Antimalware Doctor virus removed but computer is slow

View previous topic View next topic Go down

Antimalware Doctor virus removed but computer is slow

Post by spideylee on Fri Apr 29, 2011 6:45 am

Hi GeekPolice,
I recently had a virus infection by Antimalware Doctor. I have removed the registry files and deleted the files that are associated with this virus. However, programs take long time to load and once loaded sometimes it freezes. Please let me know if you have any suggestions what might be causing this problem. Thank you!


OTL logfile created on: 4/28/2011 11:01:43 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jason Lee\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 421.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 79.18 Gb Total Space | 14.38 Gb Free Space | 18.16% Space Free | Partition Type: NTFS
Drive D: | 26.51 Gb Total Space | 8.95 Gb Free Space | 33.75% Space Free | Partition Type: NTFS

Computer Name: SPIDER-MAN | User Name: Jason Lee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/28 22:15:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason Lee\Desktop\OTL.com
PRC - [2010/09/21 02:42:38 | 000,064,048 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\hqtray.exe
PRC - [2010/09/07 02:10:44 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2009/05/21 15:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/05/21 14:54:58 | 000,348,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2009/05/21 14:49:36 | 001,372,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2009/05/21 14:23:04 | 000,909,312 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/05/21 14:06:22 | 001,202,448 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2009/05/21 14:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/03/17 14:24:06 | 000,721,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
PRC - [2008/08/03 18:45:04 | 000,835,208 | ---- | M] (ExtendMedia Inc.) -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/04/06 12:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/24 14:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/09/08 03:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/10/06 17:56:52 | 000,161,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2004/10/06 17:56:48 | 000,173,392 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe


========== Modules (SafeList) ==========

MOD - [2011/04/28 22:15:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason Lee\Desktop\OTL.com
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2005/12/13 00:39:58 | 000,073,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hccutils.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Plug Manager)
SRV - File not found [Disabled | Stopped] -- -- (MsMpSvc)
SRV - File not found [Auto | Stopped] -- -- (Microsoft Registry Modification Parameters)
SRV - File not found [Auto | Stopped] -- -- (Microsoft Batch Process Handler For Windows)
SRV - File not found [Auto | Stopped] -- -- (Input Manager)
SRV - [2010/09/21 02:42:06 | 000,113,200 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/09/21 02:41:38 | 000,334,384 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/09/21 02:41:34 | 000,404,016 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2010/09/21 01:42:44 | 000,539,184 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/08/19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/05/21 15:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009/05/21 14:54:58 | 000,348,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2009/05/21 14:23:04 | 000,909,312 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2009/05/21 14:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/03 18:45:04 | 000,835,208 | ---- | M] (ExtendMedia Inc.) [Auto | Running] -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/04/06 12:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2004/10/06 17:56:48 | 000,173,392 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2004/10/06 17:56:44 | 001,275,216 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2004/10/06 17:56:36 | 000,030,024 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2004/06/11 18:28:30 | 000,201,944 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/06/09 20:31:14 | 000,242,808 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/06/09 20:31:12 | 000,087,160 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/06/09 20:31:08 | 000,255,096 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)


========== Driver Services (SafeList) ==========

DRV - [2010/09/21 02:42:46 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci)
DRV - [2010/09/21 02:42:44 | 000,854,064 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2010/09/21 02:41:08 | 000,024,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2010/09/21 02:40:08 | 000,032,688 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2010/09/21 02:40:04 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2010/09/21 01:42:32 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2010/09/20 23:18:16 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmusb.sys -- (vmusb)
DRV - [2010/09/20 23:18:14 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2010/08/19 13:56:38 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/05/28 23:23:24 | 004,203,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2009/03/17 14:24:08 | 001,964,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2008/12/17 17:33:25 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/12/17 02:00:00 | 000,876,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081217.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2008/12/17 02:00:00 | 000,089,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081217.003\NAVENG.SYS -- (NAVENG)
DRV - [2008/08/13 18:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/04/14 01:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/07/07 08:11:38 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/03 11:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 11:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/04/26 14:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2006/03/24 14:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/08 03:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 03:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 03:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 03:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 03:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 03:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 03:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/01 13:11:52 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005/09/01 12:27:45 | 000,014,080 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2005/09/01 12:24:44 | 001,081,856 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 5000(UVC)
DRV - [2005/08/25 10:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 10:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 15:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/04 18:32:16 | 000,045,312 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/14 01:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 00:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 02:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2004/06/11 18:28:10 | 000,263,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/06/09 08:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
DRV - [2004/03/04 23:46:46 | 000,082,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/02/09 15:43:56 | 000,301,200 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/02/09 15:43:56 | 000,037,008 | R--- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/02 10:18:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/28 22:38:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010/12/13 12:06:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2011/04/28 22:37:51 | 000,000,000 | ---D | M]

[2010/03/29 11:30:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jason Lee\Application Data\Mozilla\Extensions
[2010/03/29 11:30:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jason Lee\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/04/28 21:10:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jason Lee\Application Data\Mozilla\Firefox\Profiles\5jxtan2j.default\extensions
[2010/05/02 20:11:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jason Lee\Application Data\Mozilla\Firefox\Profiles\5jxtan2j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/12 23:47:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jason Lee\Application Data\Mozilla\Sunbird\Profiles\fel9mhfm.default\extensions
[2011/04/28 22:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/17 19:07:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/28 22:19:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
[2011/04/28 21:14:50 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\JASON LEE\APPLICATION DATA\MOVE NETWORKS
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JASON LEE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\5JXTAN2J.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
[2010/12/17 19:06:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/18 10:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/03/18 11:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/04/14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/11/29 18:28:10 | 000,626,688 | ---- | M] (ebrary) -- C:\Program Files\Mozilla Firefox\plugins\NPInfotl.dll
[2011/03/18 11:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2007/09/06 08:46:39 | 000,159,744 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (C:\WINDOWS\system32\iraos.dll) - {E1B220C3-A500-99BD-A121-04B53A2C8952} - File not found
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSSE] File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} [You must be registered and logged in to see this link.] (SysProWmi Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} [You must be registered and logged in to see this link.] (System Requirements Lab Class)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} [You must be registered and logged in to see this link.] (TTestGenXInstallObject)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} [You must be registered and logged in to see this link.] (Windows Live Safety Center Base Module)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} [You must be registered and logged in to see this link.] (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_25)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} [You must be registered and logged in to see this link.] (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} [You must be registered and logged in to see this link.] (Pearson MathXL Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O22 - SharedTaskScheduler: {E1B220C3-A500-99BD-A121-04B53A2C8952} - isonsf983uhwaygbhudbhjsa3afgdsd - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Jason Lee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jason Lee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2ead1c6e-99ea-11de-8fff-0015c566d250}\Shell - "" = AutoRun
O33 - MountPoints2\{2ead1c6e-99ea-11de-8fff-0015c566d250}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2ead1c6e-99ea-11de-8fff-0015c566d250}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{2fc41de6-7827-11df-9071-0015c566d250}\Shell - "" = AutoRun
O33 - MountPoints2\{2fc41de6-7827-11df-9071-0015c566d250}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2fc41de6-7827-11df-9071-0015c566d250}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{2fc41de7-7827-11df-9071-0015c566d250}\Shell\AutoRun\command - "" = H:\explorer.exe
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{61fdb8e9-0ef7-11e0-909a-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{61fdb8e9-0ef7-11e0-909a-005056c00008}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{61fdb8e9-0ef7-11e0-909a-005056c00008}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{bac9465d-45eb-11dc-8e16-0015c566d250}\Shell - "" = AutoRun
O33 - MountPoints2\{bac9465d-45eb-11dc-8e16-0015c566d250}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: ://getpersonas-cdn.mozilla.net/static/1/6/16/preview.jpg?1299763251\",\"author\":\"mozilla\",\"updateurl\":\"https://www.getpersonas.com/en-us/update_check/16\",\"version\":\"1299763251\",\"updatedate\":1301462052824,\"installdate\":1301462052824},{\"id\":\"360122\",\"name\":\"bamboo panda..\",\"headerurl\":\"http://www.getpersonas.com/static/2/2/360122/pb1.jpg\",\"footerurl\":\"http://www.getpersonas.com/static/2/2/ - File not found

