used pc is being cyber abused [Archive]

View Full Version : used pc is being cyber abused

musicalpulltoy

2011-08-28, 10:06

hi .,.
belive i have trojan. pc has been lagging, high cpu and changes arnt there after reboot.
think i attached attach

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0
Run by DAD at 23:35:39 on 2011-08-27
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1271.487 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\sndvol32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Task Catcher] c:\program files\billp studios\task catcher\tasktrap.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\system~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246219383859
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
TCP: Interfaces\{06BD7469-7F5C-4449-9B14-D38A61E9D028} : NameServer = 68.105.28.11,68.105.28.12,68.105.29.12,192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dad\application data\mozilla\firefox\profiles\fn2dlw99.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/mb59?u=92822879073603948
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/mb59/?loc=ff_address_bar&u=92822879073603948&search=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - plugin: c:\documents and settings\dad\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\dad\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\dad\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: Split Browser: {29c4afe1-db19-4298-8785-fcc94d1d6c1d} - %profile%\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
FF - Ext: QuickDrag: http://forums.spybot.info/misc.php?do=email_dev&email=cXVpY2tkcmFnQG1vemlsbGEua3RlY2hjb21wdXRpbmcuY29t - %profile%\extensions\quickdrag@mozilla.ktechcomputing.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-8-7 532224]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]
R3 epstw2k;SCM Parallel Port SCSI Driver;c:\windows\system32\drivers\epstw2k.sys [2011-7-31 114944]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-4-23 224896]
R3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2011-7-31 10880]
S2 DCService.exe;DCService.exe;c:\documents and settings\all users\application data\datacardservice\dcservice.exe --> c:\documents and settings\all users\application data\datacardservice\DCService.exe [?]
S3 05160F36;05160F36;c:\windows\system32\05160f36.exe --> c:\windows\system32\05160F36.exe [?]
S3 2E8DA83C;2E8DA83C;c:\windows\system32\2e8da83c.exe --> c:\windows\system32\2E8DA83C.exe [?]
S3 3E2BD829;3E2BD829;c:\windows\system32\3e2bd829.exe --> c:\windows\system32\3E2BD829.exe [?]
S3 41035FF2;41035FF2;c:\windows\system32\41035ff2.exe --> c:\windows\system32\41035FF2.exe [?]
S3 5B791910;5B791910;c:\windows\system32\5b791910.exe --> c:\windows\system32\5B791910.exe [?]
S3 5F8775F8;5F8775F8;c:\windows\system32\5f8775f8.exe --> c:\windows\system32\5F8775F8.exe [?]
S3 620D6D84;620D6D84;c:\windows\system32\620d6d84.exe --> c:\windows\system32\620D6D84.exe [?]
S3 6D2F9437;6D2F9437;c:\windows\system32\6d2f9437.exe --> c:\windows\system32\6D2F9437.exe [?]
S3 76C3328F;76C3328F;c:\windows\system32\76c3328f.exe --> c:\windows\system32\76C3328F.exe [?]
S3 855A1F17;855A1F17;c:\windows\system32\855a1f17.exe --> c:\windows\system32\855A1F17.exe [?]
S3 EAE0BB30;EAE0BB30;c:\windows\system32\eae0bb30.exe --> c:\windows\system32\EAE0BB30.exe [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys --> c:\windows\system32\drivers\ewusbnet.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys --> c:\windows\system32\drivers\ew_jubusenum.sys [?]
S3 N3AB;N3AB Wireless Network Adapter Service;c:\windows\system32\drivers\N3AB.sys [2005-12-23 457312]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-3-14 29824]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-3-14 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-3-14 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-3-14 59776]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2011-5-3 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2011-5-3 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2011-5-3 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2011-5-3 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2011-5-3 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2011-5-3 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2011-5-3 109864]
S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2011-4-12 166720]
S3 SiSV;SiSV;c:\windows\system32\drivers\SiSV.sys [2011-4-12 50432]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-5-3 150528]
S4 DirMon2;DirMon2;C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service --> C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service [?]
S4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-10 14336]
S4 TridWnW;PCI Audio Driver;c:\windows\system32\drivers\TridWnW.sys [2011-4-30 150872]
.
=============== Created Last 30 ================
.
2011-08-28 00:33:55 -------- d-sha-r- C:\cmdcons
2011-08-28 00:27:21 98816 ----a-w- c:\windows\sed.exe
2011-08-28 00:27:21 518144 ----a-w- c:\windows\SWREG.exe
2011-08-28 00:27:21 256000 ----a-w- c:\windows\PEV.exe
2011-08-28 00:27:21 208896 ----a-w- c:\windows\MBR.exe
2011-08-28 00:26:55 -------- d-----w- C:\ComboFix
2011-08-27 23:32:40 187904 ----a-w- c:\windows\system32\everest_cpl.cpl
2011-08-27 23:08:07 -------- d-----w- c:\program files\Lavalys
2011-08-27 07:18:21 -------- d-----w- C:\New Folder
2011-08-27 06:26:04 -------- d-----w- c:\documents and settings\dad\local settings\application data\IM
2011-08-27 06:24:29 -------- d-----w- c:\documents and settings\all users\application data\IncrediMail
2011-08-27 06:24:29 -------- d-----w- c:\documents and settings\all users\application data\IM
2011-08-27 01:13:45 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-27 01:13:27 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-27 01:13:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-18 15:46:30 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-18 15:27:04 553696 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2011-08-18 15:27:00 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2011-08-18 15:27:00 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2011-08-07 08:24:55 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-08-07 08:24:55 -------- d-----w- c:\windows\system32\ZoneLabs
2011-08-07 08:24:52 -------- d-----w- c:\program files\Zone Labs
2011-08-07 04:03:52 -------- d-----w- c:\documents and settings\dad\local settings\application data\Sun
2011-08-04 15:34:49 -------- d-----w- c:\windows\ERUNT
2011-08-04 15:10:30 -------- d-----w- C:\SDFix
2011-08-03 03:48:15 -------- d-----w- c:\documents and settings\all users\application data\SystemExplorer
2011-08-03 03:48:03 -------- d-----w- c:\program files\System Explorer
2011-07-31 08:17:32 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2011-07-31 08:17:32 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-07-31 08:17:26 10880 ----a-w- c:\windows\system32\drivers\scsiscan.sys
2011-07-31 08:17:26 10880 ----a-w- c:\windows\system32\dllcache\scsiscan.sys
2011-07-31 08:17:18 13312 ----a-w- c:\windows\system32\hpsjmcro.dll
2011-07-31 08:17:18 13312 ----a-w- c:\windows\system32\dllcache\hpsjmcro.dll
2011-07-31 08:16:42 114944 ----a-w- c:\windows\system32\drivers\epstw2k.sys
2011-07-31 08:16:42 114944 ----a-w- c:\windows\system32\dllcache\epstw2k.sys
2011-07-30 06:32:36 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-07-30 06:32:33 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-30 06:30:42 -------- d-----w- C:\OEMSettings
2011-07-29 22:11:58 -------- d-----w- C:\OEMSettings(2)
.
==================== Find3M ====================
.
2011-08-27 02:25:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-18 15:45:27 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-09 13:27:59 991232 ----a-w- c:\windows\system32\SET27.tmp
.
============= FINISH: 23:39:00.67 ===============

oh,
spybot found nothing

avg popped up with c:/combofix/handle.3xe and system32/drivers/procxp.sys

superantispyware nothing 1 tracking

registry has "cannot open ypubc.blockerctrl: error while opening key" and more.

oldman960

2011-08-31, 04:08

Hi musicalpulltoy, welcome to the forum.

To make cleaning this machine easier
Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

µTorrent
You have µTorrent, a P2P/file sharing program installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/commun...protection.mspx (http://www.microsoft.com/windows/ie/community/columns/protection.mspx)

http://www.internetworldstats.com/articles/art053.htm://http://www.techweb.com/wire/1605005...cles/art053.htm (http://www.internetworldstats.com/articles/art053.htm)

I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove this program, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

I see you have ran Combofix. This is a very powerful tool and should not be used without supervision. Please post the log, it can be found at C:\combofix.txt

Thanks

musicalpulltoy

2011-08-31, 07:22

hi oldman
heres combo log.
i attempt to fix problems before asking help so i can learn too.
this is a used pc and has or has remnants of removed programs.
other fixes ive tryed before posting here are rapport, tdskiller, rkill, vudofix, sdfix and malwerabytes.
have logs.
windows update did a malichous software update and afew things have changed for the better.
thank you

