tried to remove fake windows security, now usb won't work

Page 3 of 3 Previous  1, 2, 3

View previous topic View next topic Go down

tried to remove fake windows security, now usb won't work

Post by dmn3331 on Tue 31 May 2011, 8:25 am

First topic message reminder :

hi,
i followed some advice i saw about removing the fake windows security on my pc (i'm now working on my laptop)...the advice included running kaspersky, malwarebytes, and then turning system restore off and on...i turned it off (in safe mode) but couldn't turn it back on...now i'm not sure what happened, or what other things i may have run that i saw posted as helps, but currently i can't even use my mouse, so i can't log in...even in safe mode. what to do?

dmn3331

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2011-05-31
Operating System : windows xp service pack 3

View user profile

Back to top Go down


Re: tried to remove fake windows security, now usb won't work

Post by Sneakyone on Wed 20 Jul 2011, 4:45 pm

Alrighty, lets run a custom scan with OTL that'll show me some info about the mouse and keyboard files.

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in


    /md5start
    USBHID.sys
    mouclass.sys
    kbdhid.sys
    IdeChnDr.sys
    usbstor.sys
    kbdmouse.dll
    i8042prt.*
    kbdclass.sys
    sermouse.*
    /md5stop


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time


Note: in the event that OTL fails to run, please use alternate download links to try again:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by dmn3331 on Thu 21 Jul 2011, 2:26 pm

ok, so i exited out of the windows recovery console, and booted up with the reatogo disk...once again, i couldn't run the plain otl...i got the same error message as before: unable to locate component...application failed to start because framdyn.dll was not found ). So I opened otlpe, then pasted in the code, ran otlpe (run scan), and here's the output:

OTL logfile created on: 7/21/2011 3:19:38 AM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 100.89 Gb Free Space | 69.90% Space Free | Partition Type: NTFS
Drive J: | 7.45 Gb Total Space | 5.34 Gb Free Space | 71.69% Space Free | Partition Type: FAT32
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - [2011/05/14 02:57:53 | 000,251,216 | -H-- | M] (CA, Inc.) [On_Demand] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2011/05/14 02:57:53 | 000,206,160 | -H-- | M] (Computer Associates International, Inc.) [Auto] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2011/03/11 01:36:10 | 000,724,152 | -H-- | M] (iolo technologies, LLC) [Auto] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/03/11 01:36:10 | 000,724,152 | -H-- | M] (iolo technologies, LLC) [Auto] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2010/08/23 21:21:40 | 000,013,672 | -H-- | M] (Intuit Inc.) [Disabled] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 12:19:26 | 000,113,152 | -H-- | M] (ArcSoft Inc.) [Disabled] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/09 16:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) [Disabled] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/13 20:12:22 | 000,015,360 | -H-- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | -H-- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 20:12:22 | 000,015,360 | -H-- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/03/07 15:47:46 | 000,076,848 | -H-- | M] () [On_Demand] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 17:38:08 | 000,024,652 | -H-- | M] (Viewpoint Corporation) [Auto] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- -- (PLCMPR5)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | System] -- -- (Beep)
DRV - [2010/09/24 11:16:18 | 000,146,000 | -H-- | M] (CA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\KmxCF.sys -- (KmxCF)
DRV - [2010/09/24 11:16:18 | 000,115,792 | -H-- | M] (CA) [Kernel | System] -- C:\WINDOWS\system32\drivers\KmxFw.sys -- (KmxFw)
DRV - [2010/09/24 11:16:18 | 000,061,008 | -H-- | M] (CA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\KmxSbx.sys -- (KmxSbx)
DRV - [2010/09/24 11:16:18 | 000,061,008 | -H-- | M] (CA) [File_System | System] -- C:\WINDOWS\system32\drivers\KmxFile.sys -- (KmxFile)
DRV - [2010/09/17 12:21:00 | 000,135,248 | -H-- | M] (CA) [File_System | Boot] -- C:\WINDOWS\system32\drivers\KmxAMRT.sys -- (KmxAMRT)
DRV - [2010/06/09 06:54:38 | 000,244,304 | -H-- | M] (CA) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2010/05/03 02:12:02 | 000,108,112 | -H-- | M] (CA) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\KmxStart.sys -- (KmxStart)
DRV - [2010/03/22 13:58:42 | 000,079,864 | -H-- | M] (CA) [File_System | System] -- C:\WINDOWS\system32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2009/11/19 15:33:20 | 000,051,200 | -H-- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/10/14 10:59:38 | 000,022,696 | -H-- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2009/03/27 15:27:04 | 000,598,656 | -H-- | M] (Computer Associates International, Inc.) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\KmxAMVet.sys -- (KmxAMVet)
DRV - [2008/04/13 14:41:01 | 000,052,352 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2007/12/20 07:32:10 | 000,016,694 | -H-- | M] (PalmSource, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/11/06 14:22:00 | 000,036,224 | -H-- | M] (ArcSoft Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\ArcCD.sys -- (ArcCD)
DRV - [2007/07/30 21:59:14 | 000,017,280 | -H-- | M] (Intellon, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\PLCNDIS5.SYS -- (PLCNDIS5)
DRV - [2007/04/25 09:55:02 | 000,134,912 | -H-- | M] (ArcSoft Inc.) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\ArcUdfs.sys -- (ArcUdfs)
DRV - [2007/04/24 12:33:50 | 000,007,680 | -H-- | M] (ArcSoft Inc.) [Recognizer | System] -- C:\WINDOWS\System32\drivers\ArcRec.sys -- (ArcRec)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/10 16:05:00 | 000,018,688 | -H-- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/10/05 16:07:28 | 000,004,736 | -H-- | M] (Gteko Ltd.) [Kernel | On_Demand] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/06/14 23:40:08 | 000,180,864 | -H-- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2004/06/16 04:52:40 | 000,061,157 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/24 11:12:44 | 000,004,272 | -H-- | M] () [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2004/03/08 12:55:50 | 000,013,567 | -H-- | M] (B.H.A Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2004/03/06 05:15:34 | 000,647,929 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 05:14:42 | 001,233,525 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 05:13:38 | 000,037,048 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/12/17 15:30:46 | 000,017,005 | -H-- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2003/09/19 16:47:24 | 000,010,368 | -H-- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/03/27 16:12:36 | 000,015,360 | RH-- | M] (CEntrance, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ceusbaud.sys -- (CEUSBAUD)
DRV - [2002/06/24 10:00:00 | 000,053,412 | -H-- | M] (GEAR Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\GEARASPISYS.SYS -- (GearAspiSys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\DIANE_BLUMENFIELD_ON_C\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - Reg Error: Key error. File not found
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\DIANE_BLUMENFIELD_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\Jesse_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\Nikko_ON_C\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - Reg Error: Key error. File not found
IE - HKU\Nikko_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKU\PAUL_NEWMAN_ON_C\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\PAUL_NEWMAN_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


