Virus Help - Warning Your're in danger virus

View previous topic View next topic Go down

Virus Help - Warning Your're in danger virus

Post by christensens on Mon 21 Mar 2011, 11:17 am

I have this virus on my laptop. I ran Malwarebytes Antimalware and the problem is still there. It also disabled my internet access on that laptop so I have had to save the malwarebytes and the OTL program on a usb drive in order to use them on the laptop. Please help! Below is the extras file and then part of the otl file, the rest will be posted separately. thanks!

OTL Extras logfile created on: 20/03/2011 8:10:51 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = F:\
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.32 Gb Total Space | 143.24 Gb Free Space | 65.01% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.26 Gb Free Space | 52.57% Space Free | Partition Type: NTFS
Drive F: | 7.50 Gb Total Space | 7.50 Gb Free Space | 99.90% Space Free | Partition Type: FAT32

Computer Name: LAPTOP | User Name: Ingrid | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{440B0AAC-90F4-44A1-A7FE-835FA6E1A6D4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{798E83AA-6316-453F-9B03-4BD077ACB81F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{808BBCD7-F68E-407A-88FE-DAC45290D9B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D7C220D5-08EA-4EF2-BC5F-4C16C8C282E8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0264D834-AA4A-488B-BA73-E02598AA436D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{12F49193-DA86-44FE-B1A4-F09DCA0936F7}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\mldotime.exe |
"{1B53797C-CE17-4621-9961-FA1C68219DBD}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\mldotime.exe |
"{1B931826-B0EF-4A12-AEDD-9D5B223FD38F}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{2511F697-CD51-4B6A-8B1C-7272DD2305C2}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\mldopswx.exe |
"{37B7824C-42B4-4261-BA41-7AE2CA908124}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{42B61907-662B-4E51-A062-B31EDCFC69C8}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{43FEBDDC-EED0-417B-9B08-8484E4FA5CAD}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{5ECB5B96-719D-4797-9E82-4E63E709D94F}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\mldojswx.exe |
"{6308AF1E-2F64-4B6C-B46E-E46480FC6E00}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{63975B39-EE1D-4B2F-BD12-A47FFE3DD984}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{8071ED1C-7CC3-4681-A800-36ACF586F7E7}" = protocol=17 | dir=in | app=c:\windows\system32\mldocoms.exe |
"{80F87C4B-92DC-47EB-95FE-A338C87F9CA5}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{845946E8-ED69-4A8F-BA2F-8CBF8C2FBC7A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A083E229-CF71-45D0-9283-E8C827903F04}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A6D6FFE7-5576-47C3-9E9F-469A687CF824}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C12048BA-E073-4540-AFCC-602C52114A44}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\mldojswx.exe |
"{D02E54DE-E35B-4EE7-A2C0-F6FC0CBD999C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DF4E8C54-C76A-424A-97FF-7FF4D01DC133}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\mldopswx.exe |
"{F2814A9D-C168-4EB9-9B8D-E5FA0BB8C987}" = protocol=6 | dir=in | app=c:\windows\system32\mldocoms.exe |
"{F8C6A827-FC49-469B-A440-258F0EC0E017}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04E35C27-EB24-4DC5-94F4-3108B83E6994}" = Barbie Doll'd Up Nails Printer Driver
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DAB699D-72FD-4C69-B1D8-83B705D31906}" = ScanSnap Organizer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}" = QuickTax 2007
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{37FD2F04-EC91-41AE-B5AB-AFF904BF20EE}" = Mobile Broadband Drivers
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{5101BF69-3FCF-4472-8961-1BB59051A993}" = DVC-Chart
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C2F98B0-BD0D-4D9B-A372-57E5C92223CF}" = Mobile Connect
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7989F3A5-5368-4423-808D-FCBACF1FF955}" = CardMinder V3.2
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{9F8FF581-484A-4F7B-8B54-90AB635AE176}" = WWD185
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA0D2D5F-612B-45D3-8759-DA87206E5CC9}" = QuickTax 2008
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B5EB9775-4295-425E-9EBA-25968E80D0FC}" = IKEA HomePlanner Office
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}" = CardMinder V3.2
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E58F3B88-3B3E-4F85-9323-04789D979C15}" = ScanSnap Organizer
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6590901-B012-4381-84A8-98584BE2ECE6}" = DVC-Planner
"{E798A625-971B-4832-A741-6A6DC7A75796}" = Barbie Doll'd Up Nails
"{EA8C73AA-3D75-44C9-87A2-8E945FC5FEE6}" = Trend Micro PC-cillin Internet Security
"{ECB9C58E-C565-4683-9599-B72290BD3B25}" = QuickTax 2009
"{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}" = KhalSetup
"{F2E6CAF1-D651-4A74-8CC6-D92FE81FDBCC}" = WD Drive Manager (x86)
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"562F5F12C292EA241533CB07B24789FC68761A27" = Windows Driver Package - MATTEL Inkjet Drivers Printer (07/06/2009 1.0.1.22)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AIR MILES TOOLBAR" = AIR MILES TOOLBAR 1.432
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"conduitEngine" = Conduit Engine
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"InstallShield_{04E35C27-EB24-4DC5-94F4-3108B83E6994}" = Barbie Doll'd Up Nails Printer Driver
"InstallShield_{E798A625-971B-4832-A741-6A6DC7A75796}" = Barbie Doll'd Up Nails
"Juniper Network Connect 7.0.0" = Juniper Networks Network Connect 7.0.0
"LogixPro 500 PLC Simulator_is1" = the LogixPro 500 Simulator
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"RideMax" = RideMax 6.0
"SmartDraw VP" = SmartDraw VP
"Swag_Bucks Toolbar" = Swag Bucks Toolbar
"TmPcc" = Trend Micro PC-cillin Internet Security
"Trivial Pursuit Digital Choice_is1" = Trivial Pursuit Digital Choice v1.2.5 for Windows XP/Vista
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/01/2011 4:03:10 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2636