ComboFix 11-08-27.01 - DAD 08/27/2011 17:36:57.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1271.594 [GMT -7:00]
Running from: c:\documents and settings\DAD\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\14F
c:\documents and settings\All Users\Application Data\14F\{2865B1AB-2168-437C-87A8-ED20F24FBE12}.swf
c:\documents and settings\DAD\Application Data\PriceGong
c:\documents and settings\DAD\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\DAD\WINDOWS
c:\program files\Internet Explorer\SET6.tmp
c:\program files\Internet Explorer\SET7.tmp
c:\program files\Internet Explorer\SET8.tmp
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_003697_.tmp.dll
c:\windows\system32\_003698_.tmp.dll
c:\windows\system32\_003699_.tmp.dll
c:\windows\system32\_003700_.tmp.dll
c:\windows\system32\_003707_.tmp.dll
c:\windows\system32\_003708_.tmp.dll
c:\windows\system32\_003709_.tmp.dll
c:\windows\system32\_003710_.tmp.dll
c:\windows\system32\_003711_.tmp.dll
c:\windows\system32\_003712_.tmp.dll
c:\windows\system32\_003713_.tmp.dll
c:\windows\system32\_003714_.tmp.dll
c:\windows\system32\_003715_.tmp.dll
c:\windows\system32\_003716_.tmp.dll
c:\windows\system32\_003717_.tmp.dll
c:\windows\system32\_003718_.tmp.dll
c:\windows\system32\_003719_.tmp.dll
c:\windows\system32\_003720_.tmp.dll
c:\windows\system32\_003721_.tmp.dll
c:\windows\system32\_003722_.tmp.dll
c:\windows\system32\_003723_.tmp.dll
c:\windows\system32\_003724_.tmp.dll
c:\windows\system32\_003725_.tmp.dll
c:\windows\system32\_003726_.tmp.dll
c:\windows\system32\_003727_.tmp.dll
c:\windows\system32\_003728_.tmp.dll
c:\windows\system32\_003731_.tmp.dll
c:\windows\system32\_003732_.tmp.dll
c:\windows\system32\_003733_.tmp.dll
c:\windows\system32\_003734_.tmp.dll
c:\windows\system32\_003735_.tmp.dll
c:\windows\system32\_003736_.tmp.dll
c:\windows\system32\_003737_.tmp.dll
c:\windows\system32\_003739_.tmp.dll
c:\windows\system32\_003740_.tmp.dll
c:\windows\system32\_003741_.tmp.dll
c:\windows\system32\_003742_.tmp.dll
c:\windows\system32\_003743_.tmp.dll
c:\windows\system32\_003744_.tmp.dll
c:\windows\system32\_003745_.tmp.dll
c:\windows\system32\_003746_.tmp.dll
c:\windows\system32\_003747_.tmp.dll
c:\windows\system32\_003748_.tmp.dll
c:\windows\system32\_003749_.tmp.dll
c:\windows\system32\_003750_.tmp.dll
c:\windows\system32\_003753_.tmp.dll
c:\windows\system32\_003754_.tmp.dll
c:\windows\system32\_003755_.tmp.dll
c:\windows\system32\_003757_.tmp.dll
c:\windows\system32\_003758_.tmp.dll
c:\windows\system32\_003759_.tmp.dll
c:\windows\system32\_003760_.tmp.dll
c:\windows\system32\_003761_.tmp.dll
c:\windows\system32\_003762_.tmp.dll
c:\windows\system32\_003763_.tmp.dll
c:\windows\system32\_003764_.tmp.dll
c:\windows\system32\_003765_.tmp.dll
c:\windows\system32\_003766_.tmp.dll
c:\windows\system32\_003767_.tmp.dll
c:\windows\system32\_003769_.tmp.dll
c:\windows\system32\_003770_.tmp.dll
c:\windows\system32\_003771_.tmp.dll
c:\windows\system32\_003772_.tmp.dll
c:\windows\system32\_003774_.tmp.dll
c:\windows\system32\_003776_.tmp.dll
c:\windows\system32\_003777_.tmp.dll
c:\windows\system32\_003778_.tmp.dll
c:\windows\system32\_003779_.tmp.dll
c:\windows\system32\_003780_.tmp.dll
c:\windows\system32\_003781_.tmp.dll
c:\windows\system32\_003782_.tmp.dll
c:\windows\system32\_003784_.tmp.dll
c:\windows\system32\_003785_.tmp.dll
c:\windows\system32\_003786_.tmp.dll
c:\windows\system32\_003787_.tmp.dll
c:\windows\system32\_003788_.tmp.dll
c:\windows\system32\_003789_.tmp.dll
c:\windows\system32\_003790_.tmp.dll
c:\windows\system32\_003791_.tmp.dll
c:\windows\system32\_003793_.tmp.dll
c:\windows\system32\_003794_.tmp.dll
c:\windows\system32\_003796_.tmp.dll
c:\windows\system32\_003797_.tmp.dll
c:\windows\system32\_003799_.tmp.dll
c:\windows\system32\_003800_.tmp.dll
c:\windows\system32\_003804_.tmp.dll
c:\windows\system32\_003805_.tmp.dll
c:\windows\system32\_003807_.tmp.dll
c:\windows\system32\_003810_.tmp.dll
c:\windows\system32\_003812_.tmp.dll
c:\windows\system32\_003813_.tmp.dll
c:\windows\system32\_003814_.tmp.dll
c:\windows\system32\_003815_.tmp.dll
c:\windows\system32\_003818_.tmp.dll
c:\windows\system32\_003819_.tmp.dll
c:\windows\system32\_003820_.tmp.dll
c:\windows\system32\_003821_.tmp.dll
c:\windows\system32\_003822_.tmp.dll
c:\windows\system32\_003827_.tmp.dll
c:\windows\system32\_003829_.tmp.dll
c:\windows\system32\_003976_.tmp.dll
c:\windows\system32\_003977_.tmp.dll
c:\windows\system32\_003978_.tmp.dll
c:\windows\system32\_003979_.tmp.dll
c:\windows\system32\_003986_.tmp.dll
c:\windows\system32\_003987_.tmp.dll
c:\windows\system32\_003988_.tmp.dll
c:\windows\system32\_003990_.tmp.dll
c:\windows\system32\_003991_.tmp.dll
c:\windows\system32\_003994_.tmp.dll
c:\windows\system32\_003995_.tmp.dll
c:\windows\system32\_003997_.tmp.dll
c:\windows\system32\_003998_.tmp.dll
c:\windows\system32\_003999_.tmp.dll
c:\windows\system32\_004001_.tmp.dll
c:\windows\system32\_004004_.tmp.dll
c:\windows\system32\_004005_.tmp.dll
c:\windows\system32\_004009_.tmp.dll
c:\windows\system32\_004010_.tmp.dll
c:\windows\system32\_004012_.tmp.dll
c:\windows\system32\_004015_.tmp.dll
c:\windows\system32\_004017_.tmp.dll
c:\windows\system32\_004018_.tmp.dll
c:\windows\system32\_004019_.tmp.dll
c:\windows\system32\_004020_.tmp.dll
c:\windows\system32\_004023_.tmp.dll
c:\windows\system32\_004024_.tmp.dll
c:\windows\system32\_004025_.tmp.dll
c:\windows\system32\_004026_.tmp.dll
c:\windows\system32\_004027_.tmp.dll
c:\windows\system32\_004032_.tmp.dll
c:\windows\system32\_004034_.tmp.dll
c:\windows\system32\_004061_.tmp.dll
c:\windows\system32\_004062_.tmp.dll
c:\windows\system32\_004063_.tmp.dll
c:\windows\system32\_004064_.tmp.dll
c:\windows\system32\_004069_.tmp.dll
c:\windows\system32\_004070_.tmp.dll
c:\windows\system32\_004071_.tmp.dll
c:\windows\system32\_004072_.tmp.dll
c:\windows\system32\_004073_.tmp.dll
c:\windows\system32\_004074_.tmp.dll
c:\windows\system32\_004075_.tmp.dll
c:\windows\system32\_004076_.tmp.dll
c:\windows\system32\_004077_.tmp.dll
c:\windows\system32\_004078_.tmp.dll
c:\windows\system32\_004079_.tmp.dll
c:\windows\system32\_004080_.tmp.dll
c:\windows\system32\_004081_.tmp.dll
c:\windows\system32\_004082_.tmp.dll
c:\windows\system32\_004083_.tmp.dll
c:\windows\system32\_004084_.tmp.dll
c:\windows\system32\_004085_.tmp.dll
c:\windows\system32\_004086_.tmp.dll
c:\windows\system32\_004087_.tmp.dll
c:\windows\system32\_004089_.tmp.dll
c:\windows\system32\_004090_.tmp.dll
c:\windows\system32\_004092_.tmp.dll
c:\windows\system32\_004093_.tmp.dll
c:\windows\system32\_004094_.tmp.dll
c:\windows\system32\_004095_.tmp.dll
c:\windows\system32\_004096_.tmp.dll
c:\windows\system32\_004097_.tmp.dll
c:\windows\system32\_004099_.tmp.dll
c:\windows\system32\_004100_.tmp.dll
c:\windows\system32\_004101_.tmp.dll
c:\windows\system32\_004102_.tmp.dll
c:\windows\system32\_004103_.tmp.dll
c:\windows\system32\_004104_.tmp.dll
c:\windows\system32\_004105_.tmp.dll
c:\windows\system32\_004108_.tmp.dll
c:\windows\system32\_004109_.tmp.dll
c:\windows\system32\_004110_.tmp.dll
c:\windows\system32\_004111_.tmp.dll
c:\windows\system32\_004112_.tmp.dll
c:\windows\system32\_004113_.tmp.dll
c:\windows\system32\_004114_.tmp.dll
c:\windows\system32\_004116_.tmp.dll
c:\windows\system32\_004117_.tmp.dll
c:\windows\system32\_004118_.tmp.dll
c:\windows\system32\_004119_.tmp.dll
c:\windows\system32\_004120_.tmp.dll
c:\windows\system32\_004121_.tmp.dll
c:\windows\system32\_004122_.tmp.dll
c:\windows\system32\_004123_.tmp.dll
c:\windows\system32\_004124_.tmp.dll
c:\windows\system32\_004125_.tmp.dll
c:\windows\system32\_004126_.tmp.dll
c:\windows\system32\_004127_.tmp.dll
c:\windows\system32\_004129_.tmp.dll
c:\windows\system32\_004130_.tmp.dll
c:\windows\system32\_004131_.tmp.dll
c:\windows\system32\_004132_.tmp.dll
c:\windows\system32\_004133_.tmp.dll
c:\windows\system32\_004134_.tmp.dll
c:\windows\system32\_004135_.tmp.dll
c:\windows\system32\_004136_.tmp.dll
c:\windows\system32\_004137_.tmp.dll
c:\windows\system32\_004138_.tmp.dll
c:\windows\system32\_004139_.tmp.dll
c:\windows\system32\_004140_.tmp.dll
c:\windows\system32\_004141_.tmp.dll
c:\windows\system32\_004142_.tmp.dll
c:\windows\system32\_004143_.tmp.dll
c:\windows\system32\_004144_.tmp.dll
c:\windows\system32\_004145_.tmp.dll
c:\windows\system32\_004146_.tmp.dll
c:\windows\system32\_004147_.tmp.dll
c:\windows\system32\_004148_.tmp.dll
c:\windows\system32\_004149_.tmp.dll
c:\windows\system32\_004150_.tmp.dll
c:\windows\system32\_004151_.tmp.dll
c:\windows\system32\_004152_.tmp.dll
c:\windows\system32\_004153_.tmp.dll
c:\windows\system32\_004154_.tmp.dll
c:\windows\system32\_004155_.tmp.dll
c:\windows\system32\_004156_.tmp.dll
c:\windows\system32\_004157_.tmp.dll
c:\windows\system32\_004158_.tmp.dll
c:\windows\system32\_004159_.tmp.dll
c:\windows\system32\_004160_.tmp.dll
c:\windows\system32\_004161_.tmp.dll
c:\windows\system32\_004162_.tmp.dll
c:\windows\system32\_004164_.tmp.dll
c:\windows\system32\_004165_.tmp.dll
c:\windows\system32\_004167_.tmp.dll
c:\windows\system32\_004168_.tmp.dll
c:\windows\system32\_004169_.tmp.dll
c:\windows\system32\_004170_.tmp.dll
c:\windows\system32\_004171_.tmp.dll
c:\windows\system32\_004172_.tmp.dll
c:\windows\system32\_004173_.tmp.dll
c:\windows\system32\_004174_.tmp.dll
c:\windows\system32\_004175_.tmp.dll
c:\windows\system32\_004177_.tmp.dll
c:\windows\system32\_004178_.tmp.dll
c:\windows\system32\_004179_.tmp.dll
c:\windows\system32\_004180_.tmp.dll
c:\windows\system32\_004181_.tmp.dll
c:\windows\system32\_004182_.tmp.dll
c:\windows\system32\_004183_.tmp.dll
c:\windows\system32\_004184_.tmp.dll
c:\windows\system32\_004185_.tmp.dll
c:\windows\system32\_004186_.tmp.dll
c:\windows\system32\_004187_.tmp.dll
c:\windows\system32\_004188_.tmp.dll
c:\windows\system32\_004189_.tmp.dll
c:\windows\system32\_004190_.tmp.dll
c:\windows\system32\_004191_.tmp.dll
c:\windows\system32\_004192_.tmp.dll
c:\windows\system32\_004193_.tmp.dll
c:\windows\system32\_004194_.tmp.dll
c:\windows\system32\_004195_.tmp.dll
c:\windows\system32\_004196_.tmp.dll
c:\windows\system32\_004197_.tmp.dll
c:\windows\system32\_004198_.tmp.dll
c:\windows\system32\_004199_.tmp.dll
c:\windows\system32\_004200_.tmp.dll
c:\windows\system32\_004201_.tmp.dll
c:\windows\system32\_004202_.tmp.dll
c:\windows\system32\_004203_.tmp.dll
c:\windows\system32\_004204_.tmp.dll
c:\windows\system32\_004206_.tmp.dll
c:\windows\system32\_004208_.tmp.dll
c:\windows\system32\_004209_.tmp.dll
c:\windows\system32\_004210_.tmp.dll
c:\windows\system32\_004211_.tmp.dll
c:\windows\system32\_004212_.tmp.dll
c:\windows\system32\_004213_.tmp.dll
c:\windows\system32\_004214_.tmp.dll
c:\windows\system32\_004216_.tmp.dll
c:\windows\system32\_004217_.tmp.dll
c:\windows\system32\_004218_.tmp.dll
c:\windows\system32\_004219_.tmp.dll
c:\windows\system32\_004220_.tmp.dll
c:\windows\system32\_004221_.tmp.dll
c:\windows\system32\_004222_.tmp.dll
c:\windows\system32\_004223_.tmp.dll
c:\windows\system32\_004225_.tmp.dll
c:\windows\system32\_004226_.tmp.dll
c:\windows\system32\_004228_.tmp.dll
c:\windows\system32\_004229_.tmp.dll
c:\windows\system32\_004231_.tmp.dll
c:\windows\system32\_004232_.tmp.dll
c:\windows\system32\_004233_.tmp.dll
c:\windows\system32\_004234_.tmp.dll
c:\windows\system32\_004235_.tmp.dll
c:\windows\system32\_004236_.tmp.dll
c:\windows\system32\_004237_.tmp.dll
c:\windows\system32\_004239_.tmp.dll
c:\windows\system32\_004240_.tmp.dll
c:\windows\system32\_004241_.tmp.dll
c:\windows\system32\_004242_.tmp.dll
c:\windows\system32\_004244_.tmp.dll
c:\windows\system32\_004245_.tmp.dll
c:\windows\system32\_004246_.tmp.dll
c:\windows\system32\_004247_.tmp.dll
c:\windows\system32\_004249_.tmp.dll
c:\windows\system32\_004250_.tmp.dll
c:\windows\system32\_004251_.tmp.dll
c:\windows\system32\_004252_.tmp.dll
c:\windows\system32\_004253_.tmp.dll
c:\windows\system32\_004254_.tmp.dll
c:\windows\system32\_004255_.tmp.dll
c:\windows\system32\_004257_.tmp.dll
c:\windows\system32\_004258_.tmp.dll
c:\windows\system32\_004259_.tmp.dll
c:\windows\system32\_004260_.tmp.dll
c:\windows\system32\_004261_.tmp.dll
c:\windows\system32\_004263_.tmp.dll
c:\windows\system32\_004266_.tmp.dll
c:\windows\system32\_004267_.tmp.dll
c:\windows\system32\_004271_.tmp.dll
c:\windows\system32\_004272_.tmp.dll
c:\windows\system32\_004274_.tmp.dll
c:\windows\system32\_004277_.tmp.dll
c:\windows\system32\_004279_.tmp.dll
c:\windows\system32\_004280_.tmp.dll
c:\windows\system32\_004281_.tmp.dll
c:\windows\system32\_004282_.tmp.dll
c:\windows\system32\_004285_.tmp.dll
c:\windows\system32\_004286_.tmp.dll
c:\windows\system32\_004287_.tmp.dll
c:\windows\system32\_004288_.tmp.dll
c:\windows\system32\_004289_.tmp.dll
c:\windows\system32\_004294_.tmp.dll
c:\windows\system32\_004296_.tmp.dll
c:\windows\system32\_004297_.tmp.dll
c:\windows\system32\bszip.dll
c:\windows\system32\comct332.ocx
c:\windows\system32\ctfmon(2).exe
c:\windows\system32\ctfmon(3).exe
c:\windows\system32\ctfmon(4).exe
c:\windows\system32\ctfmon(5).exe
c:\windows\system32\ctfmon(6).exe
c:\windows\system32\tmp.reg
c:\windows\system32\usp10(2).dll
E:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-28 )))))))))))))))))))))))))))))))
.
.
2011-08-27 23:32 . 2005-08-18 07:00 187904 ----a-w- c:\windows\system32\everest_cpl.cpl
2011-08-27 23:08 . 2011-08-27 23:08 -------- d-----w- c:\program files\Lavalys
2011-08-27 07:18 . 2011-08-27 07:18 -------- d-----w- C:\New Folder
2011-08-27 06:26 . 2011-08-27 06:36 -------- d-----w- c:\documents and settings\DAD\Local Settings\Application Data\IM
2011-08-27 06:24 . 2011-08-27 06:33 -------- d-----w- c:\documents and settings\All Users\Application Data\IM
2011-08-27 06:24 . 2011-08-27 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\IncrediMail
2011-08-27 01:13 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-27 01:13 . 2011-08-27 01:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-27 01:13 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-18 15:47 . 2011-08-18 15:47 -------- d-----w- c:\program files\Common Files\Java
2011-08-18 15:46 . 2011-08-18 15:45 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-18 15:41 . 2011-08-18 15:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Sun
2011-08-18 15:27 . 2010-10-27 06:09 553696 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2011-08-18 15:27 . 2010-10-27 06:10 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-08-18 15:27 . 2010-10-27 06:10 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-08-07 08:25 . 2011-03-18 08:24 69120 ----a-w- c:\windows\system32\zlcomm.dll
2011-08-07 08:25 . 2011-03-18 08:24 104448 ----a-w- c:\windows\system32\zlcommdb.dll
2011-08-07 08:24 . 2011-08-07 08:26 -------- d-----w- c:\windows\system32\ZoneLabs
2011-08-07 08:24 . 2011-03-18 08:24 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-08-07 08:24 . 2011-08-07 08:24 -------- d-----w- c:\program files\Zone Labs
2011-08-07 04:03 . 2011-08-07 04:03 -------- d-----w- c:\documents and settings\DAD\Local Settings\Application Data\Sun
2011-08-06 18:25 . 2011-08-06 18:25 -------- d-----w- c:\documents and settings\Administrator.DJJXF091\Application Data\SUPERAntiSpyware.com
2011-08-06 16:53 . 2011-08-06 16:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-08-06 16:40 . 2011-08-06 16:40 -------- d-----w- c:\documents and settings\Administrator\tdsskiller
2011-08-04 15:34 . 2011-08-04 15:35 -------- d-----w- c:\windows\ERUNT
2011-08-04 15:10 . 2011-08-04 15:56 -------- d-----w- C:\SDFix
2011-08-03 03:48 . 2011-08-03 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SystemExplorer
2011-08-03 03:48 . 2011-08-06 18:17 -------- d-----w- c:\program files\System Explorer
2011-07-31 08:17 . 2001-08-18 05:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2011-07-31 08:17 . 2001-08-17 20:53 10880 ----a-w- c:\windows\system32\drivers\scsiscan.sys
2011-07-31 08:17 . 2001-08-17 20:53 10880 ----a-w- c:\windows\system32\dllcache\scsiscan.sys
2011-07-31 08:17 . 2001-08-18 05:36 13312 ----a-w- c:\windows\system32\hpsjmcro.dll
2011-07-31 08:17 . 2001-08-18 05:36 13312 ----a-w- c:\windows\system32\dllcache\hpsjmcro.dll
2011-07-31 08:16 . 2001-08-17 20:50 114944 ----a-w- c:\windows\system32\drivers\epstw2k.sys
2011-07-31 08:16 . 2001-08-17 20:50 114944 ----a-w- c:\windows\system32\dllcache\epstw2k.sys
2011-07-30 06:32 . 2011-07-30 06:32 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-30 06:30 . 2011-07-30 06:30 -------- d-----w- C:\OEMSettings
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-27 02:25 . 2011-05-18 17:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-18 15:45 . 2011-04-02 08:38 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-09 13:27 . 2011-07-09 13:27 991232 ----a-w- c:\windows\system32\SET27.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-19 2334560]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-03-16 325000]
"Task Catcher"="c:\program files\BillP Studios\Task Catcher\tasktrap.exe" [2006-08-15 140856]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-9-12 1527808]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\SystemExplorerDisabled
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 11:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-08-03 05:02 136176 ----atw- c:\documents and settings\DAD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 16:32 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 16:36 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-06-25 15:47 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 09:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 03:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 22:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 18:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-12-15 04:03 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-06-25 15:47 1629480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-02-28 23:15 427008 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-05-04 20:59 252136 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxLiveShare9"=2 (0x2)
"iPod Service"=3 (0x3)
"InCDsrv"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Search Protection"=c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"TridTray"=TridTray.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\DAD\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 4:12 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 1:19 PM 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [4/18/2011 5:39 PM 7398752]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/3/2010 3:23 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/3/2010 3:23 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/3/2010 3:23 PM 27216]
R3 epstw2k;SCM Parallel Port SCSI Driver;c:\windows\system32\drivers\epstw2k.sys [7/31/2011 1:16 AM 114944]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [4/23/2007 2:11 PM 224896]
R3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [7/31/2011 1:17 AM 10880]
S2 DCService.exe;DCService.exe;c:\documents and settings\All Users\Application Data\DatacardService\DCService.exe --> c:\documents and settings\All Users\Application Data\DatacardService\DCService.exe [?]
S3 05160F36;05160F36;c:\windows\system32\05160F36.exe --> c:\windows\system32\05160F36.exe [?]
S3 2E8DA83C;2E8DA83C;c:\windows\system32\2E8DA83C.exe --> c:\windows\system32\2E8DA83C.exe [?]
S3 3E2BD829;3E2BD829;c:\windows\system32\3E2BD829.exe --> c:\windows\system32\3E2BD829.exe [?]
S3 41035FF2;41035FF2;c:\windows\system32\41035FF2.exe --> c:\windows\system32\41035FF2.exe [?]
S3 5B791910;5B791910;c:\windows\system32\5B791910.exe --> c:\windows\system32\5B791910.exe [?]
S3 5F8775F8;5F8775F8;c:\windows\system32\5F8775F8.exe --> c:\windows\system32\5F8775F8.exe [?]
S3 620D6D84;620D6D84;c:\windows\system32\620D6D84.exe --> c:\windows\system32\620D6D84.exe [?]
S3 6D2F9437;6D2F9437;c:\windows\system32\6D2F9437.exe --> c:\windows\system32\6D2F9437.exe [?]
S3 76C3328F;76C3328F;c:\windows\system32\76C3328F.exe --> c:\windows\system32\76C3328F.exe [?]
S3 855A1F17;855A1F17;c:\windows\system32\855A1F17.exe --> c:\windows\system32\855A1F17.exe [?]
S3 EAE0BB30;EAE0BB30;c:\windows\system32\EAE0BB30.exe --> c:\windows\system32\EAE0BB30.exe [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
S3 N3AB;N3AB Wireless Network Adapter Service;c:\windows\system32\drivers\N3AB.sys [12/23/2005 8:30 PM 457312]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [3/14/2009 7:03 PM 29824]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [3/14/2009 7:03 PM 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [3/14/2009 7:03 PM 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [3/14/2009 7:03 PM 59776]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [5/3/2011 1:49 PM 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [5/3/2011 1:49 PM 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [5/3/2011 1:49 PM 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [5/3/2011 1:49 PM 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [5/3/2011 1:49 PM 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [5/3/2011 1:49 PM 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [5/3/2011 1:49 PM 109864]
S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [4/12/2011 8:07 AM 166720]
S3 SiSV;SiSV;c:\windows\system32\drivers\SiSV.sys [4/12/2011 11:07 AM 50432]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [5/3/2011 2:20 PM 150528]
S4 DirMon2;DirMon2;C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service --> C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service [?]
S4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 11:51 AM 14336]
S4 TridWnW;PCI Audio Driver;c:\windows\system32\drivers\TridWnW.sys [4/30/2011 11:53 AM 150872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
TCP: Interfaces\{06BD7469-7F5C-4449-9B14-D38A61E9D028}: NameServer = 68.105.28.11,68.105.28.12,68.105.29.12,192.168.1.1
FF - ProfilePath - c:\documents and settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/mb59?u=92822879073603948
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/mb59/?loc=ff_address_bar&u=92822879073603948&search=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: Split Browser: {29c4afe1-db19-4298-8785-fcc94d1d6c1d} - %profile%\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
FF - Ext: QuickDrag: quickdrag@mozilla.ktechcomputing.com - %profile%\extensions\quickdrag@mozilla.ktechcomputing.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
.
.
------- File Associations -------
.
.scr=REG_SZ
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-dimsntfy - (no file)
MSConfigStartUp-CanonMyPrinter - c:\program files\Canon\MyPrinter\BJMyPrt.exe
MSConfigStartUp-COMODO - c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe
MSConfigStartUp-CPA - c:\program files\COMODO\COMODO GeekBuddy\VALA.exe
MSConfigStartUp-IntelliPoint - c:\program files\Microsoft IntelliPoint\ipoint.exe
MSConfigStartUp-itype - c:\program files\Microsoft IntelliType Pro\itype.exe
MSConfigStartUp-UIUCU - c:\docume~1\DAD\LOCALS~1\Temp\UIUCU.EXE
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-27 19:02
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DirMon2]
"ImagePath"="C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DirMon2]
"ImagePath"="C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1668751319-4250827956-263943839-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\.asc\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
.
[HKEY_LOCAL_MACHINE\software\Classes\.sol]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.sol\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
.
[HKEY_LOCAL_MACHINE\software\Classes\.sor]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.sor\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1396)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2720)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\windows\system32\netdde.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\snmp.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\windows\system32\SearchIndexer.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Completion time: 2011-08-27 19:16:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-28 02:16
.
Pre-Run: 11,649,097,728 bytes free
Post-Run: 11,950,448,640 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 1905A50444F124777850574833014468

musicalpulltoy

2011-08-31, 07:59

forgot.
iexplorer would not stoped playing flash files and couldnt upate with latest.
also, incredimail decided to install itsself a few days ago.
uninstalled it and it tried again.
then when opened browser after uninstall they went to incredimail page 1 more time.