MsConfig - Services: "iPod Service"
MsConfig - Services: "YahooAUService"
MsConfig - Services: "SNDSrvc"
MsConfig - Services: "DefWatch"
MsConfig - Services: "ccPwdSvc"
MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "WinDefend"
MsConfig - Services: "Viewpoint Manager Service"
MsConfig - Services: "Lavasoft Ad-Aware Service"
MsConfig - Services: "JTAGServer"
MsConfig - Services: "VMware NAT Service"
MsConfig - Services: "VMUSBArbService"
MsConfig - Services: "VMnetDHCP"
MsConfig - Services: "VMAuthdService"
MsConfig - Services: "ufad-ws60"
MsConfig - Services: "PnkBstrA"
MsConfig - Services: "MsMpSvc"
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig - StartUpReg: Aim6 - hkey= - key= - File not found
MsConfig - StartUpReg: Calendar - hkey= - key= - File not found
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
MsConfig - StartUpReg: DellSupport - hkey= - key= - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
MsConfig - StartUpReg: DellTransferAgent - hkey= - key= - C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe ( )
MsConfig - StartUpReg: DMXLauncher - hkey= - key= - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
MsConfig - StartUpReg: hpqSRMon - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LELA - hkey= - key= - File not found
MsConfig - StartUpReg: LogitechVideo[inspector] - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: MSKDetectorExe - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found
MsConfig - StartUpReg: VeohPlugin - hkey= - key= - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
MsConfig - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - File not found
SafeBootNet: nm.sys - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {11595080-8E73-46C5-B74F-411E5F229AF5} - Yahoo! Tracking for IE7
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings Update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8FD9D712-A285-4834-9F46-705AD5146A6B} - NoIETour
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar for Internet Explorer
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{19FB76C6-DBEF-44B5-A053-ECDF5F855A07} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: SENTINEL - C:\WINDOWS\System32\SNTI386.DLL (Rainbow Technologies, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VMnc - C:\WINDOWS\System32\vmnc.dll (VMware, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69537929998893056)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/28 22:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Lee\Desktop\JavaRa
[2011/04/28 22:19:55 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/28 22:19:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/28 22:19:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/28 22:15:46 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jason Lee\Desktop\OTL.com
[2011/04/28 22:14:31 | 048,536,984 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\Jason Lee\Desktop\AdbeRdr1001_en_US.exe
[2011/04/28 22:09:53 | 000,887,072 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Jason Lee\Desktop\jre-6u25-windows-i586-iftw.exe
[2011/04/28 21:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Lee\Application Data\QuickScan
[2011/04/28 18:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/28 18:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/28 18:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/04/28 10:24:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011/04/27 19:52:01 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/04/27 12:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/24 11:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AIM
[2011/04/24 11:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2011/04/21 10:14:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Lee\Local Settings\Application Data\PCHealth
[2011/04/18 15:51:00 | 008,579,448 | ---- | C] (Mozilla) -- C:\Documents and Settings\Jason Lee\Desktop\Firefox Setup 3.6.16.exe
[2011/04/08 22:03:51 | 003,016,509 | ---- | C] (MMM-Experts, Inc. ) -- C:\Documents and Settings\Jason Lee\Desktop\PyScripter-setup.exe
[2011/04/08 17:38:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Lee\Start Menu\Programs\Python 3.2
[2011/04/08 17:37:31 | 000,000,000 | ---D | C] -- C:\Python32
[2011/04/03 17:05:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Lee\Desktop\pga
[2011/04/02 18:05:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cygwin-X
[2011/04/02 16:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason Lee\Desktop\home
[2011/04/02 10:18:31 | 000,398,760 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/04/02 10:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/28 22:55:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/28 22:55:16 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/28 22:38:49 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/04/28 22:21:28 | 048,536,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Jason Lee\Desktop\AdbeRdr1001_en_US.exe
[2011/04/28 22:15:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason Lee\Desktop\OTL.com
[2011/04/28 22:09:57 | 000,887,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Jason Lee\Desktop\jre-6u25-windows-i586-iftw.exe
[2011/04/28 21:51:50 | 000,244,808 | ---- | M] () -- C:\Documents and Settings\Jason Lee\Desktop\GeekPolice_spider123.pdf
[2011/04/28 21:45:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/28 14:26:14 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2011/04/28 10:58:57 | 000,008,292 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\opwhfe24b3k5u5yry7dr23605x1t7asqjftg5y8
[2011/04/28 10:19:17 | 000,000,262 | -H-- | M] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/27 18:43:02 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/27 16:56:10 | 000,000,296 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/04/27 09:48:43 | 000,173,568 | RHS- | M] () -- C:\WINDOWS\System32\sccsccpx.exe
[2011/04/27 09:45:24 | 000,173,568 | RHS- | M] () -- C:\WINDOWS\System32\netshelln.exe
[2011/04/27 09:44:48 | 000,173,568 | RHS- | M] () -- C:\WINDOWS\System32\encdec9.exe
[2011/04/26 23:12:42 | 000,017,797 | ---- | M] () -- C:\Documents and Settings\Jason Lee\My Documents\royalweddinginvite.jpg
[2011/04/25 21:49:26 | 000,510,715 | ---- | M] () -- C:\Documents and Settings\Jason Lee\Desktop\Michelle_Lee_Medical_Verification.pdf
[2011/04/24 11:14:17 | 000,001,106 | -H-- | M] () -- C:\IPH.PH
[2011/04/24 11:14:15 | 000,001,601 | ---- | M] () -- C:\Documents and Settings\Jason Lee\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/04/23 10:26:39 | 000,446,166 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/23 10:26:39 | 000,073,792 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/23 10:20:10 | 000,173,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/23 10:09:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/21 20:33:20 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Jason Lee\Desktop\Backup of Applied Jobs.wbk
[2011/04/21 11:32:17 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/18 15:52:31 | 008,579,448 | ---- | M] (Mozilla) -- C:\Documents and Settings\Jason Lee\Desktop\Firefox Setup 3.6.16.exe
[2011/04/14 21:18:49 | 000,019,707 | ---- | M] () -- C:\Documents and Settings\Jason Lee\Desktop\flier.pdf
[2011/04/14 21:02:47 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Jason Lee\Desktop\Backup of flier.wbk
[2011/04/14 18:37:26 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Jason Lee\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/04/14 05:08:11 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/14 05:08:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/14 05:08:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/14 05:07:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/04/14 02:40:22 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/08 22:04:45 | 003,016,509 | ---- | M] (MMM-Experts, Inc. ) -- C:\Documents and Settings\Jason Lee\Desktop\PyScripter-setup.exe
[2011/04/08 17:34:26 | 018,041,344 | ---- | M] () -- C:\Documents and Settings\Jason Lee\Desktop\python-3.2.msi
[2011/04/05 16:41:34 | 000,006,488 | ---- | M] () -- C:\Documents and Settings\Jason Lee\My Documents\JasonLee_coverLetter.pdf
[2011/04/03 18:39:30 | 000,367,831 | ---- | M] () -- C:\Documents and Settings\Jason Lee\Desktop\WalgreensOrderTaiwan.pdf
[2011/04/03 18:09:24 | 000,368,611 | ---- | M] () -- C:\Documents and Settings\Jason Lee\Desktop\WalgreensOrder.pdf
[2011/04/03 18:07:59 | 000,188,452 | ---- | M] () -- C:\Documents and Settings\Jason Lee\Desktop\Walgreens Photo Center _ Pickup_ Review and Place Order.pdf
[2011/04/02 21:14:09 | 000,253,650 | ---- | M] () -- C:\Documents and Settings\Jason Lee\Desktop\Tangled Coupon.pdf
[2011/04/02 20:52:07 | 000,057,881 | ---- | M] () -- C:\Documents and Settings\Jason Lee\Desktop\GradImages.pdf
[2011/04/02 16:44:15 | 000,562,195 | ---- | M] () -- C:\Documents and Settings\Jason Lee\Desktop\setup.exe
[2011/04/02 16:42:16 | 001,154,198 | ---- | M] () -- C:\Documents and Settings\Jason Lee\Desktop\2010_OfficialBaseballRules.pdf
[2011/04/02 10:18:34 | 000,398,760 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/03/31 13:29:03 | 000,007,682 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\35cp0q5v08ctd
[2011/03/31 13:29:02 | 000,007,682 | -HS- | M] () -- C:\Documents and Settings\Jason Lee\Local Settings\Application Data\35cp0q5v08ctd
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/28 22:38:48 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/04/28 22:38:48 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/04/28 21:51:46 | 000,244,808 | ---- | C] () -- C:\Documents and Settings\Jason Lee\Desktop\GeekPolice_spider123.pdf
[2011/04/28 14:28:11 | 1063,714,816 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/27 18:34:36 | 000,008,292 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\opwhfe24b3k5u5yry7dr23605x1t7asqjftg5y8
[2011/04/27 09:48:43 | 000,173,568 | RHS- | C] () -- C:\WINDOWS\System32\sccsccpx.exe
[2011/04/27 09:45:24 | 000,173,568 | RHS- | C] () -- C:\WINDOWS\System32\netshelln.exe
[2011/04/27 09:45:06 | 000,000,296 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/04/27 09:45:03 | 000,000,262 | -H-- | C] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/27 09:44:48 | 000,173,568 | RHS- | C] () -- C:\WINDOWS\System32\encdec9.exe
[2011/04/26 23:12:38 | 000,017,797 | ---- | C] () -- C:\Documents and Settings\Jason Lee\My Documents\royalweddinginvite.jpg
[2011/04/25 21:49:17 | 000,510,715 | ---- | C] () -- C:\Documents and Settings\Jason Lee\Desktop\Michelle_Lee_Medical_Verification.pdf
[2011/04/14 21:02:46 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Jason Lee\Desktop\Backup of flier.wbk
[2011/04/14 19:20:22 | 000,019,707 | ---- | C] () -- C:\Documents and Settings\Jason Lee\Desktop\flier.pdf
[2011/04/08 17:30:14 | 018,041,344 | ---- | C] () -- C:\Documents and Settings\Jason Lee\Desktop\python-3.2.msi
[2011/04/03 18:39:28 | 000,367,831 | ---- | C] () -- C:\Documents and Settings\Jason Lee\Desktop\WalgreensOrderTaiwan.pdf
[2011/04/03 18:09:21 | 000,368,611 | ---- | C] () -- C:\Documents and Settings\Jason Lee\Desktop\WalgreensOrder.pdf
[2011/04/03 18:07:56 | 000,188,452 | ---- | C] () -- C:\Documents and Settings\Jason Lee\Desktop\Walgreens Photo Center _ Pickup_ Review and Place Order.pdf
[2011/04/02 21:14:08 | 000,253,650 | ---- | C] () -- C:\Documents and Settings\Jason Lee\Desktop\Tangled Coupon.pdf
[2011/04/02 20:52:03 | 000,057,881 | ---- | C] () -- C:\Documents and Settings\Jason Lee\Desktop\GradImages.pdf
[2011/04/02 16:44:10 | 000,562,195 | ---- | C] () -- C:\Documents and Settings\Jason Lee\Desktop\setup.exe
[2011/04/02 16:42:16 | 001,154,198 | ---- | C] () -- C:\Documents and Settings\Jason Lee\Desktop\2010_OfficialBaseballRules.pdf
[2011/04/01 16:47:35 | 000,006,488 | ---- | C] () -- C:\Documents and Settings\Jason Lee\My Documents\JasonLee_coverLetter.pdf
[2011/03/31 12:05:45 | 000,007,682 | -HS- | C] () -- C:\Documents and Settings\Jason Lee\Local Settings\Application Data\35cp0q5v08ctd
[2011/03/31 12:05:45 | 000,007,682 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\35cp0q5v08ctd
[2010/12/13 13:38:01 | 000,038,652 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/18 00:59:02 | 000,138,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/11/18 00:58:51 | 000,234,576 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/11/18 00:58:37 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/06/16 10:14:13 | 000,012,717 | R--- | C] () -- C:\WINDOWS\hpwscr14.dat
[2010/06/16 10:08:37 | 000,179,684 | ---- | C] () -- C:\WINDOWS\hpwins14.dat
[2010/06/16 10:08:37 | 000,001,108 | R--- | C] () -- C:\WINDOWS\hpwmdl14.dat
[2009/12/30 19:48:06 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/06/15 11:50:33 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2009/03/11 22:49:28 | 000,000,586 | ---- | C] () -- C:\WINDOWS\Calendar.INI
[2008/12/24 18:14:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/12/24 18:05:09 | 000,000,094 | ---- | C] () -- C:\WINDOWS\family.ini
[2008/04/04 08:18:43 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\virport.dll
[2008/03/27 11:32:55 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/03/27 11:30:57 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/03/27 11:30:56 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/01/15 04:31:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2007/10/07 17:09:49 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Jason Lee\Local Settings\Application Data\PUTTY.RND
[2007/08/17 14:15:45 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Jason Lee\Application Data\dvd.bmk
[2007/08/12 15:13:10 | 000,000,157 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2007/07/01 21:59:07 | 000,035,382 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2007/03/30 15:32:28 | 000,004,376 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/02/06 18:42:40 | 001,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2007/01/04 11:19:39 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/18 17:42:40 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Jason Lee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/09 15:07:59 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/10/09 13:13:53 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/10/08 21:07:56 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\BE261F9567.sys
[2006/09/16 14:55:32 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
[2006/09/02 15:44:38 | 000,050,127 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/09/02 15:40:45 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2006/09/02 15:38:57 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
[2006/09/02 15:27:07 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/01 20:13:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/08/30 22:05:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/30 21:48:49 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/30 21:45:10 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\67951F26BE.sys
[2006/08/30 21:45:09 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/08/30 20:54:34 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Jason Lee\Local Settings\Application Data\fusioncache.dat
[2006/08/23 01:53:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/23 01:45:27 | 000,000,290 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/23 01:41:24 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/08/23 01:39:43 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/08/23 01:35:07 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/23 01:33:12 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/08/23 01:03:59 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/08/23 01:03:44 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/08/23 01:01:42 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/09 23:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/01 13:11:52 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2005/08/31 10:11:14 | 000,000,442 | ---- | C] () -- C:\WINDOWS\System32\dlcfplc.ini
[2005/08/16 02:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 02:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 02:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 02:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 02:27:59 | 000,173,872 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 02:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 02:18:33 | 000,446,166 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 02:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 02:18:33 | 000,073,792 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 02:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 02:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 02:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 02:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 02:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 02:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 02:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 02:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 12:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/10 03:00:00 | 000,000,009 | ---- | C] () -- C:\WINDOWS\System32\comsats.sys
[2003/12/09 17:25:17 | 000,000,101 | ---- | C] () -- C:\WINDOWS\NPinfotl.ini
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/08/16 02:42:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/03/27 05:00:00 | 000,022,528 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD83.DLL
[2006/03/27 05:00:00 | 000,065,024 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP83.DLL
[2007/02/13 20:22:00 | 000,286,208 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4wm.DLL
[2008/07/01 12:00:16 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5jy.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2006/10/09 13:13:53 | 000,000,251 | ---- | M] () -- C:\Program Files\wt3d.ini