Error - 30/01/2011 4:03:11 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 30/01/2011 4:03:11 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3712

Error - 30/01/2011 4:03:11 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3712

Error - 30/01/2011 4:03:13 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 30/01/2011 4:03:13 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5288

Error - 30/01/2011 4:03:13 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5288

Error - 30/01/2011 4:03:14 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 30/01/2011 4:03:14 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6302

Error - 30/01/2011 4:03:14 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6302

[ Broadcom Wireless LAN Events ]
Error - 02/10/2010 9:47:20 PM | Computer Name = Laptop | Source = WLAN-Tray | ID = 0
Description = Error - Error in creating key container - -2146893809 (Broadcom Wireless
Adapter Manager Container)

Error - 02/10/2010 9:48:24 PM | Computer Name = Laptop | Source = WLAN-Tray | ID = 0
Description = 21:48:24, Sat, Oct 02, 10 Error - Error in creating key container -
-2146893809 (Broadcom Wireless Adapter Manager Container)

Error - 02/10/2010 9:48:24 PM | Computer Name = Laptop | Source = WLAN-Tray | ID = 0
Description = 21:48:24, Sat, Oct 02, 10 Error - Unable to gain access to user store


Error - 02/10/2010 9:48:25 PM | Computer Name = Laptop | Source = WLAN-Tray | ID = 0
Description = 21:48:25, Sat, Oct 02, 10 Error - Unable to gain access to user store


Error - 23/01/2011 2:00:33 AM | Computer Name = Laptop | Source = WLAN-Tray | ID = 0
Description = 01:00:32, Sun, Jan 23, 11 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 20/08/2009 5:29:59 PM | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 20/09/2009 1:24:25 PM | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/10/2009 9:52:22 PM | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 20/03/2011 8:09:49 PM | Computer Name = Laptop | Source = DCOM | ID = 10005
Description =

Error - 20/03/2011 8:09:51 PM | Computer Name = Laptop | Source = DCOM | ID = 10005
Description =

Error - 20/03/2011 8:10:07 PM | Computer Name = Laptop | Source = DCOM | ID = 10005
Description =

Error - 20/03/2011 8:10:15 PM | Computer Name = Laptop | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0016447582AC. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 20/03/2011 8:10:32 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 20/03/2011 8:10:32 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 20/03/2011 8:10:32 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7026
Description =

Error - 20/03/2011 8:16:05 PM | Computer Name = Laptop | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0016447582AC. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 20/03/2011 8:22:18 PM | Computer Name = Laptop | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0016447582AC. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 20/03/2011 8:28:33 PM | Computer Name = Laptop | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0016447582AC. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.


