View Full Version : Click.giftload and other malwares
soysauce
2011-04-29, 23:14
Hi folks,
These infections probably occurred after I was messing around with a keygen (naughty I know). I've tried SD and CCleaner (and system restore with no success) but I've had no luck removing them. They reappear after each reboot.
Cab anybody help?! Thanks in advance.
Spybot SD results
-------------------------------------
Click.GiftLoad: [SBI $89783858] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe
Right Media: Tracking cookie (Internet Explorer: LSS) (Cookie, nothing done)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-04-29 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-03-22 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-03-29 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-04-26 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-15 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-04-26 Includes\TrojansC-02.sbi (*)
2011-04-26 Includes\TrojansC-03.sbi (*)
2011-04-18 Includes\TrojansC-04.sbi (*)
2011-04-26 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
DDS Log
----------------------------------
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by LSS at 21:32:37.70 on 29/04/2011
Internet Explorer: 8.0.6001.19048
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3066.1965 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\LSS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LSS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LSS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\LSS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LSS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\LSS\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\lss\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl32a45128;MpKsl32a45128;c:\programdata\microsoft\microsoft antimalware\definition updates\{a62620c7-86ed-441a-8d88-85d3035f7e22}\MpKsl32a45128.sys [2011-4-29 28752]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-6-20 81920]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-4-29 1153368]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-3-8 62496]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-6-20 203264]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-04-29 20:12:14 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{a62620c7-86ed-441a-8d88-85d3035f7e22}\MpKsl32a45128.sys
2011-04-29 19:05:52 -------- d-sh--w- C:\found.000
2011-04-29 12:27:34 7071056 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{a62620c7-86ed-441a-8d88-85d3035f7e22}\mpengine.dll
2011-04-29 12:24:55 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2011-04-29 12:24:54 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{f504c7db-c3c5-4fb8-a87e-5ed7bc6a9085}\gapaengine.dll
2011-04-29 12:22:48 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-29 10:35:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-29 10:35:28 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-04-28 20:55:23 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-04-28 20:20:02 496384 ----a-w- c:\windows\system32\XceedZip.dll
2011-04-28 20:20:02 458752 ----a-w- c:\windows\system32\vsprint8.ocx
2011-04-28 20:20:02 262144 ----a-w- c:\windows\system32\vspdf8.ocx
2011-04-28 20:20:02 237568 ----a-w- c:\windows\system32\Vsocx6.ocx
2011-04-28 20:20:02 21504 ----a-w- c:\windows\system32\WBCustomizer.dll
2011-04-28 20:20:02 169216 ----a-w- c:\windows\system32\WSpell.ocx
2011-04-28 20:20:01 832448 ----a-w- c:\windows\system32\tdbg6.ocx
2011-04-28 20:20:01 65536 ----a-w- c:\windows\system32\ssfm1032.dll
2011-04-28 20:20:01 65536 ----a-w- c:\windows\system32\ReSize32.ocx
2011-04-28 20:20:01 203976 ----a-w- c:\windows\system32\RICHTX32.OCX
2011-04-28 20:20:01 115920 ----a-w- c:\windows\system32\MSINET.OCX
2011-04-28 20:20:00 198640 ----a-w- c:\windows\system32\MCI32.OCX
2011-04-27 13:23:04 -------- d-----w- c:\users\lss\appdata\local\LogMeIn
2011-04-27 13:23:04 -------- d-----w- c:\progra~2\LogMeIn
2011-04-27 10:56:19 -------- d-----w- c:\users\lss\appdata\roaming\TeamViewer
2011-04-27 10:11:44 -------- d-----w- C:\temp
2011-04-27 10:11:13 73788 ----a-w- c:\windows\system32\Log2Vis.dll
2011-04-27 10:11:13 380928 ----a-w- c:\windows\system32\krb5_32.dll
2011-04-27 10:11:13 24576 ----a-w- c:\windows\system32\comerr32.dll
2011-04-27 10:11:13 102400 ----a-w- c:\windows\system32\UniCType.dll
2011-04-27 09:46:05 -------- d-----w- c:\program files\AL500-18
2011-04-26 15:32:53 -------- d-----w- C:\46f8d8b26ce9750c5047a042850a32
2011-04-26 13:35:24 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-26 13:17:17 7071056 ------w- c:\progra~2\microsoft\windows defender\definition updates\{fbc72d5f-f32a-43a4-b33a-4301e40d32f7}\mpengine.dll
.
==================== Find3M ====================
.
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 06:21:28 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 06:17:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 06:16:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 06:16:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-02-22 06:16:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-02-22 05:20:39 385024 ----a-w- c:\windows\system32\html.iec
2011-02-22 04:43:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-02-22 04:42:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-16 16:16:37 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 14:02:23 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 21:33:30.16 ===============
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Download CKScanner by askey127 from Here (http://downloads.malwareremoval.com/CKScanner.exe) & save it to your Desktop.
Doubleclick CKScanner.exe then click Search For Files
When the cursor hourglass disappears, click Save List To File
A message box will verify the file saved
Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
soysauce
2011-05-04, 21:09
CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----
Thanks,
Nick
Lets do this
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
soysauce
2011-05-05, 00:12
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6508
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048
04/05/2011 23:02:22
mbam-log-2011-05-04 (23-02-22).txt
Scan type: Quick scan
Objects scanned: 186083
Time elapsed: 6 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
c:\Windows\Temp\UE83WFa7.tmp (Trojan.Agent) -> Delete on reboot.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\rjy.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.199,93.188.160.170) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A6EFB23A-39AB-4AC8-B3AF-989F12E0F428}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.199,93.188.160.170) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A6EFB23A-39AB-4AC8-B3AF-989F12E0F428}\DhcpNameServer (Trojan.DNSChanger) -> Bad: (93.188.165.199,93.188.160.170) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F9AA8CB5-87F5-4660-8F6F-23D75DD0DEC6}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.199,93.188.160.170) Good: () -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Windows\Temp\UE83WFa7.tmp (Trojan.Agent) -> Delete on reboot.
c:\Windows\Temp\0.7654944923030279.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\local settings\application data\rjy.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
soysauce
2011-05-05, 00:13
OTL logfile created on: 04/05/2011 23:08:57 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\LSS\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282.91 Gb Total Space | 197.04 Gb Free Space | 69.65% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 5.74 Gb Free Space | 38.26% Space Free | Partition Type: NTFS
Computer Name: LSS-LAPTOP | User Name: LSS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\LSS\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
========== Modules (SafeList) ==========
MOD - C:\Users\LSS\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll ()
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
========== Driver Services (SafeList) ==========
DRV - (MpKslde2cc65f) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A62620C7-86ED-441A-8D88-85D3035F7E22}\MpKslde2cc65f.sys (Microsoft Corporation)
DRV - (PCDSRVC{E9D79540-57D5953E-06020101}_0) -- c:\Program Files\Dell Support Center\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-913938896-2979354799-2433997938-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKU\S-1-5-21-913938896-2979354799-2433997938-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-913938896-2979354799-2433997938-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-913938896-2979354799-2433997938-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2011/04/29 12:28:28 | 000,432,470 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14910 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Assistant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\dellwall1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\dellwall1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8a081bd5-1243-11df-a070-002219eade87}\Shell - "" = AutoRun
O33 - MountPoints2\{8a081bd5-1243-11df-a070-002219eade87}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-913938896-2979354799-2433997938-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\rjy.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\rjy.exe" -a "%1" %*
O37 - HKU\S-1-5-21-913938896-2979354799-2433997938-1000\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/04 23:07:14 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\LSS\Desktop\OTL.exe
[2011/05/04 22:49:24 | 000,000,000 | ---D | C] -- C:\Users\LSS\AppData\Roaming\Malwarebytes
[2011/05/04 22:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/04 22:49:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/04 22:49:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/04 22:49:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/04 22:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/04 22:47:23 | 000,000,000 | ---D | C] -- C:\Users\LSS\AppData\Local\Adobe
[2011/05/04 22:40:26 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\LSS\Desktop\ATF-Cleaner.exe
[2011/04/29 21:18:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/29 21:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/04/29 21:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/04/29 20:05:52 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/04/29 13:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/04/29 11:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/29 11:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/04/29 11:35:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/28 23:57:50 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/04/28 21:55:23 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/04/28 21:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy 7.5