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/05/28 01:49:24 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/08/30 20:54:48 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Jason Lee\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/08/16 02:50:28 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Jason Lee\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/04/28 22:21:28 | 048,536,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Jason Lee\Desktop\AdbeRdr1001_en_US.exe
[2011/01/21 17:15:48 | 055,556,736 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Documents and Settings\Jason Lee\Desktop\Evernote_4.2.1.3679.exe
[2011/04/18 15:52:31 | 008,579,448 | ---- | M] (Mozilla) -- C:\Documents and Settings\Jason Lee\Desktop\Firefox Setup 3.6.16.exe
[2010/12/14 22:16:27 | 032,746,192 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Jason Lee\Desktop\installer_r08-windows.exe
[2011/04/28 22:09:57 | 000,887,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Jason Lee\Desktop\jre-6u25-windows-i586-iftw.exe
[2010/01/23 16:52:07 | 000,454,656 | ---- | M] (Simon Tatham) -- C:\Documents and Settings\Jason Lee\Desktop\putty.exe
[2011/04/08 22:04:45 | 003,016,509 | ---- | M] (MMM-Experts, Inc. ) -- C:\Documents and Settings\Jason Lee\Desktop\PyScripter-setup.exe
[2011/04/02 16:44:15 | 000,562,195 | ---- | M] () -- C:\Documents and Settings\Jason Lee\Desktop\setup.exe
[2008/01/30 02:00:40 | 001,473,024 | ---- | M] (Martin Prikryl) -- C:\Documents and Settings\Jason Lee\Desktop\winscp406.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2009/03/17 14:24:08 | 000,013,023 | ---- | M] () -- C:\WINDOWS\VX1000.src
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

spideylee
Novice
Novice

Posts Posts : 8
Joined Joined : 2011-04-29
OS OS : Windows XP
Points Points : 20568
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antimalware Doctor virus removed but computer is slow