musicalpulltoy

2011-08-31, 08:01

TYPO

forgot.
iexplorer stoped playing flash files and couldnt upate with latest.
also, incredimail decided to install itsself a few days ago.
uninstalled it and it tried again.
then when opened browser after uninstall they went to incredimail page 1 more time.

oldman960

2011-09-01, 00:12

Hi musicalpulltoy,

Looks like you ran several tools so I'll have to play catchup. Please poost the SDFix log it can be found at C:\SDFix and will be named Report.txt.

I also need the MBAM log. Please open MBAM and click on the logs tab. Click on the log you want and click open. Please post the contents of the notepad that opens.

To reset the FireFox home page
At the top of FireFox click the Tools button
Click Options
Click the General button
In the Startup box, click the Restore to Default button
Click Ok
Close Firefox, reopen it. It should no longer open to IncrediMail.

Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.

*If you are using Firefox, make sure that your download settings are as follows:
-Tools->Options->Main tab
-Set to "Always ask me where to Save the files"

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Please post back with
SDFix log
MBAM log
aswMbr log
mbr.dat (attached)

Thanks

musicalpulltoy

2011-09-01, 09:59

greetings
heres those logs.
had a blue screen on reboot, before aswmbr scan, mutiple_irp_complete_request

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-08-31 22:46:32
-----------------------------
22:46:32.796 OS Version: Windows 5.1.2600 Service Pack 2
22:46:32.796 Number of processors: 1 586 0x401
22:46:32.796 ComputerName: DJJXF091 UserName: DAD
22:46:35.750 Initialize success
22:47:01.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
22:47:01.984 Disk 0 Vendor: ST340014A 8.16 Size: 38146MB BusType: 3
22:47:01.984 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
22:47:02.000 Disk 1 Vendor: ST3250824A 3.AAE Size: 238475MB BusType: 3
22:47:02.015 Disk 0 MBR read successfully
22:47:02.015 Disk 0 MBR scan
22:47:02.015 Disk 0 unknown MBR code
22:47:02.031 Disk 0 scanning sectors +78108030
22:47:02.156 Disk 0 scanning C:\WINDOWS\system32\drivers
22:47:29.015 Service scanning
22:47:34.531 Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 32
22:47:35.109 Modules scanning
22:48:06.843 Disk 0 trace - called modules:
22:48:06.875 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
22:48:06.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a75a1f0]
22:48:06.875 3 CLASSPNP.SYS[f763805b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a7c8d98]
22:48:06.875 Scan finished successfully
22:49:26.687 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\DAD\Desktop\MBR.dat"
22:49:26.687 The log file has been saved successfully to "C:\Documents and Settings\DAD\Desktop\aswMBR.txt"

SDFix: Version 1.240
Run by Administrator on Thu 08/04/2011 at 08:39 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\patch.exe - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-04 08:49:23
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:LocalSubNet:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"="C:\\Program Files\\AVG\\AVG10\\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011"
"C:\\Program Files\\AVG\\AVG10\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG10\\avgnsx.exe:*:Enabled:Online Shield"
"C:\\Program Files\\AVG\\AVG10\\avgemcx.exe"="C:\\Program Files\\AVG\\AVG10\\avgemcx.exe:*:Enabled:Personal E-mail Scanner"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Disabled:Bonjour Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 13 Jun 2006 4 A..H. --- "C:\WINDOWS\uccspecb.sys"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 4 Nov 2009 1,168,216 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Thu 5 Mar 2009 2,260,480 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Fri 7 Apr 2006 3,766 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 25 Jan 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 2 Apr 2011 151,104 ..SHR --- "C:\Program Files\BillP Studios\Task Catcher\Setup.exe"
Thu 15 Feb 2007 308,832 A..H. --- "C:\Program Files\Canon\MP Navigator EX 1.2\Maint.exe"
Mon 19 Dec 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator EX 1.2\uinstrsc.dll"
Sun 31 Aug 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 21 Apr 2011 4,481,368 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\dc5785e9c8b3c9af476ade166b57dd6e\BIT19F.tmp"
Wed 14 Dec 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Wed 14 Dec 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Wed 14 Dec 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Fri 23 Dec 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"

Finished!

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7315

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

7/29/2011 3:30:22 AM
mbam-log-2011-07-29 (03-30-22).txt

Scan type: Quick scan
Objects scanned: 192035
Time elapsed: 50 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

oldman960

2011-09-02, 06:40

Hi musicalpulltoy,

I really must opolgize for the delay and not being able to work on this. Wife was in an accident (nothing serious), dealing with the various parties took until now. I'm off to work shorty so I will not be able to post until tommorrow. I will post as soon as I get home.

Thanks for understanding.

oldman960

2011-09-02, 17:56

Hi musicalpulltoy,

Please locate the copy of combofix you currently have on your desktop. Right click it and select delete.

Download a new copy of ComboFix from one of these locations and save it to your desktop:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)

Please follow all previous instructions regarding security programs.

Open a new Notepad session
Click the Start button, click run
in the run box type notepad
click ok
In the notepad, Click "Format" and be certain that Word Wrap is not checked.

Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

File::
c:\windows\system32\SET27.tmp

driver::
05160F36
2E8DA83C
3E2BD829
41035FF2
5B791910
5F8775F8
620D6D84
6D2F9437
76C3328F
855A1F17
EAE0BB30

In the notepad
Click File, Save as..., and set the Save in to your Desktop
In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
Click save

Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Please post back with the combofix log.

How is the computer?

Thanks

musicalpulltoy

2011-09-03, 19:59

hope your wifey ok
things seem ok.
winpatrol poped up with keep or change host file when combofix was almost dopne. i chose change. right??

ComboFix 11-09-02.04 - DAD 09/02/2011 18:12:32.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1271.619 [GMT -7:00]
Running from: c:\documents and settings\DAD\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\DAD\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
FILE ::
"c:\windows\system32\SET27.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_05160F36
-------\Legacy_2E8DA83C
-------\Legacy_3E2BD829
-------\Legacy_41035FF2
-------\Legacy_5B791910
-------\Legacy_5F8775F8
-------\Legacy_620D6D84
-------\Legacy_6D2F9437
-------\Legacy_76C3328F
-------\Legacy_855A1F17
-------\Legacy_EAE0BB30
-------\Service_05160F36
-------\Service_2E8DA83C
-------\Service_3E2BD829
-------\Service_41035FF2
-------\Service_5B791910
-------\Service_5F8775F8
-------\Service_620D6D84
-------\Service_6D2F9437
-------\Service_76C3328F
-------\Service_855A1F17
-------\Service_EAE0BB30
.
.
((((((((((((((((((((((((( Files Created from 2011-08-03 to 2011-09-03 )))))))))))))))))))))))))))))))
.
.
2011-08-31 02:57 . 2011-08-31 02:57 -------- d-----w- c:\documents and settings\DAD\Local Settings\Application Data\Dell
2011-08-31 00:19 . 2011-08-31 00:19 -------- d-----w- c:\program files\Lame For Audacity
2011-08-29 15:32 . 2011-08-29 15:32 -------- d-----w- c:\program files\Safer Networking
2011-08-27 23:32 . 2005-08-18 07:00 187904 ----a-w- c:\windows\system32\everest_cpl.cpl
2011-08-27 23:08 . 2011-08-27 23:08 -------- d-----w- c:\program files\Lavalys
2011-08-27 07:18 . 2011-08-27 07:18 -------- d-----w- C:\New Folder
2011-08-27 06:26 . 2011-08-27 06:36 -------- d-----w- c:\documents and settings\DAD\Local Settings\Application Data\IM
2011-08-27 06:24 . 2011-08-27 06:33 -------- d-----w- c:\documents and settings\All Users\Application Data\IM
2011-08-27 06:24 . 2011-08-27 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\IncrediMail
2011-08-27 01:13 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-27 01:13 . 2011-08-27 01:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-27 01:13 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-18 15:47 . 2011-08-18 15:47 -------- d-----w- c:\program files\Common Files\Java
2011-08-18 15:46 . 2011-08-18 15:45 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-18 15:41 . 2011-08-18 15:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Sun
2011-08-18 15:27 . 2010-10-27 06:09 553696 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2011-08-18 15:27 . 2010-10-27 06:10 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-08-18 15:27 . 2010-10-27 06:10 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-08-07 08:25 . 2011-03-18 08:24 69120 ----a-w- c:\windows\system32\zlcomm.dll
2011-08-07 08:25 . 2011-03-18 08:24 104448 ----a-w- c:\windows\system32\zlcommdb.dll
2011-08-07 08:24 . 2011-08-07 08:26 -------- d-----w- c:\windows\system32\ZoneLabs
2011-08-07 08:24 . 2011-03-18 08:24 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-08-07 08:24 . 2011-08-07 08:24 -------- d-----w- c:\program files\Zone Labs
2011-08-07 04:03 . 2011-08-07 04:03 -------- d-----w- c:\documents and settings\DAD\Local Settings\Application Data\Sun
2011-08-06 18:25 . 2011-08-06 18:25 -------- d-----w- c:\documents and settings\Administrator.DJJXF091\Application Data\SUPERAntiSpyware.com
2011-08-06 16:53 . 2011-08-06 16:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-08-06 16:40 . 2011-08-06 16:40 -------- d-----w- c:\documents and settings\Administrator\tdsskiller
2011-08-04 15:34 . 2011-08-04 15:35 -------- d-----w- c:\windows\ERUNT
2011-08-04 15:10 . 2011-08-04 15:56 -------- d-----w- C:\SDFix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-27 02:25 . 2011-05-18 17:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-18 15:45 . 2011-04-02 08:38 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-09 13:27 . 2011-07-09 13:27 991232 ----a-w- c:\windows\system32\SET27.tmp
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-28_02.03.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-03 02:04 . 2011-09-03 02:04 16384 c:\windows\Temp\Perflib_Perfdata_7f8.dat
+ 2011-09-03 02:03 . 2011-09-03 02:03 16384 c:\windows\Temp\Perflib_Perfdata_6d0.dat
+ 2011-09-01 14:48 . 2011-09-01 14:48 16384 c:\windows\Temp\Perflib_Perfdata_368.dat
+ 2011-09-03 02:04 . 2011-09-03 02:04 16384 c:\windows\Media\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_5e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-19 2334560]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-03-16 325000]
"Task Catcher"="c:\program files\BillP Studios\Task Catcher\tasktrap.exe" [2006-08-15 140856]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-9-12 1527808]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\SystemExplorerDisabled
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 11:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-08-03 05:02 136176 ----atw- c:\documents and settings\DAD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 16:32 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 16:36 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-06-25 15:47 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 09:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 03:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 22:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 18:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-12-15 04:03 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-06-25 15:47 1629480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-02-28 23:15 427008 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-05-04 20:59 252136 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxLiveShare9"=2 (0x2)
"iPod Service"=3 (0x3)
"InCDsrv"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Search Protection"=c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"TridTray"=TridTray.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 4:12 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 1:19 PM 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [4/18/2011 5:39 PM 7398752]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/3/2010 3:23 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/3/2010 3:23 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/3/2010 3:23 PM 27216]
R3 epstw2k;SCM Parallel Port SCSI Driver;c:\windows\system32\drivers\epstw2k.sys [7/31/2011 1:16 AM 114944]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [4/23/2007 2:11 PM 224896]
R3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [7/31/2011 1:17 AM 10880]
S2 DCService.exe;DCService.exe;c:\documents and settings\All Users\Application Data\DatacardService\DCService.exe --> c:\documents and settings\All Users\Application Data\DatacardService\DCService.exe [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
S3 N3AB;N3AB Wireless Network Adapter Service;c:\windows\system32\drivers\N3AB.sys [12/23/2005 8:30 PM 457312]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [3/14/2009 7:03 PM 29824]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [3/14/2009 7:03 PM 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [3/14/2009 7:03 PM 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [3/14/2009 7:03 PM 59776]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [5/3/2011 1:49 PM 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [5/3/2011 1:49 PM 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [5/3/2011 1:49 PM 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [5/3/2011 1:49 PM 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [5/3/2011 1:49 PM 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [5/3/2011 1:49 PM 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [5/3/2011 1:49 PM 109864]
S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [4/12/2011 8:07 AM 166720]
S3 SiSV;SiSV;c:\windows\system32\drivers\SiSV.sys [4/12/2011 11:07 AM 50432]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [5/3/2011 2:20 PM 150528]
S4 DirMon2;DirMon2;C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service --> C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service [?]
S4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 11:51 AM 14336]
S4 TridWnW;PCI Audio Driver;c:\windows\system32\drivers\TridWnW.sys [4/30/2011 11:53 AM 150872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
TCP: Interfaces\{06BD7469-7F5C-4449-9B14-D38A61E9D028}: NameServer = 192.168.1.1,68.105.28.11,68.105.28.12,68.105.29.12
FF - ProfilePath - c:\documents and settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/mb59?u=92822879073603948
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/mb59/?loc=ff_address_bar&u=92822879073603948&search=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: Split Browser: {29c4afe1-db19-4298-8785-fcc94d1d6c1d} - %profile%\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
FF - Ext: QuickDrag: quickdrag@mozilla.ktechcomputing.com - %profile%\extensions\quickdrag@mozilla.ktechcomputing.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-02 19:06
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DirMon2]
"ImagePath"="C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DirMon2]
"ImagePath"="C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1668751319-4250827956-263943839-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\.asc\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
.
[HKEY_LOCAL_MACHINE\software\Classes\.sol]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.sol\PersistentHandler]
@DACL=(02 0000)
@="{5e941d80-bf96-11cd-b579-08002b30bfeb}"
.
[HKEY_LOCAL_MACHINE\software\Classes\.sor]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.sor\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1388)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3336)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\snmp.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2011-09-02 19:20:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-03 02:19
ComboFix2.txt 2011-08-28 02:16
.
Pre-Run: 12,449,607,680 bytes free
Post-Run: 12,425,535,488 bytes free
.
- - End Of File - - 15D136CEB9788A7E1B46F04408815753

oldman960

2011-09-04, 02:11

Hi musicalpulltoy,

Wife's fine, car so-so. Thanks for asking.

Things are looking better.

winpatrol poped up with keep or change host file when combofix was almost dopne. i chose change. right??
That would have been combofix restting the Hosts file so you made the correct choice. :bigthumb:

One more scan to check for stragglers.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

Go here to run an online scannner from
ESET (http://www.eset.eu/online-scanner)

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
Re-enable your Antivirus software.
A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. or C:\Program Files\ESET\log.txtWe will need this later.
Please post back with the ESET log.