[2011/04/28 21:20:02 | 000,496,384 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XceedZip.dll
[2011/04/28 21:20:02 | 000,458,752 | ---- | C] (ComponentOne) -- C:\Windows\System32\vsprint8.ocx
[2011/04/28 21:20:02 | 000,262,144 | ---- | C] (ComponentOne ) -- C:\Windows\System32\vspdf8.ocx
[2011/04/28 21:20:02 | 000,237,568 | ---- | C] (VideoSoft) -- C:\Windows\System32\Vsocx6.ocx
[2011/04/28 21:20:02 | 000,169,216 | ---- | C] (Wintertree Software Inc.) -- C:\Windows\System32\WSpell.ocx
[2011/04/28 21:20:01 | 000,832,448 | ---- | C] (APEX Software Corporation) -- C:\Windows\System32\tdbg6.ocx
[2011/04/28 21:20:01 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RICHTX32.OCX
[2011/04/28 21:20:01 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSINET.OCX
[2011/04/28 21:20:01 | 000,065,536 | ---- | C] (Sheridan Software Systems, Inc) -- C:\Windows\System32\ssfm1032.dll
[2011/04/28 21:20:01 | 000,065,536 | ---- | C] (Larcom and Young) -- C:\Windows\System32\ReSize32.ocx
[2011/04/28 21:20:00 | 000,198,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MCI32.OCX
[2011/04/28 21:19:59 | 000,751,104 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltocx11n.ocx
[2011/04/28 21:19:59 | 000,200,704 | ---- | C] (CIA, The company) -- C:\Windows\System32\ciaSCls20.dll
[2011/04/28 21:19:59 | 000,184,320 | ---- | C] (CIA, The Company) -- C:\Windows\System32\ciaXPButton30.ocx
[2011/04/28 21:19:59 | 000,053,248 | ---- | C] (CIA, The Company) -- C:\Windows\System32\ciaXPRegSvr20.dll
[2011/04/28 21:19:58 | 000,362,576 | ---- | C] (Data Dynamics) -- C:\Windows\System32\ActBar.ocx
[2011/04/28 21:19:58 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\System32\PCDLIB32.DLL
[2011/04/28 21:19:58 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5DB.dll
[2011/04/28 21:19:58 | 000,045,936 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltvdd11w.drv
[2011/04/28 21:19:58 | 000,038,400 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lttwn11n.dll
[2011/04/28 21:19:57 | 000,391,168 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltkrn11n.dll
[2011/04/28 21:19:57 | 000,262,144 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTDIS11n.dll
[2011/04/28 21:19:57 | 000,226,816 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltefx11n.dll
[2011/04/28 21:19:57 | 000,151,040 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lftif11n.dll
[2011/04/28 21:19:57 | 000,127,488 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltimg11n.dll
[2011/04/28 21:19:57 | 000,118,272 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltfil11n.DLL
[2011/04/28 21:19:57 | 000,059,392 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfwmf11n.dll
[2011/04/28 21:19:57 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfwpg11n.dll
[2011/04/28 21:19:57 | 000,003,824 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltthk11w.dll
[2011/04/28 21:19:56 | 000,172,544 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lfpng11n.dll
[2011/04/28 21:19:56 | 000,080,896 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lffax11n.dll
[2011/04/28 21:19:56 | 000,041,472 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfgif11n.dll
[2011/04/28 21:19:56 | 000,032,768 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfpcx11n.dll
[2011/04/28 21:19:56 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lftga11n.dll
[2011/04/28 21:19:56 | 000,027,136 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfimg11n.dll
[2011/04/28 21:19:56 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfpcd11n.dll
[2011/04/28 21:19:56 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfmsp11n.dll
[2011/04/28 21:19:55 | 000,276,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LFCMP11n.DLL
[2011/04/28 21:19:55 | 000,036,864 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfbmp11n.dll
[2011/04/28 21:19:55 | 000,035,328 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfcal11n.dll
[2011/04/28 21:19:55 | 000,031,232 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfeps11n.dll
[2011/04/28 21:19:28 | 000,000,000 | ---D | C] -- C:\Legacy
[2011/04/27 14:23:04 | 000,000,000 | ---D | C] -- C:\Users\LSS\AppData\Local\LogMeIn
[2011/04/27 14:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2011/04/27 13:34:49 | 000,000,000 | ---D | C] -- C:\Users\LSS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ALEPH
[2011/04/27 11:56:19 | 000,000,000 | ---D | C] -- C:\Users\LSS\AppData\Roaming\TeamViewer
[2011/04/27 11:11:44 | 000,000,000 | ---D | C] -- C:\temp
[2011/04/27 11:11:13 | 000,380,928 | ---- | C] (Massachusetts Institute of Technology) -- C:\Windows\System32\krb5_32.dll
[2011/04/27 11:11:13 | 000,024,576 | ---- | C] (Massachusetts Institute of Technology) -- C:\Windows\System32\comerr32.dll
[2011/04/27 10:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\AL500-18
[2011/04/26 16:32:53 | 000,000,000 | ---D | C] -- C:\46f8d8b26ce9750c5047a042850a32
[2011/04/26 14:36:38 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/26 14:36:28 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/26 14:36:21 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/26 14:36:21 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/26 14:36:20 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/26 14:36:20 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/26 14:36:20 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/26 14:36:20 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/26 14:36:20 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/26 14:36:19 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/26 14:36:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/26 14:36:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/26 14:36:19 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/26 14:36:19 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/26 14:36:19 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/26 14:36:18 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/26 14:36:18 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/26 14:36:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/26 14:36:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/26 14:36:12 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/26 14:36:11 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/26 14:36:08 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/26 14:36:07 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/26 14:35:25 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/26 14:35:24 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
========== Files - Modified Within 30 Days ==========
[2011/05/04 23:06:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\LSS\Desktop\OTL.exe
[2011/05/04 23:04:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/04 23:04:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/04 23:03:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/04 23:03:37 | 3215,855,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/04 22:57:49 | 000,611,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/04 22:57:49 | 000,109,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/04 22:57:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-913938896-2979354799-2433997938-1000UA.job
[2011/05/04 22:40:15 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\LSS\Desktop\ATF-Cleaner.exe
[2011/05/04 20:02:33 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/05/04 19:58:32 | 000,002,034 | ---- | M] () -- C:\Users\LSS\Desktop\Google Chrome.lnk
[2011/05/04 19:58:32 | 000,001,996 | ---- | M] () -- C:\Users\LSS\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/04 19:58:28 | 000,453,632 | ---- | M] () -- C:\Users\LSS\Desktop\CKScanner.exe
[2011/04/29 21:37:36 | 000,002,329 | ---- | M] () -- C:\Users\LSS\Desktop\Attach.zip
[2011/04/29 21:32:22 | 000,625,664 | ---- | M] () -- C:\Users\LSS\Desktop\dds.com
[2011/04/29 21:31:15 | 000,625,664 | ---- | M] () -- C:\Users\LSS\Desktop\dds.scr
[2011/04/29 20:09:58 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/04/29 13:23:07 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/04/29 13:17:19 | 000,091,432 | ---- | M] () -- C:\Users\LSS\Documents\cc_20110429_131715.reg
[2011/04/29 12:37:58 | 000,010,288 | -HS- | M] () -- C:\Users\LSS\AppData\Local\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
[2011/04/29 12:37:58 | 000,010,288 | -HS- | M] () -- C:\ProgramData\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
[2011/04/29 12:28:28 | 000,432,470 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/04/29 12:23:44 | 000,002,480 | -HS- | M] () -- C:\ProgramData\1866462758
[2011/04/29 11:43:12 | 000,432,470 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110429-122828.backup
[2011/04/29 10:54:56 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-913938896-2979354799-2433997938-1000Core.job
[2011/04/28 21:20:18 | 000,000,347 | ---- | M] () -- C:\Users\Public\Desktop\Legacy 7.5.lnk
[2011/04/28 21:20:17 | 000,000,750 | ---- | M] () -- C:\Users\LSS\Desktop\Legacy Charting 7.lnk
[2011/04/27 09:43:57 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/04/26 15:03:45 | 003,809,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2011/05/04 19:58:27 | 000,453,632 | ---- | C] () -- C:\Users\LSS\Desktop\CKScanner.exe
[2011/04/29 21:37:36 | 000,002,329 | ---- | C] () -- C:\Users\LSS\Desktop\Attach.zip
[2011/04/29 21:32:13 | 000,625,664 | ---- | C] () -- C:\Users\LSS\Desktop\dds.com
[2011/04/29 21:31:09 | 000,625,664 | ---- | C] () -- C:\Users\LSS\Desktop\dds.scr
[2011/04/29 20:09:58 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/04/29 13:22:50 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/04/29 13:17:17 | 000,091,432 | ---- | C] () -- C:\Users\LSS\Documents\cc_20110429_131715.reg
[2011/04/29 12:22:05 | 000,010,288 | -HS- | C] () -- C:\Users\LSS\AppData\Local\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
[2011/04/29 12:22:05 | 000,002,480 | -HS- | C] () -- C:\ProgramData\1866462758
[2011/04/29 12:21:49 | 000,010,288 | -HS- | C] () -- C:\ProgramData\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
[2011/04/28 21:56:20 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/04/28 21:20:18 | 000,000,359 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy 7.5
[2011/04/28 21:20:18 | 000,000,347 | ---- | C] () -- C:\Users\Public\Desktop\Legacy 7.5.lnk
[2011/04/28 21:20:17 | 000,000,750 | ---- | C] () -- C:\Users\LSS\Desktop\Legacy Charting 7.lnk
[2011/04/28 21:20:02 | 000,021,504 | ---- | C] () -- C:\Windows\System32\WBCustomizer.dll
[2011/04/28 07:02:55 | 000,002,034 | ---- | C] () -- C:\Users\LSS\Desktop\Google Chrome.lnk
[2011/04/27 11:11:13 | 000,102,400 | ---- | C] () -- C:\Windows\System32\UniCType.dll
[2011/04/27 11:11:13 | 000,073,788 | ---- | C] () -- C:\Windows\System32\Log2Vis.dll
[2011/02/02 00:00:35 | 000,000,680 | ---- | C] () -- C:\Users\LSS\AppData\Local\d3d9caps.dat
[2011/01/31 18:39:49 | 000,000,600 | ---- | C] () -- C:\Users\LSS\AppData\Local\PUTTY.RND