Post by spideylee on Fri Apr 29, 2011 9:14 am


< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/10 03:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/03/18 10:53:03 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/03/18 10:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/03/18 10:53:19 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/03/18 10:53:21 | 000,261,080 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/08/30 20:54:47 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Jason Lee\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 17:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[2011/04/27 09:44:48 | 000,173,568 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\encdec9.exe
[2011/04/27 09:45:24 | 000,173,568 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\netshelln.exe
[2011/04/27 09:48:43 | 000,173,568 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\sccsccpx.exe
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/12/17 17:33:25 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2005/08/16 02:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 02:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 02:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2006/08/30 21:45:10 | 000,000,056 | RHS- | M] () -- C:\WINDOWS\system32\67951F26BE.sys
[2004/08/10 03:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2007/06/10 23:13:42 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\system32\BE261F9567.sys
[2004/08/10 03:00:00 | 000,000,009 | ---- | M] () -- C:\WINDOWS\system32\comsats.sys
[2004/08/10 03:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/06/09 08:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DDMI2.sys
[2005/03/13 14:54:00 | 000,006,656 | ---- | M] (GTek Technologies Ltd.) -- C:\WINDOWS\system32\DLPT2.sys
[2005/02/08 10:37:52 | 000,007,626 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GPCIEnum.sys
[2004/06/15 14:55:56 | 000,007,882 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GTKCMOS.sys
[2004/08/10 03:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/10 03:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/10 03:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2007/06/10 23:13:45 | 000,004,704 | -HS- | M] () -- C:\WINDOWS\system32\KGyGaAvL.sys
[2005/01/04 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\npptNT2.sys
[2004/08/10 03:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/10 03:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/10 03:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/10 03:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/10 03:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/10 03:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/10 03:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/10 03:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/10 03:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/10 03:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 11:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2011/03/03 06:21:11 | 001,857,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 17:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 17:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 17:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 17:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 17:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 17:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 17:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 17:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 17:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 17:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 17:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 17:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 17:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 17:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 17:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/03/27 05:00:00 | 000,022,528 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD83.DLL
[2006/03/27 05:00:00 | 000,065,024 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP83.DLL
[2007/02/13 20:22:00 | 000,286,208 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4wm.DLL
[2008/07/01 12:00:16 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5jy.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %SYSTEMDRIVE%\*.* >
[2010/10/04 13:23:42 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/04/14 17:36:45 | 000,017,692 | ---- | M] () -- C:\aaw7boot.log
[2005/08/16 02:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/04/28 14:26:14 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2011/04/27 19:54:02 | 000,007,046 | ---- | M] () -- C:\bootex.log
[2005/08/16 02:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/04/28 22:55:16 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/24 18:09:28 | 003,903,762 | ---- | M] () -- C:\HuskyInstallerLog.txt
[2008/11/28 19:20:56 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2007/07/03 19:08:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/04/24 11:14:17 | 000,001,106 | -H-- | M] () -- C:\IPH.PH
[2011/04/28 22:33:02 | 000,020,992 | ---- | M] () -- C:\JavaRa.log
[2007/07/03 19:08:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/05/28 01:41:11 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/04/28 22:55:09 | 1595,461,632 | -HS- | M] () -- C:\pagefile.sys
[2008/12/08 10:35:20 | 000,000,856 | ---- | M] () -- C:\s1h8

< %PROGRAMFILES%\*. >
[2011/04/28 22:38:09 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/07/13 11:50:36 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2011/04/24 11:14:14 | 000,000,000 | ---D | M] -- C:\Program Files\AIM7
[2010/11/13 10:54:23 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2009/06/27 15:47:30 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2010/12/13 12:01:38 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2006/08/23 01:29:14 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2009/11/29 23:35:56 | 000,000,000 | ---D | M] -- C:\Program Files\ChineseStudyHelper
[2009/11/29 23:34:38 | 000,000,000 | ---D | M] -- C:\Program Files\ChineseTools
[2009/03/01 15:41:05 | 000,000,000 | ---D | M] -- C:\Program Files\Combined Community Codec Pack
[2011/04/24 11:14:04 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/08/16 02:38:36 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2007/07/01 23:18:05 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2006/08/23 01:42:18 | 000,000,000 | ---D | M] -- C:\Program Files\Corel Corporation
[2011/04/02 10:18:18 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2007/07/01 23:25:42 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2009/12/18 15:57:40 | 000,000,000 | ---D | M] -- C:\Program Files\CrossWire
[2010/03/27 09:34:23 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
[2008/02/09 15:32:09 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2007/03/30 11:02:09 | 000,000,000 | ---D | M] -- C:\Program Files\DellConnect
[2007/04/12 14:53:37 | 000,000,000 | ---D | M] -- C:\Program Files\DellSupport
[2006/08/23 01:33:32 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2009/10/26 20:24:06 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/02/14 16:34:35 | 000,000,000 | ---D | M] -- C:\Program Files\e-Sword
[2009/10/21 12:39:26 | 000,000,000 | ---D | M] -- C:\Program Files\ebrary
[2011/03/30 19:02:58 | 000,000,000 | ---D | M] -- C:\Program Files\eclipse
[2011/04/27 12:09:21 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2009/07/15 01:05:36 | 000,000,000 | ---D | M] -- C:\Program Files\EzPinYin
[2011/02/11 14:40:32 | 000,000,000 | ---D | M] -- C:\Program Files\Garena
[2008/03/02 17:11:41 | 000,000,000 | ---D | M] -- C:\Program Files\GCS Budget
[2008/10/07 18:40:00 | 000,000,000 | ---D | M] -- C:\Program Files\GemMaster
[2009/11/29 22:51:30 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011/02/06 19:25:58 | 000,000,000 | ---D | M] -- C:\Program Files\Handbrake
[2010/07/18 20:53:58 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/06/16 10:18:27 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/05/19 21:13:52 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/11/30 00:12:55 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2006/08/23 01:29:10 | 000,000,000 | ---D | M] -- C:\Program Files\Intel, Inc
[2011/04/23 10:04:57 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/12/13 12:07:15 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/12/13 12:08:30 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/04/28 22:21:56 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2006/11/12 18:22:49 | 000,000,000 | ---D | M] -- C:\Program Files\JNC
[2008/12/02 21:30:10 | 000,000,000 | ---D | M] -- C:\Program Files\Linksys
[2008/02/18 19:35:59 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2008/02/29 03:03:11 | 000,000,000 | ---D | M] -- C:\Program Files\MATLAB71
[2009/05/28 01:54:59 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/10/29 00:11:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007/06/18 19:30:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/03/28 09:06:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2005/08/16 02:43:46 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/05/09 23:14:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2006/08/23 01:35:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2006/08/23 01:35:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2011/02/01 18:41:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client
[2011/04/27 10:13:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2007/06/18 19:29:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2006/08/23 01:33:16 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2010/08/12 03:03:15 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/04/28 21:10:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2011/03/26 18:10:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Sunbird
[2008/11/28 19:27:12 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/05/09 23:13:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2005/08/16 02:37:22 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2005/08/16 02:37:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/11/25 23:33:54 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/07/16 15:19:41 | 000,000,000 | ---D | M] -- C:\Program Files\MTV Networks
[2009/02/04 22:58:17 | 000,000,000 | ---D | M] -- C:\Program Files\MyChineseFlashcards
[2011/01/02 18:50:18 | 000,000,000 | ---D | M] -- C:\Program Files\MyJongg II
[2010/02/16 01:31:35 | 000,000,000 | ---D | M] -- C:\Program Files\MySQL
[2009/05/28 01:44:10 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2006/08/23 01:33:23 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2009/06/28 13:18:53 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Security Scan
[2011/02/28 18:44:08 | 000,000,000 | ---D | M] -- C:\Program Files\Notepad++
[2005/08/16 02:38:24 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2008/08/09 11:21:58 | 000,000,000 | ---D | M] -- C:\Program Files\OpenCase
[2010/10/09 11:19:53 | 000,000,000 | ---D | M] -- C:\Program Files\Opera
[2010/12/16 01:43:52 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/03/07 17:24:12 | 000,000,000 | ---D | M] -- C:\Program Files\Palm
[2009/02/12 16:42:14 | 000,000,000 | ---D | M] -- C:\Program Files\palmOne
[2007/01/07 23:27:16 | 000,000,000 | ---D | M] -- C:\Program Files\Qianhong
[2010/12/13 12:05:57 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/08/23 01:35:58 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2008/11/28 19:23:33 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2007/04/25 14:44:34 | 000,000,000 | ---D | M] -- C:\Program Files\RGB
[2006/08/23 01:45:45 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2006/08/23 01:46:48 | 000,000,000 | ---D | M] -- C:\Program Files\SearchAssist
[2006/08/23 01:30:10 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2008/12/04 21:53:26 | 000,000,000 | ---D | M] -- C:\Program Files\Skype
[2009/12/15 13:41:25 | 000,000,000 | ---D | M] -- C:\Program Files\Softland
[2006/08/23 01:46:44 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2010/08/11 15:17:06 | 000,000,000 | ---D | M] -- C:\Program Files\Starcraft
[2009/03/18 22:47:26 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2006/09/01 20:09:13 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2008/12/17 18:04:00 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec AntiVirus
[2006/08/23 01:28:14 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2009/11/30 00:02:08 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2008/04/04 08:31:16 | 000,000,000 | ---D | M] -- C:\Program Files\TinyPDF
[2010/07/13 11:51:12 | 000,000,000 | ---D | M] -- C:\Program Files\TokBox
[2010/07/13 11:51:05 | 000,000,000 | ---D | M] -- C:\Program Files\TokBox(2)
[2011/04/27 09:48:46 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/12/30 19:48:44 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
[2008/12/19 19:23:34 | 000,000,000 | ---D | M] -- C:\Program Files\Veoh Networks
[2007/10/25 20:54:33 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2010/10/04 13:18:52 | 000,000,000 | ---D | M] -- C:\Program Files\VMware
[2008/12/24 18:06:44 | 000,000,000 | ---D | M] -- C:\Program Files\Warcraft III
[2006/08/23 01:37:48 | 000,000,000 | ---D | M] -- C:\Program Files\WebCyberCoach
[2008/11/28 19:28:01 | 000,000,000 | ---D | M] -- C:\Program Files\WebEx
[2006/11/25 11:55:47 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital Technologies
[2010/04/27 00:02:46 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2009/08/04 14:26:37 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2009/05/03 00:18:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/07/11 17:30:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/07/11 16:18:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center
[2009/07/11 16:28:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2007/07/22 17:32:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2007/07/22 17:33:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/05/28 01:44:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/08/16 02:37:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2005/08/16 02:40:46 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/12/17 15:33:25 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/11/19 19:49:42 | 000,000,000 | ---D | M] -- C:\Program Files\Wolfenstein - Enemy Territory
[2010/02/17 23:25:22 | 000,000,000 | ---D | M] -- C:\Program Files\XAMPP
[2005/08/16 02:43:46 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/11/30 12:26:41 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2005/08/16 02:33:26 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Jason Lee\Application Data\desktop.ini
[2010/04/17 14:07:36 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Jason Lee\Application Data\dvd.bmk
[2007/05/21 18:18:09 | 000,000,196 | ---- | M] () -- C:\Documents and Settings\Jason Lee\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2007/05/26 23:09:42 | 000,031,872 | ---- | M] () -- C:\Documents and Settings\Jason Lee\Application Data\GDIPFONTCACHEV1.DAT