FF - HKLM\software\mozilla\Firefox\Extensions\\caaphishtoolbar@ca.com: C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\Firefox [2011/05/16 05:30:57 | 000,000,000 | -H-D | M]


O1 HOSTS File: ([2011/07/12 20:16:21 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CA Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O2 - BHO: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\DIANE_BLUMENFIELD_ON_C\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKU\DIANE_BLUMENFIELD_ON_C\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\DIANE_BLUMENFIELD_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\Jesse_ON_C\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKU\Jesse_ON_C\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Nikko_ON_C\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKU\Nikko_ON_C\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\PAUL_NEWMAN_ON_C\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKU\PAUL_NEWMAN_ON_C\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
O4 - HKLM..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKU\Administrator_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Jesse_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Jesse_ON_C..\Run: [swg] File not found
O4 - HKU\Nikko_ON_C..\Run: [AIM] File not found
O4 - HKU\Nikko_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Nikko_ON_C..\Run: [swg] File not found
O4 - HKU\PAUL_NEWMAN_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\kasperskysetup_9.0.0.722_27.05.2011_16-20.lnk = C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool1\kasperskysetup_9.0.0.722_27.05.2011_16-20\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\DIANE_BLUMENFIELD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Jesse_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Nikko_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PAUL_NEWMAN_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (UmxSbxExw.dll) - C:\WINDOWS\System32\UmxSbxExw.dll (CA)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\System32\UmxWNP.dll (CA)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/06 19:12:07 | 000,000,050 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:42 | 000,000,053 | ---- | M] () - J:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck smrgdf C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\iolo\) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/17 09:11:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/12 18:49:15 | 002,234,368 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/07/12 18:41:52 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\OTL.com
[2011/06/25 01:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware2
[2011/06/25 01:21:08 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2008/07/27 20:21:51 | 000,726,008 | -H-- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\DIANE BLUMENFIELD\gotomypc_437.exe
[1 C:\Documents and Settings\Nikko\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Nikko\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/17 09:11:44 | 000,000,280 | RHS- | M] () -- C:\boot.ini
[2011/07/13 19:58:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/13 19:57:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F1A35984-F22F-4BA0-BA99-E6E9D8122569}.job
[2011/07/13 19:56:22 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/13 19:56:15 | 3479,326,720 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/13 19:43:00 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{076D2C88-0114-4736-B794-BBF9AE1663D4}.job
[2011/07/12 16:39:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\OTL.com
[2011/06/25 01:38:33 | 000,000,542 | ---- | M] () -- C:\Malwarebytes' Anti-Malware.lnk
[1 C:\Documents and Settings\Nikko\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Nikko\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/17 09:11:43 | 000,000,209 | -HS- | C] () -- C:\BOOT.BAK
[2011/07/17 09:11:40 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/10 18:47:55 | 3479,326,720 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/25 01:41:14 | 000,000,542 | ---- | C] () -- C:\Malwarebytes' Anti-Malware.lnk
[2011/05/25 08:17:43 | 000,000,400 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\22404900
[2011/01/30 12:52:49 | 000,300,848 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/21 06:36:09 | 000,000,035 | -H-- | C] () -- C:\WINDOWS\A5W.INI
[2011/01/21 06:35:10 | 000,000,183 | -H-- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/09/03 15:51:48 | 000,074,703 | -H-- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/07/31 12:47:03 | 000,005,636 | -H-- | C] () -- C:\WINDOWS\DNAPrinters.ini
[2010/06/05 07:19:48 | 000,004,272 | -H-- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2010/01/09 12:10:10 | 000,115,660 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/08 21:39:13 | 000,000,246 | -H-- | C] () -- C:\WINDOWS\dellstat.ini
[2009/07/08 19:57:22 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Launch Internet Explorer Browser.lnk
[2009/07/08 19:44:19 | 000,021,791 | -H-- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/07/08 19:44:19 | 000,001,037 | -H-- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/07/08 19:43:23 | 000,038,576 | -H-- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/07/08 19:43:23 | 000,010,225 | -H-- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/07/08 19:43:22 | 000,011,435 | -H-- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/05/19 20:31:59 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\dlbkvs.dll
[2009/05/19 20:31:20 | 000,000,255 | -H-- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini
[2008/11/13 23:06:43 | 000,108,712 | -H-- | C] () -- C:\WINDOWS\TrueInstall.exe
[2008/11/12 19:59:17 | 000,000,118 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/05/12 20:29:27 | 000,091,648 | -H-- | C] () -- C:\WINDOWS\gzip.exe
[2008/04/06 19:09:11 | 000,003,654 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/02/06 19:36:57 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/12/25 23:25:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\QUICKI~1.INI
[2007/12/25 23:15:52 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2007/11/25 21:02:49 | 000,000,085 | -H-- | C] () -- C:\WINDOWS\QTW.INI
[2007/11/06 20:57:57 | 000,215,144 | RH-- | C] () -- C:\WINDOWS\patchw32.dll
[2007/11/06 20:57:03 | 000,215,144 | RH-- | C] () -- C:\WINDOWS\pw32a.dll
[2007/10/29 15:25:47 | 000,001,214 | -H-- | C] () -- C:\WINDOWS\checkip.dat
[2007/10/21 01:21:07 | 000,000,022 | -H-- | C] () -- C:\WINDOWS\kodakpcd.PAUL NEWMAN.ini
[2007/09/23 17:37:57 | 000,000,299 | -H-- | C] () -- C:\WINDOWS\EReg184.dat
[2007/02/04 22:34:15 | 000,029,696 | -H-- | C] () -- C:\Documents and Settings\PAUL NEWMAN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/01 17:52:34 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Nikko\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/14 16:04:00 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/07 23:03:36 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\REWCACHE.DAT
[2006/10/07 07:57:55 | 000,000,002 | -H-- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/28 23:42:17 | 000,001,759 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/23 17:24:24 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\PFP120JPR.{PB
[2006/04/23 17:24:24 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\PFP120JCM.{PB
[2006/03/25 14:38:41 | 000,000,021 | -H-- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2006/03/25 14:18:48 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/12/12 22:26:38 | 000,000,014 | -H-- | C] () -- C:\WINDOWS\popcinfo.dat
[2005/12/09 17:07:45 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/28 23:58:11 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\066CD7E7C2.sys
[2005/11/28 23:58:10 | 000,004,184 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/11/19 09:17:08 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Nikko\Application Data\PFP120JPR.{PB
[2005/11/19 09:17:08 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Nikko\Application Data\PFP120JCM.{PB
[2005/11/09 23:25:38 | 000,061,678 | -H-- | C] () -- C:\Documents and Settings\PAUL NEWMAN\Application Data\PFP120JPR.{PB
[2005/11/09 23:25:38 | 000,012,358 | -H-- | C] () -- C:\Documents and Settings\PAUL NEWMAN\Application Data\PFP120JCM.{PB
[2005/11/06 14:39:06 | 000,000,116 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/11/05 17:06:06 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\Jesse\Local Settings\Application Data\fusioncache.dat
[2005/11/05 16:50:36 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Nikko\Local Settings\Application Data\fusioncache.dat
[2005/10/31 22:13:04 | 000,000,134 | -H-- | C] () -- C:\Documents and Settings\PAUL NEWMAN\Local Settings\Application Data\fusioncache.dat
[2005/10/29 16:32:57 | 000,032,768 | -H-- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2005/10/29 16:15:27 | 000,007,680 | -H-- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2005/10/29 15:14:48 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/10/29 14:50:42 | 000,006,550 | -H-- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/10/29 14:47:13 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Local Settings\Application Data\fusioncache.dat