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/08 11:16:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/08 11:16:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/07 16:38:55 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/06/20 07:30:08 | 000,181,944 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/06/20 07:30:08 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/06/20 07:30:08 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/06/20 07:30:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009/06/19 23:37:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/06/19 21:56:39 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/06/19 21:56:37 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/06/19 21:56:36 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2009/04/11 19:02:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/05 19:42:45 | 000,062,400 | ---- | C] () -- C:\Windows\System32\IFC.dll
[2008/11/05 19:41:56 | 000,422,848 | ---- | C] () -- C:\Windows\System32\PPL.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 003,809,224 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,611,296 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,109,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== LOP Check ==========
[2009/07/15 08:33:21 | 000,000,000 | ---D | M] -- C:\Users\Brigid\AppData\Roaming\Autodesk
[2009/07/15 09:18:38 | 000,000,000 | ---D | M] -- C:\Users\LSS\AppData\Roaming\Autodesk
[2011/02/02 23:17:04 | 000,000,000 | ---D | M] -- C:\Users\LSS\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/02/09 09:52:30 | 000,000,000 | ---D | M] -- C:\Users\LSS\AppData\Roaming\FileZilla
[2011/04/29 16:57:06 | 000,000,000 | ---D | M] -- C:\Users\LSS\AppData\Roaming\Notepad++
[2011/01/28 23:07:00 | 000,000,000 | ---D | M] -- C:\Users\LSS\AppData\Roaming\PCDr
[2011/04/27 12:12:33 | 000,000,000 | ---D | M] -- C:\Users\LSS\AppData\Roaming\TeamViewer
[2011/04/27 09:43:57 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/05/04 23:04:12 | 000,031,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/04 20:02:33 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
========== Purity Check ==========
< End of report >
soysauce
2011-05-05, 00:14
OTL Extras logfile created on: 04/05/2011 23:08:57 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\LSS\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282.91 Gb Total Space | 197.04 Gb Free Space | 69.65% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 5.74 Gb Free Space | 38.26% Space Free | Partition Type: NTFS
Computer Name: LSS-LAPTOP | User Name: LSS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\rjy.exe" -a "%1" %*
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\rjy.exe" -a "%1" %*
[HKEY_USERS\S-1-5-21-913938896-2979354799-2433997938-1000\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26E03C49-F6EE-4B1F-8953-B38D314050F3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{3D2F7DE1-CDB2-453C-9572-419855286B73}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{41036C1C-B6E2-412E-8D6C-346228972F01}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6217FE29-9E9D-4C95-B5B1-12656AB90544}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
"{7BA5F033-D452-4523-96B0-7E5CC383D3F7}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{867421BE-DBD4-476D-AE3F-6610576058FA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9C22F892-F1EB-4368-916D-B14F90608EAE}" = lport=49170 | protocol=6 | dir=in | name=akamai netsession interface |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{524449DA-9AE3-48B7-97B0-EE4E4824C708}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{66560822-362A-4707-B6AF-F882F39AC092}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6BE2C288-1E36-4571-8EFA-2459DC2C37E7}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{76F3B283-9914-472B-A624-094B5280914B}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{9F5F53C9-584E-4135-9DFD-4B4996622A0A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{D386877F-FA39-45A1-A428-7FBA92B962B1}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{D8763D42-DD20-4424-9C1A-4FED6269CB17}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{DFF8AE9F-CFBB-4059-9154-96515BE04524}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"TCP Query User{64F0B237-35B9-4081-8693-C82006EEAEBB}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{85C0046B-ED66-4702-9E86-AFBEF4D884EE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{F2BDEB6A-DFB3-4BB5-8154-C92C4B20EA2B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{79684307-CD70-4D55-8EA2-508FE7B3D77D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CEFD4EF7-098B-4A3A-A98D-19D980C69CC6}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{E38A5A9F-7FDD-467F-AFE2-397D5CFC7EDE}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0904ED3B-0FCD-A153-2F80-F7F5AB0329BA}" = Catalyst Control Center Graphics Previews Vista
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F090069-6450-9559-72BD-2437FF935EEC}" = CCC Help Swedish
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{164965E8-4BB0-4EEB-AFBA-75785A2A2A7F}" = Adobe Fireworks CS5
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 23
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{34386C65-FD55-CEBD-AF7F-5126751BAA98}" = Catalyst Control Center InstallProxy
"{3643D422-9AFF-81D6-252C-14A8A3AD88D3}" = CCC Help Korean
"{3889CA7B-A8FC-09CB-C6D4-B134A2336DD9}" = CCC Help Portuguese
"{394B918B-47B0-D281-6AB8-E58871B54C91}" = Catalyst Control Center Core Implementation
"{3B7E26A8-4B67-D878-3AE3-0079686C52B6}" = CCC Help Spanish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51B6CDCD-8802-B41A-61E4-FC6A65FF217B}" = CCC Help French
"{531DDC1D-6563-8796-764A-A9C4E83C23E0}" = CCC Help English
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{56F4CA69-B3BC-81E6-304A-E650F3BB93A8}" = Catalyst Control Center Graphics Previews Common
"{5783F2D7-8004-0409-0002-0060B0CE6BBA}" = AutoCAD Architecture 2010
"{5783F2D7-8004-0409-1002-0060B0CE6BBA}" = AutoCAD Architecture 2010 Language Pack - English
"{61D9B6B3-B72E-C642-F0B0-8659EADB4CAA}" = Skins
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6FB141D8-1543-6588-623A-7D95969CB330}" = Catalyst Control Center Localization All
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{791A4569-E893-CA1F-664D-1DE63A5600A1}" = ccc-utility
"{7C0AEF0E-BB23-5C44-4933-88F6AE1057D8}" = Catalyst Control Center Graphics Full New
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80052E79-4A36-69BA-F44F-882A2E321116}" = CCC Help German
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{87460EB7-E62D-C963-4DDB-D2146478F59F}" = CCC Help Finnish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8BD8412A-40FB-9114-A8AE-CFB94C24C078}" = CCC Help Norwegian
"{8C2522F0-8B10-139C-3379-3620EA6A254D}" = CCC Help Dutch
"{8FCE7358-DA6B-789A-44AB-E52256ACB330}" = CCC Help Chinese Traditional
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{958DF0E4-CC0D-BDD5-28D1-A1B961E48A85}" = ccc-core-static
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8E83877-671C-A1A3-F4D3-C3D74E5AE8B9}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{ADB4809A-3857-F18D-153F-391EB1D37C59}" = Catalyst Control Center Graphics Full Existing
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B354E49B-DBDC-442D-5615-BD07B3A0B932}" = Catalyst Control Center Graphics Light
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B787CD67-506B-4C9A-8A99-D2C4460D055F}" = Catalyst Control Center - Branding
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{B96C8D6D-B0E5-CD7B-BC5D-739D5051E911}" = CCC Help Japanese
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CB72877A-D2BF-6F18-2D0A-52C4036E2DF6}" = CCC Help Russian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D809E781-A654-3530-2B92-91FF959C507A}" = CCC Help Danish
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F31D838B-E7F3-1E70-F54F-B009CD9219EE}" = CCC Help Italian
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Akamai" = Akamai NetSession Interface
"AutoCAD Architecture 2010" = AutoCAD Architecture 2010
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Support Center" = Dell Support Center
"Dell Video Chat" = Dell Video Chat
"ERUNT_is1" = ERUNT 1.1j
"GoToAssist" = GoToAssist 8.0.0.514
"Legacy 7.5" = Legacy 7.5
"LegacyChart7_is1" = Legacy Charting 7.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Notepad++" = Notepad++
"PRJPRO" = Microsoft Office Project Professional 2007
"PROPLUS" = Microsoft Office Professional Plus 2007
"SopCast" = SopCast 3.3.2
"VISPRO" = Microsoft Office Visio Professional 2007
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-913938896-2979354799-2433997938-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.3.5.1
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28/04/2011 16:31:26 | Computer Name = LSS-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
Error - 28/04/2011 16:31:26 | Computer Name = LSS-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
Error - 28/04/2011 16:31:26 | Computer Name = LSS-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
Error - 28/04/2011 16:31:26 | Computer Name = LSS-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
Error - 28/04/2011 16:31:27 | Computer Name = LSS-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
Error - 28/04/2011 16:31:27 | Computer Name = LSS-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
Error - 28/04/2011 16:31:27 | Computer Name = LSS-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
Error - 28/04/2011 16:31:27 | Computer Name = LSS-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
Error - 28/04/2011 16:31:27 | Computer Name = LSS-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
Error - 28/04/2011 16:31:29 | Computer Name = LSS-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
[ System Events ]
Error - 05/02/2010 12:29:53 | Computer Name = LSS-Laptop | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 05/02/2010 12:29:53 | Computer Name = LSS-Laptop | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 05/02/2010 12:29:53 | Computer Name = LSS-Laptop | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 05/02/2010 12:29:53 | Computer Name = LSS-Laptop | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 05/02/2010 12:29:53 | Computer Name = LSS-Laptop | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 05/02/2010 12:29:53 | Computer Name = LSS-Laptop | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 05/02/2010 12:29:53 | Computer Name = LSS-Laptop | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 05/02/2010 12:29:53 | Computer Name = LSS-Laptop | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 05/02/2010 12:29:53 | Computer Name = LSS-Laptop | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 05/02/2010 12:29:53 | Computer Name = LSS-Laptop | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
< End of report >
Hi.