< MD5 for: AGP440.SYS >
[2004/08/10 03:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 03:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/05/28 01:35:03 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/05/28 01:35:03 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 21:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 21:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 03:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 03:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/05/28 01:35:03 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/05/28 01:35:03 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/10 03:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys
[2004/08/10 03:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/05/28 01:35:03 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2009/05/28 01:35:03 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/10 03:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\i386\disk.sys
[2004/08/10 03:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2009/12/20 01:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\Program Files\XAMPP\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/10 03:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbstor.sys
[2004/08/10 03:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2009/05/28 01:35:03 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2009/05/28 01:35:03 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-27 16:14:50

========== Files - Unicode (All) ==========
[2011/02/06 17:09:55 | 000,183,296 | ---- | C] ()(C:\Documents and Settings\Jason Lee\Desktop\Tawain_tour ??.doc) -- C:\Documents and Settings\Jason Lee\Desktop\Tawain_tour ??.doc
[2011/02/05 22:05:56 | 000,000,000 | ---D | M](C:\Documents and Settings\Jason Lee\Desktop\??? (II)) -- C:\Documents and Settings\Jason Lee\Desktop\??? (II)
[2011/02/05 22:05:56 | 000,000,000 | ---D | C](C:\Documents and Settings\Jason Lee\Desktop\??? (II)) -- C:\Documents and Settings\Jason Lee\Desktop\??? (II)
[2011/02/05 22:05:52 | 000,000,000 | ---D | M](C:\Documents and Settings\Jason Lee\Desktop\??? (I)) -- C:\Documents and Settings\Jason Lee\Desktop\??? (I)
[2011/02/05 22:05:52 | 000,000,000 | ---D | C](C:\Documents and Settings\Jason Lee\Desktop\??? (I)) -- C:\Documents and Settings\Jason Lee\Desktop\??? (I)
[2011/02/05 22:05:49 | 000,000,000 | ---D | M](C:\Documents and Settings\Jason Lee\Desktop\?????) -- C:\Documents and Settings\Jason Lee\Desktop\?????
[2011/02/05 22:05:49 | 000,000,000 | ---D | C](C:\Documents and Settings\Jason Lee\Desktop\?????) -- C:\Documents and Settings\Jason Lee\Desktop\?????
[2010/12/23 01:27:49 | 000,183,296 | ---- | M] ()(C:\Documents and Settings\Jason Lee\Desktop\Tawain_tour ??.doc) -- C:\Documents and Settings\Jason Lee\Desktop\Tawain_tour ??.doc
[2009/07/05 22:33:25 | 000,000,000 | ---D | M](C:\Documents and Settings\Jason Lee\Favorites\??sorted Bookmarks) -- C:\Documents and Settings\Jason Lee\Favorites\??sorted Bookmarks

< End of report >








OTL Extras logfile created on: 4/28/2011 11:01:43 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jason Lee\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 421.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 79.18 Gb Total Space | 14.38 Gb Free Space | 18.16% Space Free | Partition Type: NTFS
Drive D: | 26.51 Gb Total Space | 8.95 Gb Free Space | 33.75% Space Free | Partition Type: NTFS

Computer Name: SPIDER-MAN | User Name: Jason Lee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM7\aim.exe" = C:\Program Files\AIM7\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\WINDOWS\Temp\Managee.exe" = C:\WINDOWS\Temp\Managee.exe:*:Enabled:hig39gahir.exe
"C:\WINDOWS\Temp\conima.exe" = C:\WINDOWS\Temp\conima.exe:*:Enabled:hig39gahir.exe


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{15262012-213A-4f65-9019-C8A409EC0156}" = HP Officejet J6400 Series
"{162D2FB8-60A3-4871-B6A1-5C744CD34FF5}" = 725plc32
"{165DC222-0C57-0CF3-C6D2-4DF19184C9CF}" = TokBox Desktop Client
"{1771FDC8-D846-4B77-996A-C80DAD42C03F}" = OpenCASE Media Agent
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status
"{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 25
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{31800004-6386-4999-A519-518F2D78D8F0}" = Python 2.5.1
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{52D56C42-8C69-4882-A661-39695537C9CF}" = DellConnect
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5C0856B6-6260-4952-8FF5-C79C3FD3AA44}" = e-Sword
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{6009DE23-1C94-4C90-9415-215A3C5A85BD}" = JetShell for JNC iAUDIO4
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EEB695-388B-4835-8EA6-0C04545B06B9}" = Intel(R) PROSet/Wireless WiFi Software
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{848AC794-8B81-440A-81AE-6474337DB527}" = Symantec AntiVirus
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A260B422-70E1-41E2-957D-F76FA21266D5}" = Apple Software Update
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4C88CF0-B617-4658-8F84-C4E847FBC9F7}" = Microsoft Managed DirectX (1126)
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBCDEDF3-A2E5-4402-8E9E-E2C23DBE1DA8}" = Adobe Photoshop Lightroom
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"doPDF 6 printer_is1" = doPDF 6.0 printer
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESET Online Scanner" = ESET Online Scanner v3
"Garena" = Garena
"GCS Budget_is1" = GCS Budget 1.03
"getPlus(R)_dll" = getPlus(R)_dll
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"ProInst" = Intel PROSet Wireless
"QcDrv" = Logitech Camera Driver
"Qianhong" = Qianhong 3.5.1
"Rainbow Sentinel Driver" = Sentinel System Driver
"RealPlayer 6.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Starcraft" = Starcraft
"Symantec Antivirus 9" = Symantec Antivirus 9
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TinyPDF_is1" = TinyPDF
"TokBox-Desktop.140E496FAF651FC6D79F73D360E855D4667C7B11.1" = TokBox Desktop Client
"Veoh Web Player Beta" = Veoh Web Player Beta
"ViewpointMediaPlayer" = Viewpoint Media Player
"VMware_Player" = VMware Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xiphos" = Xiphos
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Sun Download Manager 2.0 (web)" = Sun Download Manager 2.0 (web)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/31/2006 12:02:05 AM | Computer Name = JasonLee | Source = Application Error | ID = 1000
Description = Faulting application ifrmewrk.exe, version 10.1.1.19, faulting module
connmgr.dll, version 10.1.1.164, fault address 0x00013a4e.


< End of report >

spideylee
Novice
Novice

Posts Posts : 8
Joined Joined : 2011-04-29
OS OS : Windows XP
Points Points : 20568
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antimalware Doctor virus removed but computer is slow

Post by Belahzur on Fri Apr 29, 2011 9:43 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antimalware Doctor virus removed but computer is slow