[2005/10/23 10:48:13 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/23 10:45:41 | 000,149,504 | -H-- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/10/23 10:39:58 | 000,000,860 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/23 10:37:38 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2005/10/23 10:12:14 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/10/23 10:11:52 | 000,000,392 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/05 15:01:54 | 000,239,104 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/09 18:04:54 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/19 17:20:39 | 000,000,908 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 17:16:24 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2004/08/19 17:12:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/19 17:03:04 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 17:01:43 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/19 16:57:50 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 16:57:07 | 000,490,680 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 16:49:58 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys
[2004/08/19 16:49:51 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/19 16:49:47 | 000,491,160 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/19 16:49:47 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/19 16:49:47 | 000,088,640 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/19 16:49:47 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/19 16:49:47 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/19 16:49:44 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/19 16:49:43 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/19 16:49:38 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/19 16:49:38 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/19 16:49:30 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/19 16:49:22 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/05/31 20:43:38 | 000,005,632 | -H-- | C] () -- C:\WINDOWS\TrueProcess.exe
[1999/01/22 14:46:58 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 04:00:00 | 000,040,448 | -H-- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2009/03/17 22:44:17 | 000,000,000 | -H-D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SACore
[2005/12/01 19:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Aim
[2010/11/01 18:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\CallingID
[2010/10/30 11:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\CBS Interactive
[2011/05/15 07:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\dtband
[2010/11/03 16:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Free Upload Manager
[2010/06/05 19:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\GARMIN
[2007/12/20 07:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\HotSync
[2011/01/24 07:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\iolo
[2005/11/27 19:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Leadertech
[2011/05/15 08:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\MP3Rocket
[2010/10/30 11:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\OpenCandy
[2008/12/20 17:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Softouch
[2011/05/15 07:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\somototoolbar
[2010/10/30 14:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Spyware Terminator
[2007/02/15 09:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Viewpoint
[2007/07/15 21:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\WildTangent
[2008/05/12 22:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Yapta
[2010/10/27 18:27:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\CallingID
[2011/05/19 18:12:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\dtband
[2010/06/30 13:36:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\FCTB000062125
[2009/03/07 08:44:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\GOODSEARCH
[2007/12/25 16:14:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\HotSync
[2010/09/13 07:02:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\iolo
[2008/01/25 08:24:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\Leadertech
[2011/05/19 18:13:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\somototoolbar
[2010/12/27 21:00:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\Sony
[2008/05/22 06:53:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jesse\Application Data\Yapta
[2010/09/03 15:53:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2009/07/07 22:37:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2005/11/05 17:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\Aim
[2006/10/29 17:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\Cakewalk
[2010/10/30 16:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\CallingID
[2011/05/21 08:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\dtband
[2010/06/28 12:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\FCTB000062125
[2008/12/31 19:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\GOODSEARCH
[2007/12/21 15:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\HotSync
[2010/12/13 08:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\iolo
[2011/05/21 08:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\somototoolbar
[2010/10/30 16:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\Spyware Terminator
[2007/02/02 21:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\Viewpoint
[2008/05/13 15:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nikko\Application Data\Yapta
[2005/11/19 16:20:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Aim
[2006/10/24 16:54:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Cakewalk
[2010/11/01 14:31:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\CallingID
[2011/05/16 19:35:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\dtband
[2010/06/25 18:44:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\FCTB000062125
[2009/03/23 22:41:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\GARMIN
[2010/09/11 21:34:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\GOODSEARCH
[2007/12/20 23:45:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\HotSync
[2010/11/25 07:51:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\iolo
[2007/12/25 23:08:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Leadertech
[2008/07/08 01:02:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Ludia
[2009/07/08 20:51:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\MSNInstaller
[2010/12/10 14:27:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\QuickVerse10
[2011/02/25 09:47:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Raintree
[2011/05/16 19:36:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\somototoolbar
[2010/12/27 21:50:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Sony
[2007/01/17 00:12:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Viewpoint
[2006/06/20 23:47:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\WildTangent
[2009/03/06 10:33:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\PAUL NEWMAN\Application Data\Yapta
[2010/11/01 18:07:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/07/25 19:36:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2011/05/27 23:18:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/03/23 23:06:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2007/12/20 07:33:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2011/05/26 22:31:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/07/08 01:02:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2010/02/27 00:53:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2011/05/27 23:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/11/01 15:13:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/05/13 22:03:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/12/20 17:54:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Softouch
[2008/02/03 02:42:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/05/13 22:04:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2007/04/14 14:13:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/06/20 23:47:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/02/29 00:36:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WORDsearch
[2007/06/16 19:08:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\wsc
[2009/03/14 09:29:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2007/06/16 19:08:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{10659AF2-4F35-499C-A058-D29D27AEE138}
[2010/04/08 18:07:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/06 22:08:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/16 17:36:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/04/14 22:00:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/05/30 18:01:00 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/07/13 19:43:00 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{076D2C88-0114-4736-B794-BBF9AE1663D4}.job
[2011/07/13 19:57:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F1A35984-F22F-4BA0-BA99-E6E9D8122569}.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: I8042PRT.SY_ >
[2004/08/10 07:00:00 | 000,026,025 | R--- | M] () MD5=819D427AB9DBE6AC2960A585087CB766 -- C:\cmdcons\i8042prt.sy_