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
C:\Windows\System32\drivers\etc\hosts.20110429-122828.backup
:Services
:Reg
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION]
"svchost.exe"=-
:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
soysauce
2011-05-05, 10:41
All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\\svchost.exe deleted successfully.
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::8057:7fd5:74ff:d7db%11
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : jmu.ac.uk
Tunnel adapter Local Area Connection* 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 7:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 14:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:1881:1d21:3f57:fef0
Link-local IPv6 Address . . . . . : fe80::1881:1d21:3f57:fef0%15
Default Gateway . . . . . . . . . : ::
C:\Windows\system32\config\systemprofile\Desktop\cmd.bat deleted successfully.
C:\Windows\system32\config\systemprofile\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::8057:7fd5:74ff:d7db%11
IPv4 Address. . . . . . . . . . . : 192.168.1.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : jmu.ac.uk
Tunnel adapter Local Area Connection* 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 7:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 14:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:1881:1d21:3f57:fef0
Link-local IPv6 Address . . . . . : fe80::1881:1d21:3f57:fef0%15
Default Gateway . . . . . . . . . : ::
C:\Windows\system32\config\systemprofile\Desktop\cmd.bat deleted successfully.
C:\Windows\system32\config\systemprofile\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Windows\system32\config\systemprofile\Desktop\cmd.bat deleted successfully.
C:\Windows\system32\config\systemprofile\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Journal
User: RegBack
User: systemprofile
->Temp folder emptied: 1163212 bytes
->Temporary Internet Files folder emptied: 126880203 bytes
->Java cache emptied: 359609 bytes
->Flash cache emptied: 560 bytes
User: TxR
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17426 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 246784 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 123.00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 05052011_092216
Files\Folders moved on Reboot...
File\Folder C:\Windows\system32\config\systemprofile\AppData\Local\Temp\~DF1D02.tmp not found!
File\Folder C:\Windows\system32\config\systemprofile\AppData\Local\Temp\~DF1D0F.tmp not found!
File\Folder C:\Windows\system32\config\systemprofile\AppData\Local\Temp\~DF3762.tmp not found!
File\Folder C:\Windows\system32\config\systemprofile\AppData\Local\Temp\~DF376E.tmp not found!
File\Folder C:\Windows\system32\config\systemprofile\AppData\Local\Temp\~DF98F3.tmp not found!
File\Folder C:\Windows\system32\config\systemprofile\AppData\Local\Temp\~DF98FF.tmp not found!
File\Folder C:\Windows\system32\config\systemprofile\AppData\Local\Temp\~DF9C00.tmp not found!
File\Folder C:\Windows\system32\config\systemprofile\AppData\Local\Temp\~DF9C14.tmp not found!
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNL3ELPU\mail[1].htm moved successfully.
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E15SQPXB\dell_uk_msn_com[1].htm moved successfully.
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E15SQPXB\mail[1].htm moved successfully.
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E15SQPXB\showthread[1].htm moved successfully.
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E15SQPXB\signin[1].htm moved successfully.
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C8ZUUC9M\mail[1].htm moved successfully.
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C8ZUUC9M\mail[2].htm moved successfully.
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4R2FW723\mail[1].htm moved successfully.
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4R2FW723\signin[1].htm moved successfully.
File\Folder C:\Windows\System32\config\systemprofile\Local Settings\Temp\~DF1D02.tmp not found!
File\Folder C:\Windows\System32\config\systemprofile\Local Settings\Temp\~DF1D0F.tmp not found!
File\Folder C:\Windows\System32\config\systemprofile\Local Settings\Temp\~DF3762.tmp not found!
File\Folder C:\Windows\System32\config\systemprofile\Local Settings\Temp\~DF376E.tmp not found!
File\Folder C:\Windows\System32\config\systemprofile\Local Settings\Temp\~DF98F3.tmp not found!
File\Folder C:\Windows\System32\config\systemprofile\Local Settings\Temp\~DF98FF.tmp not found!
File\Folder C:\Windows\System32\config\systemprofile\Local Settings\Temp\~DF9C00.tmp not found!
File\Folder C:\Windows\System32\config\systemprofile\Local Settings\Temp\~DF9C14.tmp not found!
Registry entries deleted on Reboot...
soysauce
2011-05-05, 10:55
OTL logfile created on: 05/05/2011 09:43:19 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Windows\system32\config\systemprofile\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282.91 Gb Total Space | 197.12 Gb Free Space | 69.68% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 5.74 Gb Free Space | 38.26% Space Free | Partition Type: NTFS
Computer Name: LSS-LAPTOP | User Name: LSS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Windows\System32\config\systemprofile\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
========== Modules (SafeList) ==========
MOD - C:\Windows\System32\config\systemprofile\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll ()
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
========== Driver Services (SafeList) ==========
DRV - (MpKsl9835e0a5) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A62620C7-86ED-441A-8D88-85D3035F7E22}\MpKsl9835e0a5.sys (Microsoft Corporation)
DRV - (MpKsl913122b3) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A62620C7-86ED-441A-8D88-85D3035F7E22}\MpKsl913122b3.sys (Microsoft Corporation)
DRV - (PCDSRVC{E9D79540-57D5953E-06020101}_0) -- c:\Program Files\Dell Support Center\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USCON/2
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USCON/2
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2011/05/05 09:22:23 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\rjy.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\rjy.exe" -a "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/05 09:22:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/05 09:21:37 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Windows\system32\config\systemprofile\Desktop\OTL.exe
[2011/05/05 09:19:03 | 000,000,000 | -HSD | C] -- C:\Windows\system32\config\systemprofile\Desktop\%APPDATA%
[2011/05/05 09:16:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\ATI
[2011/05/05 09:16:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\ATI
[2011/05/05 09:15:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/05/05 09:15:26 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/05/05 09:15:26 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Downloads
[2011/05/05 09:15:26 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/05/05 09:15:24 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Videos
[2011/05/05 09:15:24 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Pictures
[2011/05/05 09:15:24 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Music
[2011/05/05 09:15:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Identities
[2011/05/05 09:15:08 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Documents
[2011/05/05 09:15:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp
[2011/05/05 09:15:03 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/05/05 09:15:00 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Desktop
[2011/05/04 22:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/04 22:49:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/04 22:49:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/04 22:49:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/04 22:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/29 21:18:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/29 21:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/04/29 21:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/04/29 20:05:52 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/04/29 13:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/04/29 12:21:42 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Favorites
[2011/04/29 12:21:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Adobe
[2011/04/29 11:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/29 11:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/04/29 11:35:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/28 23:57:50 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/04/28 23:55:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia
[2011/04/28 23:55:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe
[2011/04/28 21:55:23 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/04/28 21:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy 7.5
[2011/04/28 21:20:02 | 000,496,384 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XceedZip.dll
[2011/04/28 21:20:02 | 000,458,752 | ---- | C] (ComponentOne) -- C:\Windows\System32\vsprint8.ocx
[2011/04/28 21:20:02 | 000,262,144 | ---- | C] (ComponentOne ) -- C:\Windows\System32\vspdf8.ocx
[2011/04/28 21:20:02 | 000,237,568 | ---- | C] (VideoSoft) -- C:\Windows\System32\Vsocx6.ocx
[2011/04/28 21:20:02 | 000,169,216 | ---- | C] (Wintertree Software Inc.) -- C:\Windows\System32\WSpell.ocx
[2011/04/28 21:20:01 | 000,832,448 | ---- | C] (APEX Software Corporation) -- C:\Windows\System32\tdbg6.ocx
[2011/04/28 21:20:01 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RICHTX32.OCX
[2011/04/28 21:20:01 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSINET.OCX
[2011/04/28 21:20:01 | 000,065,536 | ---- | C] (Sheridan Software Systems, Inc) -- C:\Windows\System32\ssfm1032.dll
[2011/04/28 21:20:01 | 000,065,536 | ---- | C] (Larcom and Young) -- C:\Windows\System32\ReSize32.ocx
[2011/04/28 21:20:00 | 000,198,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MCI32.OCX
[2011/04/28 21:19:59 | 000,751,104 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltocx11n.ocx
[2011/04/28 21:19:59 | 000,200,704 | ---- | C] (CIA, The company) -- C:\Windows\System32\ciaSCls20.dll
[2011/04/28 21:19:59 | 000,184,320 | ---- | C] (CIA, The Company) -- C:\Windows\System32\ciaXPButton30.ocx
[2011/04/28 21:19:59 | 000,053,248 | ---- | C] (CIA, The Company) -- C:\Windows\System32\ciaXPRegSvr20.dll
[2011/04/28 21:19:58 | 000,362,576 | ---- | C] (Data Dynamics) -- C:\Windows\System32\ActBar.ocx