Post by spideylee on Sat Apr 30, 2011 3:55 am

ComboFix 11-04-29.02 - Jason Lee 04/29/2011 19:36:23.1.2 - x86
Running from: c:\documents and settings\Jason Lee\Desktop\Combo-Fix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jason Lee\Application Data\Adobe\plugs
c:\documents and settings\Jason Lee\Application Data\Adobe\plugs\KB343525281.exe
c:\documents and settings\Jason Lee\Application Data\Adobe\plugs\KB343534687.exe
c:\documents and settings\Jason Lee\Application Data\Adobe\plugs\KB343537750.exe
c:\documents and settings\Jason Lee\Application Data\Adobe\shed
c:\documents and settings\Jason Lee\Desktop\Setup.exe
c:\documents and settings\Jason Lee\Recent\Apply for a Job.url
c:\documents and settings\Jason Lee\WINDOWS
c:\windows\system32\comsats.sys
c:\windows\system32\Install.txt
c:\windows\system32\ReadMe.txt
c:\windows\system32\Settings
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PLUG_MANAGER
-------\Legacy_SECURITYMONITORINGDRIVER
-------\Service_Plug Manager
-------\Service_SecurityMonitoringDriver
.
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-30 )))))))))))))))))))))))))))))))
.
.
2011-04-29 04:05 . 2011-04-29 04:05 -------- d-----w- c:\documents and settings\Jason Lee\Application Data\QuickScan
2011-04-29 01:33 . 2011-04-29 01:34 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-04-28 02:52 . 2011-04-28 02:52 -------- d-----w- C:\found.000
2011-04-28 00:02 . 2011-04-28 00:02 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-04-27 19:57 . 2011-04-27 19:57 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-04-27 19:09 . 2011-04-27 19:09 -------- d-----w- c:\program files\ESET
2011-04-27 16:48 . 2011-04-27 16:48 173568 --sha-r- c:\windows\system32\sccsccpx.exe
2011-04-27 16:45 . 2011-04-27 16:45 173568 --sha-r- c:\windows\system32\netshelln.exe
2011-04-27 16:44 . 2011-04-27 16:44 173568 --sha-r- c:\windows\system32\encdec9.exe
2011-04-24 18:14 . 2011-04-24 18:14 -------- d-----w- c:\program files\Common Files\Software Update Utility
2011-04-24 18:01 . 2011-04-24 18:01 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2011-04-21 18:35 . 2011-04-21 18:35 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-21 17:14 . 2011-04-21 17:14 -------- d-----w- c:\documents and settings\Jason Lee\Local Settings\Application Data\PCHealth
2011-04-11 22:19 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6826CF4C-2D77-4E11-A32C-6B24DF1BBC0D}\mpengine.dll
2011-04-09 00:38 . 2011-04-09 00:38 98304 ----a-r- c:\documents and settings\Jason Lee\Application Data\Microsoft\Installer\{B2042D5E-986D-44EC-AEE3-AFE4108CCC93}\python_icon.exe
2011-04-09 00:37 . 2011-04-09 00:38 -------- d-----w- C:\Python32
2011-04-02 17:18 . 2011-04-02 17:18 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-03-31 19:45 . 2011-03-31 19:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 12:07 . 2010-12-18 02:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-14 09:40 . 2010-12-18 02:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-18 18:32 . 2011-02-14 22:05 71072 ----a-w- c:\windows\CouponPrinter.ocx
2011-03-15 04:05 . 2010-02-03 08:29 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-07 05:33 . 2005-08-16 09:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2005-08-16 09:18 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2005-08-16 09:18 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2005-08-16 09:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2005-08-16 09:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2005-08-16 09:18 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2005-08-16 09:18 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2005-08-16 09:18 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-16 05:42 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2005-08-16 09:18 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2005-08-16 09:37 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-08 13:33 . 2005-08-16 09:18 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2005-08-16 09:18 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-05 01:48 . 2005-08-16 09:18 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-05 01:48 . 2005-08-16 09:18 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-03 01:11 . 2009-10-02 21:19 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-02 07:58 . 2005-08-16 09:37 2067456 ----a-w- c:\windows\system32\mstscax.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-04-29 07:43 . 2011-03-27 18:57 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Jason Lee\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Jason Lee\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Jason Lee\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-06-10 66680]
"VX1000"="c:\windows\vVX1000.exe" [2009-03-17 721936]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-10-07 161096]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-05-21 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-05-21 1202448]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2010-09-21 64048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 19:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-02-06 23:30 61440 ----a-r- c:\program files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-04-01 09:39 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 18:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
2007-11-13 21:46 135168 -c--a-w- c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 08:12 94208 -c--a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 04:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 19:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-03-07 01:08 3558136 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 02:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"YahooAUService"=2 (0x2)
"SNDSrvc"=3 (0x3)
"DefWatch"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WinDefend"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"JTAGServer"=2 (0x2)
"VMware NAT Service"=2 (0x2)
"VMUSBArbService"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"ufad-ws60"=3 (0x3)
"PnkBstrA"=2 (0x2)
"MsMpSvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/1/2007 9:50 PM 717296]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [8/3/2008 6:45 PM 835208]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/6/2004 5:56 PM 173392]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [9/21/2010 2:42 AM 70704]
S2 Input Manager;Input Manager;c:\windows\temp\Input Manager.bat --> c:\windows\temp\Input Manager.bat [?]
S2 Microsoft Batch Process Handler For Windows;Microsoft Batch Process Handler;"c:\windows\repair\svchost.exe" --> c:\windows\repair\svchost.exe [?]
S2 Microsoft Registry Modification Parameters;Microsoft Registry Compiler;"c:\windows\repair\services.exe" --> c:\windows\repair\services.exe [?]
S3 DellBIOS;DellBIOS;\??\c:\windows\DellBIOS.Sys --> c:\windows\DellBIOS.Sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\JASONL~1\LOCALS~1\Temp\MWE344.tmp --> c:\docume~1\JASONL~1\LOCALS~1\Temp\MWE344.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\plugins\UI\safedrv.sys --> c:\program files\Garena\plugins\UI\safedrv.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/16/2005 2:18 AM 14336]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/25/2007 8:54 PM 24652]
S4 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [9/21/2010 1:42 AM 539184]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-476518676-1679458388-2164836793-1005Core1cb6d516f9eedfa.job
- c:\documents and settings\Jason Lee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-01 03:06]
.
2011-04-29 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
- c:\windows\vVX1000.exe [2009-06-15 21:24]
.
2011-04-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Jason Lee\Application Data\Mozilla\Firefox\Profiles\5jxtan2j.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
------- File Associations -------
.
.txt=Notepad++_file
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-Calendar - c:\program files\Desksware\Desktop iCal\Calendar.exe
MSConfigStartUp-LELA - c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe
AddRemove-Microsoft Security Essentials - c:\program files\Microsoft Security Essentials\setup.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
AddRemove-Google Chrome - c:\documents and settings\Jason Lee\Local Settings\Application Data\Google\Chrome\Application\8.0.552.224\Installer\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-04-29 20:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [You must be registered and logged in to see this link.]
Windows 5.1.2600 Disk: WDC_WD1200BEVS-75LAT0 rev.02.06M02 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8727757B
user & kernel MBR OK
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\JASONL~1\LOCALS~1\Temp\MWE344.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Input Manager]
"ImagePath"="%SystemRoot%\temp\Input Manager.bat"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\WININET.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'lsass.exe'(988)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3120)
c:\windows\system32\WININET.dll
c:\documents and settings\Jason Lee\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\stsystra.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\InstallShield\UpdateService\agent.exe
.
**************************************************************************
.
Completion time: 2011-04-29 20:53:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-30 03:53
.
Pre-Run: 15,224,528,896 bytes free
Post-Run: 15,259,287,552 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - A4CF8B4F513D23CAC6A07D3BE399613B

spideylee
Novice
Novice

Posts Posts : 8
Joined Joined : 2011-04-29
OS OS : Windows XP
Points Points : 20568
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antimalware Doctor virus removed but computer is slow

Post by spideylee on Sat Apr 30, 2011 4:24 am

I also noticed that when using google search, when I click on a link it directs me to the wrong site (possibly an ad site).

spideylee
Novice
Novice

Posts Posts : 8
Joined Joined : 2011-04-29
OS OS : Windows XP
Points Points : 20568
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antimalware Doctor virus removed but computer is slow

Post by Belahzur on Sat Apr 30, 2011 1:03 pm

Hello.
Yeah, you still have a nasty infection onboard so lets kill that now.

Please reboot your machine.

As it is rebooting, you will notice an extra menu, and an extra option for the Microsoft Windows Recovery Console.

Please select that option to boot the RC, Windows will boot to a text based screen and ask you to select the installation to log into, please choose the correct one, usually option 1 and press enter.

In there, type in the following commands, 1 line at a time.


fixmbr
exit

After the copy command, you may be prompted with a yes/no to confirm the copy, type in "y" to confirm it.