Thanks

musicalpulltoy

2011-09-05, 03:53

the poor car :(
eek, theres a bug still

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=0
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=99779418306ea548a76c964e6383425b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-05 04:27:46
# local_time=2011-08-05 09:27:46 (-0700, US Mountain Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 57695383 57695383 0 0
# compatibility_mode=1032 16777189 100 96 0 54898058 0 0
# compatibility_mode=3073 16777213 80 75 0 3864752 0 0
# compatibility_mode=8192 67108863 100 0 8844948 8844948 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
esets_scanner_update returned -1 esets_gle=0
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=99779418306ea548a76c964e6383425b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-05 04:37:59
# local_time=2011-08-05 09:37:59 (-0700, US Mountain Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 57695996 57695996 0 0
# compatibility_mode=1032 16777189 100 96 0 54898671 0 0
# compatibility_mode=3073 16777213 80 75 0 3865365 0 0
# compatibility_mode=8192 67108863 100 0 8845561 8845561 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6541
# api_version=3.0.2
# EOSSerial=99779418306ea548a76c964e6383425b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-05 08:14:43
# local_time=2011-08-05 01:14:43 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 57699660 57699660 0 0
# compatibility_mode=1032 16777189 100 96 0 54902335 0 0
# compatibility_mode=3073 16777213 80 75 0 3869029 0 0
# compatibility_mode=8192 67108863 100 0 8849225 8849225 0 0
# scanned=84663
# found=2
# cleaned=2
# scan_time=9363
C:\Documents and Settings\DAD\Desktop\sdsdSDFix.exe Win32/PrcView application (deleted - quarantined) 00000000000000000000000000000000 C
C:\SDFix\apps\Process.exe Win32/PrcView application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
esets_scanner_update returned -1 esets_gle=0
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6541
# api_version=3.0.2
# EOSSerial=99779418306ea548a76c964e6383425b
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-04 06:22:14
# local_time=2011-09-04 11:22:14 (-0700, US Mountain Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 60284175 60284175 0 0
# compatibility_mode=1032 16777189 100 96 0 57486850 0 0
# compatibility_mode=8192 67108863 100 0 11433740 11433740 0 0
# compatibility_mode=9217 16777214 75 70 0 13793770 0 0
# scanned=87571
# found=1
# cleaned=0
# scan_time=10101
E:\My Downloads\DriverReviverSetup.exe a variant of Win32/RegistryReviver application (unable to clean) 00000000000000000000000000000000 I

oldman960

2011-09-05, 08:28

Hi musicalpulltoy,

That detection by Eset is of a registry cleaner. Research shows that Eset is the only AV that finds a problem with it. Further research shows this program may be "greyware". Having said that registry cleaners are not needed nor recommended for Windows. They have very little if no impact at all on a computer's preformance. They can also be dangerous if used incorrectly.

Some information can be found HERE (http://chris.pirillo.com/are-registry-cleaners-safe-to-use/), HERE (http://billpstudios.blogspot.com/2007/04/do-i-need-registry-cleaner.html) and HERE (http://aumha.net/viewtopic.php?t=28099)

It doesn't appear to be installed so we will remove the setup files and do a bit of clean up.

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.

Double click on OTL.exe
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :

:Services

:Files
E:\My Downloads\DriverReviverSetup.exe
c:\windows\system32\SET27.tmp

:Commands
[purity]
[emptytemp]
[createrestorepoint]

Then click the Run Fix button at the top
Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.

Any remaining issues?

Thanks

musicalpulltoy

2011-09-05, 10:44

hiya
like i tryd, but typod, the previous owner had lots of bad programs on here.
running tasks has dropped by ten. yay

All processes killed
========== SERVICES/DRIVERS ==========
========== FILES ==========
E:\My Downloads\DriverReviverSetup.exe moved successfully.
c:\windows\system32\SET27.tmp moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: Administrator.DJJXF091
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56845 bytes

User: All Users

User: DAD
->Temp folder emptied: 133890 bytes
->Temporary Internet Files folder emptied: 1032950 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 196810828 bytes
->Google Chrome cache emptied: 6166450 bytes
->Apple Safari cache emptied: 58548224 bytes
->Flash cache emptied: 1976 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 12659133 bytes
%systemroot%\System32 .tmp files removed: 717289828 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17717 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 31442396 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 977.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.27.0 log created on 09052011_002431

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\DAD\Local Settings\Temp\IswTmp\Logs\FFApi.swl not found!
File\Folder C:\Documents and Settings\DAD\Local Settings\Temp\~DF32C4.tmp not found!
C:\Documents and Settings\DAD\Local Settings\Temp\~DF62A5.tmp moved successfully.
File\Folder C:\Documents and Settings\DAD\Local Settings\Temp\~DF7367.tmp not found!
C:\WINDOWS\temp\Perflib_Perfdata_7f8.dat moved successfully.
File\Folder C:\WINDOWS\temp\ZLT01da7.TMP not found!

Registry entries deleted on Reboot...

oldman960

2011-09-06, 08:39

Hi musicalpulltoy,

Your logs look ok. If there aren't any problems we'll clean up the tools.

From your desktop, please delete, if present
any notepads/logs that we created
MBR.zip
aswMBR.exe

You can also delete the following bolded folders
c:\documents and settings\Administrator\tdsskiller
C:\SDFix

Next

Click the Start button, click Run. [Vista users, go Start>"Start search"] Copy and paste the following line into the run box and click OK
Combofix /uninstall

Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.

I suggest you keep MBAM. Keep it updated and use it regularly.

ESET online scan can be removed via add/remove programs.

Updates and upgrades

You have an older version of Adobe Reader. You can download the current version HERE (http://www.adobe.com/products/acrobat/readstep2.html)

You may want to consider Foxit Reader (http://www.foxitsoftware.com/downloads/index.php) instead. It may be a bit lighter on resources.

Visit their support forum
Foxit Forum (http://www.foxitsoftware.com/bbs/forumdisplay.php?f=3)

In either case you should uninstall Adobe Reader 9.4.4 first. Be sure to move any PDF documents to another folder first though.

Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. You have those.

You use Spybot to install a Custom Hosts file.
1-Left-click the "Spybot - Search & Destroy" shortcut to open the program
2-Right-click an item in the list of immunizations and click "Deselect All."
3-Scroll down to the bottom of the list and click the checkbox to the left of "Global (Hosts)" under the "Windows" header.
4-Click "Immunize" on the Spybot toolbar.

-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

- You are currently missing a very important Windows update, Service Pack3. Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (http://www.update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us)(using Internet Explorer) and download and install all critical updates on a regular basis.

- Make sure you have reset Automatic Updates to your chosen optionClick your start button > Control Panel > System

- Keep your antivirus program updated, as well as any other security programs you have.

- You may also want to read this article By Tony Klein
http://www.freedomlist.com/forum/viewtopic.php?t=22879

Please post back if you have any problems.

Take care

musicalpulltoy

2011-09-06, 17:29

will do.
seems to be running fine now.
thank you for your help oldman!!

oldman960

2011-09-06, 20:59

Hi musicalpulltoy,

You are more than welcome.

Take care, keep safe.

musicalpulltoy

2011-09-07, 21:15

nope :( my main issue is still there.
mp3 files still break up while playing
grr

oldman960

2011-09-08, 15:47

Hi musicalpulltoy,

Has this always been a problem on this computer?

What about playing CDs?

musicalpulltoy

2011-09-09, 02:42

hi.
files or cd do the same media player or quicktime and flash.
theres a intermittent stutter.
sometimes out of the blue but usually when another event happens (open/close program etc).
reloaded drivers and changed settings to no avail.

musicalpulltoy

2011-09-09, 10:19

oh happy day
i found this http://forums.techguy.org/multimedia/755164-solved-windows-media-player-flash.html and some indexing.
stutter seems to be gone.

musicalpulltoy

2011-09-09, 18:58

smh
have sound but sp3 stopped in the middle with access denied popup.
i dont have the backup disc to this pc.
have others i bought in the past.

>,<

oldman960

2011-09-10, 21:18

Hi musicalpulltoy,

Try this to install Service Pack3

It will say it's for IT professionals and developers but you can safely use it.

Download ServicePack3 from HERE (http://www.microsoft.com/download/en/details.aspx?id=24)
Save it to you desktop
Boot the computer into Safe Mode
Once Windows loads in Safe Mode double click the file you downloaded
Did Service Pack3 install ok?

musicalpulltoy

2011-09-11, 04:36

:hair:

hey
every user on this pc gets access denied.
thank god i made bkup this time.
main admin got sp3 setup could not backup reg key hkcr\mstscax.mstscax.4
5: access is denied and
mstscax.mstscax.4\cslid
mstscax.mstscax.5
mstscax.mstscax.5\cslid
hkcr\msrdp.msrdp
hkcr\msrdp.msrdp\curver
hkcr\msrdp.msrdp.2
and half dozen more.
could it be a service?
ive set them to http://www.blackviper.com/2004/09/19/black-vipers-windows-xp-x86-32-bit-service-pack-2-service-configurations/ list.
no new restore points work.(cleaned them out day bug was gone)
theres an update waiting to install security kb946648, it fails.
sound still works :bigthumb:
surfs well.

musicalpulltoy

2011-09-11, 05:18

another thing.
in system32 several files have multiple copies, some windows protected some not, like batmeter(3).dll - batmeter(6).dll, wintrust(3).dll - wintrust(7).dll, the later being the unprotected file.
dont know if they were here or not before i acquired the pc.
oh, if you think this belongs in another forum i understand.
thanks

oldman960

2011-09-12, 18:39

Hi musicalpulltoy,

batmeter.dll is related to the power consumption. Is this a laptop?

wintrust.dll is a windows file used as part of the updating process and for installing programs. It's possible that some software added a new copy of wintrust.dll when the program was installed.

Are these files all the same size?

It's possible especially if you have disabled Cryptographic Services

This link might help. You can try the FixIt Tool found there it will attempt to do the first 5 steps of the manual fix or you can read the manual fix steps and see if anything you may have disabled should be enabled.

musicalpulltoy

2011-09-14, 01:11

hi
this is a desktop.
its not just those 2 files, theres dozens!
crypto services are running.
i dont find a link on your last reply.

musicalpulltoy

2011-09-14, 01:12

oops
yes all the duplicate files are the same size.

oldman960

2011-09-14, 05:56

Hi musicalpulltoy,

The files may have been dropped by other software that uses the same file or perhaps placed there by failed installs.

Sorry about the link. Since the service is running I don't thnk the info there would apply. This link (http://support.microsoft.com/kb/949377) is what you are after.

You have pretty much covered Methods 1&2 so I suggest you try the FixIt Tool. Scroll down the page to the tool and instructions for using it. The manual method is just below it. I suggest you give the tool a shot first.

Let me know how you make out.

musicalpulltoy

2011-09-17, 04:08

hello!!
that got sp3 installed.
your A number 1 geek :-) thank you.
a handfull of winpatrol popups, other then that seems ok.
ill search windows updates now.

oldman960

2011-09-17, 10:11

Hi musicalpulltoy,

Glad you got it sorted out. :bigthumb: WinPatrol will warn you of changes that are being made, bad or good. This can happen during updates. Did they seem to be legitamate changes?

musicalpulltoy

2011-09-17, 19:18

idk 0,o
they were files unknown to me.
ill just have to see how things go.

oldman960

2011-09-19, 15:46

Hi musicalpulltoy,

Does Winpatrol give a filename or an associated program that is attempting to make the changes? Legitamate files can sometimes have strande looking names. Did you try googling any of the file names?

You can post some of the names and I'll see what they are.

musicalpulltoy

2011-09-19, 20:09

hi
cant name them.
figured they were from sp3 addition.
some settings changed like designated program opening programs.
run dll as an app is in list.
61 windows updates installed after sp3 add.

oldman960

2011-09-20, 15:38

Hi musicalpulltoy,

How is the computer running?

musicalpulltoy

2011-09-20, 20:28

hey oldman,
id say its up to windows typical standards.(blah)
no noticeable problems.
i really appreciate your help!!

thank you

oldman960

2011-09-20, 20:34

Hi musicalpulltoy,

Not that I expect to see anything but you can post a new DDS log if you want to and I'll have a look.

musicalpulltoy

2011-09-20, 23:02

hello
here you go.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0
Run by DAD at 12:51:51 on 2011-09-20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.629 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Task Catcher] c:\program files\billp studios\task catcher\tasktrap.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\system~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246219383859
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
TCP: Interfaces\{06BD7469-7F5C-4449-9B14-D38A61E9D028} : NameServer = 68.105.28.11,68.105.28.12,68.105.29.12
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dad\application data\mozilla\firefox\profiles\fn2dlw99.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/mb59?u=92822879073603948
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/mb59/?loc=ff_address_bar&u=92822879073603948&search=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - plugin: c:\documents and settings\dad\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\dad\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\dad\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: Split Browser: {29c4afe1-db19-4298-8785-fcc94d1d6c1d} - %profile%\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Ghostery: firefox@ghostery.com - %profile%\extensions\firefox@ghostery.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-8-7 532224]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]
R3 epstw2k;SCM Parallel Port SCSI Driver;c:\windows\system32\drivers\epstw2k.sys [2011-7-31 114944]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-4-23 224896]
R3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2011-7-31 11520]
S2 DCService.exe;DCService.exe;c:\documents and settings\all users\application data\datacardservice\dcservice.exe --> c:\documents and settings\all users\application data\datacardservice\DCService.exe [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys --> c:\windows\system32\drivers\ewusbnet.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys --> c:\windows\system32\drivers\ew_jubusenum.sys [?]
S3 N3AB;N3AB Wireless Network Adapter Service;c:\windows\system32\drivers\N3AB.sys [2005-12-23 457312]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-3-14 29824]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-3-14 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-3-14 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-3-14 59776]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2011-5-3 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2011-5-3 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2011-5-3 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2011-5-3 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2011-5-3 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2011-5-3 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2011-5-3 109864]
S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2011-4-12 166720]
S3 SiSV;SiSV;c:\windows\system32\drivers\SiSV.sys [2011-4-12 50432]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-5-3 150528]
S4 DirMon2;DirMon2;C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service --> C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service [?]
S4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-10 14336]
S4 TridWnW;PCI Audio Driver;c:\windows\system32\drivers\TridWnW.sys [2011-4-30 150872]
.
=============== Created Last 30 ================
.
2011-09-17 01:36:44 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-09-17 01:35:28 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-09-17 01:33:53 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-09-17 01:33:31 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-09-17 01:33:26 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-09-17 01:20:23 90112 ------w- c:\windows\system32\dllcache\wshext.dll
2011-09-17 01:20:23 180224 ------w- c:\windows\system32\dllcache\scrobj.dll
2011-09-17 01:20:23 172032 ------w- c:\windows\system32\dllcache\scrrun.dll
2011-09-17 01:20:23 155648 ------w- c:\windows\system32\dllcache\wscript.exe
2011-09-17 01:20:23 135168 ------w- c:\windows\system32\dllcache\cscript.exe
2011-09-17 01:06:03 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-09-17 01:05:24 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-09-16 23:59:31 19569 ----a-w- c:\windows\005731_.tmp
2011-09-10 21:20:03 61440 ----a-w- c:\program files\common files\system\ado\SET609.tmp
2011-09-10 21:20:03 536576 ----a-w- c:\program files\common files\system\ado\SET60A.tmp
2011-09-10 21:20:03 24576 ----a-w- c:\program files\common files\system\ado\SET60B.tmp
2011-09-10 21:20:02 81920 ----a-w- c:\program files\common files\system\ado\SET607.tmp
2011-09-10 21:20:02 81920 ----a-w- c:\program files\common files\system\ado\SET606.tmp
2011-09-10 21:20:02 61440 ----a-w- c:\program files\common files\system\ado\SET608.tmp
2011-09-10 21:20:02 57344 ----a-w- c:\program files\common files\system\ado\SET604.tmp
2011-09-10 21:20:02 180224 ----a-w- c:\program files\common files\system\ado\SET605.tmp
2011-09-10 21:20:01 57344 ----a-w- c:\program files\common files\system\ado\SET602.tmp
2011-09-10 21:20:01 200704 ----a-w- c:\program files\common files\system\ado\SET603.tmp
2011-09-10 21:20:01 102400 ----a-w- c:\program files\common files\system\ado\SET601.tmp
2011-09-10 21:18:56 1082368 ----a-w- c:\windows\system32\SET499.tmp
2011-09-10 21:17:59 69632 ----a-w- c:\windows\system32\SET31A.tmp
2011-09-10 21:16:59 18432 ----a-w- c:\windows\system32\SETF0.tmp
2011-09-10 21:13:06 19569 ----a-w- c:\windows\002916_.tmp
2011-09-10 20:04:59 326656 ----a-w- c:\windows\system32\SET471.tmp
2011-09-10 20:03:58 997376 ----a-w- c:\windows\system32\SET313.tmp
2011-09-10 20:02:48 8461312 ----a-w- c:\windows\system32\SET1A2.tmp
2011-09-10 19:58:01 19569 ----a-w- c:\windows\006052_.tmp
2011-09-10 19:42:16 2897920 ----a-w- c:\windows\system32\xpsp2res.dll
2011-09-10 19:42:16 2897920 ----a-w- c:\windows\system32\_004152_.tmp.dll
2011-09-10 19:41:35 409088 ----a-w- c:\windows\system32\qmgr.dll
2011-09-09 16:12:44 -------- d-----w- c:\documents and settings\dad\application data\Safer Networking
2011-09-09 09:12:13 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
2011-09-08 02:17:06 -------- d-----w- C:\PerfLogs
2011-09-07 18:03:41 -------- d-s---w- C:\ComboFix
2011-09-07 18:00:33 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2011-08-31 02:57:25 -------- d-----w- c:\documents and settings\dad\local settings\application data\Dell
2011-08-31 00:19:25 -------- d-----w- c:\program files\Lame For Audacity
2011-08-29 15:32:52 -------- d-----w- c:\program files\Safer Networking
2011-08-28 00:33:55 -------- d-sh--r- C:\cmdcons
2011-08-27 23:32:40 187904 ----a-w- c:\windows\system32\everest_cpl.cpl
2011-08-27 23:08:07 -------- d-----w- c:\program files\Lavalys
2011-08-27 07:18:21 -------- d-----w- C:\New Folder
2011-08-27 06:26:04 -------- d-----w- c:\documents and settings\dad\local settings\application data\IM
2011-08-27 06:24:29 -------- d-----w- c:\documents and settings\all users\application data\IncrediMail
2011-08-27 06:24:29 -------- d-----w- c:\documents and settings\all users\application data\IM
2011-08-27 01:13:45 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-27 01:13:27 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-27 01:13:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-27 02:25:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-18 15:45:27 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-18 15:45:27 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 12:55:06.68 ===============

oldman960

2011-09-21, 15:59

Hi musicalpulltoy,

Just some temp files left from all the updates you did.