< MD5 for: I8042PRT.SYS >
[2008/04/13 15:18:00 | 000,052,480 | -H-- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINDOWS\ServicePackFiles\i386\i8042prt.sys
[2008/04/13 15:18:00 | 000,052,480 | -H-- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2004/08/10 06:00:00 | 000,052,736 | -H-- | M] (Microsoft Corporation) MD5=5502B58EEF7486EE6F93F3F164DCB808 -- C:\i386\i8042prt.sys
[2004/08/10 06:00:00 | 000,052,736 | -H-- | M] (Microsoft Corporation) MD5=5502B58EEF7486EE6F93F3F164DCB808 -- C:\WINDOWS\$NtServicePackUninstall$\i8042prt.sys

< MD5 for: KBDCLASS.SYS >
[2004/08/10 06:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\i386\sp2.cab:kbdclass.sys
[2004/08/10 06:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:kbdclass.sys
[2008/07/24 20:05:43 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:kbdclass.sys
[2008/07/24 20:05:43 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:kbdclass.sys
[2008/04/13 14:39:47 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=463C1EC80CD17420A542B7F36A36F128 -- C:\WINDOWS\ServicePackFiles\i386\kbdclass.sys
[2008/04/13 14:39:47 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=463C1EC80CD17420A542B7F36A36F128 -- C:\WINDOWS\system32\drivers\kbdclass.sys
[2004/08/03 23:58:34 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=EBDEE8A2EE5393890A1ACEE971C4C246 -- C:\i386\kbdclass.sys
[2004/08/03 23:58:34 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=EBDEE8A2EE5393890A1ACEE971C4C246 -- C:\WINDOWS\$NtServicePackUninstall$\kbdclass.sys

< MD5 for: KBDHID.SYS >
[2004/08/10 06:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\i386\sp2.cab:kbdhid.sys
[2004/08/10 06:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:kbdhid.sys
[2008/07/24 20:05:43 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:kbdhid.sys
[2008/07/24 20:05:43 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:kbdhid.sys
[2008/04/13 14:39:48 | 000,014,592 | -H-- | M] (Microsoft Corporation) MD5=9EF487A186DEA361AA06913A75B3FA99 -- C:\WINDOWS\ServicePackFiles\i386\kbdhid.sys
[2008/04/13 14:39:48 | 000,014,592 | -H-- | M] (Microsoft Corporation) MD5=9EF487A186DEA361AA06913A75B3FA99 -- C:\WINDOWS\system32\drivers\kbdhid.sys
[2004/08/03 23:58:36 | 000,014,848 | -H-- | M] (Microsoft Corporation) MD5=E182FA8E49E8EE41B4ADC53093F3C7E6 -- C:\i386\kbdhid.sys
[2004/08/03 23:58:36 | 000,014,848 | -H-- | M] (Microsoft Corporation) MD5=E182FA8E49E8EE41B4ADC53093F3C7E6 -- C:\WINDOWS\$NtServicePackUninstall$\kbdhid.sys

< MD5 for: MOUCLASS.SYS >
[2004/08/10 06:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\i386\sp2.cab:mouclass.sys
[2004/08/10 06:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:mouclass.sys
[2008/07/24 20:05:43 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:mouclass.sys
[2008/07/24 20:05:43 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:mouclass.sys
[2004/08/03 23:58:34 | 000,023,040 | -H-- | M] (Microsoft Corporation) MD5=34E1F0031153E491910E12551400192C -- C:\i386\mouclass.sys
[2004/08/03 23:58:34 | 000,023,040 | -H-- | M] (Microsoft Corporation) MD5=34E1F0031153E491910E12551400192C -- C:\WINDOWS\$NtServicePackUninstall$\mouclass.sys
[2008/04/13 14:39:47 | 000,023,040 | -H-- | M] (Microsoft Corporation) MD5=35C9E97194C8CFB8430125F8DBC34D04 -- C:\WINDOWS\ServicePackFiles\i386\mouclass.sys
[2008/04/13 14:39:47 | 000,023,040 | -H-- | M] (Microsoft Corporation) MD5=35C9E97194C8CFB8430125F8DBC34D04 -- C:\WINDOWS\system32\drivers\mouclass.sys

< MD5 for: USBSTOR.SYS >
[2004/08/10 06:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\i386\sp2.cab:usbstor.sys
[2004/08/10 06:00:00 | 016,971,599 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/07/24 20:05:43 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/07/24 20:05:43 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 00:08:48 | 000,026,496 | -H-- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\i386\USBSTOR.SYS
[2004/08/04 00:08:48 | 000,026,496 | -H-- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | -H-- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | -H-- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\Book_Worm-Setup.exe:SummaryInformation
< End of report >


Note, this was the only output file

dmn3331

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2011-05-31
Operating System : windows xp service pack 3

View user profile

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by Sneakyone on Fri 22 Jul 2011, 3:53 pm

Hi,

Could you please download one of these boot-environements and burn it to a CD and run it?