[2011/04/28 21:19:58 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\System32\PCDLIB32.DLL
[2011/04/28 21:19:58 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5DB.dll
[2011/04/28 21:19:58 | 000,045,936 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltvdd11w.drv
[2011/04/28 21:19:58 | 000,038,400 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lttwn11n.dll
[2011/04/28 21:19:57 | 000,391,168 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltkrn11n.dll
[2011/04/28 21:19:57 | 000,262,144 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTDIS11n.dll
[2011/04/28 21:19:57 | 000,226,816 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltefx11n.dll
[2011/04/28 21:19:57 | 000,151,040 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lftif11n.dll
[2011/04/28 21:19:57 | 000,127,488 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltimg11n.dll
[2011/04/28 21:19:57 | 000,118,272 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltfil11n.DLL
[2011/04/28 21:19:57 | 000,059,392 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfwmf11n.dll
[2011/04/28 21:19:57 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfwpg11n.dll
[2011/04/28 21:19:57 | 000,003,824 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltthk11w.dll
[2011/04/28 21:19:56 | 000,172,544 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lfpng11n.dll
[2011/04/28 21:19:56 | 000,080,896 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lffax11n.dll
[2011/04/28 21:19:56 | 000,041,472 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfgif11n.dll
[2011/04/28 21:19:56 | 000,032,768 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfpcx11n.dll
[2011/04/28 21:19:56 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lftga11n.dll
[2011/04/28 21:19:56 | 000,027,136 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfimg11n.dll
[2011/04/28 21:19:56 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfpcd11n.dll
[2011/04/28 21:19:56 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfmsp11n.dll
[2011/04/28 21:19:55 | 000,276,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LFCMP11n.DLL
[2011/04/28 21:19:55 | 000,036,864 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfbmp11n.dll
[2011/04/28 21:19:55 | 000,035,328 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfcal11n.dll
[2011/04/28 21:19:55 | 000,031,232 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfeps11n.dll
[2011/04/28 21:19:28 | 000,000,000 | ---D | C] -- C:\Legacy
[2011/04/27 14:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2011/04/27 11:11:44 | 000,000,000 | ---D | C] -- C:\temp
[2011/04/27 11:11:13 | 000,380,928 | ---- | C] (Massachusetts Institute of Technology) -- C:\Windows\System32\krb5_32.dll
[2011/04/27 11:11:13 | 000,024,576 | ---- | C] (Massachusetts Institute of Technology) -- C:\Windows\System32\comerr32.dll
[2011/04/27 10:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\AL500-18
[2011/04/26 16:32:53 | 000,000,000 | ---D | C] -- C:\46f8d8b26ce9750c5047a042850a32
[2011/04/26 14:36:38 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/26 14:36:28 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/26 14:36:21 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/26 14:36:21 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/26 14:36:20 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/26 14:36:20 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/26 14:36:20 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/26 14:36:20 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/26 14:36:20 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/26 14:36:19 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/26 14:36:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/26 14:36:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/26 14:36:19 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/26 14:36:19 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/26 14:36:19 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/26 14:36:18 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/26 14:36:18 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/26 14:36:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/26 14:36:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/26 14:36:12 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/26 14:36:11 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/26 14:36:08 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/26 14:36:07 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/26 14:35:25 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/26 14:35:24 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
========== Files - Modified Within 30 Days ==========
[2011/05/05 09:29:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/05 09:29:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/05 09:29:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/05 09:29:11 | 3215,855,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/05 09:24:54 | 000,611,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/05 09:24:54 | 000,109,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/05 09:22:23 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/05 09:19:03 | 000,000,957 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/04 23:06:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Windows\system32\config\systemprofile\Desktop\OTL.exe
[2011/05/04 22:57:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-913938896-2979354799-2433997938-1000UA.job
[2011/05/04 20:02:33 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/04/29 20:09:58 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/04/29 13:23:07 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/04/29 12:37:58 | 000,010,288 | -HS- | M] () -- C:\ProgramData\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
[2011/04/29 12:24:07 | 000,010,000 | -HS- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
[2011/04/29 12:23:44 | 000,002,480 | -HS- | M] () -- C:\ProgramData\1866462758
[2011/04/29 11:43:12 | 000,432,470 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110429-122828.backup
[2011/04/29 10:54:56 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-913938896-2979354799-2433997938-1000Core.job
[2011/04/28 21:20:18 | 000,000,347 | ---- | M] () -- C:\Users\Public\Desktop\Legacy 7.5.lnk
[2011/04/27 09:43:57 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/04/26 15:03:45 | 003,809,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2011/05/05 09:19:03 | 000,000,957 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/05 09:15:29 | 000,000,963 | ---- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/05/05 09:15:23 | 000,000,958 | ---- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/05/05 09:15:09 | 000,000,929 | ---- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/04/29 20:09:58 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/04/29 13:22:50 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/04/29 12:22:05 | 000,002,480 | -HS- | C] () -- C:\ProgramData\1866462758
[2011/04/29 12:21:49 | 000,010,288 | -HS- | C] () -- C:\ProgramData\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
[2011/04/29 12:21:49 | 000,010,000 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
[2011/04/28 21:56:20 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/04/28 21:20:18 | 000,000,359 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy 7.5
[2011/04/28 21:20:18 | 000,000,347 | ---- | C] () -- C:\Users\Public\Desktop\Legacy 7.5.lnk
[2011/04/28 21:20:02 | 000,021,504 | ---- | C] () -- C:\Windows\System32\WBCustomizer.dll
[2011/04/27 11:11:13 | 000,102,400 | ---- | C] () -- C:\Windows\System32\UniCType.dll
[2011/04/27 11:11:13 | 000,073,788 | ---- | C] () -- C:\Windows\System32\Log2Vis.dll
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/08 11:16:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/08 11:16:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/07 16:38:55 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/06/20 07:30:08 | 000,181,944 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/06/20 07:30:08 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/06/20 07:30:08 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/06/20 07:30:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009/06/19 23:37:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/06/19 21:56:39 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/06/19 21:56:37 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/06/19 21:56:36 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2009/04/11 19:02:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/05 19:42:45 | 000,062,400 | ---- | C] () -- C:\Windows\System32\IFC.dll
[2008/11/05 19:41:56 | 000,422,848 | ---- | C] () -- C:\Windows\System32\PPL.dll
[2006/11/02 14:02:10 | 000,000,680 | ---- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\d3d9caps.dat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 003,809,224 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,611,296 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,109,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
< End of report >
Looks good, how are things running now ?
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
soysauce
2011-05-05, 19:32
Hi,
Many thanks for your help so far, it's looking good in that I'm not getting redirected when browsing any longer.
I ran the ESET Online tool and it found no threats (great!); it never produced a log file though (I presume as no threats were found?) (see attached file 'nothreatsfound.jpg' for screenshot).
There are a few things to report though:
I get an error message from the system tray releated to the User Profile Service not being connected (see attached file 'bubble.jpg' for screenshot). Although I can't be sure that it wasn't there before we started, do you have any idea what could have caused it?
There is also an error message that pops up - possibly related - which says the Host Process for windows Services stopped working and was closed (see attached file 'process_stopped.jpg' for screenshot).
Finally, the 'Window Color and Appearance' seems to have reverted to the basic 'Windows Standard' scheme (can be seen in all screenshots). What's more I dont seem to have any option to change it back to the original Vista scheme (see 'colourScheme.jpg').
Hi,
Go to Start > Run and type in services.msc > enter, look for User Profile Service, right click on it and go to Properties and set the start up type to Automatic. Then ok your way out.
Reboot your system for it to take effect
You still have an infected copy of your hosts file, it was not removed last time.