After that, boot back to normal mode and re-run Combofix, then post the new log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antimalware Doctor virus removed but computer is slow

Post by spideylee on Sun May 01, 2011 5:37 pm

ComboFix 11-04-29.02 - Jason Lee 05/01/2011 9:58.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.490 [GMT -7:00]
Running from: c:\documents and settings\Jason Lee\Desktop\Combo-Fix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-01 to 2011-05-01 )))))))))))))))))))))))))))))))
.
.
2011-04-30 04:46 . 2011-04-30 04:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2011-04-30 03:49 . 2011-04-30 03:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-04-29 04:05 . 2011-04-29 04:05 -------- d-----w- c:\documents and settings\Jason Lee\Application Data\QuickScan
2011-04-29 01:33 . 2011-04-29 01:34 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-04-28 02:52 . 2011-04-28 02:52 -------- d-----w- C:\found.000
2011-04-28 00:02 . 2011-04-28 00:02 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-04-27 19:57 . 2011-04-27 19:57 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-04-27 19:09 . 2011-04-27 19:09 -------- d-----w- c:\program files\ESET
2011-04-27 16:48 . 2011-04-27 16:48 173568 --sha-r- c:\windows\system32\sccsccpx.exe
2011-04-27 16:45 . 2011-04-27 16:45 173568 --sha-r- c:\windows\system32\netshelln.exe
2011-04-27 16:44 . 2011-04-27 16:44 173568 --sha-r- c:\windows\system32\encdec9.exe
2011-04-24 18:14 . 2011-04-24 18:14 -------- d-----w- c:\program files\Common Files\Software Update Utility
2011-04-24 18:01 . 2011-04-24 18:01 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2011-04-21 18:35 . 2011-04-21 18:35 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-21 17:14 . 2011-04-21 17:14 -------- d-----w- c:\documents and settings\Jason Lee\Local Settings\Application Data\PCHealth
2011-04-11 22:19 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6826CF4C-2D77-4E11-A32C-6B24DF1BBC0D}\mpengine.dll
2011-04-09 00:38 . 2011-04-09 00:38 98304 ----a-r- c:\documents and settings\Jason Lee\Application Data\Microsoft\Installer\{B2042D5E-986D-44EC-AEE3-AFE4108CCC93}\python_icon.exe
2011-04-09 00:37 . 2011-04-09 00:38 -------- d-----w- C:\Python32
2011-04-02 17:18 . 2011-04-02 17:18 398760 ----a-r- c:\windows\system32\cpnprt2.cid
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 12:07 . 2010-12-18 02:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-14 09:40 . 2010-12-18 02:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-18 18:32 . 2011-02-14 22:05 71072 ----a-w- c:\windows\CouponPrinter.ocx
2011-03-15 04:05 . 2010-02-03 08:29 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-07 05:33 . 2005-08-16 09:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2005-08-16 09:18 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2005-08-16 09:18 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2005-08-16 09:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2005-08-16 09:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2005-08-16 09:18 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2005-08-16 09:18 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2005-08-16 09:18 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-16 05:42 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2005-08-16 09:18 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2005-08-16 09:37 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-08 13:33 . 2005-08-16 09:18 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2005-08-16 09:18 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-05 01:48 . 2005-08-16 09:18 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-05 01:48 . 2005-08-16 09:18 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-03 01:11 . 2009-10-02 21:19 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-02 07:58 . 2005-08-16 09:37 2067456 ----a-w- c:\windows\system32\mstscax.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-04-29 07:43 . 2011-03-27 18:57 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Jason Lee\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Jason Lee\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Jason Lee\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-06-10 66680]
"VX1000"="c:\windows\vVX1000.exe" [2009-03-17 721936]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-10-07 161096]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-05-21 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-05-21 1202448]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2010-09-21 64048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 19:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-02-06 23:30 61440 ----a-r- c:\program files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-04-01 09:39 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 18:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
2007-11-13 21:46 135168 -c--a-w- c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 08:12 94208 -c--a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 04:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 19:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-03-07 01:08 3558136 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 02:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"YahooAUService"=2 (0x2)
"SNDSrvc"=3 (0x3)
"DefWatch"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WinDefend"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"JTAGServer"=2 (0x2)
"VMware NAT Service"=2 (0x2)
"VMUSBArbService"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"ufad-ws60"=3 (0x3)
"PnkBstrA"=2 (0x2)
"MsMpSvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/1/2007 9:50 PM 717296]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [8/3/2008 6:45 PM 835208]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/6/2004 5:56 PM 173392]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [9/21/2010 2:42 AM 70704]
S2 Input Manager;Input Manager;c:\windows\temp\Input Manager.bat --> c:\windows\temp\Input Manager.bat [?]
S2 Microsoft Batch Process Handler For Windows;Microsoft Batch Process Handler;"c:\windows\repair\svchost.exe" --> c:\windows\repair\svchost.exe [?]
S2 Microsoft Registry Modification Parameters;Microsoft Registry Compiler;"c:\windows\repair\services.exe" --> c:\windows\repair\services.exe [?]
S3 DellBIOS;DellBIOS;\??\c:\windows\DellBIOS.Sys --> c:\windows\DellBIOS.Sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\JASONL~1\LOCALS~1\Temp\MWE344.tmp --> c:\docume~1\JASONL~1\LOCALS~1\Temp\MWE344.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\plugins\UI\safedrv.sys --> c:\program files\Garena\plugins\UI\safedrv.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/16/2005 2:18 AM 14336]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/25/2007 8:54 PM 24652]
S4 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [9/21/2010 1:42 AM 539184]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-476518676-1679458388-2164836793-1005Core1cb6d516f9eedfa.job
- c:\documents and settings\Jason Lee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-01 03:06]
.
2011-04-29 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
- c:\windows\vVX1000.exe [2009-06-15 21:24]
.
2011-04-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Jason Lee\Application Data\Mozilla\Firefox\Profiles\5jxtan2j.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
------- File Associations -------
.
.txt=Notepad++_file
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-05-01 10:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\JASONL~1\LOCALS~1\Temp\MWE344.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Input Manager]
"ImagePath"="%SystemRoot%\temp\Input Manager.bat"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(2000)
c:\windows\system32\WININET.dll
c:\documents and settings\Jason Lee\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2011-05-01 10:19:21
ComboFix-quarantined-files.txt 2011-05-01 17:19
ComboFix2.txt 2011-04-30 03:53
.
Pre-Run: 15,259,578,368 bytes free
Post-Run: 15,256,215,552 bytes free
.
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - F0A1AA5B5327D8CBFAB1F1B65D7FD337

spideylee
Novice
Novice

Posts Posts : 8
Joined Joined : 2011-04-29
OS OS : Windows XP
Points Points : 20568
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antimalware Doctor virus removed but computer is slow

Post by Belahzur on Mon May 02, 2011 4:57 pm

Nice work, that killed the rootkit.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    File::
    c:\windows\system32\sccsccpx.exe
    c:\windows\system32\netshelln.exe
    c:\windows\system32\encdec9.exe

    Driver::
    Microsoft Batch Process Handler For Windows
    Microsoft Registry Modification Parameters
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antimalware Doctor virus removed but computer is slow