Please download the OTM by OldTimer (http://oldtimer.geekstogo.com/OTM.exe).

Save it to your desktop.
Please double-click OTM.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Do Not copy the word CODE note the fix starts with the :

:Services

:Files
c:\program files\common files\system\ado\SET*.tmp
c:\windows\005731_.tmp
c:\windows\006052_.tmp
c:\windows\system32\SET*.tmp
c:\windows\002916_.tmp

:Commands
[createrestorepoint]
[emptytemp]
[Reboot]

Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

musicalpulltoy

2011-09-21, 21:57

hi,
thats nice.
is there a code i can save to clean temp files occasionally?
it restarts quicker.
AVG analyzer shows 914 reg errors, no i dont use reg fixers, and 109 broken short cuts, and 8 junk file errors.

All processes killed
========== SERVICES/DRIVERS ==========
========== FILES ==========
c:\program files\common files\system\ado\SET4E6.tmp moved successfully.
c:\program files\common files\system\ado\SET4E7.tmp moved successfully.
c:\program files\common files\system\ado\SET4E8.tmp moved successfully.
c:\program files\common files\system\ado\SET4E9.tmp moved successfully.
c:\program files\common files\system\ado\SET4EA.tmp moved successfully.
c:\program files\common files\system\ado\SET4EB.tmp moved successfully.
c:\program files\common files\system\ado\SET4EC.tmp moved successfully.
c:\program files\common files\system\ado\SET4ED.tmp moved successfully.
c:\program files\common files\system\ado\SET4EE.tmp moved successfully.
c:\program files\common files\system\ado\SET4EF.tmp moved successfully.
c:\program files\common files\system\ado\SET4F0.tmp moved successfully.
c:\program files\common files\system\ado\SET511.tmp moved successfully.
c:\program files\common files\system\ado\SET512.tmp moved successfully.
c:\program files\common files\system\ado\SET513.tmp moved successfully.
c:\program files\common files\system\ado\SET514.tmp moved successfully.
c:\program files\common files\system\ado\SET515.tmp moved successfully.
c:\program files\common files\system\ado\SET516.tmp moved successfully.
c:\program files\common files\system\ado\SET517.tmp moved successfully.
c:\program files\common files\system\ado\SET518.tmp moved successfully.
c:\program files\common files\system\ado\SET519.tmp moved successfully.
c:\program files\common files\system\ado\SET51A.tmp moved successfully.
c:\program files\common files\system\ado\SET51B.tmp moved successfully.
c:\program files\common files\system\ado\SET548.tmp moved successfully.
c:\program files\common files\system\ado\SET549.tmp moved successfully.
c:\program files\common files\system\ado\SET54A.tmp moved successfully.
c:\program files\common files\system\ado\SET54B.tmp moved successfully.
c:\program files\common files\system\ado\SET54C.tmp moved successfully.
c:\program files\common files\system\ado\SET54D.tmp moved successfully.
c:\program files\common files\system\ado\SET54E.tmp moved successfully.
c:\program files\common files\system\ado\SET54F.tmp moved successfully.
c:\program files\common files\system\ado\SET550.tmp moved successfully.
c:\program files\common files\system\ado\SET551.tmp moved successfully.
c:\program files\common files\system\ado\SET552.tmp moved successfully.
c:\program files\common files\system\ado\SET5E6.tmp moved successfully.
c:\program files\common files\system\ado\SET5E7.tmp moved successfully.
c:\program files\common files\system\ado\SET5E8.tmp moved successfully.
c:\program files\common files\system\ado\SET5E9.tmp moved successfully.
c:\program files\common files\system\ado\SET5EA.tmp moved successfully.
c:\program files\common files\system\ado\SET5EB.tmp moved successfully.
c:\program files\common files\system\ado\SET5EC.tmp moved successfully.
c:\program files\common files\system\ado\SET5ED.tmp moved successfully.
c:\program files\common files\system\ado\SET5EE.tmp moved successfully.
c:\program files\common files\system\ado\SET5EF.tmp moved successfully.
c:\program files\common files\system\ado\SET5F0.tmp moved successfully.
c:\program files\common files\system\ado\SET601.tmp moved successfully.
c:\program files\common files\system\ado\SET602.tmp moved successfully.
c:\program files\common files\system\ado\SET603.tmp moved successfully.
c:\program files\common files\system\ado\SET604.tmp moved successfully.
c:\program files\common files\system\ado\SET605.tmp moved successfully.
c:\program files\common files\system\ado\SET606.tmp moved successfully.
c:\program files\common files\system\ado\SET607.tmp moved successfully.
c:\program files\common files\system\ado\SET608.tmp moved successfully.
c:\program files\common files\system\ado\SET609.tmp moved successfully.
c:\program files\common files\system\ado\SET60A.tmp moved successfully.
c:\program files\common files\system\ado\SET60B.tmp moved successfully.
c:\program files\common files\system\ado\SET69B.tmp moved successfully.
c:\program files\common files\system\ado\SET69C.tmp moved successfully.
c:\program files\common files\system\ado\SET69D.tmp moved successfully.
c:\program files\common files\system\ado\SET69E.tmp moved successfully.
c:\program files\common files\system\ado\SET69F.tmp moved successfully.
c:\program files\common files\system\ado\SET6A0.tmp moved successfully.
c:\program files\common files\system\ado\SET6A1.tmp moved successfully.
c:\program files\common files\system\ado\SET6A2.tmp moved successfully.
c:\program files\common files\system\ado\SET6A3.tmp moved successfully.
c:\program files\common files\system\ado\SET6A4.tmp moved successfully.
c:\program files\common files\system\ado\SET6A5.tmp moved successfully.
c:\program files\common files\system\ado\SET83D.tmp moved successfully.
c:\program files\common files\system\ado\SET83E.tmp moved successfully.
c:\program files\common files\system\ado\SET83F.tmp moved successfully.
c:\program files\common files\system\ado\SET840.tmp moved successfully.
c:\program files\common files\system\ado\SET841.tmp moved successfully.
c:\program files\common files\system\ado\SET842.tmp moved successfully.
c:\program files\common files\system\ado\SET843.tmp moved successfully.
c:\program files\common files\system\ado\SET844.tmp moved successfully.
c:\program files\common files\system\ado\SET845.tmp moved successfully.
c:\program files\common files\system\ado\SET846.tmp moved successfully.
c:\program files\common files\system\ado\SET847.tmp moved successfully.
c:\program files\common files\system\ado\SET882.tmp moved successfully.
c:\program files\common files\system\ado\SET884.tmp moved successfully.
c:\program files\common files\system\ado\SET885.tmp moved successfully.
c:\program files\common files\system\ado\SET886.tmp moved successfully.
c:\program files\common files\system\ado\SET887.tmp moved successfully.
c:\program files\common files\system\ado\SET888.tmp moved successfully.
c:\program files\common files\system\ado\SET889.tmp moved successfully.
c:\program files\common files\system\ado\SET88A.tmp moved successfully.
c:\program files\common files\system\ado\SET88B.tmp moved successfully.
c:\program files\common files\system\ado\SET88C.tmp moved successfully.
c:\program files\common files\system\ado\SET88E.tmp moved successfully.
c:\program files\common files\system\ado\SET93C.tmp moved successfully.
c:\program files\common files\system\ado\SET93D.tmp moved successfully.
c:\program files\common files\system\ado\SET93E.tmp moved successfully.
c:\program files\common files\system\ado\SET93F.tmp moved successfully.
c:\program files\common files\system\ado\SET940.tmp moved successfully.
c:\program files\common files\system\ado\SET941.tmp moved successfully.
c:\program files\common files\system\ado\SET942.tmp moved successfully.
c:\program files\common files\system\ado\SET943.tmp moved successfully.
c:\program files\common files\system\ado\SET944.tmp moved successfully.
c:\program files\common files\system\ado\SET945.tmp moved successfully.
c:\program files\common files\system\ado\SET946.tmp moved successfully.
c:\program files\common files\system\ado\SETA30.tmp moved successfully.
c:\program files\common files\system\ado\SETA31.tmp moved successfully.
c:\program files\common files\system\ado\SETA32.tmp moved successfully.
c:\program files\common files\system\ado\SETA33.tmp moved successfully.
c:\program files\common files\system\ado\SETA34.tmp moved successfully.
c:\program files\common files\system\ado\SETA35.tmp moved successfully.
c:\program files\common files\system\ado\SETA36.tmp moved successfully.
c:\program files\common files\system\ado\SETA37.tmp moved successfully.
c:\program files\common files\system\ado\SETA38.tmp moved successfully.
c:\program files\common files\system\ado\SETA39.tmp moved successfully.
c:\program files\common files\system\ado\SETA3A.tmp moved successfully.
c:\program files\common files\system\ado\SETB10.tmp moved successfully.
c:\program files\common files\system\ado\SETB11.tmp moved successfully.
c:\program files\common files\system\ado\SETB12.tmp moved successfully.
c:\program files\common files\system\ado\SETB13.tmp moved successfully.
c:\program files\common files\system\ado\SETB14.tmp moved successfully.
c:\program files\common files\system\ado\SETB15.tmp moved successfully.
c:\program files\common files\system\ado\SETB16.tmp moved successfully.
c:\program files\common files\system\ado\SETB17.tmp moved successfully.
c:\program files\common files\system\ado\SETB18.tmp moved successfully.
c:\program files\common files\system\ado\SETB19.tmp moved successfully.
c:\program files\common files\system\ado\SETB1A.tmp moved successfully.
c:\program files\common files\system\ado\SETBFD.tmp moved successfully.
c:\program files\common files\system\ado\SETBFE.tmp moved successfully.
c:\program files\common files\system\ado\SETBFF.tmp moved successfully.
c:\program files\common files\system\ado\SETC00.tmp moved successfully.
c:\program files\common files\system\ado\SETC01.tmp moved successfully.
c:\program files\common files\system\ado\SETC02.tmp moved successfully.
c:\program files\common files\system\ado\SETC03.tmp moved successfully.
c:\program files\common files\system\ado\SETC04.tmp moved successfully.
c:\program files\common files\system\ado\SETC05.tmp moved successfully.
c:\program files\common files\system\ado\SETC06.tmp moved successfully.
c:\program files\common files\system\ado\SETC07.tmp moved successfully.
c:\program files\common files\system\ado\SETCE3.tmp moved successfully.
c:\program files\common files\system\ado\SETCE4.tmp moved successfully.
c:\program files\common files\system\ado\SETCE5.tmp moved successfully.
c:\program files\common files\system\ado\SETCE6.tmp moved successfully.
c:\program files\common files\system\ado\SETCE7.tmp moved successfully.
c:\program files\common files\system\ado\SETCE8.tmp moved successfully.
c:\program files\common files\system\ado\SETCE9.tmp moved successfully.
c:\program files\common files\system\ado\SETCEA.tmp moved successfully.
c:\program files\common files\system\ado\SETCEB.tmp moved successfully.
c:\program files\common files\system\ado\SETCEC.tmp moved successfully.
c:\program files\common files\system\ado\SETCED.tmp moved successfully.
c:\program files\common files\system\ado\SETDDE.tmp moved successfully.
c:\program files\common files\system\ado\SETDDF.tmp moved successfully.
c:\program files\common files\system\ado\SETDE0.tmp moved successfully.
c:\program files\common files\system\ado\SETDE1.tmp moved successfully.
c:\program files\common files\system\ado\SETDE2.tmp moved successfully.
c:\program files\common files\system\ado\SETDE3.tmp moved successfully.
c:\program files\common files\system\ado\SETDE4.tmp moved successfully.
c:\program files\common files\system\ado\SETDE5.tmp moved successfully.
c:\program files\common files\system\ado\SETDE6.tmp moved successfully.
c:\program files\common files\system\ado\SETDE7.tmp moved successfully.
c:\program files\common files\system\ado\SETDE8.tmp moved successfully.
c:\program files\common files\system\ado\SETEC6.tmp moved successfully.
c:\program files\common files\system\ado\SETEC7.tmp moved successfully.
c:\program files\common files\system\ado\SETEC8.tmp moved successfully.
c:\program files\common files\system\ado\SETEC9.tmp moved successfully.
c:\program files\common files\system\ado\SETECA.tmp moved successfully.
c:\program files\common files\system\ado\SETECB.tmp moved successfully.
c:\program files\common files\system\ado\SETECC.tmp moved successfully.
c:\program files\common files\system\ado\SETECD.tmp moved successfully.
c:\program files\common files\system\ado\SETECE.tmp moved successfully.
c:\program files\common files\system\ado\SETECF.tmp moved successfully.
c:\program files\common files\system\ado\SETED0.tmp moved successfully.
c:\windows\005731_.tmp moved successfully.
c:\windows\006052_.tmp moved successfully.
c:\windows\system32\SET100.tmp moved successfully.
c:\windows\system32\SET101.tmp moved successfully.
c:\windows\system32\SET104.tmp moved successfully.
c:\windows\system32\SET105.tmp moved successfully.
c:\windows\system32\SET106.tmp moved successfully.
c:\windows\system32\SET107.tmp moved successfully.
c:\windows\system32\SET108.tmp moved successfully.
c:\windows\system32\SET109.tmp moved successfully.
c:\windows\system32\SET10A.tmp moved successfully.
c:\windows\system32\SET10B.tmp moved successfully.
c:\windows\system32\SET10D.tmp moved successfully.
c:\windows\system32\SET10E.tmp moved successfully.
c:\windows\system32\SET113.tmp moved successfully.
c:\windows\system32\SET114.tmp moved successfully.
c:\windows\system32\SET116.tmp moved successfully.
c:\windows\system32\SET117.tmp moved successfully.
c:\windows\system32\SET118.tmp moved successfully.
c:\windows\system32\SET119.tmp moved successfully.
c:\windows\system32\SET11A.tmp moved successfully.
c:\windows\system32\SET11B.tmp moved successfully.
c:\windows\system32\SET11D.tmp moved successfully.
c:\windows\system32\SET11E.tmp moved successfully.
c:\windows\system32\SET11F.tmp moved successfully.
c:\windows\system32\SET120.tmp moved successfully.
c:\windows\system32\SET122.tmp moved successfully.
c:\windows\system32\SET128.tmp moved successfully.
c:\windows\system32\SET12B.tmp moved successfully.
c:\windows\system32\SET12C.tmp moved successfully.
c:\windows\system32\SET131.tmp moved successfully.
c:\windows\system32\SET134.tmp moved successfully.
c:\windows\system32\SET135.tmp moved successfully.
c:\windows\system32\SET136.tmp moved successfully.
c:\windows\system32\SET137.tmp moved successfully.
c:\windows\system32\SET138.tmp moved successfully.
c:\windows\system32\SET13A.tmp moved successfully.
c:\windows\system32\SET13C.tmp moved successfully.
c:\windows\system32\SET141.tmp moved successfully.
c:\windows\system32\SET143.tmp moved successfully.
c:\windows\system32\SET146.tmp moved successfully.
c:\windows\system32\SET147.tmp moved successfully.
c:\windows\system32\SET149.tmp moved successfully.
c:\windows\system32\SET150.tmp moved successfully.
c:\windows\system32\SET151.tmp moved successfully.
c:\windows\system32\SET152.tmp moved successfully.
c:\windows\system32\SET153.tmp moved successfully.
c:\windows\system32\SET154.tmp moved successfully.
c:\windows\system32\SET155.tmp moved successfully.
c:\windows\system32\SET15F.tmp moved successfully.
c:\windows\system32\SET163.tmp moved successfully.
c:\windows\system32\SET165.tmp moved successfully.
c:\windows\system32\SET167.tmp moved successfully.
c:\windows\system32\SET168.tmp moved successfully.
c:\windows\system32\SET169.tmp moved successfully.
c:\windows\system32\SET16A.tmp moved successfully.
c:\windows\system32\SET16B.tmp moved successfully.
c:\windows\system32\SET16C.tmp moved successfully.
c:\windows\system32\SET16D.tmp moved successfully.
c:\windows\system32\SET16F.tmp moved successfully.
c:\windows\system32\SET171.tmp moved successfully.
c:\windows\system32\SET172.tmp moved successfully.
c:\windows\system32\SET176.tmp moved successfully.
c:\windows\system32\SET177.tmp moved successfully.
c:\windows\system32\SET17A.tmp moved successfully.
c:\windows\system32\SET17C.tmp moved successfully.
c:\windows\system32\SET17D.tmp moved successfully.
c:\windows\system32\SET17F.tmp moved successfully.
c:\windows\system32\SET180.tmp moved successfully.
c:\windows\system32\SET181.tmp moved successfully.
c:\windows\system32\SET183.tmp moved successfully.
c:\windows\system32\SET184.tmp moved successfully.
c:\windows\system32\SET185.tmp moved successfully.
c:\windows\system32\SET186.tmp moved successfully.
c:\windows\system32\SET187.tmp moved successfully.
c:\windows\system32\SET189.tmp moved successfully.
c:\windows\system32\SET18A.tmp moved successfully.
c:\windows\system32\SET18B.tmp moved successfully.
c:\windows\system32\SET18D.tmp moved successfully.
c:\windows\system32\SET18E.tmp moved successfully.
c:\windows\system32\SET193.tmp moved successfully.
c:\windows\system32\SET196.tmp moved successfully.
c:\windows\system32\SET197.tmp moved successfully.
c:\windows\system32\SET19A.tmp moved successfully.
c:\windows\system32\SET19B.tmp moved successfully.
c:\windows\system32\SET19C.tmp moved successfully.
c:\windows\system32\SET19E.tmp moved successfully.
c:\windows\system32\SET19F.tmp moved successfully.
c:\windows\system32\SET1A2.tmp moved successfully.
c:\windows\system32\SET1A3.tmp moved successfully.
c:\windows\system32\SET1A4.tmp moved successfully.
c:\windows\system32\SET1A5.tmp moved successfully.
c:\windows\system32\SET1A6.tmp moved successfully.
c:\windows\system32\SET1A7.tmp moved successfully.
c:\windows\system32\SET1A8.tmp moved successfully.
c:\windows\system32\SET1A9.tmp moved successfully.
c:\windows\system32\SET1AB.tmp moved successfully.
c:\windows\system32\SET1AC.tmp moved successfully.
c:\windows\system32\SET1AD.tmp moved successfully.
c:\windows\system32\SET1AE.tmp moved successfully.
c:\windows\system32\SET1AF.tmp moved successfully.
c:\windows\system32\SET1B0.tmp moved successfully.
c:\windows\system32\SET1B1.tmp moved successfully.
c:\windows\system32\SET1B2.tmp moved successfully.
c:\windows\system32\SET1B3.tmp moved successfully.
c:\windows\system32\SET1B5.tmp moved successfully.
c:\windows\system32\SET1B6.tmp moved successfully.
c:\windows\system32\SET1B9.tmp moved successfully.
c:\windows\system32\SET1BA.tmp moved successfully.
c:\windows\system32\SET1BD.tmp moved successfully.
c:\windows\system32\SET1BE.tmp moved successfully.
c:\windows\system32\SET1BF.tmp moved successfully.
c:\windows\system32\SET1C5.tmp moved successfully.
c:\windows\system32\SET1C6.tmp moved successfully.
c:\windows\system32\SET1C9.tmp moved successfully.
c:\windows\system32\SET1CA.tmp moved successfully.
c:\windows\system32\SET1CD.tmp moved successfully.
c:\windows\system32\SET1CE.tmp moved successfully.
c:\windows\system32\SET1D0.tmp moved successfully.
c:\windows\system32\SET1D3.tmp moved successfully.
c:\windows\system32\SET1D6.tmp moved successfully.
c:\windows\system32\SET1DA.tmp moved successfully.
c:\windows\system32\SET1DC.tmp moved successfully.
c:\windows\system32\SET1DD.tmp moved successfully.
c:\windows\system32\SET1DE.tmp moved successfully.
c:\windows\system32\SET1DF.tmp moved successfully.
c:\windows\system32\SET1E0.tmp moved successfully.
c:\windows\system32\SET1E1.tmp moved successfully.
c:\windows\system32\SET1E2.tmp moved successfully.
c:\windows\system32\SET1E3.tmp moved successfully.
c:\windows\system32\SET1E4.tmp moved successfully.
c:\windows\system32\SET1E7.tmp moved successfully.
c:\windows\system32\SET1E9.tmp moved successfully.
c:\windows\system32\SET1EB.tmp moved successfully.
c:\windows\system32\SET1EC.tmp moved successfully.
c:\windows\system32\SET1ED.tmp moved successfully.
c:\windows\system32\SET1EE.tmp moved successfully.
c:\windows\system32\SET1F0.tmp moved successfully.
c:\windows\system32\SET1F2.tmp moved successfully.
c:\windows\system32\SET1F3.tmp moved successfully.
c:\windows\system32\SET1F6.tmp moved successfully.
c:\windows\system32\SET1F7.tmp moved successfully.
c:\windows\system32\SET1F8.tmp moved successfully.
c:\windows\system32\SET1FD.tmp moved successfully.
c:\windows\system32\SET1FE.tmp moved successfully.
c:\windows\system32\SET1FF.tmp moved successfully.
c:\windows\system32\SET202.tmp moved successfully.
c:\windows\system32\SET203.tmp moved successfully.
c:\windows\system32\SET204.tmp moved successfully.
c:\windows\system32\SET205.tmp moved successfully.
c:\windows\system32\SET206.tmp moved successfully.
c:\windows\system32\SET207.tmp moved successfully.
c:\windows\system32\SET20A.tmp moved successfully.
c:\windows\system32\SET20B.tmp moved successfully.
c:\windows\system32\SET20C.tmp moved successfully.
c:\windows\system32\SET20E.tmp moved successfully.
c:\windows\system32\SET210.tmp moved successfully.
c:\windows\system32\SET211.tmp moved successfully.
c:\windows\system32\SET217.tmp moved successfully.
c:\windows\system32\SET218.tmp moved successfully.
c:\windows\system32\SET219.tmp moved successfully.
c:\windows\system32\SET21A.tmp moved successfully.
c:\windows\system32\SET21B.tmp moved successfully.
c:\windows\system32\SET221.tmp moved successfully.
c:\windows\system32\SET222.tmp moved successfully.
c:\windows\system32\SET223.tmp moved successfully.
c:\windows\system32\SET225.tmp moved successfully.
c:\windows\system32\SET227.tmp moved successfully.
c:\windows\system32\SET228.tmp moved successfully.
c:\windows\system32\SET229.tmp moved successfully.
c:\windows\system32\SET22A.tmp moved successfully.
c:\windows\system32\SET22B.tmp moved successfully.
c:\windows\system32\SET22C.tmp moved successfully.
c:\windows\system32\SET22D.tmp moved successfully.
c:\windows\system32\SET22E.tmp moved successfully.
c:\windows\system32\SET232.tmp moved successfully.
c:\windows\system32\SET235.tmp moved successfully.
c:\windows\system32\SET236.tmp moved successfully.
c:\windows\system32\SET237.tmp moved successfully.
c:\windows\system32\SET238.tmp moved successfully.
c:\windows\system32\SET23A.tmp moved successfully.
c:\windows\system32\SET23E.tmp moved successfully.
c:\windows\system32\SET240.tmp moved successfully.
c:\windows\system32\SET242.tmp moved successfully.
c:\windows\system32\SET243.tmp moved successfully.
c:\windows\system32\SET244.tmp moved successfully.
c:\windows\system32\SET245.tmp moved successfully.
c:\windows\system32\SET246.tmp moved successfully.
c:\windows\system32\SET247.tmp moved successfully.
c:\windows\system32\SET24B.tmp moved successfully.
c:\windows\system32\SET24C.tmp moved successfully.
c:\windows\system32\SET24D.tmp moved successfully.
c:\windows\system32\SET24F.tmp moved successfully.
c:\windows\system32\SET251.tmp moved successfully.
c:\windows\system32\SET252.tmp moved successfully.
c:\windows\system32\SET255.tmp moved successfully.
c:\windows\system32\SET257.tmp moved successfully.
c:\windows\system32\SET258.tmp moved successfully.
c:\windows\system32\SET259.tmp moved successfully.
c:\windows\system32\SET25C.tmp moved successfully.
c:\windows\system32\SET25D.tmp moved successfully.
c:\windows\system32\SET25E.tmp moved successfully.
c:\windows\system32\SET25F.tmp moved successfully.
c:\windows\system32\SET260.tmp moved successfully.
c:\windows\system32\SET261.tmp moved successfully.
c:\windows\system32\SET262.tmp moved successfully.
c:\windows\system32\SET263.tmp moved successfully.
c:\windows\system32\SET264.tmp moved successfully.
c:\windows\system32\SET266.tmp moved successfully.
c:\windows\system32\SET267.tmp moved successfully.
c:\windows\system32\SET268.tmp moved successfully.
c:\windows\system32\SET269.tmp moved successfully.
c:\windows\system32\SET26B.tmp moved successfully.
c:\windows\system32\SET26C.tmp moved successfully.
c:\windows\system32\SET26D.tmp moved successfully.
c:\windows\system32\SET26E.tmp moved successfully.
c:\windows\system32\SET26F.tmp moved successfully.
c:\windows\system32\SET270.tmp moved successfully.
c:\windows\system32\SET273.tmp moved successfully.
c:\windows\system32\SET274.tmp moved successfully.
c:\windows\system32\SET277.tmp moved successfully.
c:\windows\system32\SET278.tmp moved successfully.
c:\windows\system32\SET279.tmp moved successfully.
c:\windows\system32\SET27A.tmp moved successfully.
c:\windows\system32\SET27B.tmp moved successfully.
c:\windows\system32\SET27C.tmp moved successfully.
c:\windows\system32\SET27D.tmp moved successfully.
c:\windows\system32\SET27E.tmp moved successfully.
c:\windows\system32\SET27F.tmp moved successfully.
c:\windows\system32\SET281.tmp moved successfully.
c:\windows\system32\SET282.tmp moved successfully.
c:\windows\system32\SET283.tmp moved successfully.
c:\windows\system32\SET284.tmp moved successfully.
c:\windows\system32\SET285.tmp moved successfully.
c:\windows\system32\SET288.tmp moved successfully.
c:\windows\system32\SET289.tmp moved successfully.
c:\windows\system32\SET28A.tmp moved successfully.
c:\windows\system32\SET28B.tmp moved successfully.
c:\windows\system32\SET28C.tmp moved successfully.
c:\windows\system32\SET28D.tmp moved successfully.
c:\windows\system32\SET28E.tmp moved successfully.
c:\windows\system32\SET28F.tmp moved successfully.
c:\windows\system32\SET290.tmp moved successfully.
c:\windows\system32\SET291.tmp moved successfully.
c:\windows\system32\SET293.tmp moved successfully.
c:\windows\system32\SET294.tmp moved successfully.
c:\windows\system32\SET295.tmp moved successfully.
c:\windows\system32\SET296.tmp moved successfully.
c:\windows\system32\SET297.tmp moved successfully.
c:\windows\system32\SET299.tmp moved successfully.
c:\windows\system32\SET29A.tmp moved successfully.
c:\windows\system32\SET29B.tmp moved successfully.
c:\windows\system32\SET29C.tmp moved successfully.
c:\windows\system32\SET29D.tmp moved successfully.
c:\windows\system32\SET29E.tmp moved successfully.
c:\windows\system32\SET2A0.tmp moved successfully.
c:\windows\system32\SET2A1.tmp moved successfully.
c:\windows\system32\SET2A2.tmp moved successfully.
c:\windows\system32\SET2A4.tmp moved successfully.
c:\windows\system32\SET2A6.tmp moved successfully.
c:\windows\system32\SET2A7.tmp moved successfully.
c:\windows\system32\SET2A8.tmp moved successfully.
c:\windows\system32\SET2AA.tmp moved successfully.
c:\windows\system32\SET2AB.tmp moved successfully.
c:\windows\system32\SET2AD.tmp moved successfully.
c:\windows\system32\SET2AF.tmp moved successfully.
c:\windows\system32\SET2B2.tmp moved successfully.
c:\windows\system32\SET2B3.tmp moved successfully.
c:\windows\system32\SET2B5.tmp moved successfully.
c:\windows\system32\SET2B7.tmp moved successfully.
c:\windows\system32\SET2B9.tmp moved successfully.
c:\windows\system32\SET2BA.tmp moved successfully.
c:\windows\system32\SET2BB.tmp moved successfully.
c:\windows\system32\SET2BC.tmp moved successfully.
c:\windows\system32\SET2BD.tmp moved successfully.
c:\windows\system32\SET2BE.tmp moved successfully.
c:\windows\system32\SET2BF.tmp moved successfully.
c:\windows\system32\SET2C1.tmp moved successfully.
c:\windows\system32\SET2C4.tmp moved successfully.
c:\windows\system32\SET2C5.tmp moved successfully.
c:\windows\system32\SET2C7.tmp moved successfully.
c:\windows\system32\SET2C8.tmp moved successfully.
c:\windows\system32\SET2CC.tmp moved successfully.
c:\windows\system32\SET2CE.tmp moved successfully.
c:\windows\system32\SET2CF.tmp moved successfully.
c:\windows\system32\SET2D0.tmp moved successfully.
c:\windows\system32\SET2D1.tmp moved successfully.
c:\windows\system32\SET2D2.tmp moved successfully.
c:\windows\system32\SET2D3.tmp moved successfully.
c:\windows\system32\SET2D5.tmp moved successfully.
c:\windows\system32\SET2D6.tmp moved successfully.
c:\windows\system32\SET2D7.tmp moved successfully.
c:\windows\system32\SET2DA.tmp moved successfully.
c:\windows\system32\SET2DE.tmp moved successfully.
c:\windows\system32\SET2DF.tmp moved successfully.
c:\windows\system32\SET2E0.tmp moved successfully.
c:\windows\system32\SET2E1.tmp moved successfully.
c:\windows\system32\SET2E2.tmp moved successfully.
c:\windows\system32\SET2E3.tmp moved successfully.
c:\windows\system32\SET2E4.tmp moved successfully.
c:\windows\system32\SET2E5.tmp moved successfully.
c:\windows\system32\SET2E6.tmp moved successfully.
c:\windows\system32\SET2E7.tmp moved successfully.
c:\windows\system32\SET2E8.tmp moved successfully.
c:\windows\system32\SET2EA.tmp moved successfully.
c:\windows\system32\SET2EB.tmp moved successfully.
c:\windows\system32\SET2EF.tmp moved successfully.
c:\windows\system32\SET2F0.tmp moved successfully.
c:\windows\system32\SET2F1.tmp moved successfully.
c:\windows\system32\SET2F2.tmp moved successfully.
c:\windows\system32\SET2F6.tmp moved successfully.
c:\windows\system32\SET2F7.tmp moved successfully.
c:\windows\system32\SET2F8.tmp moved successfully.
c:\windows\system32\SET2F9.tmp moved successfully.
c:\windows\system32\SET2FB.tmp moved successfully.
c:\windows\system32\SET2FC.tmp moved successfully.
c:\windows\system32\SET301.tmp moved successfully.
c:\windows\system32\SET302.tmp moved successfully.
c:\windows\system32\SET303.tmp moved successfully.
c:\windows\system32\SET304.tmp moved successfully.
c:\windows\system32\SET305.tmp moved successfully.
c:\windows\system32\SET306.tmp moved successfully.
c:\windows\system32\SET307.tmp moved successfully.
c:\windows\system32\SET308.tmp moved successfully.
c:\windows\system32\SET309.tmp moved successfully.
c:\windows\system32\SET30A.tmp moved successfully.
c:\windows\system32\SET30B.tmp moved successfully.
c:\windows\system32\SET30C.tmp moved successfully.
c:\windows\system32\SET30F.tmp moved successfully.
c:\windows\system32\SET310.tmp moved successfully.
c:\windows\system32\SET311.tmp moved successfully.
c:\windows\system32\SET312.tmp moved successfully.
c:\windows\system32\SET313.tmp moved successfully.
c:\windows\system32\SET314.tmp moved successfully.
c:\windows\system32\SET315.tmp moved successfully.
c:\windows\system32\SET316.tmp moved successfully.
c:\windows\system32\SET317.tmp moved successfully.
c:\windows\system32\SET319.tmp moved successfully.
c:\windows\system32\SET31A.tmp moved successfully.
c:\windows\system32\SET31B.tmp moved successfully.
c:\windows\system32\SET31C.tmp moved successfully.
c:\windows\system32\SET31D.tmp moved successfully.
c:\windows\system32\SET31E.tmp moved successfully.
c:\windows\system32\SET320.tmp moved successfully.
c:\windows\system32\SET321.tmp moved successfully.
c:\windows\system32\SET322.tmp moved successfully.
c:\windows\system32\SET323.tmp moved successfully.
c:\windows\system32\SET324.tmp moved successfully.
c:\windows\system32\SET325.tmp moved successfully.
c:\windows\system32\SET326.tmp moved successfully.
c:\windows\system32\SET327.tmp moved successfully.
c:\windows\system32\SET328.tmp moved successfully.
c:\windows\system32\SET32A.tmp moved successfully.
c:\windows\system32\SET32E.tmp moved successfully.
c:\windows\system32\SET32F.tmp moved successfully.
c:\windows\system32\SET331.tmp moved successfully.
c:\windows\system32\SET332.tmp moved successfully.
c:\windows\system32\SET336.tmp moved successfully.
c:\windows\system32\SET337.tmp moved successfully.
c:\windows\system32\SET338.tmp moved successfully.
c:\windows\system32\SET339.tmp moved successfully.
c:\windows\system32\SET33A.tmp moved successfully.
c:\windows\system32\SET33B.tmp moved successfully.
c:\windows\system32\SET33D.tmp moved successfully.
c:\windows\system32\SET33F.tmp moved successfully.
c:\windows\system32\SET341.tmp moved successfully.
c:\windows\system32\SET342.tmp moved successfully.
c:\windows\system32\SET343.tmp moved successfully.
c:\windows\system32\SET344.tmp moved successfully.
c:\windows\system32\SET346.tmp moved successfully.
c:\windows\system32\SET347.tmp moved successfully.
c:\windows\system32\SET348.tmp moved successfully.
c:\windows\system32\SET34B.tmp moved successfully.
c:\windows\system32\SET34C.tmp moved successfully.
c:\windows\system32\SET34F.tmp moved successfully.
c:\windows\system32\SET350.tmp moved successfully.
c:\windows\system32\SET351.tmp moved successfully.
c:\windows\system32\SET355.tmp moved successfully.
c:\windows\system32\SET356.tmp moved successfully.
c:\windows\system32\SET358.tmp moved successfully.
c:\windows\system32\SET359.tmp moved successfully.
c:\windows\system32\SET35C.tmp moved successfully.
c:\windows\system32\SET35D.tmp moved successfully.
c:\windows\system32\SET35F.tmp moved successfully.
c:\windows\system32\SET361.tmp moved successfully.
c:\windows\system32\SET362.tmp moved successfully.
c:\windows\system32\SET363.tmp moved successfully.
c:\windows\system32\SET364.tmp moved successfully.
c:\windows\system32\SET367.tmp moved successfully.
c:\windows\system32\SET369.tmp moved successfully.
c:\windows\system32\SET36B.tmp moved successfully.
c:\windows\system32\SET36D.tmp moved successfully.
c:\windows\system32\SET373.tmp moved successfully.
c:\windows\system32\SET374.tmp moved successfully.
c:\windows\system32\SET377.tmp moved successfully.
c:\windows\system32\SET379.tmp moved successfully.
c:\windows\system32\SET37A.tmp moved successfully.
c:\windows\system32\SET37B.tmp moved successfully.
c:\windows\system32\SET37C.tmp moved successfully.
c:\windows\system32\SET37F.tmp moved successfully.
c:\windows\system32\SET386.tmp moved successfully.
c:\windows\system32\SET389.tmp moved successfully.
c:\windows\system32\SET38A.tmp moved successfully.
c:\windows\system32\SET38B.tmp moved successfully.
c:\windows\system32\SET38C.tmp moved successfully.
c:\windows\system32\SET38F.tmp moved successfully.
c:\windows\system32\SET390.tmp moved successfully.
c:\windows\system32\SET392.tmp moved successfully.
c:\windows\system32\SET393.tmp moved successfully.
c:\windows\system32\SET394.tmp moved successfully.
c:\windows\system32\SET396.tmp moved successfully.
c:\windows\system32\SET398.tmp moved successfully.
c:\windows\system32\SET39A.tmp moved successfully.
c:\windows\system32\SET39B.tmp moved successfully.
c:\windows\system32\SET39C.tmp moved successfully.
c:\windows\system32\SET39D.tmp moved successfully.
c:\windows\system32\SET39E.tmp moved successfully.
c:\windows\system32\SET3A0.tmp moved successfully.
c:\windows\system32\SET3A3.tmp moved successfully.
c:\windows\system32\SET3A4.tmp moved successfully.
c:\windows\system32\SET3A5.tmp moved successfully.
c:\windows\system32\SET3A6.tmp moved successfully.
c:\windows\system32\SET3AB.tmp moved successfully.
c:\windows\system32\SET3B1.tmp moved successfully.
c:\windows\system32\SET3B4.tmp moved successfully.
c:\windows\system32\SET3B5.tmp moved successfully.
c:\windows\system32\SET3B8.tmp moved successfully.
c:\windows\system32\SET3B9.tmp moved successfully.
c:\windows\system32\SET3BA.tmp moved successfully.
c:\windows\system32\SET3BB.tmp moved successfully.
c:\windows\system32\SET3BC.tmp moved successfully.
c:\windows\system32\SET3BF.tmp moved successfully.
c:\windows\system32\SET3C2.tmp moved successfully.
c:\windows\system32\SET3C7.tmp moved successfully.
c:\windows\system32\SET3C8.tmp moved successfully.
c:\windows\system32\SET3CB.tmp moved successfully.
c:\windows\system32\SET3D4.tmp moved successfully.
c:\windows\system32\SET3DB.tmp moved successfully.
c:\windows\system32\SET3DC.tmp moved successfully.
c:\windows\system32\SET3DD.tmp moved successfully.
c:\windows\system32\SET3DE.tmp moved successfully.
c:\windows\system32\SET3E1.tmp moved successfully.
c:\windows\system32\SET3E5.tmp moved successfully.
c:\windows\system32\SET3E7.tmp moved successfully.
c:\windows\system32\SET3E9.tmp moved successfully.
c:\windows\system32\SET3EA.tmp moved successfully.
c:\windows\system32\SET3EE.tmp moved successfully.
c:\windows\system32\SET3EF.tmp moved successfully.
c:\windows\system32\SET3F0.tmp moved successfully.
c:\windows\system32\SET3F2.tmp moved successfully.
c:\windows\system32\SET3F3.tmp moved successfully.
c:\windows\system32\SET3F4.tmp moved successfully.
c:\windows\system32\SET3F5.tmp moved successfully.
c:\windows\system32\SET3F7.tmp moved successfully.
c:\windows\system32\SET3F9.tmp moved successfully.
c:\windows\system32\SET3FA.tmp moved successfully.
c:\windows\system32\SET3FB.tmp moved successfully.
c:\windows\system32\SET3FC.tmp moved successfully.
c:\windows\system32\SET3FD.tmp moved successfully.
c:\windows\system32\SET3FE.tmp moved successfully.
c:\windows\system32\SET3FF.tmp moved successfully.
c:\windows\system32\SET400.tmp moved successfully.
c:\windows\system32\SET403.tmp moved successfully.
c:\windows\system32\SET405.tmp moved successfully.
c:\windows\system32\SET40E.tmp moved successfully.
c:\windows\system32\SET40F.tmp moved successfully.
c:\windows\system32\SET414.tmp moved successfully.
c:\windows\system32\SET415.tmp moved successfully.
c:\windows\system32\SET419.tmp moved successfully.
c:\windows\system32\SET41C.tmp moved successfully.
c:\windows\system32\SET41F.tmp moved successfully.
c:\windows\system32\SET420.tmp moved successfully.
c:\windows\system32\SET421.tmp moved successfully.
c:\windows\system32\SET425.tmp moved successfully.
c:\windows\system32\SET427.tmp moved successfully.
c:\windows\system32\SET429.tmp moved successfully.
c:\windows\system32\SET42C.tmp moved successfully.
c:\windows\system32\SET42D.tmp moved successfully.
c:\windows\system32\SET431.tmp moved successfully.
c:\windows\system32\SET432.tmp moved successfully.
c:\windows\system32\SET434.tmp moved successfully.
c:\windows\system32\SET439.tmp moved successfully.
c:\windows\system32\SET43A.tmp moved successfully.
c:\windows\system32\SET43D.tmp moved successfully.
c:\windows\system32\SET441.tmp moved successfully.
c:\windows\system32\SET443.tmp moved successfully.
c:\windows\system32\SET445.tmp moved successfully.
c:\windows\system32\SET446.tmp moved successfully.
c:\windows\system32\SET449.tmp moved successfully.
c:\windows\system32\SET459.tmp moved successfully.
c:\windows\system32\SET467.tmp moved successfully.
c:\windows\system32\SET468.tmp moved successfully.
c:\windows\system32\SET470.tmp moved successfully.
c:\windows\system32\SET471.tmp moved successfully.
c:\windows\system32\SET473.tmp moved successfully.
c:\windows\system32\SET474.tmp moved successfully.
c:\windows\system32\SET475.tmp moved successfully.
c:\windows\system32\SET478.tmp moved successfully.
c:\windows\system32\SET47A.tmp moved successfully.
c:\windows\system32\SET47B.tmp moved successfully.
c:\windows\system32\SET47C.tmp moved successfully.
c:\windows\system32\SET481.tmp moved successfully.
c:\windows\system32\SET485.tmp moved successfully.
c:\windows\system32\SET48D.tmp moved successfully.
c:\windows\system32\SET48E.tmp moved successfully.
c:\windows\system32\SET48F.tmp moved successfully.
c:\windows\system32\SET493.tmp moved successfully.
c:\windows\system32\SET497.tmp moved successfully.
c:\windows\system32\SET499.tmp moved successfully.
c:\windows\system32\SET49B.tmp moved successfully.
c:\windows\system32\SET4A4.tmp moved successfully.
c:\windows\system32\SET4A6.tmp moved successfully.
c:\windows\system32\SET4A8.tmp moved successfully.
c:\windows\system32\SET4AC.tmp moved successfully.
c:\windows\system32\SET4B0.tmp moved successfully.
c:\windows\system32\SET4B8.tmp moved successfully.
c:\windows\system32\SET4B9.tmp moved successfully.
c:\windows\system32\SET4C0.tmp moved successfully.
c:\windows\system32\SET4C2.tmp moved successfully.
c:\windows\system32\SET4C4.tmp moved successfully.
c:\windows\system32\SET4C5.tmp moved successfully.
c:\windows\system32\SET4CE.tmp moved successfully.
c:\windows\system32\SET4F7.tmp moved successfully.
c:\windows\system32\SET4FF.tmp moved successfully.
c:\windows\system32\SET500.tmp moved successfully.
c:\windows\system32\SET502.tmp moved successfully.
c:\windows\system32\SET503.tmp moved successfully.
c:\windows\system32\SET504.tmp moved successfully.
c:\windows\system32\SET507.tmp moved successfully.
c:\windows\system32\SET509.tmp moved successfully.
c:\windows\system32\SET50A.tmp moved successfully.
c:\windows\system32\SET50B.tmp moved successfully.
c:\windows\system32\SET510.tmp moved successfully.
c:\windows\system32\SET51E.tmp moved successfully.
c:\windows\system32\SET522.tmp moved successfully.
c:\windows\system32\SET52A.tmp moved successfully.
c:\windows\system32\SET533.tmp moved successfully.
c:\windows\system32\SET535.tmp moved successfully.
c:\windows\system32\SET53B.tmp moved successfully.
c:\windows\system32\SET53F.tmp moved successfully.
c:\windows\system32\SET548.tmp moved successfully.
c:\windows\system32\SET54F.tmp moved successfully.
c:\windows\system32\SET553.tmp moved successfully.
c:\windows\system32\SETE0E.tmp moved successfully.
c:\windows\system32\SETE0F.tmp moved successfully.
c:\windows\system32\SETE12.tmp moved successfully.
c:\windows\system32\SETE17.tmp moved successfully.
c:\windows\system32\SETE1B.tmp moved successfully.
c:\windows\system32\SETE21.tmp moved successfully.
c:\windows\system32\SETE49.tmp moved successfully.
c:\windows\system32\SETE6D.tmp moved successfully.
c:\windows\system32\SETE8.tmp moved successfully.
c:\windows\system32\SETEF.tmp moved successfully.
c:\windows\system32\SETF0.tmp moved successfully.
c:\windows\system32\SETF1.tmp moved successfully.
c:\windows\system32\SETF3.tmp moved successfully.
c:\windows\system32\SETF4.tmp moved successfully.
c:\windows\system32\SETF6.tmp moved successfully.
c:\windows\system32\SETFA.tmp moved successfully.
c:\windows\system32\SETFB.tmp moved successfully.
c:\windows\system32\SETFE.tmp moved successfully.
c:\windows\002916_.tmp moved successfully.
========== COMMANDS ==========
Restore point Set: OTM Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator.DJJXF091
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 107775 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: DAD
->Temp folder emptied: 59348934 bytes
->Temporary Internet Files folder emptied: 11005761 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 94715607 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 145408 bytes
->Flash cache emptied: 3146 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3267185 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 306648 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 62751 bytes

Total Files Cleaned = 161.00 mb

OTM by OldTimer - Version 3.1.18.0 log created on 09212011_113515

Files moved on Reboot...
C:\Documents and Settings\DAD\Local Settings\Temp\~DFBA76.tmp moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_26c.dat moved successfully.
File C:\WINDOWS\temp\ZLT07bae.TMP not found!

Registry entries deleted on Reboot...

oldman960

2011-09-21, 22:13

Hi musicalpulltoy,

AVG analyzer
I don't use that program so I'm not sure what to make of it's findings.

no i dont use reg fixers,:thumbup: Good, they don't really do a whole lot for you.

We'll remove OTM first then I'll give you a link to a tool you can use for temorary files.

Open OTM then click the Clean Up button. You may get prompted by your firewall that OTM wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.

Here's a very good simple tool to use everynow and and then to clean out the temporary files. It's yours to keep and use it does pretty much the same as OTM.

Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

musicalpulltoy

2011-09-21, 22:56

um,
iexplorer running slow and causes slow switching from program to program.
heard about totally uninstalling then reinstall ie7 lnstead of ie8.
a popup "kargo_224272_pantene_IPHONEINDEX.m3u8" which is a m3u8 file from http://m.cdn.cloud.kargo.tv . reaccuring.
i had gotten this before we started removale but not during removal till now.
??

musicalpulltoy

2011-09-21, 23:10

otm has froze :s
i downloaded the cleaner TY.

musicalpulltoy

2011-09-21, 23:23

nevermind it ran second time.
there were 3 files it couldnt delete but couldnt see what they were window size was too small to see.

oldman960

2011-09-22, 07:56

Hi musicalpulltoy,

Are you using an Iphone on this computer? m3u8 files can also be used by Itunes.

heard about totally uninstalling then reinstall ie7 lnstead of ie8.
There isn't any need to reinstall IE7. It will automatically rooll back to IE7 when IE8 is uninstalled. However since you installed IE8 before you installed Service Pack3, Service Pack3 will need to be uninstalled first.

musicalpulltoy

2011-09-22, 20:43

hi.
i use an iphone emulator with firefox to visit a chat site that only allows phones.
turned the java off and the popup stoped.
firefox is what i mainly use but some times only IE will work for a site and it lags whole pc.
other then that everything seems ok.

oldman960

2011-09-23, 15:37

Hi musicalpulltoy,

Looks like that site might be fir people to share small video clips. Does this happen all the time or only when you are using the emulator?

musicalpulltoy

2011-09-24, 06:44

hi,,
your right, some little clips from website wanted to download.
yes, only when emulating.
any chance this will work?

http://www.pcauthorities.com/how-to/ie8-how-to/prevent-ie8-from-being-installed/

then revert to ie7.

oldman960

2011-09-24, 08:45

Hi

It would seem that something on the site you are using with the emulator is also connecting to the other site with the video clips. Do you go to m.cdn.cloud.kargo.tv or a similar site?

any chance this will work?No. The info in that link is to prevent IE8 from being installed. You all ready have IE8 installed. As mentioned any version of IE that was installed prior to Service Pack3 being installed can not be uninstalled without Service Pack3 being uninstalled first.

You can uninstall Service Pack3 via add/remove programs then uninstall IE8. Once IE8 is uninstalled you can reinstall Service Pack3. You shouldn't have the same difficulties you had before as you have corrected the permissions issue you experienced earlier.

An easy way to prevent IE8 from installing is set Automatic Updates to "download updates for me, but let me choose when to install them?
When you are notified that updates are ready to be installed
click the yellow update icon
click Custom install (advanced)
Click next
Uncheck IE8
If there any other updates click install
otherwise click close
You will be presented with a warning box, "updates that aren't selected will not be installed", check the box beside "Don't notify me about these updates again
click ok
IE8 should not be offered again.

musicalpulltoy

2011-09-26, 00:40

happy fall.
well thats going to be a hassle.
time to make new back up and restore point?
yesterday incredimail decided to become default search engine.
i uninstalled it i thought yet remains are in "all users".
happened when i tried to access firefox "about config" to undo a fix for Script: chrome://browser/content/preferences/advanced.js:259 error opening options , advanced settings.
that i found at forum.worldstart.com "Help tab>about?" Right click on the entry I have highlighted and modify the setting to show 50.
it stoped the error but didnt seem to run right.

(hate computers)

oldman960

2011-09-26, 01:07

Hi musicalpulltoy,

You should be able to change the default search engine back to google by typing about:config in the FireFox address field. Locate browser.search.defaultenginename, right click and click reset. Or right click and click moify and type Google in the box and click ok.

musicalpulltoy

2011-09-29, 22:53

hi
we did that before.
some where icerdimail lurks waiting to return.
its done it already.

oldman960

2011-09-30, 00:48

Hi musicalpulltoy,

Click your start button > Control panel > add/remove programs and uninstall incredimail if it's present.

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop
Double click on OTL.exe
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :

:services

:Files
c:\documents and settings\dad\local settings\application data\IM
c:\documents and settings\all users\application data\IncrediMail
c:\documents and settings\all users\application data\IM

:Commands
[createrestorepoint]

Then click the Run Fix button at the top
Let the program run unhindered
Reboot your computer

Next open FireFox. In the address bar type about:config hit enter. Click "I promise to be careful."

Scroll down to

browser.search.defaulturl right click and click reset

Do the same for each of these

browser.startup.homepage
keyword.URL

Next, in the Filter field just above the list type incredimail. Right click and click reset on any entries that are listed.

Open OTL check the box beside scan all users and click the Run scan button.

Please post back with both OTL logs, OTL.txt and Extra.txt

Is incredimail still there?

musicalpulltoy

2011-10-02, 02:52

hi *<];-)
i had uninstalled it.
this time its all out of "all users" though

OTL logfile created on: 10/1/2011 3:02:53 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\DAD\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.24 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 51.14% Memory free
4.22 Gb Paging File | 3.77 Gb Available in Paging File | 89.34% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.21 Gb Total Space | 11.37 Gb Free Space | 33.24% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 159.77 Gb Free Space | 68.60% Space Free | Partition Type: NTFS

Computer Name: DJJXF091 | User Name: DAD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/30 23:32:44 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DAD\Desktop\OTL.exe
PRC - [2011/09/10 06:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 08:45:28 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2011/03/18 01:24:50 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2011/03/16 15:32:59 | 000,325,000 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/03/29 13:02:48 | 000,520,234 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Disabled | Stopped] -- -- (nosGetPlusHelper) getPlus(R)
SRV - File not found [Disabled | Stopped] -- -- (DirMon2)
SRV - File not found [Auto | Stopped] -- -- (DCService.exe)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/08/18 08:45:28 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2011/02/10 15:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2008/08/26 15:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2007/06/25 08:47:12 | 001,552,680 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)

========== Driver Services (SafeList) ==========

DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/03/25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009/03/25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009/03/25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009/03/25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009/03/25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/04/14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 00:15:34 | 000,011,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\scsiscan.sys -- (scsiscan)
DRV - [2008/03/11 15:58:56 | 000,059,776 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV - [2008/03/11 15:58:50 | 000,039,936 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV - [2008/03/11 15:58:48 | 000,041,344 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV - [2008/03/11 15:58:44 | 000,029,824 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUBus.sys -- (PTDUBus)
DRV - [2007/06/25 08:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/06/25 08:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/06/25 08:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/04/23 14:11:54 | 000,224,896 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2006/02/23 14:58:25 | 000,167,808 | R--- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2005/12/14 21:03:19 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/05/12 22:17:00 | 000,457,312 | R--- | M] (Atheros Communications, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\N3AB.sys -- (N3AB)
DRV - [2005/03/14 14:01:38 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2004/09/17 13:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/04 04:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 04:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2002/04/11 11:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/17 13:57:46 | 000,065,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3legacy.sys -- (s3legacy)
DRV - [2001/08/17 13:50:20 | 000,114,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epstw2k.sys -- (epstw2k)
DRV - [2001/08/17 12:50:56 | 000,050,432 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SiSV.sys -- (SiSV)
DRV - [2001/08/17 12:50:34 | 000,166,720 | ---- | M] (S3 Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3m.sys -- (s3m)
DRV - [1999/05/28 14:53:30 | 000,150,872 | R--- | M] (Trident Microsystems Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\TridWnW.sys -- (TridWnW)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

IE - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}:7.0
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.4
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.6.0.1
FF - prefs.js..extensions.enabledItems: {f36c6cd1-da73-491d-b290-8fc9115bfa55}:2.2.0
FF - prefs.js..extensions.enabledItems: jsdeobfuscator@adblockplus.org:1.5.7
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.10
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\DAD\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\DAD\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\DAD\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\DAD\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/09/17 16:44:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/18 08:27:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/08 20:38:57 | 000,000,000 | ---D | M]

[2009/11/23 22:10:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Extensions
[2011/09/27 02:18:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions
[2010/11/07 10:53:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/14 16:22:47 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2011/09/07 19:41:45 | 000,000,000 | ---D | M] (Tor-Proxy.NET Toolbar) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{9815d32d-08c2-42ca-a8c6-43e501a4512f}
[2011/07/31 18:11:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/09/07 23:43:07 | 000,000,000 | ---D | M] (Easy YouTube Video Downloader) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011/08/18 08:34:41 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011/09/27 00:14:34 | 000,000,000 | ---D | M] (WorldIP) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}
[2011/07/13 05:36:08 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\anttoolbar@ant(2).com
[2011/09/27 02:18:16 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\firebug@software.joehewitt.com
[2011/09/07 23:43:07 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\firefox@ghostery.com
[2011/07/13 05:36:10 | 000,000,000 | ---D | M] (FlashFirebug) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\flashfirebug@o-minds(2).com
[2011/09/27 02:14:47 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\inspector@mozilla.org
[2011/09/27 00:13:32 | 000,000,000 | ---D | M] (JavaScript Deobfuscator) -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\extensions\jsdeobfuscator@adblockplus.org
[2011/03/23 20:42:20 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\searchplugins\conduit.xml
[2011/08/26 23:22:11 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\DAD\Application Data\Mozilla\Firefox\Profiles\fn2dlw99.default\searchplugins\MyStart Search.xml
[2011/09/27 02:18:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/18 08:46:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2011/09/17 16:44:50 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/08/18 08:45:29 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\DAD\Local Settings\Application Data\Google\Chrome\Application\13.0.782.215\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Documents and Settings\DAD\Local Settings\Application Data\Google\Chrome\Application\13.0.782.215\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\DAD\Local Settings\Application Data\Google\Chrome\Application\13.0.782.215\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\DAD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_1\plugins/avgnpss.dll
CHR - plugin: getPlusPlus for Adobe 162102 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\DAD\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Documents and Settings\DAD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\

O1 HOSTS File: ([2011/09/07 17:56:45 | 000,436,608 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15043 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
O3 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Task Catcher] C:\Program Files\BillP Studios\Task Catcher\TaskTrap.exe (BillP Studios)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SystemExplorerDisabled [2011/09/01 03:51:19 | 000,000,000 | ---D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246219383859 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06BD7469-7F5C-4449-9B14-D38A61E9D028}: NameServer = 68.105.28.11,68.105.28.12,68.105.29.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/01 14:37:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/30 23:32:49 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DAD\Desktop\OTL.exe
[2011/09/23 17:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAD\Application Data\gtk-2.0
[2011/09/23 17:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAD\.thumbnails
[2011/09/23 17:14:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAD\.gimp-2.6
[2011/09/23 17:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAD\My Documents\gegl-0.0
[2011/09/23 16:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GIMP
[2011/09/23 16:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2011/09/23 14:43:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAD\My Documents\My Drivers
[2011/09/23 14:43:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAD\Local Settings\Application Data\Innovative Solutions
[2011/09/23 14:43:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/09/23 13:39:52 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\s3legacy.sys
[2011/09/23 13:39:52 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys
[2011/09/23 13:39:20 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\s3legacy.dll
[2011/09/23 13:39:20 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2011/09/21 12:58:43 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DAD\Desktop\TFC.exe
[2011/09/16 18:36:44 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/09/16 18:35:28 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/09/16 18:33:53 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/09/16 18:33:31 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/09/16 18:33:26 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/09/16 18:20:23 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrobj.dll
[2011/09/16 18:20:23 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrrun.dll
[2011/09/16 18:20:23 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wscript.exe
[2011/09/16 18:20:23 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshom.ocx
[2011/09/16 18:20:23 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cscript.exe
[2011/09/16 18:20:23 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshext.dll
[2011/09/16 18:06:03 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/09/16 18:05:24 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/09/16 17:50:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/09/10 14:05:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/09/10 12:42:16 | 002,897,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004152_.tmp.dll
[2011/09/10 12:39:23 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004145_.tmp.dll
[2011/09/10 12:39:23 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004150_.tmp.dll
[2011/09/10 12:39:22 | 000,986,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004138_.tmp.dll
[2011/09/10 12:39:22 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004144_.tmp.dll
[2011/09/10 12:39:22 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004139_.tmp.dll
[2011/09/10 12:39:22 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004142_.tmp.dll
[2011/09/10 12:39:22 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2011/09/10 12:39:22 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004143_.tmp.dll
[2011/09/10 12:39:21 | 000,724,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004134_.tmp.dll
[2011/09/10 12:39:21 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004131_.tmp.dll
[2011/09/10 12:39:20 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004125_.tmp.dll
[2011/09/10 12:39:19 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004124_.tmp.dll
[2011/09/10 12:39:19 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\olecnv32.dll
[2011/09/10 12:39:18 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004114_.tmp.dll
[2011/09/10 12:39:18 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004111_.tmp.dll
[2011/09/10 12:39:18 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004110_.tmp.dll
[2011/09/10 12:39:18 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004115_.tmp.dll
[2011/09/10 12:39:17 | 000,983,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004108_.tmp.dll
[2011/09/10 12:39:16 | 000,990,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\syssetup.dll
[2011/09/10 12:39:15 | 001,858,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2011/09/10 12:39:15 | 001,850,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004100_.tmp.dll
[2011/09/10 12:39:13 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_004098_.tmp.dll
[2011/09/10 12:39:12 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys
[2011/09/10 12:39:12 | 000,071,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\_004074_.tmp.dll
[2011/09/10 11:41:02 | 331,805,736 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\DAD\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
[2011/09/09 09:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAD\Application Data\Safer Networking
[2011/09/09 02:12:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/07 19:17:06 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2011/09/07 11:00:33 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2011/09/05 00:25:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[90 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/01 08:40:53 | 133,862,605 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/30 23:32:44 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DAD\Desktop\OTL.exe
[2011/09/30 19:06:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/30 19:04:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/27 01:13:30 | 000,037,540 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/09/27 01:11:45 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/27 00:30:42 | 000,006,841 | ---- | M] () -- C:\Documents and Settings\DAD\Desktop\ban.html
[2011/09/26 03:08:46 | 000,079,608 | ---- | M] () -- C:\Documents and Settings\DAD\Desktop\Now Playing.wpl
[2011/09/23 17:57:18 | 000,002,167 | ---- | M] () -- C:\Documents and Settings\DAD\.recently-used.xbel
[2011/09/23 14:48:54 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/09/21 13:14:55 | 000,167,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/21 12:58:39 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DAD\Desktop\TFC.exe
[2011/09/20 13:34:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/19 09:56:09 | 000,465,563 | ---- | M] () -- C:\Documents and Settings\DAD\My Documents\ALLLYRICSTODATE.RTF
[2011/09/17 16:45:45 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/09/16 20:06:18 | 000,463,932 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/16 20:06:18 | 000,079,208 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/14 15:49:36 | 000,760,320 | ---- | M] () -- C:\Documents and Settings\DAD\Desktop\MicrosoftFixit50389.msi
[2011/09/10 15:32:35 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/09/10 15:32:35 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/09/10 11:57:20 | 331,805,736 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\DAD\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
[2011/09/09 08:49:23 | 000,000,328 | -HS- | M] () -- C:\boot.ini
[2011/09/09 02:12:31 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2011/09/09 02:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/09 00:23:12 | 000,048,128 | ---- | M] () -- C:\Documents and Settings\DAD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/08 23:14:40 | 000,000,059 | ---- | M] () -- C:\WINDOWS\System32\everest_cpl.ini
[2011/09/07 17:56:45 | 000,436,608 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/07 17:48:13 | 000,436,608 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110907-175645.backup
[2011/09/07 17:20:22 | 000,436,608 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110907-174812.backup
[2011/09/07 17:17:48 | 000,436,163 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110907-172022.backup
[2011/09/07 11:00:33 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2011/09/02 19:03:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110907-171748.backup

========== Files Created - No Company Name ==========

[2011/09/27 00:30:42 | 000,006,841 | ---- | C] () -- C:\Documents and Settings\DAD\Desktop\ban.html
[2011/09/24 07:51:03 | 000,079,608 | ---- | C] () -- C:\Documents and Settings\DAD\Desktop\Now Playing.wpl
[2011/09/23 17:57:18 | 000,002,167 | ---- | C] () -- C:\Documents and Settings\DAD\.recently-used.xbel
[2011/09/14 15:48:59 | 000,760,320 | ---- | C] () -- C:\Documents and Settings\DAD\Desktop\MicrosoftFixit50389.msi
[2011/09/09 02:12:30 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/08/27 16:32:41 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\everest_cpl.ini
[2011/05/28 00:47:06 | 000,037,540 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/30 11:53:26 | 000,166,400 | ---- | C] () -- C:\WINDOWS\System32\TridTray.exe
[2011/04/12 23:13:27 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/31 23:15:01 | 000,021,312 | ---- | C] () -- C:\WINDOWS\choice.exe
[2011/03/31 00:26:19 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/12/27 18:30:41 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/05/08 20:58:20 | 000,002,230 | ---- | C] () -- C:\WINDOWS\BJWIN.INI
[2009/05/08 20:48:40 | 000,000,027 | ---- | C] () -- C:\WINDOWS\VPWIN.INI
[2009/03/19 20:49:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ump.INI
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/03 20:28:02 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\DAD\Application Data\PFP120JPR.{PB
[2007/04/03 20:28:02 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\DAD\Application Data\PFP120JCM.{PB
[2006/11/09 17:24:59 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/07/21 20:35:28 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\DAD\Local Settings\Application Data\fusioncache.dat
[2006/07/17 19:46:23 | 000,102,400 | R--- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006/06/13 12:56:12 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/05/21 15:46:23 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/12/26 23:00:38 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\DAD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/26 18:58:09 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/12/23 17:34:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/14 21:19:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/14 21:12:00 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/12/14 21:04:02 | 000,004,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/14 21:02:14 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/14 20:41:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/12/14 20:41:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/12/14 20:41:10 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 07:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 12:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 11:57:15 | 000,167,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 11:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 11:51:20 | 000,463,932 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 11:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 11:51:20 | 000,079,208 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 11:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 11:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 11:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 11:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 11:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 11:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 11:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 11:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/04/11 11:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2002/03/19 17:30:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\PowerCalc.exe

< End of report >

oldman960

2011-10-02, 11:53

Hi musicalpulltoy,

this time its all out of "all users" thoughDo you mean it's gone now?

Next, Double click on OTL.exe
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :

:Services

:OTL
O3 - HKU\S-1-5-21-1668751319-4250827956-263943839-1006\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found

Then click the Run Fix button at the top
Let the program run unhindered

musicalpulltoy

2011-10-03, 01:20

hey
done.
yes incredimail folder is now gone.

oldman960

2011-10-03, 03:10

Hi musicalpulltoy,

If everything seems ok you can remove OTL. Open OTL and click the Clean Up button. The tool will remove itself.

Take care.

musicalpulltoy

2011-10-03, 22:10

hey oldman
finally had enough of me :-D
youve been more then helpfull.
THANK YOU MUCH!!

oldman960

2011-10-04, 00:52

Hi musicalpulltoy,

It's been a pleasure and you are more than welcome.

Take care, keep safe.

oldman960

2011-10-06, 02:15

Since this issue appears to be resolved ... this Topic has been closed.