< End of report >


OTL report (part 1):

OTL logfile created on: 20/03/2011 8:10:51 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = F:\
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.32 Gb Total Space | 143.24 Gb Free Space | 65.01% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.26 Gb Free Space | 52.57% Space Free | Partition Type: NTFS
Drive F: | 7.50 Gb Total Space | 7.50 Gb Free Space | 99.90% Space Free | Partition Type: FAT32

Computer Name: LAPTOP | User Name: Ingrid | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/20 19:48:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\OTL.com
PRC - [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/03/20 19:48:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\OTL.com
MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/16 15:35:04 | 000,660,848 | ---- | M] (Juniper Networks) [Auto | Stopped] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/13 14:04:00 | 000,598,696 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\mldocoms.exe -- (mldo_device)
SRV - [2008/02/19 02:15:38 | 000,106,496 | ---- | M] (WDC) [Auto | Stopped] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2008/02/05 20:05:41 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 07:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 07:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/08/27 05:22:30 | 000,566,872 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe -- (tmproxy)
SRV - [2007/08/27 05:22:22 | 000,923,216 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe -- (TmPfw)
SRV - [2007/08/27 05:22:18 | 000,345,432 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe -- (Tmntsrv)
SRV - [2007/08/27 05:21:36 | 001,471,840 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe -- (PcCtlCom)
SRV - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV - [2010/06/10 23:27:06 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/11/26 18:42:42 | 000,205,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2008/11/26 18:42:40 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2008/11/26 18:39:56 | 001,195,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV - [2007/12/14 23:54:26 | 000,111,104 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2007/11/12 07:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/10/10 18:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/07 02:49:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/06 12:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 12:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 12:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/08/28 01:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/27 05:23:32 | 000,073,288 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2007/08/27 05:23:28 | 000,280,392 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2006/11/07 09:32:32 | 000,158,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2006/11/07 09:32:32 | 000,092,160 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2006/11/07 09:32:32 | 000,092,160 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/10/11 13:43:52 | 000,025,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2006/10/11 13:43:52 | 000,025,216 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2011/03/18 20:04:03 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FCTBPos00Pos Class) - {169A78DB-CFC2-4DA4-A9BD-A67B28D41FA7} - C:\Program Files\AIR MILES TOOLBAR\Toolbar.dll ()
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AIR MILES TOOLBAR) - {789D9334-A44A-486E-8234-313A78E66E61} - C:\Program Files\AIR MILES TOOLBAR\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIR MILES TOOLBAR) - {789D9334-A44A-486E-8234-313A78E66E61} - C:\Program Files\AIR MILES TOOLBAR\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MCStart] C:\Program Files\Bell\Mobile Connect\tscui.exe (Bell)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Spyware Doctor] C:\Users\Ingrid\Desktop\sdsetup_revwire207.exe ()
O4 - HKCU..\RunOnce: [cKlAdGjFbCg05603] C:\ProgramData\cKlAdGjFbCg05603\cKlAdGjFbCg05603.exe ()
O4 - Startup: C:\Users\Ingrid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553557800} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} [You must be registered and logged in to see this link.] (Image Uploader Control)
O16 - DPF: {EF073398-8C6E-4FAB-A72B-9F874C25E0E1} [You must be registered and logged in to see this link.] (SmartCouponPrinter Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} [You must be registered and logged in to see this link.] (JuniperSetupClientControl Class)
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0362b293-5405-11dd-964e-001e4ce049dd}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{8f7c434f-d2ab-11dd-be01-001e4ce049dd}\Shell - "" = AutoRun
O33 - MountPoints2\{8f7c434f-d2ab-11dd-be01-001e4ce049dd}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{ca36f1ec-317a-11dd-88c1-001e4ce049dd}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{f9c3cf07-6360-11dd-8ac7-001e4ce049dd}\Shell\AutoRun\command - "" = F:\StartPortableApps.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

christensens

Unborn
Unborn

Posts: 3
Joined: 2011-03-21
Operating System: Vista

View user profile

Back to top Go down

Virus help Page 2 - Warning Your're in danger virus

Post by christensens on Mon 21 Mar 2011, 11:19 am

continuation of otl file:

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/03/20 15:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/03/20 15:25:56 | 000,000,000 | ---D | C] -- C:\Users\Ingrid\AppData\Roaming\Malwarebytes
[2011/03/20 15:25:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/20 15:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/20 15:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/20 15:25:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/20 15:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/20 14:30:22 | 003,139,024 | ---- | C] (McAfee, Inc.) -- C:\Users\Ingrid\Documents\DMSetup.exe
[2011/03/20 13:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\cKlAdGjFbCg05603
[2011/03/16 20:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/03/13 19:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011/03/13 19:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/03/13 19:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/03/06 23:04:01 | 000,000,000 | ---D | C] -- C:\Users\Ingrid\AppData\Local\Conduit
[2011/03/06 10:25:59 | 000,000,000 | ---D | C] -- C:\Users\Ingrid\Documents\TurboTax
[2011/03/06 09:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax
[2011/03/06 09:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\TurboTax 2010
[2011/02/26 13:26:00 | 000,000,000 | ---D | C] -- C:\Users\Ingrid\AppData\Roaming\SmartDraw
[2011/02/26 13:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartDraw VP
[2011/02/26 13:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\SmartDraw VP
[2011/02/26 12:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IKEA HomePlanner
[2011/02/26 12:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\IKEA HomePlanner
[2011/02/26 00:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
[2011/02/21 17:24:48 | 001,693,696 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltclr13n.dll
[2011/02/21 17:24:48 | 000,090,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfjbg13n.dll
[2011/02/21 17:24:48 | 000,073,728 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lffax13n.dll
[2011/02/21 17:24:47 | 000,453,120 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltkrn13n.dll
[2011/02/21 17:24:47 | 000,445,440 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltimg13n.dll
[2011/02/21 17:24:47 | 000,388,608 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfcmp13n.dll
[2011/02/21 17:24:47 | 000,265,216 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltdis13n.dll
[2011/02/21 17:24:47 | 000,246,272 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfj2k13n.dll
[2011/02/21 17:24:47 | 000,206,848 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltefx13n.dll
[2011/02/21 17:24:47 | 000,189,976 | ---- | C] (MyFamily.com, Inc.) -- C:\Windows\System32\mfimgvwr.ocx
[2011/02/21 17:24:47 | 000,154,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltfil13n.dll
[2011/02/21 17:24:47 | 000,142,848 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lftif13n.dll
[2011/02/21 17:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\MFInstall
[2009/07/13 14:04:02 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\mldopmui.dll
[2009/07/13 14:04:00 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\mldoserv.dll
[2009/07/13 14:04:00 | 000,954,368 | ---- | C] ( ) -- C:\Windows\System32\mldousb1.dll
[2009/07/13 14:04:00 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\mldohbn3.dll
[2009/07/13 14:04:00 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\mldocoms.exe
[2009/07/13 14:04:00 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\mldoinpa.dll
[2009/07/13 14:04:00 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\mldocomm.dll
[2009/07/13 14:04:00 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\mldoiesc.dll
[2009/07/13 14:04:00 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\mldoih.exe
[2009/07/13 14:04:00 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\mldoprox.dll
[2009/07/13 14:03:58 | 000,369,320 | ---- | C] ( ) -- C:\Windows\System32\mldocfg.exe
[2009/05/28 07:50:52 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\mldolmpm.dll
[2009/05/28 07:50:50 | 000,856,064 | ---- | C] ( ) -- C:\Windows\System32\mldocomc.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/20 20:08:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/20 20:07:54 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/20 20:07:53 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2011/03/20 20:06:26 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/20 20:06:26 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/20 19:50:24 | 000,630,074 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/20 19:50:24 | 000,111,022 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/20 19:30:08 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/03/20 19:28:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/20 18:55:42 | 000,006,324 | ---- | M] () -- C:\Users\Ingrid\AppData\Local\d3d9caps.dat
[2011/03/20 15:58:22 | 000,000,932 | ---- | M] () -- C:\Users\Ingrid\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/03/20 15:58:22 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/20 15:55:06 | 000,512,992 | ---- | M] () -- C:\Users\Ingrid\Desktop\sdsetup_revwire207.exe
[2011/03/20 14:50:07 | 295,034,066 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/20 14:30:27 | 003,139,024 | ---- | M] (McAfee, Inc.) -- C:\Users\Ingrid\Documents\DMSetup.exe
[2011/03/19 23:47:19 | 000,001,660 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/03/19 17:24:22 | 000,000,276 | ---- | M] () -- C:\Users\Ingrid\Desktop\Net Nanny.url
[2011/03/18 20:03:41 | 000,001,674 | -H-- | M] () -- C:\Users\Ingrid\Documents\Default.rdp
[2011/03/16 20:40:54 | 000,002,337 | ---- | M] () -- C:\Users\Ingrid\Desktop\DVC-Planner.lnk
[2011/03/16 20:10:16 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/03/16 20:10:16 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/03/07 15:15:28 | 000,312,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/06 09:28:46 | 000,001,775 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax Canada 2010.lnk
[2011/02/27 00:45:57 | 000,210,605 | ---- | M] () -- C:\Users\Ingrid\Documents\office template 2.sdr
[2011/02/27 00:45:41 | 000,239,131 | ---- | M] () -- C:\Users\Ingrid\Documents\office template.sdr
[2011/02/26 15:59:00 | 000,226,433 | ---- | M] () -- C:\Users\Ingrid\Documents\office template 3.sdr
[2011/02/26 14:34:28 | 000,021,127 | ---- | M] () -- C:\Users\Ingrid\Documents\1.sdr
[2011/02/26 13:26:09 | 000,000,805 | ---- | M] () -- C:\Users\Ingrid\Desktop\SmartDraw VP.lnk
[2011/02/26 13:25:33 | 000,000,779 | ---- | M] () -- C:\Users\Public\Desktop\SmartDraw VP.lnk
[2011/02/26 12:21:17 | 000,002,397 | ---- | M] () -- C:\Users\Public\Desktop\IKEA Home Planner.lnk
[2011/02/26 00:09:51 | 000,001,904 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
[2011/02/21 21:54:24 | 000,002,433 | ---- | M] () -- C:\Users\Ingrid\Documents\v13t1582.ged
[2011/02/21 20:48:27 | 000,066,048 | ---- | M] () -- C:\Users\Ingrid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/20 19:30:08 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/03/20 15:56:13 | 000,512,992 | ---- | C] () -- C:\Users\Ingrid\Desktop\sdsetup_revwire207.exe
[2011/03/20 15:25:53 | 000,000,932 | ---- | C] () -- C:\Users\Ingrid\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/03/20 15:25:53 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/13 19:42:28 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/03/13 19:42:27 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/03/06 09:28:46 | 000,001,775 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax Canada 2010.lnk
[2011/02/26 15:59:00 | 000,226,433 | ---- | C] () -- C:\Users\Ingrid\Documents\office template 3.sdr
[2011/02/26 15:33:46 | 000,210,605 | ---- | C] () -- C:\Users\Ingrid\Documents\office template 2.sdr
[2011/02/26 14:34:28 | 000,021,127 | ---- | C] () -- C:\Users\Ingrid\Documents\1.sdr
[2011/02/26 13:39:20 | 000,239,131 | ---- | C] () -- C:\Users\Ingrid\Documents\office template.sdr
[2011/02/26 13:26:09 | 000,000,835 | ---- | C] () -- C:\Users\Ingrid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartDraw VP.lnk
[2011/02/26 13:26:09 | 000,000,805 | ---- | C] () -- C:\Users\Ingrid\Desktop\SmartDraw VP.lnk
[2011/02/26 13:25:36 | 000,000,474 | ---- | C] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2011/02/26 13:25:33 | 000,000,779 | ---- | C] () -- C:\Users\Public\Desktop\SmartDraw VP.lnk
[2011/02/26 12:19:47 | 000,002,397 | ---- | C] () -- C:\Users\Public\Desktop\IKEA Home Planner.lnk
[2011/02/26 00:09:51 | 000,001,904 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
[2011/02/21 21:54:24 | 000,002,433 | ---- | C] () -- C:\Users\Ingrid\Documents\v13t1582.ged
[2011/01/23 21:10:25 | 000,000,029 | ---- | C] () -- C:\Users\Ingrid\AppData\Roaming\turing_files.ini
[2010/06/27 11:59:10 | 000,132,924 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/05/18 19:26:01 | 000,007,823 | ---- | C] () -- C:\ProgramData\000000000000000.A01
[2010/01/28 14:45:34 | 000,007,822 | ---- | C] () -- C:\ProgramData\000000000000000.A00
[2009/09/28 12:51:16 | 000,006,324 | ---- | C] () -- C:\Users\Ingrid\AppData\Local\d3d9caps.dat
[2009/07/13 14:04:24 | 000,208,896 | ---- | C] () -- C:\Windows\System32\mldogrd.dll
[2009/07/13 14:04:24 | 000,147,456 | ---- | C] () -- C:\Windows\System32\mldojswr.dll
[2009/07/13 14:04:24 | 000,106,496 | ---- | C] () -- C:\Windows\System32\mldoinsr.dll
[2009/07/13 14:04:24 | 000,036,864 | ---- | C] () -- C:\Windows\System32\mldocur.dll
[2009/07/13 14:04:06 | 000,344,064 | ---- | C] () -- C:\Windows\System32\mldocoin.dll
[2009/07/13 14:04:04 | 000,040,960 | ---- | C] () -- C:\Windows\System32\mldovs.dll
[2009/07/13 14:04:02 | 000,503,808 | ---- | C] () -- C:\Windows\System32\mldoutil.dll
[2009/07/13 14:04:02 | 000,204,800 | ---- | C] () -- C:\Windows\System32\mldoinsb.dll
[2009/07/13 14:04:02 | 000,176,128 | ---- | C] () -- C:\Windows\System32\mldoins.dll
[2009/07/13 14:04:02 | 000,090,112 | ---- | C] () -- C:\Windows\System32\mldocub.dll
[2009/07/13 14:04:02 | 000,077,824 | ---- | C] () -- C:\Windows\System32\mldocu.dll
[2008/05/23 13:58:35 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
[2008/02/20 23:44:36 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2008/02/12 17:45:41 | 000,066,048 | ---- | C] () -- C:\Users\Ingrid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/07 10:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll
[2008/02/05 20:16:52 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/02/05 20:16:52 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/02/05 20:16:52 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll
[2008/02/05 20:16:50 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/02/05 20:16:50 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/02/05 12:43:12 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/02/05 12:43:10 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/02/05 12:37:23 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/02/05 12:23:49 | 000,001,660 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/06/29 10:25:12 | 000,033,664 | ---- | C] () -- C:\Windows\System32\drivers\TsWlan.sys
[2006/11/10 09:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 15:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/03 19:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,312,768 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,630,074 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,111,022 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:30:49 | 000,031,747 | ---- | C] () -- C:\Windows\System32\yhegdit.dll
[2006/11/02 04:30:49 | 000,029,698 | ---- | C] () -- C:\Windows\System32\bdwutsu.dll
[2006/11/02 04:30:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\stcpdit.dll
[2006/11/02 04:30:49 | 000,022,530 | ---- | C] () -- C:\Windows\System32\aselsys.dll
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/09/17 01:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 01:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 08:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/04/28 06:14:02 | 000,293,888 | ---- | M] (Hewlett-Packard ) -- C:\Windows\System32\spool\prtprocs\w32x86\HP1006S.DLL
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2009/07/13 14:04:04 | 000,113,664 | ---- | M] () -- C:\Windows\System32\spool\prtprocs\w32x86\mldodrpp.dll
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/12/13 15:00:31 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/01/21 20:57:22 | 000,000,286 | -HS- | M] () -- C:\Users\Ingrid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/03/20 15:55:06 | 000,512,992 | ---- | M] () -- C:\Users\Ingrid\Desktop\sdsetup_revwire207.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2008/06/11 08:37:59 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2008/06/11 08:37:59 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2008/06/11 08:37:59 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2008/06/11 08:37:59 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2008/06/11 08:37:59 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2008/06/11 08:37:59 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/02/12 17:39:07 | 000,000,402 | -HS- | M] () -- C:\Users\Ingrid\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/05/18 19:36:16 | 000,007,822 | ---- | M] () -- C:\ProgramData\000000000000000.A00
[2010/05/18 19:26:01 | 000,007,823 | ---- | M] () -- C:\ProgramData\000000000000000.A01

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/02 03:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2008/02/12 18:43:28 | 000,224,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 03:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2006/11/02 03:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 03:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 03:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 03:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 03:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 03:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 03:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 03:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 03:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 03:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 03:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 03:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 03:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2009/08/14 10:01:34 | 002,031,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >
[2006/08/04 20:39:20 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/04/28 06:14:02 | 000,293,888 | ---- | M] (Hewlett-Packard ) -- C:\Windows\System32\spool\prtprocs\w32x86\HP1006S.DLL
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2009/07/13 14:04:04 | 000,113,664 | ---- | M] () -- C:\Windows\System32\spool\prtprocs\w32x86\mldodrpp.dll
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2006/11/02 05:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/02/05 20:17:00 | 000,004,859 | RH-- | M] () -- C:\dell.sdr
[2011/03/20 19:30:08 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2008/02/05 12:42:51 | 000,022,729 | ---- | M] () -- C:\newfile.enc
[2008/02/05 12:42:51 | 000,022,729 | ---- | M] () -- C:\newkey
[2011/03/20 20:08:32 | 2450,968,576 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2008/09/07 18:04:12 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/03/02 22:30:30 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2009/05/21 17:47:38 | 000,000,000 | ---D | M] -- C:\Program Files\AIR MILES TOOLBAR
[2008/12/25 13:53:03 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/03/09 18:45:20 | 000,000,000 | -H-D | M] -- C:\Program Files\Avago-HP
[2008/06/05 11:32:36 | 000,000,000 | ---D | M] -- C:\Program Files\Bell
[2010/06/27 18:39:44 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2008/02/05 12:43:35 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2010/02/02 19:07:04 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/02/20 15:45:05 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2011/03/06 23:04:08 | 000,000,000 | ---D | M] -- C:\Program Files\ConduitEngine
[2008/02/05 12:22:43 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2008/02/05 12:37:08 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2008/02/05 12:36:18 | 000,000,000 | ---D | M] -- C:\Program Files\Creative Live! Cam
[2008/02/05 13:03:26 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2008/02/05 13:06:02 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2008/02/05 12:55:03 | 000,000,000 | ---D | M] -- C:\Program Files\Dell DataSafe Online
[2008/02/05 12:57:41 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2008/02/05 20:16:39 | 000,000,000 | ---D | M] -- C:\Program Files\DellTPad
[2010/01/28 13:28:28 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2008/02/05 12:35:26 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2009/05/28 09:48:45 | 000,000,000 | ---D | M] -- C:\Program Files\DVC-Chart
[2008/08/09 16:43:25 | 000,000,000 | ---D | M] -- C:\Program Files\DVC-Planner
[2011/02/26 00:09:10 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/03/09 18:45:56 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2011/02/26 12:48:29 | 000,000,000 | ---D | M] -- C:\Program Files\IKEA HomePlanner
[2010/01/28 15:53:08 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/02/05 12:42:43 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/05/24 12:30:41 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/06/27 18:47:53 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/06/27 18:48:57 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/04/19 19:30:22 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/10/04 19:27:41 | 000,000,000 | ---D | M] -- C:\Program Files\Juniper Networks
[2011/03/20 15:58:22 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/28 15:52:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mattel
[2011/03/16 20:10:13 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2011/02/21 17:24:47 | 000,000,000 | ---D | M] -- C:\Program Files\MFInstall
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2008/02/05 12:52:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/02/12 12:10:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/07/17 23:56:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/02/05 12:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2008/02/05 12:34:18 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Diagnostic Tool
[2010/03/26 13:33:14 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/02/12 18:38:21 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/02/05 12:34:55 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2008/06/05 11:34:33 | 000,000,000 | ---D | M] -- C:\Program Files\Novatel Wireless
[2008/05/23 13:55:36 | 000,000,000 | ---D | M] -- C:\Program Files\PFU
[2009/03/13 11:50:17 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTax 2007
[2009/04/25 16:43:48 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTax 2008
[2010/08/01 17:15:15 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTax 2009
[2010/05/12 20:10:48 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/03/12 10:26:18 | 000,000,000 | ---D | M] -- C:\Program Files\RideMax
[2008/02/05 12:48:44 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2008/02/05 12:34:07 | 000,000,000 | ---D | M] -- C:\Program Files\SetPoint
[2008/02/05 12:22:29 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2011/02/26 13:25:37 | 000,000,000 | ---D | M] -- C:\Program Files\SmartDraw VP
[2010/02/02 19:08:16 | 000,000,000 | ---D | M] -- C:\Program Files\Southwest Airlines
[2011/03/06 23:04:10 | 000,000,000 | ---D | M] -- C:\Program Files\Swag_Bucks
[2009/10/10 15:10:47 | 000,000,000 | ---D | M] -- C:\Program Files\TheLearningPit
[2008/02/05 12:58:10 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/02/01 14:53:54 | 000,000,000 | ---D | M] -- C:\Program Files\Trivial Pursuit Choice
[2011/03/06 09:40:35 | 000,000,000 | ---D | M] -- C:\Program Files\TurboTax 2010
[2006/11/02 09:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/04/24 12:37:12 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital
[2009/04/24 12:37:43 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital Technologies
[2010/06/28 20:36:46 | 000,000,000 | ---D | M] -- C:\Program Files\What's New v1.0
[2008/02/05 12:43:52 | 000,000,000 | ---D | M] -- C:\Program Files\WIDCOMM
[2008/02/05 20:10:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2006/11/02 08:42:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2008/02/05 20:05:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2006/11/02 08:42:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/05/23 22:32:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/12/06 14:11:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2006/11/02 08:42:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2008/02/12 18:47:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar

< %appdata%\*.* >
[2011/01/23 21:10:25 | 000,000,029 | ---- | M] () -- C:\Users\Ingrid\AppData\Roaming\turing_files.ini


< MD5 for: AGP440.SYS >
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/02/05 20:02:34 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2008/02/05 20:02:34 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2008/02/05 20:02:34 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2008/02/05 20:02:34 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2008/02/05 20:03:22 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=3E39E69F31F95D056703212E94320899 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_e6b2949c\atapi.sys
[2008/02/05 20:03:22 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=3E39E69F31F95D056703212E94320899 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20544_none_dbb443eb3d9db847\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/05 20:03:07 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2008/02/05 20:16:15 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5da5d093\atapi.sys
[2008/02/05 20:16:15 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20580_none_db8503133dc1c2af\atapi.sys
[2008/02/05 20:16:15 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_6c3af7d3\atapi.sys
[2008/02/05 20:16:15 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16470_none_db063634249c06f4\atapi.sys
[2008/02/05 20:02:31 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2008/02/05 20:02:31 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2008/02/05 20:03:07 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2008/02/05 20:03:07 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/02/12 18:41:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/12 18:41:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/12 18:41:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\drivers\atapi.sys
[2008/02/12 18:41:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/02/12 18:41:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2008/01/19 03:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\drivers\disk.sys
[2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTOR.SYS >
[2007/09/06 12:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R166200\iastor.sys
[2007/03/21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/09/06 12:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007/09/06 12:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/09/06 12:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys
[2007/03/21 14:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/02/05 20:10:42 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\System32\drivers\USBSTOR.SYS
[2008/02/05 20:10:42 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_8416e98e\USBSTOR.SYS
[2008/02/05 20:10:42 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.16478_none_465c5f209ade1e53\USBSTOR.SYS
[2008/02/05 20:10:42 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7DA1833F2B2500C755AB6C81C5ABFC88 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.20588_none_46db2bffb403da0e\USBSTOR.SYS
[2008/01/19 01:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2006/11/02 04:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-02-12 03:45:22

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:F25DDE13

< End of report >


christensens

Unborn
Unborn

Posts: 3
Joined: 2011-03-21
Operating System: Vista

View user profile

Back to top Go down

Re: Virus Help - Warning Your're in danger virus

Post by Belahzur on Tue 22 Mar 2011, 8:35 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\RunOnce: [cKlAdGjFbCg05603] C:\ProgramData\cKlAdGjFbCg05603\cKlAdGjFbCg05603.exe ()

    :files
    C:\ProgramData\cKlAdGjFbCg05603


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.



If I have helped you, please consider donating to me.

Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts: 34919
Joined: 2008-08-04
Operating System: XP SP3 Media Centre

View user profile

Back to top Go down

Re: Virus Help - Warning Your're in danger virus

Post by christensens on Tue 22 Mar 2011, 10:38 am

Hi,
Thank you! Below is the fix log:

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\cKlAdGjFbCg05603 deleted successfully.
C:\ProgramData\cKlAdGjFbCg05603\cKlAdGjFbCg05603.exe moved successfully.
========== FILES ==========
C:\ProgramData\cKlAdGjFbCg05603 folder moved successfully.

OTL by OldTimer - Version 3.2.22.3 log created on 03212011_203654

christensens

Unborn
Unborn

Posts: 3
Joined: 2011-03-21
Operating System: Vista

View user profile

Back to top Go down

View previous topic View next topic Back to top


Permissions in this forum:
You cannot reply to topics in this forum