Post by spideylee on Mon May 02, 2011 8:08 pm

ComboFix 11-04-29.02 - Jason Lee 05/02/2011 12:40:11.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.523 [GMT -7:00]
Running from: c:\documents and settings\Jason Lee\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Jason Lee\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
* Created a new restore point
.
FILE ::
"c:\windows\system32\encdec9.exe"
"c:\windows\system32\netshelln.exe"
"c:\windows\system32\sccsccpx.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\encdec9.exe
c:\windows\system32\netshelln.exe
c:\windows\system32\sccsccpx.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MICROSOFT_BATCH_PROCESS_HANDLER_FOR_WINDOWS
-------\Legacy_MICROSOFT_REGISTRY_MODIFICATION_PARAMETERS
-------\Service_Microsoft Batch Process Handler For Windows
-------\Service_Microsoft Registry Modification Parameters
.
.
((((((((((((((((((((((((( Files Created from 2011-04-02 to 2011-05-02 )))))))))))))))))))))))))))))))
.
.
2011-04-30 04:46 . 2011-04-30 04:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2011-04-30 03:49 . 2011-04-30 03:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-04-29 04:05 . 2011-04-29 04:05 -------- d-----w- c:\documents and settings\Jason Lee\Application Data\QuickScan
2011-04-29 01:33 . 2011-04-29 01:34 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-04-28 02:52 . 2011-04-28 02:52 -------- d-----w- C:\found.000
2011-04-28 00:02 . 2011-04-28 00:02 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-04-27 19:57 . 2011-04-27 19:57 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-04-27 19:09 . 2011-04-27 19:09 -------- d-----w- c:\program files\ESET
2011-04-24 18:14 . 2011-04-24 18:14 -------- d-----w- c:\program files\Common Files\Software Update Utility
2011-04-24 18:01 . 2011-04-24 18:01 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2011-04-21 18:35 . 2011-04-21 18:35 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-21 17:14 . 2011-04-21 17:14 -------- d-----w- c:\documents and settings\Jason Lee\Local Settings\Application Data\PCHealth
2011-04-11 22:19 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6826CF4C-2D77-4E11-A32C-6B24DF1BBC0D}\mpengine.dll
2011-04-09 00:38 . 2011-04-09 00:38 98304 ----a-r- c:\documents and settings\Jason Lee\Application Data\Microsoft\Installer\{B2042D5E-986D-44EC-AEE3-AFE4108CCC93}\python_icon.exe
2011-04-09 00:37 . 2011-04-09 00:38 -------- d-----w- C:\Python32
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 12:07 . 2010-12-18 02:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-14 09:40 . 2010-12-18 02:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-02 17:18 . 2011-04-02 17:18 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-03-18 18:32 . 2011-02-14 22:05 71072 ----a-w- c:\windows\CouponPrinter.ocx
2011-03-15 04:05 . 2010-02-03 08:29 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-07 05:33 . 2005-08-16 09:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2005-08-16 09:18 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2005-08-16 09:18 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2005-08-16 09:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2005-08-16 09:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2005-08-16 09:18 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2005-08-16 09:18 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2005-08-16 09:18 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-16 05:42 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2005-08-16 09:18 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2005-08-16 09:37 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-08 13:33 . 2005-08-16 09:18 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2005-08-16 09:18 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-05 01:48 . 2005-08-16 09:18 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-05 01:48 . 2005-08-16 09:18 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-03 01:11 . 2009-10-02 21:19 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-02 07:58 . 2005-08-16 09:37 2067456 ----a-w- c:\windows\system32\mstscax.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-04-29 07:43 . 2011-03-27 18:57 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Jason Lee\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Jason Lee\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Jason Lee\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-06-10 66680]
"VX1000"="c:\windows\vVX1000.exe" [2009-03-17 721936]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-10-07 161096]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-05-21 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-05-21 1202448]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2010-09-21 64048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 19:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-02-06 23:30 61440 ----a-r- c:\program files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-04-01 09:39 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 18:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
2007-11-13 21:46 135168 -c--a-w- c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 08:12 94208 -c--a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 04:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 19:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-03-07 01:08 3558136 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 02:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"YahooAUService"=2 (0x2)
"SNDSrvc"=3 (0x3)
"DefWatch"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WinDefend"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"JTAGServer"=2 (0x2)
"VMware NAT Service"=2 (0x2)
"VMUSBArbService"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"ufad-ws60"=3 (0x3)
"PnkBstrA"=2 (0x2)
"MsMpSvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/1/2007 9:50 PM 717296]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [8/3/2008 6:45 PM 835208]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/6/2004 5:56 PM 173392]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [9/21/2010 2:42 AM 70704]
S2 Input Manager;Input Manager;c:\windows\temp\Input Manager.bat --> c:\windows\temp\Input Manager.bat [?]
S3 DellBIOS;DellBIOS;\??\c:\windows\DellBIOS.Sys --> c:\windows\DellBIOS.Sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\JASONL~1\LOCALS~1\Temp\MWE344.tmp --> c:\docume~1\JASONL~1\LOCALS~1\Temp\MWE344.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\plugins\UI\safedrv.sys --> c:\program files\Garena\plugins\UI\safedrv.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/16/2005 2:18 AM 14336]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/25/2007 8:54 PM 24652]
S4 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [9/21/2010 1:42 AM 539184]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-476518676-1679458388-2164836793-1005Core1cb6d516f9eedfa.job
- c:\documents and settings\Jason Lee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-01 03:06]
.
2011-04-29 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
- c:\windows\vVX1000.exe [2009-06-15 21:24]
.
2011-04-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Jason Lee\Application Data\Mozilla\Firefox\Profiles\5jxtan2j.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-05-02 12:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\JASONL~1\LOCALS~1\Temp\MWE344.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Input Manager]
"ImagePath"="%SystemRoot%\temp\Input Manager.bat"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(2736)
c:\windows\system32\WININET.dll
c:\documents and settings\Jason Lee\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\stsystra.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2011-05-02 13:06:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-02 20:06
ComboFix2.txt 2011-05-01 17:19
ComboFix3.txt 2011-04-30 03:53
.
Pre-Run: 15,224,991,744 bytes free
Post-Run: 15,206,146,048 bytes free
.
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 374AD3BB27443DD89FE91B9BA75A3B2D

spideylee
Novice
Novice

Posts Posts : 8
Joined Joined : 2011-04-29
OS OS : Windows XP
Points Points : 20568
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antimalware Doctor virus removed but computer is slow

Post by Belahzur on Tue May 03, 2011 1:07 am

Hello.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antimalware Doctor virus removed but computer is slow

Post by spideylee on Tue May 03, 2011 11:06 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=82537adbd8a13749b729873044ce7f91
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-28 07:42:25
# local_time=2011-04-28 12:42:25 (-0800, Pacific Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=163754
# found=32
# cleaned=32
# scan_time=5741
C:\Documents and Settings\Administrator\Local Settings\Application Data\wcp.exe a variant of Win32/Kryptik.NCU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\avp.exe a variant of Win32/Agent.SDL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\avp32.exe a variant of Win32/Agent.SDL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\cmd.exe a variant of Win32/Agent.SDL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\csrss.exe a variant of Win32/Agent.SDL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\debug.exe a variant of Win32/Agent.SDL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\drweb.exe a variant of Win32/Agent.SDL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\gdi32.exe a variant of Win32/Agent.SDL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\hexdump.exe a variant of Win32/Agent.SDL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\iexplarer.exe a variant of Win32/Agent.SDL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\igrovc.dll a variant of Win32/Kryptik.NBC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\login.exe a variant of Win32/Agent.SDL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\lsass.exe a variant of Win32/Agent.SDL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\mdm.exe a variant of Win32/Agent.SDL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\msmgm.exe a variant of Win32/Agent.SDL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\nvsvc32.exe a variant of Win32/Agent.SDL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\services.exe a variant of Win32/Agent.SDL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\setup.exe a variant of Win32/Agent.SDL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\smss.exe a variant of Win32/Agent.SDL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\spoolsv.exe a variant of Win32/Agent.SDL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\svchost.exe a variant of Win32/Agent.SDL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\sysedit.exe a variant of Win32/Agent.SDL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\sysmgm.exe a variant of Win32/Agent.SDL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\taskmgr.exe a variant of Win32/Agent.SDL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\user.exe a variant of Win32/Agent.SDL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\win16.exe a variant of Win32/Agent.SDL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\win32.exe a variant of Win32/Agent.SDL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\winamp.exe a variant of Win32/Agent.SDL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\wininst.exe a variant of Win32/Agent.SDL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\winlogon.exe a variant of Win32/Agent.SDL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\6to4ex.dll a variant of Win32/Routmo.N trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\iraos.doc a variant of Win32/Ertfor.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=82537adbd8a13749b729873044ce7f91
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-28 09:25:01
# local_time=2011-04-28 02:25:01 (-0800, Pacific Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=crash
# scanned=162260
# found=0
# cleaned=0
# scan_time=5487
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=82537adbd8a13749b729873044ce7f91
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-03 04:02:27
# local_time=2011-05-02 09:02:27 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 371330 371330 0 0
# scanned=90299
# found=2
# cleaned=2
# scan_time=6253
C:\Documents and Settings\Jason Lee\My Documents\Davis\school\classes\http%3a%2f%2fwww.gtlib.gatech.edu%2fpub%2fcygwin\release\libungif\libungif-4.1.4-1.tar.bz2 a variant of Win32/Kryptik.NGS trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Jason Lee\My Documents\Davis\school\classes\http%3a%2f%2fwww.gtlib.gatech.edu%2fpub%2fcygwin\release\ncurses\ncurses-5.5-3.tar.bz2 a variant of Win32/Kryptik.NGS trojan (deleted - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=82537adbd8a13749b729873044ce7f91
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-03 10:49:33
# local_time=2011-05-03 03:49:33 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 428276 428276 0 0
# scanned=213882
# found=14
# cleaned=14
# scan_time=16934
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\10\5125954a-62e5debc multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Jason Lee\Application Data\Adobe\plugs\KB343525281.exe.vir a variant of Win32/Kryptik.NCG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Jason Lee\Application Data\Adobe\plugs\KB343534687.exe.vir a variant of Win32/Kryptik.NCG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Jason Lee\Application Data\Adobe\plugs\KB343537750.exe.vir a variant of Win32/Kryptik.NCG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\encdec9.exe.vir Win32/Qhost.NRX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\netshelln.exe.vir Win32/Qhost.NRX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\sccsccpx.exe.vir Win32/Qhost.NRX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2\A0004248.exe a variant of Win32/Kryptik.NCG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2\A0004249.exe a variant of Win32/Kryptik.NCG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2\A0004250.exe a variant of Win32/Kryptik.NCG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0008444.exe Win32/Qhost.NRX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0008445.exe Win32/Qhost.NRX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0008446.exe Win32/Qhost.NRX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Flash\ALL\MatLab 7\utils\accessbridge-1_1.zip probably a variant of Win32/Obfuscated.BKKOQMN trojan (deleted - quarantined) 00000000000000000000000000000000 C

spideylee
Novice
Novice

Posts Posts : 8
Joined Joined : 2011-04-29
OS OS : Windows XP
Points Points : 20568
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antimalware Doctor virus removed but computer is slow

Post by Belahzur on Wed May 04, 2011 2:25 pm

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antimalware Doctor virus removed but computer is slow

Post by spideylee on Wed May 04, 2011 5:33 pm

My machine seems to be running better now. You have been very helpful, thank you so much!

spideylee
Novice
Novice

Posts Posts : 8
Joined Joined : 2011-04-29
OS OS : Windows XP
Points Points : 20568
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antimalware Doctor virus removed but computer is slow

Post by Belahzur on Wed May 04, 2011 10:07 pm

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

  • [You must be registered and logged in to see this link.]
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found [You must be registered and logged in to see this link.].
  • [You must be registered and logged in to see this link.].
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:
Thank you for choosing GeekPolice. [You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum