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
c:\program files\CyberLink\PowerDVD\bak\DVDLauncher.exe
c:\windows\system32\bak\hkcmd.exe
c:\windows\system32\bak\igfxpers.exe
c:\windows\system32\bak\igfxtray.exe
c:\windows\system32\DLA\bak\DLACTRLW.EXE
d:\backup directories\BITWARE\NT\bak\bwprnmon.exe

Folder::
c:\program files\Java\jre1.6.0_03\bin\bak
c:\program files\Common Files\InstallShield\UpdateService\bak
c:\program files\iTunes\bak
c:\program files\QuickTime\bak
c:\program files\Virtual CD v4\System\bak

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Posted Image

Please post back with the combofix log.

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#9 LifeOnAString

LifeOnAString

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 30 September 2009 - 06:45 AM

Here is the Combofix log:

ComboFix 09-09-28.01 - CEO 09/30/2009  2:48.2.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.480 [GMT -4:00]
Running from: c:\documents and settings\CEO\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\CEO\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090929-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\InstallShield\UpdateService\bak
c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe
c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe
c:\program files\iTunes\bak
c:\program files\iTunes\bak\iTunesHelper.exe
c:\program files\Java\jre1.6.0_03\bin\bak
c:\program files\Java\jre1.6.0_03\bin\bak\jusched.exe
c:\program files\QuickTime\bak
c:\program files\QuickTime\bak\qttask.exe
c:\program files\Virtual CD v4\System\bak
c:\program files\Virtual CD v4\System\bak\VCDPlay.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
(((((((((((((((((((((((((   Files Created from 2009-08-28 to 2009-09-30  )))))))))))))))))))))))))))))))
.

2009-09-28 02:17 . 2009-09-28 02:17	--------	d-----w-	c:\windows\system32\wbem\Repository
2009-09-28 02:07 . 2009-09-28 02:07	--------	d-----w-	c:\program files\iPod
2009-09-28 02:06 . 2009-09-30 06:53	--------	d-----w-	c:\program files\CyberPower PowerPanel Personal Edition
2009-09-28 01:39 . 2009-09-28 02:06	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Business Logic
2009-09-28 00:24 . 2009-09-28 02:07	--------	d-----w-	c:\program files\iPod(2)
2009-09-28 00:23 . 2009-09-28 00:25	--------	d-----w-	c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-25 20:34 . 2009-09-28 02:16	--------	d-----w-	C:\RFP
2009-09-24 08:33 . 2009-09-24 08:33	--------	d-----w-	c:\program files\JRE
2009-09-24 07:32 . 2009-09-24 07:32	--------	d-----w-	c:\program files\7-Zip
2009-09-23 18:01 . 2009-09-23 18:01	--------	d-----w-	c:\documents and settings\CEO\Application Data\webex
2009-09-22 16:42 . 2009-09-22 16:42	--------	d-----w-	c:\documents and settings\CEO\Application Data\Foxit
2009-09-22 16:42 . 2009-09-22 16:55	--------	d-----w-	c:\program files\Foxit Software
2009-09-22 15:22 . 2009-09-22 15:22	--------	d-----w-	c:\program files\Windows Defender
2009-09-21 19:37 . 2009-09-21 19:37	--------	d-----w-	c:\documents and settings\CEO\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-09-21 19:14 . 2009-09-22 20:02	--------	d-----w-	c:\documents and settings\All Users\Application Data\NOS
2009-09-09 19:14 . 2009-06-21 21:44	153088	------w-	c:\windows\system32\dllcache\triedit.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-30 06:53 . 2008-11-18 21:06	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2009-09-30 06:51 . 2008-01-23 19:59	--------	d-----w-	c:\program files\QuickTime
2009-09-29 17:49 . 2006-12-27 20:28	--------	d-----w-	c:\program files\CompuPic
2009-09-28 15:15 . 2007-12-12 04:51	--------	d-----w-	c:\documents and settings\CEO\Application Data\Skype
2009-09-28 06:04 . 2007-11-20 05:58	--------	d-----w-	c:\documents and settings\All Users\Application Data\Symantec
2009-09-28 05:53 . 2006-10-24 00:55	--------	d-----w-	c:\program files\Java
2009-09-28 02:09 . 2008-06-12 20:19	--------	d-----w-	c:\program files\Safari
2009-09-28 02:07 . 2008-01-23 20:01	--------	d-----w-	c:\program files\iTunes
2009-09-28 02:07 . 2007-08-11 20:32	--------	d-----w-	c:\program files\Common Files\Apple
2009-09-26 14:51 . 2006-10-24 01:00	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-09-24 08:39 . 2006-12-27 02:07	31608	----a-w-	c:\documents and settings\CEO\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-24 08:33 . 2009-02-01 07:48	--------	d-----w-	c:\program files\OpenOffice.org 3
2009-09-24 08:30 . 2008-11-28 00:06	411368	----a-w-	c:\windows\system32\deploytk.dll
2009-09-22 16:23 . 2006-12-27 06:05	--------	d-----w-	c:\program files\Common Files\Adobe
2009-09-21 21:01 . 2008-11-17 08:04	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-09-21 20:54 . 2008-11-17 11:52	--------	d-----w-	c:\program files\SUPERAntiSpyware
2009-09-21 20:52 . 2008-11-17 11:42	--------	d-----w-	c:\program files\SpywareBlaster
2009-09-10 18:54 . 2008-11-18 20:46	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-11-18 20:46	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-09-10 05:03 . 2009-03-22 19:15	118784	----a-w-	c:\windows\SeaMonkeyUninstall.exe
2009-09-10 05:03 . 2006-12-27 05:39	22246	----a-w-	c:\windows\mozver.dat
2009-09-10 05:02 . 2006-12-27 05:39	118784	----a-w-	c:\windows\GREUninstall.exe
2009-08-26 12:02 . 2007-12-12 04:54	--------	d-----w-	c:\documents and settings\CEO\Application Data\skypePM
2009-08-17 16:10 . 2008-11-23 01:31	1279456	----a-w-	c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-11-23 01:31	93392	----a-w-	c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-11-23 01:31	94160	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-11-23 01:31	114768	----a-w-	c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-11-23 01:31	20560	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-11-23 01:31	51376	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-11-23 01:31	23152	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-11-23 01:31	26944	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-11-23 01:31	97480	----a-w-	c:\windows\system32\AvastSS.scr
2009-08-05 09:01 . 2004-08-11 21:00	204800	----a-w-	c:\windows\system32\mswebdvd.dll
2009-08-04 23:12 . 2009-08-04 23:12	29072	---ha-w-	c:\windows\system32\mlfcache.dat
2009-08-04 23:12 . 2007-02-13 22:36	--------	d-----w-	c:\documents and settings\CEO\Application Data\Apple Computer
2009-08-03 19:07 . 2009-08-03 19:07	403816	----a-w-	c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07 . 2009-08-03 19:07	322928	----a-w-	c:\windows\system32\OGAAddin.dll
2009-08-03 19:07 . 2009-08-03 19:07	230768	----a-w-	c:\windows\system32\OGAEXEC.exe
2009-07-17 19:01 . 2004-08-11 21:00	58880	----a-w-	c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-11 21:00	286208	----a-w-	c:\windows\system32\wmpdxm.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-09-29_01.26.21   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-30 06:53 . 2009-09-30 06:53	16384			  c:\windows\Temp\Perflib_Perfdata_658.dat
+ 2006-10-24 00:41 . 2006-07-21 20:48	98304			  c:\windows\system32\igfxtray.exe
+ 2006-10-24 00:41 . 2006-07-21 20:47	81920			  c:\windows\system32\igfxpers.exe
+ 2006-10-24 00:41 . 2006-07-21 20:50	86016			  c:\windows\system32\hkcmd.exe
+ 2007-01-22 01:08 . 2005-09-08 10:20	122940			  c:\windows\system32\DLA\DLACTRLW.EXE
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2007-12-07 315392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-16 39408]
"SeaMonkey Quick Launch"="c:\program files\mozilla.org\SeaMonkey\SeaMonkey.exe" [2009-08-25 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2008-10-20 2303216]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-24 149280]

c:\documents and settings\CEO\Start Menu\Programs\Startup\
Quick Start program.lnk - c:\program files\Virtual CD v4\System\VCDTray.exe [2006-12-27 98304]
Setting.lnk - c:\windows\system32\DellPM.exe [2006-10-23 2277376]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-21 20:54	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymAppCore"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"ISPwdSvc"=3 (0x3)
"iPod Service"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/22/2008 9:31 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/3/2008 3:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 3:07 PM 74480]
R1 vcdmpdrv;vcdmpdrv;c:\windows\system32\drivers\vcdmpdrv.sys [12/27/2006 6:16 AM 49296]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/17/2006 5:25 PM 65536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/22/2008 9:31 PM 20560]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [6/8/2007 10:27 PM 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [6/8/2007 10:27 PM 14336]
S3 mamotou;mamotou;c:\windows\system32\drivers\mamotou.sys [12/27/2006 7:54 AM 49399]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [6/10/2007 2:29 AM 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [8/11/2004 5:00 PM 5120]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 3:07 PM 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-09-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-09-30 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.quicken.com/investments/portfolio/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: Photobucket Publisher - hxxp://s218.photobucket.com/csve/ie_plugin.php
DPF: {B82FA17C-F3A9-11D2-B5DD-0050041B7FF6} - hxxps://secureshares.wrallp.com/desktopmodules/wrallp.FileManager/SAXFile.cab
DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://www.photoworks.com/pixami/DragDropUploader.cab
FF - ProfilePath - c:\documents and settings\CEO\Application Data\Mozilla\Firefox\Profiles\ca4mkm2h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.quicken.com/investments/portfolio/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-30 02:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3680)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\pmxscrll.dll
c:\windows\system32\PMXCOMM.dll
c:\windows\system32\PMXHOOKS.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Virtual CD v4\System\VCDPlay.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\windows\system32\pmxmiced.exe
c:\program files\Virtual CD v4\System\VCDSecS.exe
c:\windows\system32\searchindexer.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-09-30  2:57 - machine was rebooted
ComboFix-quarantined-files.txt  2009-09-30 06:57
ComboFix2.txt  2009-09-29 01:30

Pre-Run: 4,475,453,440 bytes free
Post-Run: 4,450,381,824 bytes free

240	--- E O F ---	2009-09-28 23:36


#10 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 30 September 2009 - 11:46 PM

Hi LifeOnAString,

That cleaned that up. We'll run an online scan and see if anything rmains.



*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.




Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions.
  • You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computerr under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Change the Files of type to Text file (.txt)
  • Set the Save In to Desktop
  • click the Save button.
  • Please post this log in your next reply along with a new OTL log.
You will only get the OTL.txt this time.

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

    Advertisements

Register to Remove


#11 LifeOnAString

LifeOnAString

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 01 October 2009 - 09:19 AM

Here is what Kaspersky said:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
 Thursday, October 1, 2009
 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
 Kaspersky Online Scanner version: 7.0.26.13
 Last database update: Thursday, October 01, 2009 16:22:56
 Records in database: 2938476
--------------------------------------------------------------------------------

Scan settings:
	scan using the following database: extended
	Scan archives: yes
	Scan e-mail databases: yes

Scan area - My Computer:
	A:\
	C:\
	D:\
	E:\
	F:\
	G:\
	H:\
	I:\
	J:\
	K:\
	L:\
	O:\
	P:\
	R:\
	S:\
	T:\
	U:\
	V:\

Scan statistics:
	Objects scanned: 169549
	Threats found: 4
	Infected objects found: 4
	Suspicious objects found: 5
	Scan duration: 02:36:54


File name / Threat / Threats count
C:\Documents and Settings\CEO\Application Data\Mozilla\Profiles\default\pg00wfqf.slt\Mail\incoming.verizon.net\INTERNET	Suspicious: Trojan-Spy.HTML.Fraud.gen	1
C:\Documents and Settings\CEO\Application Data\Mozilla\Profiles\default\pg00wfqf.slt\Mail\incoming.verizon.net\PERSONAL.sbd\FAMILY	Suspicious: Exploit.HTML.Iframe.FileDownload	1
C:\Documents and Settings\CEO\Application Data\Mozilla\Profiles\default\pg00wfqf.slt\Mail\incoming.verizon.net\PERSONAL.sbd\JOKES	Infected: Hoax.Win16.BadJoke.Stupid.a	1
D:\Mail Backup\pg00wfqf.slt\Mail\incoming.verizon.net\Inbox	Infected: Backdoor.Win32.VB.jic	2
D:\Mail Backup\pg00wfqf.slt\Mail\incoming.verizon.net\INBOX.sbd\GarrisonLull	Suspicious: Trojan-Spy.HTML.Fraud.gen	1
D:\Mail Backup\pg00wfqf.slt\Mail\incoming.verizon.net\INTERNET	Suspicious: Trojan-Spy.HTML.Fraud.gen	1
D:\Mail Backup\pg00wfqf.slt\Mail\incoming.verizon.net\PERSONAL.sbd\FAMILY	Suspicious: Exploit.HTML.Iframe.FileDownload	1
D:\Mail Backup\pg00wfqf.slt\Mail\incoming.verizon.net\PERSONAL.sbd\JOKES	Infected: Hoax.Win16.BadJoke.Stupid.a	1

Selected area has been scanned.

Looks like just some old emails that have it worried.

Should I run OTL with the same settings as last time?

Edited by LifeOnAString, 01 October 2009 - 05:04 PM.


#12 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 01 October 2009 - 06:13 PM

Hi LifeOnAString, Yep, just some old mail. You may want to consider cleaning out what you don't need. Run OTL the same way, just uncheck Purity and Lop. It will make for a shorter log. Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#13 LifeOnAString

LifeOnAString

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 01 October 2009 - 10:06 PM

Here is the OTL log:

OTL logfile created on: 10/2/2009 12:16:54 AM - Run 3
OTL by OldTimer - Version 3.0.17.0	 Folder = C:\Documents and Settings\CEO\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1013.54 Mb Total Physical Memory | 569.76 Mb Available Physical Memory | 56.22% Memory free
2.38 Gb Paging File | 1.95 Gb Available in Paging File | 81.62% Paging File free
Paging file location(s): D:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.01 Gb Total Space | 3.98 Gb Free Space | 9.95% Space Free | Partition Type: NTFS
Drive D: | 149.01 Gb Total Space | 39.29 Gb Free Space | 26.37% Space Free | Partition Type: NTFS
Drive E: | 399.80 Mb Total Space | 295.69 Mb Free Space | 73.96% Space Free | Partition Type: FAT
Drive F: | 439.01 Mb Total Space | 295.13 Mb Free Space | 67.23% Space Free | Partition Type: FAT
Drive G: | 423.33 Mb Total Space | 225.55 Mb Free Space | 53.28% Space Free | Partition Type: FAT
Drive H: | 509.58 Mb Total Space | 118.41 Mb Free Space | 23.24% Space Free | Partition Type: FAT
Drive I: | 305.73 Mb Total Space | 201.70 Mb Free Space | 65.97% Space Free | Partition Type: FAT
Drive J: | 305.73 Mb Total Space | 302.41 Mb Free Space | 98.92% Space Free | Partition Type: FAT
Drive K: | 666.55 Mb Total Space | 319.81 Mb Free Space | 47.98% Space Free | Partition Type: FAT
Drive L: | 105.98 Gb Total Space | 73.47 Gb Free Space | 69.32% Space Free | Partition Type: NTFS
Drive S: | 1.87 Gb Total Space | 1.29 Gb Free Space | 68.93% Space Free | Partition Type: FAT32
Drive T: | 432.93 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive U: | 472.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: D57T30C1
Current User Name: CEO
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe ()
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe (mozilla.org)
PRC - C:\Program Files\Virtual CD v4\System\VCDTray.exe (H+H Software GmbH)
PRC - C:\WINDOWS\System32\pmxmiced.exe (Primax Electronics Ltd.)
PRC - C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Virtual CD v4\system\VCDPlay.exe (H+H Software GmbH)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe ()
PRC - C:\Program Files\Virtual CD v4\System\vcdsecs.exe (H+H Software GmbH)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Documents and Settings\CEO\Desktop\OTL.exe (OldTimer Tools)
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ASFIPmon [Auto | Running]) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CCALib8 [Auto | Running]) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ppped [Auto | Running]) -- C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe ()
SRV - (RPSUpdaterR [On_Demand | Stopped]) --  File not found
SRV - (VCDSecS [Auto | Running]) -- C:\Program Files\Virtual CD v4\System\vcdsecs.exe (H+H Software GmbH)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (ADIHdAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (BASFND [Auto | Running]) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLADResN [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLARTL_N [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (DSproct [On_Demand | Stopped]) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows (R) Server 2003 DDK provider)
DRV - (HidBatt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys (Intel Corporation)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\LVPr2Mon.sys ()
DRV - (LVRS [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\lvrs.sys (Logitech Inc.)
DRV - (LVUSBSta [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (mamotou [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mamotou.sys (Mobile Action Technology Inc.)
DRV - (MaRdPnp [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\MaRdP2K.sys (Mobile Action Technology Inc.)
DRV - (MaVctrl [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\MaVc2K.sys (Mobile Action Technology Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\mf.sys (Microsoft Corporation)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (motccgpfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\motccgpfl.sys (Motorola)
DRV - (motmodem [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\motmodem.sys (Motorola)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (pepifilter [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\lv302af.sys (Logitech Inc.)
DRV - (PID_PEPI [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LV302V32.SYS (Logitech Inc.)
DRV - (pmxmouse [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\pmxmouse.sys (Primax Electronics Ltd.)
DRV - (pmxusblf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\pmxusblf.sys (Primax Electronics Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SenFiltService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Senfilt.sys (Sensaura)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usbser [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usbser.sys (Microsoft Corporation)
DRV - (usbsermpt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usbsermpt.sys (Microsoft Corporation)
DRV - (vcdmpdrv [System | Running]) -- C:\WINDOWS\System32\DRIVERS\vcdmpdrv.sys (H+H Software GmbH)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061023
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061023
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.quicken.com/investments/portfolio/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://www.quicken.com/investments/portfolio/"
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/01/27 16:31:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/12 23:29:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/09/24 04:30:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/28 22:20:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/27 22:08:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.18\Extensions\\Components: C:\Program Files\mozilla.org\SeaMonkey\Components [2009/09/27 20:36:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.18\Extensions\\Plugins: C:\Program Files\mozilla.org\SeaMonkey\Plugins [2009/09/27 22:08:54 | 00,000,000 | ---D | M]
 
[2008/07/10 04:20:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\mozilla\Extensions
[2008/07/10 04:20:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/01 10:43:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\mozilla\Firefox\Profiles\ca4mkm2h.default\extensions
[2009/07/13 00:33:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\mozilla\Firefox\Profiles\ca4mkm2h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/08 01:14:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CEO\Application Data\mozilla\Firefox\Profiles\ca4mkm2h.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/10/01 10:43:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/01/05 20:53:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/09/22 15:55:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/11/27 20:06:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/03/13 16:47:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/07 09:09:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/09 17:30:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/09/24 04:30:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/09/22 15:55:12 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/22 15:55:13 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/06/18 02:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/09/24 04:30:15 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/10/01 14:38:54 | 00,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2009/09/22 15:55:15 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/01/27 16:31:38 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/06/04 19:53:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/04 19:53:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/04 19:53:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/04 19:53:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/04 19:53:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/04 19:53:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/04 19:53:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/01/27 16:31:53 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/01/27 16:31:29 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/08/28 16:59:19 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/28 16:59:19 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/28 16:59:19 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/28 16:59:19 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/28 16:59:19 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/28 16:59:19 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/28 16:59:19 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
 
O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1	   localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe ()
O4 - HKCU..\Run: [SeaMonkey Quick Launch] C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe (mozilla.org)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\CEO\Start Menu\Programs\Startup\Quick Start program.lnk = C:\Program Files\Virtual CD v4\System\VCDTray.exe (H+H Software GmbH)
O4 - Startup: C:\Documents and Settings\CEO\Start Menu\Programs\Startup\Setting.lnk = C:\WINDOWS\System32\DellPM.exe (Primax Electronics Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader2.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227308689890 (MUWebControl Class)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://cid-cffff04cb76d019a.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} http://200.9.36.138:82/wg_webeye.cab (Web Camera Server Control)
O16 - DPF: {B82FA17C-F3A9-11D2-B5DD-0050041B7FF6} https://secureshares.wrallp.com/desktopmodules/wrallp.FileManager/SAXFile.cab (SAXFile FileDownload ActiveX Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} http://www.photoworks.com/pixami/DragDropUploader.cab (Pixami Drag/Drop Upload UI Control)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5216/mcfscan.cab (McFreeScan Class)
O16 - DPF: Photobucket Publisher http://s218.photobucket.com/csve/ie_plugin.php (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.250.0.12 68.237.161.12
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter:  - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/CEO/LOCALS~1/Temp/msoclip1/01/clip_image002.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/27 04:40:22 | 00,000,018 | ---- | M] () - C:\autoexe2.bit -- [ NTFS ]
O32 - AutoRun File - [2007/06/28 15:09:02 | 00,000,293 | ---- | M] () - C:\AutoExec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/08/11 17:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BIT -- [ NTFS ]
O32 - AutoRun File - [1999/04/01 00:49:54 | 00,001,724 | R--- | M] () - T:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2009/10/01 23:59:16 | 00,519,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\CEO\Desktop\OTL.exe
[2009/10/01 18:35:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CEO\Application Data\Foxit Software
[2009/10/01 14:39:42 | 00,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2009/10/01 10:44:08 | 05,309,896 | ---- | C] (Foxit Software) -- C:\Documents and Settings\CEO\Desktop\FoxitReader31_enu_Setup.exe
[2009/09/30 22:58:45 | 00,000,679 | ---- | C] () -- C:\Documents and Settings\CEO\Desktop\LifeOnAString - Viewing Profile.url
[2009/09/30 22:10:22 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/09/29 13:48:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CEO\Desktop\Hvd Law School Langdell Hall
[2009/09/28 21:20:04 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/09/28 21:20:01 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/09/28 21:19:56 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/09/28 21:18:56 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/09/28 21:18:56 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/09/28 21:18:56 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/09/28 21:18:56 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/09/28 21:18:56 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/09/28 21:18:56 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/09/28 21:18:56 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/09/28 21:18:56 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/09/28 21:18:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/28 21:18:29 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/09/28 21:16:24 | 03,323,047 | R--- | C] () -- C:\Documents and Settings\CEO\Desktop\ComboFix.exe
[2009/09/27 22:27:43 | 00,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2009/09/27 22:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2009/09/27 22:19:06 | 10,628,46464 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/27 22:07:44 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/09/27 22:06:07 | 00,000,000 | ---D | C] -- C:\Program Files\CyberPower PowerPanel Personal Edition
[2009/09/27 21:06:40 | 00,000,092 | ---- | C] () -- C:\Documents and Settings\CEO\Desktop\Software CyberPower Systems, Inc..URL
[2009/09/27 20:35:02 | 00,004,299 | ---- | C] () -- C:\Documents and Settings\CEO\Desktop\Kaspersky.html
[2009/09/27 20:24:05 | 00,000,000 | ---D | C] -- C:\Program Files\iPod(2)
[2009/09/27 20:23:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/25 16:34:14 | 00,000,000 | ---D | C] -- C:\RFP
[2009/09/24 04:33:41 | 00,000,000 | ---D | C] -- C:\Program Files\JRE
[2009/09/24 04:30:26 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/09/24 03:32:05 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2009/09/23 14:01:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CEO\Application Data\webex
[2009/09/23 14:01:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CEO\My Documents\WebEx
[2009/09/22 23:51:39 | 00,004,166 | ---- | C] () -- C:\Documents and Settings\CEO\Desktop\DVDs.rtf
[2009/09/22 12:42:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CEO\Application Data\Foxit
[2009/09/22 12:42:19 | 00,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2009/09/22 11:25:55 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/09/22 11:22:50 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/09/22 03:17:56 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\CEO\Desktop\RootRepeal.exe
[2009/09/21 16:38:30 | 00,001,787 | ---- | C] () -- C:\Windows Search.lnk
[2009/09/21 15:37:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CEO\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/21 15:14:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/09/09 15:14:06 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/09/05 01:54:48 | 00,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009/09/05 01:54:48 | 00,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/02 15:12:48 | 00,000,025 | ---- | C] () -- C:\WINDOWS\BMPLUS.ini
[2009/05/26 23:11:36 | 00,000,115 | ---- | C] () -- C:\WINDOWS\SLIDES.INI
[2009/05/08 10:13:04 | 00,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 16:00:12 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/02/11 07:12:14 | 00,000,281 | ---- | C] () -- C:\WINDOWS\abc.INI
[2008/08/19 22:09:52 | 00,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/10 00:32:29 | 00,000,120 | ---- | C] () -- C:\WINDOWS\PbkUser.INI
[2007/05/28 22:03:18 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2007/04/13 21:33:06 | 00,000,058 | ---- | C] () -- C:\WINDOWS\DRAGDR~1.INI
[2007/01/17 10:23:14 | 00,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2007/01/08 19:19:00 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/12/28 23:05:15 | 00,000,064 | ---- | C] () -- C:\WINDOWS\PSYCALC.INI
[2006/12/28 23:03:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/12/28 12:03:37 | 00,000,026 | ---- | C] () -- C:\WINDOWS\APW.INI
[2006/12/27 11:18:25 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/12/27 08:55:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\EngineExe.INI
[2006/12/27 08:30:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2006/12/27 08:07:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2006/12/27 08:02:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\AlbumExe.INI
[2006/12/27 08:01:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PhoneBkExe.INI
[2006/12/27 06:46:08 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/27 06:46:08 | 00,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/12/27 05:22:32 | 00,000,165 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/12/26 22:13:19 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/10/23 21:04:42 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/23 21:02:33 | 00,000,284 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/23 21:01:02 | 00,131,002 | ---- | C] () -- C:\WINDOWS\System32\DellPM.ini
[2006/10/23 20:41:39 | 00,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2006/10/23 20:41:39 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2006/10/23 20:40:47 | 00,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/18 14:47:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 17:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:00:37 | 00,001,508 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 17:00:35 | 00,000,239 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/02/12 22:43:02 | 00,000,309 | ---- | C] () -- C:\WINDOWS\LProST.ini
[2002/01/20 14:04:28 | 00,667,648 | ---- | C] () -- C:\WINDOWS\System32\Dtwain32.dll
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2009/10/02 00:13:40 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/02 00:10:59 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/02 00:10:43 | 00,131,002 | ---- | M] () -- C:\WINDOWS\System32\DellPM.ini
[2009/10/02 00:10:43 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2009/10/02 00:10:41 | 00,000,626 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SharedProperties.xml
[2009/10/02 00:10:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/02 00:10:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/02 00:10:34 | 10,628,46464 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/02 00:08:09 | 00,000,518 | ---- | M] () -- C:\Documents and Settings\CEO\Application Data\EventStore.xml
[2009/10/02 00:08:09 | 00,000,475 | ---- | M] () -- C:\Documents and Settings\CEO\Application Data\CampaignStore.xml
[2009/10/02 00:08:09 | 00,000,471 | ---- | M] () -- C:\Documents and Settings\CEO\Application Data\UpdateStore.xml
[2009/10/02 00:08:09 | 00,000,376 | ---- | M] () -- C:\Documents and Settings\CEO\Application Data\SoftwarePackageStore.xml
[2009/10/02 00:08:09 | 00,000,376 | ---- | M] () -- C:\Documents and Settings\CEO\Application Data\ConfigurationStore.xml
[2009/10/02 00:03:41 | 00,000,679 | ---- | M] () -- C:\Documents and Settings\CEO\Desktop\LifeOnAString - Viewing Profile.url
[2009/10/01 23:59:20 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CEO\Desktop\OTL.exe
[2009/10/01 14:39:42 | 00,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2009/10/01 10:44:09 | 05,309,896 | ---- | M] (Foxit Software) -- C:\Documents and Settings\CEO\Desktop\FoxitReader31_enu_Setup.exe
[2009/09/30 02:54:11 | 00,000,239 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/30 02:53:40 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/09/29 10:56:30 | 00,080,896 | ---- | M] () -- C:\Documents and Settings\CEO\My Documents\DVDs.xls
[2009/09/28 21:20:04 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/09/28 21:16:36 | 03,323,047 | R--- | M] () -- C:\Documents and Settings\CEO\Desktop\ComboFix.exe
[2009/09/28 11:04:00 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/09/27 21:06:40 | 00,000,092 | ---- | M] () -- C:\Documents and Settings\CEO\Desktop\Software CyberPower Systems, Inc..URL
[2009/09/27 20:35:02 | 00,004,299 | ---- | M] () -- C:\Documents and Settings\CEO\Desktop\Kaspersky.html
[2009/09/27 19:51:55 | 00,002,628 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/09/24 04:39:54 | 00,031,608 | ---- | M] () -- C:\Documents and Settings\CEO\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/24 04:39:46 | 00,169,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/24 04:30:14 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/09/24 04:30:14 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/09/24 04:30:14 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/09/24 04:30:14 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/09/24 04:30:14 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/09/22 23:57:34 | 00,004,166 | ---- | M] () -- C:\Documents and Settings\CEO\Desktop\DVDs.rtf
[2009/09/22 12:32:37 | 00,463,840 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/22 12:32:37 | 00,078,990 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/09/22 03:17:56 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\CEO\Desktop\RootRepeal.exe
[2009/09/17 00:32:36 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\CEO\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/10 14:27:18 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/10 01:03:02 | 00,118,784 | ---- | M] () -- C:\WINDOWS\SeaMonkeyUninstall.exe
[2009/09/10 01:03:02 | 00,022,246 | ---- | M] () -- C:\WINDOWS\mozver.dat
[2009/09/10 01:02:59 | 00,001,508 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/10 01:02:45 | 00,118,784 | ---- | M] () -- C:\WINDOWS\GREUninstall.exe
[2009/09/05 01:54:48 | 00,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009/09/05 01:54:48 | 00,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

Any other cleanups?

Are we ready to try the Adobe install?

Thanks.

Edited by LifeOnAString, 01 October 2009 - 10:24 PM.


#14 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 02 October 2009 - 07:05 AM

Hi LiveOnAString,

Clean up the tools and see if you can install Abobe. I see no malware issues that should prevent you from installing it.

Before trying to install it, I suggest you try Adobe's Solution #2 again. To backup your registry, use this program.

Back up your registry with ERUNT
  • Download ERUNT from Here and save it to your desktop.
  • Double click erunt-setup.exe to install the program
  • Follow the prompts, and then uncheck Create NTREGOPT desktop icon at the Additional Tasks screen.
  • Click No when you are prompted about creating an ERUNT entry in the startup folder.
  • At the next screen, uncheck Show documentation and check Launch ERUNT
  • If ERUNT doesn't start by itself, launch it from the desktop shortcut.
  • At the configuration screen, make sure all 3 checkboxes are checked
  • Click Ok to run the backup process

From your desktop, please delete
  • , if present
  • any notepads/logs that we created

Next

Click the Start button, click Run. Copy and paste the following line into the run box and click OK
Combofix /u

Next

Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.

Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Just add a firewall.

* If you are behind a router Windows firewall should be fine. Otherwise a 3rd party firewall with outbound monitoring is recommended.

Click FIREWALL for tips, reviews and links to good, free and paid for firewalls. (Note: Zone Alarm is becoming bloatware)

You should also use Spyware Blaster to help immunize your computer.

- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.

OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS

Please read the info on disabling the DNS Client before installing a custom hosts file.

-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

- Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis

- Ensure that Automatic Update is turned on so you get all the latest patches.
Click start, control panel, click Security Center.

- Keep your antivirus program updated, as well as any other security programs you have.

-More tips and programs can be found HERE

- You may also want to read this article By Tony Klein
http://www.freedomli...pic.php?t=22879

Let us know how you make out with Adobe.

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#15 LifeOnAString

LifeOnAString

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 02 October 2009 - 01:04 PM

First, the good news...

ERUNT installed and ran fine, making the registry backup.

All the various log files are deleted, and OTL was uninstalled with the Clean Up function.

This desktop does not travel like my laptop. Its only web connection is through my wireless router, so I presume my Windows Defender will do the firewall job.

Have been using Spyware Blaster for almost a year. It, MBAM and SUPERAntiSpyware were all added about the same time when I had to clean the AnitVirus2009 virus from another laptop, after NAV had failed to provide any protection. (The reason I now curse NAV and Symantec is that the last time I had a serious virus, they had a free virus-specific remover on their web site for most major infections. Last year I found that they had stopped doing that about 2 years ago. NAV was also no help, and actually got in the way of removing AntiVirus2009.)

I run all three weekly, plus an Avast scan, and keep Avast updated, and have done so for almost a year. I now also have Windows Defender doing regular daily scans and automatic updates. Also have automatic updates turned on, with a manual install, that I always run in Custom mode. (I am not going to move to IE8 until they come out with IE9.)


Now the BAD news... no change in the ability to install the Adobe Reader. Same process, same error, even after doing the registry edit. (When the entry came up, all the permissions I set before were still there.) I uninstalled what was left over, and tried again with the same result.

(BTW, before my first post here, I tried WinCleaner to see if it would fix the registry problem. It did not. I have not run it on my registry since this thread started.)

So, unless you have any other ideas, I guess I will have to use FoxReader, and chalk this up as another granularity to make me look at Linux when they drop support for XP. I wish Microsoft would work on fixing these sort of problems instead of giving us Win7, which apparently, like Vista, according to their TV commercials, will be yet a more enhanced platform for computer novices to view and edit pictures.

Regardless, thanks for all your help. At least I think I have a cleaner and safer machine now.

Edited by LifeOnAString, 02 October 2009 - 01:05 PM.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users