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
[2011/04/29 11:43:12 | 000,432,470 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110429-122828.backup
:Services
:Reg
:Files
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
soysauce
2011-05-06, 20:40
All processes killed
========== OTL ==========
C:\Windows\System32\drivers\etc\hosts.20110429-122828.backup moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Journal
User: RegBack
User: systemprofile
User: TxR
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 869494 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 39424 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 05062011_193517
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
soysauce
2011-05-06, 20:46
OTL logfile created on: 06/05/2011 19:41:47 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Windows\system32\config\systemprofile\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282.91 Gb Total Space | 196.44 Gb Free Space | 69.44% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 5.74 Gb Free Space | 38.26% Space Free | Partition Type: NTFS
Computer Name: LSS-LAPTOP | User Name: LSS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Windows\System32\config\systemprofile\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
========== Modules (SafeList) ==========
MOD - C:\Windows\System32\config\systemprofile\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_3f211bc.dll ()
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
========== Driver Services (SafeList) ==========
DRV - (MpKsl5c005185) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0A316096-E741-4104-B35A-797FFA6807B7}\MpKsl5c005185.sys (Microsoft Corporation)
DRV - (MpKsl9eb03618) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0A316096-E741-4104-B35A-797FFA6807B7}\MpKsl9eb03618.sys (Microsoft Corporation)
DRV - (PCDSRVC{E9D79540-57D5953E-06020101}_0) -- c:\Program Files\Dell Support Center\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USCON/2
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USCON/2
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2011/05/06 19:35:20 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\rjy.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\rjy.exe" -a "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/05 19:09:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/05/05 19:09:07 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/05/05 19:09:07 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/05/05 19:09:07 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/05/05 19:09:07 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/05/05 19:09:07 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/05/05 19:09:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/05/05 19:09:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/05/05 19:09:06 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/05/05 19:09:06 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/05/05 19:09:06 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/05/05 19:09:06 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/05/05 19:09:06 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/05/05 19:09:06 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/05/05 19:09:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/05/05 19:09:06 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/05/05 19:09:06 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/05/05 19:09:06 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/05/05 19:09:06 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/05/05 19:09:06 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/05/05 19:09:06 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/05/05 19:09:05 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/05/05 19:09:05 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/05/05 19:09:05 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/05/05 19:09:05 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/05/05 19:09:05 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/05/05 19:09:05 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/05/05 19:09:05 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/05/05 19:09:05 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/05/05 19:09:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/05/05 19:09:05 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/05/05 19:09:05 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/05/05 19:09:04 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/05/05 19:09:04 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/05/05 19:09:04 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/05/05 19:09:04 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/05/05 19:09:04 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/05/05 19:09:04 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/05/05 19:09:04 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/05/05 19:08:29 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/05/05 19:08:29 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/05/05 19:08:28 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/05/05 19:08:28 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/05/05 19:08:28 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/05/05 19:08:28 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/05/05 19:08:27 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/05/05 19:08:27 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/05/05 19:08:26 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/05/05 19:08:26 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/05/05 19:08:26 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/05/05 19:08:26 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/05/05 19:08:26 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/05/05 19:08:26 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/05/05 19:08:26 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/05/05 19:08:26 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/05/05 19:08:26 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/05/05 19:08:26 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/05/05 19:08:25 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/05/05 19:08:25 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/05/05 19:08:25 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/05/05 19:08:25 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/05/05 19:08:25 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/05/05 19:08:25 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/05/05 15:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/05 15:35:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Google
[2011/05/05 15:35:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Deployment
[2011/05/05 15:35:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Apps
[2011/05/05 09:22:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/05 09:21:37 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Windows\system32\config\systemprofile\Desktop\OTL.exe
[2011/05/05 09:19:03 | 000,000,000 | -HSD | C] -- C:\Windows\system32\config\systemprofile\Desktop\%APPDATA%
[2011/05/05 09:16:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\ATI
[2011/05/05 09:16:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\ATI
[2011/05/05 09:15:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/05/05 09:15:26 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/05/05 09:15:26 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Downloads
[2011/05/05 09:15:26 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/05/05 09:15:24 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Videos
[2011/05/05 09:15:24 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Pictures
[2011/05/05 09:15:24 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Music
[2011/05/05 09:15:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Identities
[2011/05/05 09:15:08 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Documents
[2011/05/05 09:15:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp
[2011/05/05 09:15:03 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/05/05 09:15:00 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Desktop
[2011/05/04 22:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/04 22:49:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/04 22:49:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/04 22:49:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/04 22:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/29 21:18:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/29 21:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/04/29 21:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/04/29 20:05:52 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/04/29 13:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/04/29 12:21:42 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Favorites
[2011/04/29 12:21:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Adobe
[2011/04/29 11:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/29 11:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/04/29 11:35:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/28 23:57:50 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/04/28 23:55:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia
[2011/04/28 23:55:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe
[2011/04/28 21:55:23 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/04/28 21:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy 7.5
[2011/04/28 21:20:02 | 000,496,384 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XceedZip.dll
[2011/04/28 21:20:02 | 000,458,752 | ---- | C] (ComponentOne) -- C:\Windows\System32\vsprint8.ocx
[2011/04/28 21:20:02 | 000,262,144 | ---- | C] (ComponentOne ) -- C:\Windows\System32\vspdf8.ocx
[2011/04/28 21:20:02 | 000,237,568 | ---- | C] (VideoSoft) -- C:\Windows\System32\Vsocx6.ocx
[2011/04/28 21:20:02 | 000,169,216 | ---- | C] (Wintertree Software Inc.) -- C:\Windows\System32\WSpell.ocx
[2011/04/28 21:20:01 | 000,832,448 | ---- | C] (APEX Software Corporation) -- C:\Windows\System32\tdbg6.ocx
[2011/04/28 21:20:01 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RICHTX32.OCX
[2011/04/28 21:20:01 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSINET.OCX
[2011/04/28 21:20:01 | 000,065,536 | ---- | C] (Sheridan Software Systems, Inc) -- C:\Windows\System32\ssfm1032.dll
[2011/04/28 21:20:01 | 000,065,536 | ---- | C] (Larcom and Young) -- C:\Windows\System32\ReSize32.ocx
[2011/04/28 21:20:00 | 000,198,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MCI32.OCX
[2011/04/28 21:19:59 | 000,751,104 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltocx11n.ocx
[2011/04/28 21:19:59 | 000,200,704 | ---- | C] (CIA, The company) -- C:\Windows\System32\ciaSCls20.dll
[2011/04/28 21:19:59 | 000,184,320 | ---- | C] (CIA, The Company) -- C:\Windows\System32\ciaXPButton30.ocx
[2011/04/28 21:19:59 | 000,053,248 | ---- | C] (CIA, The Company) -- C:\Windows\System32\ciaXPRegSvr20.dll
[2011/04/28 21:19:58 | 000,362,576 | ---- | C] (Data Dynamics) -- C:\Windows\System32\ActBar.ocx
[2011/04/28 21:19:58 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\System32\PCDLIB32.DLL
[2011/04/28 21:19:58 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5DB.dll
[2011/04/28 21:19:58 | 000,045,936 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltvdd11w.drv
[2011/04/28 21:19:58 | 000,038,400 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lttwn11n.dll
[2011/04/28 21:19:57 | 000,391,168 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltkrn11n.dll
[2011/04/28 21:19:57 | 000,262,144 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTDIS11n.dll
[2011/04/28 21:19:57 | 000,226,816 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltefx11n.dll
[2011/04/28 21:19:57 | 000,151,040 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lftif11n.dll
[2011/04/28 21:19:57 | 000,127,488 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltimg11n.dll
[2011/04/28 21:19:57 | 000,118,272 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltfil11n.DLL
[2011/04/28 21:19:57 | 000,059,392 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfwmf11n.dll
[2011/04/28 21:19:57 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfwpg11n.dll
[2011/04/28 21:19:57 | 000,003,824 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltthk11w.dll
[2011/04/28 21:19:56 | 000,172,544 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lfpng11n.dll
[2011/04/28 21:19:56 | 000,080,896 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lffax11n.dll
[2011/04/28 21:19:56 | 000,041,472 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfgif11n.dll
[2011/04/28 21:19:56 | 000,032,768 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfpcx11n.dll
[2011/04/28 21:19:56 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lftga11n.dll
[2011/04/28 21:19:56 | 000,027,136 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfimg11n.dll
[2011/04/28 21:19:56 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfpcd11n.dll
[2011/04/28 21:19:56 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfmsp11n.dll
[2011/04/28 21:19:55 | 000,276,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LFCMP11n.DLL
[2011/04/28 21:19:55 | 000,036,864 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfbmp11n.dll
[2011/04/28 21:19:55 | 000,035,328 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfcal11n.dll
[2011/04/28 21:19:55 | 000,031,232 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfeps11n.dll
[2011/04/28 21:19:28 | 000,000,000 | ---D | C] -- C:\Legacy
[2011/04/27 14:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2011/04/27 11:11:44 | 000,000,000 | ---D | C] -- C:\temp
[2011/04/27 11:11:13 | 000,380,928 | ---- | C] (Massachusetts Institute of Technology) -- C:\Windows\System32\krb5_32.dll
[2011/04/27 11:11:13 | 000,024,576 | ---- | C] (Massachusetts Institute of Technology) -- C:\Windows\System32\comerr32.dll
[2011/04/27 10:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\AL500-18
[2011/04/26 16:32:53 | 000,000,000 | ---D | C] -- C:\46f8d8b26ce9750c5047a042850a32
[2011/04/26 14:36:38 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/26 14:36:28 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/26 14:36:12 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/26 14:36:11 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/26 14:36:08 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/26 14:36:07 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
========== Files - Modified Within 30 Days ==========
[2011/05/06 19:36:38 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/06 19:36:38 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/06 19:36:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/06 19:36:13 | 3215,855,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/06 19:35:20 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/06 19:30:57 | 000,000,957 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/06 19:30:56 | 000,000,952 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/05/06 19:25:00 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/05/05 21:03:31 | 000,611,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/05 21:03:31 | 000,109,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/05 19:09:14 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/05/05 19:09:14 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/05/05 19:09:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/05/05 19:09:07 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/05/05 19:09:07 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/05/05 19:09:07 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/05/05 19:09:07 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/05/05 19:09:07 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/05/05 19:09:07 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/05/05 19:09:07 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/05/05 19:09:06 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/05/05 19:09:06 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/05/05 19:09:06 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/05/05 19:09:06 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/05/05 19:09:06 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/05/05 19:09:06 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/05/05 19:09:06 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/05/05 19:09:06 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/05/05 19:09:06 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/05/05 19:09:06 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/05/05 19:09:06 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/05/05 19:09:06 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/05/05 19:09:06 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/05/05 19:09:06 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/05/05 19:09:05 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/05/05 19:09:05 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/05/05 19:09:05 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/05/05 19:09:05 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/05/05 19:09:05 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/05/05 19:09:05 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/05/05 19:09:05 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/05/05 19:09:05 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/05/05 19:09:05 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/05/05 19:09:05 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/05/05 19:09:05 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/05/05 19:09:04 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/05/05 19:09:04 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/05/05 19:09:04 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/05/05 19:09:04 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/05/05 19:09:04 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/05/05 19:09:04 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/05/05 19:09:04 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/05/05 19:08:29 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/05/05 19:08:29 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/05/05 19:08:28 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/05/05 19:08:28 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/05/05 19:08:28 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/05/05 19:08:28 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/05/05 19:08:28 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/05/05 19:08:27 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/05/05 19:08:26 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/05/05 19:08:26 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/05/05 19:08:26 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/05/05 19:08:26 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/05/05 19:08:26 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/05/05 19:08:26 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/05/05 19:08:26 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/05/05 19:08:26 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/05/05 19:08:26 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/05/05 19:08:26 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/05/05 19:08:25 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/05/05 19:08:25 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/05/05 19:08:25 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/05/05 19:08:25 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/05/05 19:08:25 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/05/05 19:08:25 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/05/05 18:29:55 | 000,077,687 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\colourScheme.jpg
[2011/05/05 17:39:53 | 000,139,503 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\nothreatsfound.jpg
[2011/05/05 15:22:00 | 000,046,990 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\process_stopped.jpg
[2011/05/05 15:21:15 | 000,045,335 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\bubble.jpg
[2011/05/04 23:06:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Windows\system32\config\systemprofile\Desktop\OTL.exe
[2011/04/29 20:09:58 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/04/29 13:23:07 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/04/29 12:37:58 | 000,010,288 | -HS- | M] () -- C:\ProgramData\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
[2011/04/29 12:24:07 | 000,010,000 | -HS- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
[2011/04/29 12:23:44 | 000,002,480 | -HS- | M] () -- C:\ProgramData\1866462758
[2011/04/28 21:20:18 | 000,000,347 | ---- | M] () -- C:\Users\Public\Desktop\Legacy 7.5.lnk
[2011/04/27 09:43:57 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/04/26 15:03:45 | 003,809,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2011/05/06 19:30:56 | 000,000,952 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/05/05 19:09:06 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/05 18:29:55 | 000,077,687 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\colourScheme.jpg
[2011/05/05 17:39:53 | 000,139,503 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\nothreatsfound.jpg
[2011/05/05 15:22:00 | 000,046,990 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\process_stopped.jpg
[2011/05/05 15:21:15 | 000,045,335 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\bubble.jpg
[2011/05/05 09:19:03 | 000,000,957 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/05 09:15:29 | 000,000,963 | ---- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/05/05 09:15:23 | 000,000,958 | ---- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/05/05 09:15:09 | 000,000,929 | ---- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/04/29 20:09:58 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/04/29 13:22:50 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/04/29 12:22:05 | 000,002,480 | -HS- | C] () -- C:\ProgramData\1866462758
[2011/04/29 12:21:49 | 000,010,288 | -HS- | C] () -- C:\ProgramData\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
[2011/04/29 12:21:49 | 000,010,000 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\5f2ph51m052ajruj700xx2hor734170i6dmv3o246y7n4n4
[2011/04/28 21:56:20 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/04/28 21:20:18 | 000,000,359 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy 7.5
[2011/04/28 21:20:18 | 000,000,347 | ---- | C] () -- C:\Users\Public\Desktop\Legacy 7.5.lnk
[2011/04/28 21:20:02 | 000,021,504 | ---- | C] () -- C:\Windows\System32\WBCustomizer.dll
[2011/04/27 11:11:13 | 000,102,400 | ---- | C] () -- C:\Windows\System32\UniCType.dll
[2011/04/27 11:11:13 | 000,073,788 | ---- | C] () -- C:\Windows\System32\Log2Vis.dll
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/08 11:16:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/08 11:16:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/07 16:38:55 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/06/20 07:30:08 | 000,181,944 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/06/20 07:30:08 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/06/20 07:30:08 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/06/20 07:30:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009/06/19 23:37:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/06/19 21:56:39 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/06/19 21:56:37 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/06/19 21:56:36 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2009/04/11 19:02:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/05 19:42:45 | 000,062,400 | ---- | C] () -- C:\Windows\System32\IFC.dll
[2008/11/05 19:41:56 | 000,422,848 | ---- | C] () -- C:\Windows\System32\PPL.dll
[2006/11/02 14:02:10 | 000,000,680 | ---- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\d3d9caps.dat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 003,809,224 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,611,296 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,109,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
< End of report >
soysauce
2011-05-06, 20:58
Hi,
The User Profile Service was already set to Automatic but I checked it and restarted anyway but the problem persists. Well sort of.... When the desktop starts up the theme is the basic one, but after about 20/30 seconds the normal vista theme kicks in.
Also I'm still getting exactly the same symptoms as in the previous post.
Thanks again.
Well, your log looks ok, this may be a windows issue.
Post here in the Microsoft Windows forum and see if they can help you
http://forums.whatthetech.com/index.php?showforum=119
Let me know how it went
soysauce
2011-05-06, 23:08
I will do, thanks a lot for your help much appreciated.
Hi,
If you posted in the windows forum already thats fine, but would like you to run this program and lets see if it finds and fixes anything
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
soysauce
2011-05-07, 15:31
I haven't posted yet I was just searching the forum and the web in general for the errors I was getting. I then decided to have another go at the system restore which has worked to a certain extent.. it's put it back to before I got the problems but I'm getting a few more Windows errors and still getting the User Profile and the host errors.
So I decided to try to reset to factory settings but even that didnt work :hair:
I was going to take it into work and get them to reset it but....
....do you think its worth having a go at this combofix?
soysauce
2011-05-07, 22:05
I can't even run it!:laugh:
The System Restore seems to have knackered it. It looks like the majority of the services just aren't starting up so simple things like running programs aren't working. Even when I booted into safe mode ComboFix wouldn't load up.
It seems as though it's trying to get the services working but some keep dropping out rendering it useless.
Ah well it was worth a shot, I'll just re-install the OS.
Thanks for your help though.
Most times with the threats going around and with your operating system appearing somewhat damaged its not a bad idea to format and reinstall, but this is up to you.
If you want to continue than do this
Please download exeHelper (http://www.raktor.net/exeHelper/exeHelper.com) to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
Drag your copy of Combofix to the trash and redownload it but follow the instructions for renaming it
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif
http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
soysauce
2011-05-09, 22:39
exeHelper by Raktor
Build 20100414
Run at 21:29:18 on 05/09/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
soysauce
2011-05-09, 23:44
I had a bit of trouble disabling Microsoft Security Essentials. I disabled the real time protection, but CF said that it was still running. I then killeopped working d the process in task manager and ran CF again but it still thought it was running. I went ahead anyway as there was no more i could do and it seems to have run ok.
I got a few windows errors as it was running along the lines of pev.exxe has stopped working but it seemed to carry on anyway.
Cheers,
Nick
ComboFix 11-05-09.01 - LSS 09/05/2011 22:23:55.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3066.2037 [GMT 1:00]
Running from: c:\users\LSS\Desktop\Combo-Fix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5744\Downloads\162088e9-0b41-471a-947d-e6bfb7774266.dll
c:\programdata\PCDr\5744\Downloads\3060b7ae-c612-4b71-be9a-0721727ba831.dll
c:\programdata\PCDr\5744\Downloads\3abc4f65-3752-4824-83cd-674c30d9f41c.dll
c:\programdata\PCDr\5744\Downloads\4128ef4c-5308-415e-947b-b523a115be2d.dll
c:\programdata\PCDr\5744\Downloads\4b07fd4d-6cb2-4166-8e08-7e3d0fb96a24.dll
c:\programdata\PCDr\5744\Downloads\654e4133-96c6-421b-9240-26a29538de3f.dll
c:\programdata\PCDr\5744\Downloads\69bf7709-6da5-40eb-b648-3731ebda143c.dll
c:\programdata\PCDr\5744\Downloads\7cfc7ddb-2ff0-41ad-a5d7-3e2c7c6da278.dll
c:\programdata\PCDr\5744\Downloads\920b4bdb-56cb-44d8-b977-2de6535367f0.dll
c:\programdata\PCDr\5744\Downloads\94c1bf6e-ecf1-4c5d-ad15-1b8540879958.dll
c:\programdata\PCDr\5744\Downloads\a12cd2ff-9e6d-4d89-a010-63188cb6a861.dll
c:\programdata\PCDr\5744\Downloads\c6bcc260-2097-4f4f-a0c3-098183f01ac5.dll
c:\programdata\PCDr\5744\Downloads\db49fe36-7c40-41f5-b9c1-5a7c3297c269.dll
c:\programdata\PCDr\5744\Downloads\db760e79-da96-4a2b-a687-8256c6e72fb6.dll
c:\programdata\PCDr\5744\Downloads\e3d50fea-9128-4ef0-9ea5-b4d74186612f.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-04-09 to 2011-05-09 )))))))))))))))))))))))))))))))
.
.
2011-05-09 21:32 . 2011-05-09 21:32 -------- d-----w- c:\users\LSS\AppData\Local\temp
2011-05-09 21:05 . 2011-05-09 21:11 -------- d-----w- C:\32788R22FWJFW
2011-05-09 20:25 . 2011-04-18 08:15 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7FC37DF4-6AFB-4FF8-9EF2-6DE45537A4CF}\mpengine.dll
2011-05-06 18:26 . 2011-05-06 18:26 -------- d-sh--w- c:\users\LSS\%APPDATA%
2011-05-06 18:25 . 2011-04-18 08:15 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-05 18:08 . 2011-05-05 18:08 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-05-05 14:52 . 2011-05-05 14:52 -------- d-----w- c:\program files\ESET
2011-05-05 14:35 . 2011-05-06 21:16 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Google
2011-05-05 14:35 . 2011-05-06 21:15 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Deployment
2011-05-05 14:35 . 2011-05-05 14:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Apps
2011-05-05 08:22 . 2011-05-05 08:22 -------- d-----w- C:\_OTL
2011-05-05 08:16 . 2011-05-05 08:16 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\ATI
2011-05-05 08:16 . 2011-05-05 08:16 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\ATI
2011-05-05 08:15 . 2011-05-09 20:02 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-05-04 21:49 . 2011-05-04 21:49 -------- d-----w- c:\users\LSS\AppData\Roaming\Malwarebytes
2011-05-04 21:49 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-04 21:49 . 2011-05-04 21:49 -------- d-----w- c:\programdata\Malwarebytes
2011-05-04 21:49 . 2011-05-09 20:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-04 21:49 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-04 21:47 . 2011-05-04 21:47 -------- d-----w- c:\users\LSS\AppData\Local\Adobe
2011-04-29 20:13 . 2011-05-09 20:01 -------- d-----w- c:\program files\ERUNT
2011-04-29 19:05 . 2011-04-29 19:05 -------- d-----w- C:\found.000
2011-04-29 12:24 . 2010-11-30 10:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-04-29 12:24 . 2010-11-30 10:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F504C7DB-C3C5-4FB8-A87E-5ED7BC6A9085}\gapaengine.dll
2011-04-29 12:22 . 2011-05-09 20:01 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-29 11:21 . 2011-05-05 08:15 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2011-04-29 10:35 . 2011-05-09 20:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-29 10:35 . 2011-05-09 20:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-28 22:57 . 2011-04-28 22:57 -------- d-----w- c:\windows\Sun
2011-04-28 20:55 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-04-28 20:20 . 2007-11-07 18:03 496384 ----a-w- c:\windows\system32\XceedZip.dll
2011-04-28 20:20 . 2005-08-09 16:14 262144 ----a-w- c:\windows\system32\vspdf8.ocx
2011-04-28 20:20 . 2005-08-09 16:14 458752 ----a-w- c:\windows\system32\vsprint8.ocx
2011-04-28 20:20 . 2002-02-12 15:24 169216 ----a-w- c:\windows\system32\WSpell.ocx
2011-04-28 20:20 . 1999-07-01 12:17 237568 ----a-w- c:\windows\system32\Vsocx6.ocx
2011-04-28 20:20 . 1998-09-11 08:14 21504 ----a-w- c:\windows\system32\WBCustomizer.dll
2011-04-28 20:20 . 2003-02-19 00:11 65536 ----a-w- c:\windows\system32\ReSize32.ocx
2011-04-28 20:20 . 2000-12-06 08:59 832448 ----a-w- c:\windows\system32\tdbg6.ocx
2011-04-28 20:20 . 2000-05-21 23:00 203976 ----a-w- c:\windows\system32\RICHTX32.OCX
2011-04-28 20:20 . 2000-05-21 22:00 115920 ----a-w- c:\windows\system32\MSINET.OCX
2011-04-28 20:20 . 1999-09-17 10:14 65536 ----a-w- c:\windows\system32\ssfm1032.dll
2011-04-28 20:20 . 1999-05-06 23:00 198640 ----a-w- c:\windows\system32\MCI32.OCX
2011-04-27 13:23 . 2011-04-27 13:23 -------- d-----w- c:\users\LSS\AppData\Local\LogMeIn
2011-04-27 13:23 . 2011-04-27 13:23 -------- d-----w- c:\programdata\LogMeIn
2011-04-27 10:56 . 2011-04-27 11:12 -------- d-----w- c:\users\LSS\AppData\Roaming\TeamViewer
2011-04-27 10:11 . 2011-04-27 12:35 -------- d-----w- C:\temp
2011-04-27 10:11 . 2007-02-25 09:10 102400 ----a-w- c:\windows\system32\UniCType.dll
2011-04-27 10:11 . 2007-02-25 09:10 73788 ----a-w- c:\windows\system32\Log2Vis.dll
2011-04-27 10:11 . 2007-02-25 09:10 380928 ----a-w- c:\windows\system32\krb5_32.dll
2011-04-27 10:11 . 2007-02-25 09:10 24576 ----a-w- c:\windows\system32\comerr32.dll
2011-04-27 09:46 . 2011-05-09 20:01 -------- d-----w- c:\program files\AL500-18
2011-04-26 15:32 . 2011-05-09 20:01 -------- d-----w- C:\46f8d8b26ce9750c5047a042850a32
2011-04-26 13:17 . 2011-04-18 08:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FBC72D5F-F32A-43A4-B33A-4301E40D32F7}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-27 233472]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-13 61440]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-30 483428]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-02-22 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
c:\users\Assistant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-06-19 21:07 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 12:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 04:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
2009-04-09 14:29 1762032 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-01-28 20:46 136176 ----atw- c:\users\LSS\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2008-07-04 12:16 132392 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [x]
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-03-30 81920]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-03-08 62496]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-08-25 203264]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2011-05-06 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-09 22:32
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
Completion time: 2011-05-09 22:36:17
ComboFix-quarantined-files.txt 2011-05-09 21:36
.
Pre-Run: 222,286,352,384 bytes free
Post-Run: 221,199,986,688 bytes free
.
- - End Of File - - 457989C3F5FC53B4111B48CF4F7F9C69
soysauce
2011-05-09, 23:46
sorry, a few typos there, should be:
I had a bit of trouble disabling Microsoft Security Essentials. I disabled the real time protection, but CF said that it was still running. I then killed the MSE process in task manager and ran CF again but it still thought it was running it. I went ahead anyway as there was no more i could do and it seems to have run ok.
I got a few windows errors as it was running along the lines of pev.exxe has stopped working but it seemed to carry on anyway.
Cheers,
Nick
You did just fine Nick, how are things running now ?
Due to inactivity, this thread will now be closed.
If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.