Kaspersky Rescue Environment: [You must be registered and logged in to see this link.]
F-Secure Linux Environment: [You must be registered and logged in to see this link.]
SUPERAntiSpyware Portable: [You must be registered and logged in to see this link.]

I completely missed something.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by dmn3331 on Sat 23 Jul 2011, 1:15 pm

ok, not going well....first of all, i left my desktop on overnight, with the c drive open...this morning there was a popup asking me to buy "window blinds 4"...don't know where that came from...tried to put the kaspersky on a cd and on a thumb drive and transfer to the desktop, but it wouldn't run. Then I downloaded the SUPERAntiSpyware Portable, tried to run it...and got this blue screen on the desktop..."a problem has been detected and windows has been shut down to prevent damage to your computer. if this is the first time you've seen this stop error screen, restart your computer..blah blah blah...so i restarted several times and tried to run the program again (i even went to the support tab from the website from SUPERAntiSpyware Portable and tried the different methods with the sas.exe and then the saferun or whatever it was called...still got the same blue screen...btw, i tried to run the program from the reatogo desktop, and also from inside the drive where the thumb drive was plugged in, and also from inside the c drive...got the same blue screen each time

dmn3331

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2011-05-31
Operating System : windows xp service pack 3

View user profile

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by Sneakyone on Sat 23 Jul 2011, 1:40 pm

Alright, let me call for assistance again.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by Sneakyone on Tue 26 Jul 2011, 8:10 am

  • Kaspersky RescueDisk
    If you encounter problems running the RescueDisk, you can get further assistance at the Kaspersky Support Forum.
If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by dmn3331 on Fri 29 Jul 2011, 12:43 pm

hi again,
Great news! While i was waiting for your last reply, i somehow was able to reload windows from the installation disk....and then the cursor/keyboard started to work!! Since then there have been numerous windows updates that I've had to download, and dell updates as well. I am still in the process of downloading/running all of these, but when they are finished, I thought I should rerun the otl and other programs that are mentioned as what to do first...and then post the outputs....just to see if there is stilll anything amiss. Is that what you would recommend?

dmn3331

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2011-05-31
Operating System : windows xp service pack 3

View user profile

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by Sneakyone on Fri 29 Jul 2011, 4:33 pm

Yes, please run OTL, ComboFix, Malwarebytes, and aswMBR and post those logs here.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by dmn3331 on Mon 01 Aug 2011, 1:07 pm

ok, here we go:

attched is aswmbr.txt

here is otl.txt:(part 1)
OTL logfile created on: 7/31/2011 9:08:54 PM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\DIANE BLUMENFIELD\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.69 Gb Available Physical Memory | 82.99% Memory free
5.08 Gb Paging File | 4.61 Gb Available in Paging File | 90.77% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 93.99 Gb Free Space | 65.12% Space Free | Partition Type: NTFS

Computer Name: DESKTOP | User Name: DIANE BLUMENFIELD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/24 20:54:58 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/07/19 15:40:10 | 000,722,616 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/05 11:06:04 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\OTL.exe
PRC - [2011/04/21 07:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/07/20 10:09:40 | 000,080,384 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe
PRC - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/03/22 17:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (SafeList) ==========

MOD - [2011/06/05 11:06:04 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 20:11:58 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll
MOD - [2008/04/13 20:11:48 | 001,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\acgenral.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/24 20:54:58 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/07/19 15:40:10 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2011/07/24 20:55:00 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/24 20:55:00 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/11/19 15:33:20 | 000,051,200 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/10/14 10:59:38 | 000,022,696 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2007/12/20 07:32:10 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/11/06 14:22:00 | 000,036,224 | ---- | M] (ArcSoft Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ArcCD.sys -- (ArcCD)
DRV - [2007/07/30 21:59:14 | 000,017,280 | ---- | M] (Intellon, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PLCNDIS5.SYS -- (PLCNDIS5)
DRV - [2007/04/25 09:55:02 | 000,134,912 | ---- | M] (ArcSoft Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ArcUdfs.sys -- (ArcUdfs)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/03/01 20:30:54 | 000,618,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/05/06 14:42:26 | 001,339,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2005/05/06 14:40:50 | 000,047,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2005/05/06 14:40:20 | 000,036,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2004/03/24 11:12:44 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/12/17 15:30:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2003/09/19 16:47:24 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/03/27 16:12:36 | 000,015,360 | R--- | M] (CEntrance, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ceusbaud.sys -- (CEUSBAUD)
DRV - [2002/06/24 10:00:00 | 000,053,412 | ---- | M] (GEAR Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\GEARASPISYS.SYS -- (GearAspiSys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2011/07/24 23:29:38 | 000,000,352 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.130 167.206.245.129
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\DIANE BLUMENFIELD\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DIANE BLUMENFIELD\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/06 19:12:07 | 000,000,050 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{26c62dc4-8f53-11dd-80eb-00123fa87022}\Shell\AutoRun\command - "" = AUTORUN.EXE
O33 - MountPoints2\{66c15dd2-65c7-11df-8363-00123fa87022}\Shell\AutoRun\command - "" = K:\MI.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: ioloSystemService - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: ioloSystemService - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {0430454D-47EA-11D6-AD58-00010333D0AD} - Yahoo! Import WAB
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings Update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - WXcom Class
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8FD9D712-A285-4834-9F46-705AD5146A6B} - NoIETour
ActiveX: {924C1588-90C3-4910-B6CA-D57A1C0418FE} - YbUploadFavsCtl Class
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave9 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (73197104696131584)

========== Files/Folders - Created Within 30 Days ==========

[2011/07/31 21:08:08 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\OTL.exe
[2011/07/31 16:37:50 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2011/07/28 21:56:57 | 000,061,440 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_v4543.dll
[2011/07/28 21:56:00 | 000,000,000 | ---D | C] -- C:\drvrtmp
[2011/07/28 08:27:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DIANE BLUMENFIELD\Start Menu\Programs\Dell Inc
[2011/07/28 08:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DIANE BLUMENFIELD\Local Settings\Application Data\Deployment
[2011/07/27 08:33:55 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/07/27 08:33:43 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/07/27 08:33:23 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/07/27 08:32:52 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/07/27 08:31:35 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/07/27 06:42:51 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\aswMBR.exe
[2011/07/27 06:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Avira
[2011/07/26 22:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MX870 series
[2011/07/26 22:52:06 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2011/07/26 22:51:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/07/26 22:51:32 | 000,277,504 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLMA7.DLL
[2011/07/26 20:16:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/07/26 19:52:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/07/25 06:26:47 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011/07/25 06:26:06 | 011,081,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011/07/25 06:26:06 | 001,991,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/07/25 06:26:06 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/07/25 06:26:06 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/07/25 06:26:06 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/07/25 05:56:52 | 002,083,464 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\Incinerator32.dll
[2011/07/24 22:22:42 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2011/07/24 22:22:42 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2011/07/24 22:22:17 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2011/07/24 22:05:16 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011/07/24 22:05:16 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2011/07/24 22:05:15 | 002,192,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/07/24 22:05:14 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011/07/24 22:03:55 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2011/07/24 22:03:52 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2011/07/24 22:03:52 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2011/07/24 22:03:44 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2011/07/24 22:03:29 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/07/24 22:03:28 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011/07/24 22:01:56 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2011/07/24 22:00:24 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2011/07/24 21:58:37 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2011/07/24 20:52:28 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmSE.DLL
[2011/07/24 20:52:28 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmRU.DLL
[2011/07/24 20:52:28 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmPT.DLL
[2011/07/24 20:52:28 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmPL.DLL
[2011/07/24 20:52:28 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmNL.DLL
[2011/07/24 20:52:28 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmID.DLL
[2011/07/24 20:52:28 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmGR.DLL
[2011/07/24 20:52:28 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmFI.DLL
[2011/07/24 20:52:28 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmTR.DLL
[2011/07/24 20:52:28 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmTH.DLL
[2011/07/24 20:52:28 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmNO.DLL
[2011/07/24 20:52:28 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmKR.DLL
[2011/07/24 20:52:28 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmHU.DLL
[2011/07/24 20:52:28 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmDK.DLL
[2011/07/24 20:52:28 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmCZ.DLL
[2011/07/24 20:52:28 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmAR.DLL
[2011/07/24 20:52:28 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmTW.DLL
[2011/07/24 20:52:28 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmCN.DLL
[2011/07/24 20:52:27 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmIT.DLL
[2011/07/24 20:52:27 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmFR.DLL
[2011/07/24 20:52:27 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmES.DLL
[2011/07/24 20:52:27 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmDE.DLL
[2011/07/24 20:52:27 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmUS.DLL
[2011/07/24 20:52:27 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLmJP.DLL
[2011/07/24 20:52:26 | 000,296,960 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCF2Lm.DLL
[2011/07/24 20:52:26 | 000,168,448 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFMSm.EXE
[2011/07/24 20:50:44 | 000,354,816 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMNPPM.DLL
[2011/07/24 20:50:44 | 000,137,216 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMNPUI.DLL
[2011/07/24 20:50:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\STRING
[2011/07/24 20:50:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CHM
[2011/07/24 19:27:53 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wiafbdrv.dll
[2011/07/24 19:27:53 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2011/07/24 18:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/07/24 18:00:46 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/07/24 18:00:40 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/07/24 18:00:40 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/07/24 18:00:40 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/07/24 18:00:40 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/07/24 18:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/07/24 18:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/07/24 16:42:33 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/24 16:20:07 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresja.dll
[2011/07/24 16:20:07 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresko.dll
[2011/07/24 16:20:06 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresfr.dll
[2011/07/24 16:20:05 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresde.dll
[2011/07/24 16:19:53 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehreschs.dll
[2011/07/24 16:19:34 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2011/07/24 16:19:23 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2011/07/24 16:19:23 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2011/07/24 16:19:19 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2011/07/24 16:19:09 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2011/07/24 16:19:06 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2011/07/24 16:19:06 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2011/07/24 16:19:05 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2011/07/24 16:19:05 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2011/07/24 16:19:04 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2011/07/24 16:19:03 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2011/07/24 16:19:02 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2011/07/24 16:19:02 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2011/07/24 16:18:54 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2011/07/24 16:18:48 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2011/07/24 16:18:47 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2011/07/24 16:18:47 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2011/07/24 16:18:47 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2011/07/24 16:18:47 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2011/07/24 16:18:46 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2011/07/24 16:18:46 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2011/07/24 16:18:46 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2011/07/24 16:18:45 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2011/07/24 16:18:45 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2011/07/24 16:18:45 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2011/07/24 16:18:45 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2011/07/24 16:18:44 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2011/07/24 16:18:43 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2011/07/24 16:18:34 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/07/24 16:18:33 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/07/24 16:18:28 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2011/07/24 16:18:24 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2011/07/24 16:18:23 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2011/07/24 16:18:18 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2011/07/24 16:18:18 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2011/07/24 16:18:17 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2011/07/24 16:18:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2011/07/24 16:18:16 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2011/07/24 16:18:16 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2011/07/24 16:18:02 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2011/07/24 16:17:34 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2011/07/24 16:17:34 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2011/07/24 16:17:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2011/07/24 16:17:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2011/07/24 16:17:23 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2011/07/24 16:17:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2011/07/24 16:17:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2011/07/24 16:17:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2011/07/24 16:17:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2011/07/24 16:17:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2011/07/24 16:17:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2011/07/24 16:17:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2011/07/24 16:17:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2011/07/24 16:17:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2011/07/24 16:17:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2011/07/24 16:17:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2011/07/24 16:17:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2011/07/24 16:17:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2011/07/24 16:17:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2011/07/24 16:17:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2011/07/24 16:17:15 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2011/07/24 16:17:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2011/07/24 16:17:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2011/07/24 16:17:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2011/07/24 16:17:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2011/07/24 16:17:12 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2011/07/24 16:17:12 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2011/07/24 16:17:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2011/07/24 16:17:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2011/07/24 16:17:10 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2011/07/24 16:16:50 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2011/07/24 16:16:39 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2011/07/24 16:16:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2011/07/24 16:16:36 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2011/07/24 16:16:33 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2011/07/24 16:16:32 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2011/07/24 16:16:32 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2011/07/24 16:16:32 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2011/07/24 16:16:12 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2011/07/24 16:16:07 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2011/07/24 16:16:06 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2011/07/24 16:16:06 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2011/07/24 16:16:05 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2011/07/24 16:16:04 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2011/07/24 16:16:03 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2011/07/24 16:16:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2011/07/24 16:16:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2011/07/24 16:16:02 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2011/07/24 16:16:00 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/07/24 16:15:59 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2011/07/24 16:15:22 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2011/07/24 16:15:21 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2011/07/24 16:15:17 | 000,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2011/07/24 16:07:11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2011/07/24 15:26:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2011/07/24 15:26:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2011/07/24 15:26:53 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2011/07/24 15:26:53 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2011/07/24 00:58:15 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2011/07/23 12:54:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\dell
[2011/07/23 08:04:25 | 009,954,344 | ---- | C] (SUPERAntiSpyware.com) -- C:\SAS_PRO.EXE
[2011/07/23 08:04:25 | 009,953,832 | ---- | C] (SUPERAntiSpyware.com) -- C:\SAS_FREE.EXE
[2011/07/17 09:11:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/12 18:49:15 | 002,234,368 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/07/12 18:41:52 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\OTL.com
[22 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/31 21:12:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F1A35984-F22F-4BA0-BA99-E6E9D8122569}.job
[2011/07/31 21:01:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/07/31 20:50:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/31 20:49:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/31 20:49:46 | 3479,326,720 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/31 16:41:31 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{076D2C88-0114-4736-B794-BBF9AE1663D4}.job
[2011/07/28 21:57:39 | 000,491,474 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/28 21:57:39 | 000,088,762 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/28 21:55:46 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\DELL_XPS_Dell DM051 .MRK
[2011/07/28 21:55:46 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\1028_DELL_XPS_Dell DM051 .MRK
[2011/07/28 08:32:34 | 000,490,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/27 22:35:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/27 06:43:56 | 000,879,225 | ---- | M] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\SecurityCheck.exe
[2011/07/27 06:42:52 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\aswMBR.exe
[2011/07/26 20:19:28 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/07/25 07:30:27 | 000,000,900 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2011/07/25 06:45:58 | 000,958,972 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2011/07/25 06:22:34 | 000,000,104 | ---- | M] () -- C:\Microsoft Outlook (2).lnk
[2011/07/25 06:22:24 | 000,000,104 | ---- | M] () -- C:\Microsoft Outlook.lnk
[2011/07/24 20:55:00 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/07/24 20:55:00 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/07/24 17:53:58 | 000,459,696 | ---- | M] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\sm_dm.exe
[2011/07/24 17:52:30 | 056,039,816 | ---- | M] () -- C:\avira_antivir_personal_en.exe
[2011/07/24 16:42:38 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/24 16:24:55 | 000,000,264 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/07/24 16:13:36 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/07/24 16:13:36 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/07/24 16:13:23 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/24 16:08:35 | 000,036,992 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/24 16:08:07 | 000,001,066 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/07/24 16:05:57 | 000,000,280 | -HS- | M] () -- C:\boot.ini
[2011/07/24 15:31:12 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2011/07/22 22:00:54 | 016,127,536 | ---- | M] () -- C:\SASSAFERUN.COM
[2011/07/22 21:59:36 | 009,954,344 | ---- | M] (SUPERAntiSpyware.com) -- C:\SAS_PRO.EXE
[2011/07/22 21:59:08 | 009,953,832 | ---- | M] (SUPERAntiSpyware.com) -- C:\SAS_FREE.EXE
[2011/07/22 21:58:28 | 000,299,008 | ---- | M] () -- C:\RUNSAS.EXE
[2011/07/22 19:38:54 | 016,096,200 | ---- | M] () -- C:\SAS_857009.COM
[2011/07/19 16:25:32 | 000,011,776 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\smrgdf.exe
[2011/07/19 16:25:22 | 000,029,696 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\iolobtdfg.exe
[2011/07/19 15:42:44 | 002,083,464 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\Incinerator32.dll
[2011/07/12 16:39:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\OTL.com
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[22 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/28 21:56:42 | 000,001,902 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
[2011/07/28 21:55:46 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\DELL_XPS_Dell DM051 .MRK
[2011/07/28 21:55:46 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\1028_DELL_XPS_Dell DM051 .MRK
[2011/07/28 09:10:31 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2011/07/27 06:43:55 | 000,879,225 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\SecurityCheck.exe
[2011/07/25 06:22:34 | 000,000,104 | ---- | C] () -- C:\Microsoft Outlook (2).lnk
[2011/07/25 06:22:24 | 000,000,104 | ---- | C] () -- C:\Microsoft Outlook.lnk
[2011/07/24 17:57:48 | 056,039,816 | ---- | C] () -- C:\avira_antivir_personal_en.exe
[2011/07/24 17:57:45 | 000,459,696 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\sm_dm.exe
[2011/07/24 16:26:35 | 3479,326,720 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/24 16:17:04 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/07/24 16:16:05 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/07/24 15:26:24 | 000,077,881 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plus.cat
[2011/07/24 15:26:23 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/07/24 15:26:23 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/07/24 15:26:23 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/07/24 15:26:23 | 000,017,916 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sonic.cat
[2011/07/24 15:26:23 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/07/24 15:26:23 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/07/24 15:26:23 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/07/24 15:26:22 | 000,106,147 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/07/24 00:58:34 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/07/24 00:47:09 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/07/23 17:11:49 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/07/23 08:04:26 | 000,299,008 | ---- | C] () -- C:\RUNSAS.EXE
[2011/07/23 08:04:24 | 016,127,536 | ---- | C] () -- C:\SASSAFERUN.COM
[2011/07/23 04:09:49 | 016,096,200 | ---- | C] () -- C:\SAS_857009.COM
[2011/07/23 01:28:15 | 125,927,424 | ---- | C] () -- C:\f-secure-rescue-cd-3.11-23804.iso
[2011/07/17 09:11:40 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/25 08:17:43 | 000,000,400 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\22404900
[2011/01/30 12:52:49 | 000,300,848 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/21 06:36:09 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2011/01/21 06:35:10 | 000,000,183 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/09/03 15:51:48 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/07/31 12:47:03 | 000,005,636 | ---- | C] () -- C:\WINDOWS\DNAPrinters.ini
[2010/06/05 07:19:48 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2010/01/09 12:10:10 | 000,115,660 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/08 21:39:13 | 000,000,246 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2009/07/08 19:57:22 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\Launch Internet Explorer Browser.lnk
[2009/07/08 19:44:19 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/07/08 19:44:19 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/07/08 19:43:23 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/07/08 19:43:23 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/07/08 19:43:22 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/11/13 23:06:43 | 000,108,712 | ---- | C] () -- C:\WINDOWS\TrueInstall.exe
[2008/11/12 19:59:17 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/05/12 20:29:27 | 000,091,648 | ---- | C] () -- C:\WINDOWS\gzip.exe
[2008/04/06 19:09:11 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/02/06 19:36:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/12/25 23:25:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QUICKI~1.INI
[2007/12/25 23:15:52 | 000,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2007/11/25 21:02:49 | 000,000,085 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/11/06 20:57:57 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2007/11/06 20:57:03 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2007/10/29 15:25:47 | 000,001,214 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2007/10/21 01:21:07 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.PAUL NEWMAN.ini
[2007/09/23 17:37:57 | 000,000,299 | ---- | C] () -- C:\WINDOWS\EReg184.dat
[2006/12/14 16:04:00 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/07 23:03:36 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\REWCACHE.DAT
[2006/10/07 07:57:55 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/28 23:42:17 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/23 17:24:24 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\PFP120JPR.{PB
[2006/04/23 17:24:24 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Application Data\PFP120JCM.{PB
[2006/03/25 14:38:41 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2006/03/25 14:18:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/12/12 22:26:38 | 000,000,014 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2005/12/09 17:07:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/28 23:58:11 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\066CD7E7C2.sys
[2005/11/28 23:58:10 | 000,004,184 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/11/06 14:39:06 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/10/29 16:32:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2005/10/29 16:15:27 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2005/10/29 15:14:48 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/10/29 14:50:42 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/10/29 14:47:13 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Local Settings\Application Data\fusioncache.dat
[2005/10/23 10:48:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/23 10:45:41 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/10/23 10:39:58 | 000,000,860 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/23 10:37:38 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/10/23 10:12:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/10/23 10:11:52 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/04/09 18:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/22 18:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 18:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/19 17:20:39 | 000,000,900 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 17:12:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/19 17:03:04 | 000,036,992 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 17:01:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/19 16:57:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 16:57:07 | 000,490,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 16:49:47 | 000,491,474 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/19 16:49:47 | 000,088,762 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/19 16:49:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 00:11:42 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/05/31 20:43:38 | 000,005,632 | ---- | C] () -- C:\WINDOWS\TrueProcess.exe
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 04:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== Custom Scans ==========

dmn3331

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2011-05-31
Operating System : windows xp service pack 3

View user profile

Back to top Go down

otl part 2, checkup.txt, mbamlog

Post by dmn3331 on Mon 01 Aug 2011, 1:09 pm

otl part 2:


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/07/27 06:42:52 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\aswMBR.exe
[2011/06/05 11:06:04 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\OTL.exe
[2011/07/27 06:43:56 | 000,879,225 | ---- | M] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\SecurityCheck.exe
[2011/07/24 17:53:58 | 000,459,696 | ---- | M] () -- C:\Documents and Settings\DIANE BLUMENFIELD\Desktop\sm_dm.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >
[2006/10/07 08:31:43 | 014,405,024 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\DIANE BLUMENFIELD\My Documents\GoogleEarthWin.exe
[2007/03/26 12:30:04 | 001,435,937 | ---- | M] (Radiant Morning ) -- C:\Documents and Settings\DIANE BLUMENFIELD\My Documents\setup-en.exe
[2010/11/02 21:42:19 | 004,055,048 | ---- | M] (TopoGrafix ) -- C:\Documents and Settings\DIANE BLUMENFIELD\My Documents\SetupEasyGPS.exe

< %USERPROFILE%\*.exe >
[2009/02/15 22:15:05 | 000,726,008 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\DIANE BLUMENFIELD\gotomypc_437.exe

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2004/08/10 07:00:00 | 000,127,213 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\ega.cpi
[2004/08/19 17:00:16 | 000,000,000 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\h323log.txt
[2008/04/13 11:42:06 | 000,016,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\stdole2.tlb
[22 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2010/08/06 09:03:55 | 000,000,000 | ---D | M] -- C:\Program Files\AAdvantage eShoppingSM Toolbar
[2010/08/14 16:59:26 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2006/03/04 23:58:07 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2005/11/11 13:09:01 | 000,000,000 | ---D | M] -- C:\Program Files\AOD
[2005/12/01 19:24:09 | 000,000,000 | ---D | M] -- C:\Program Files\AOL
[2008/08/23 14:43:22 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2006/03/25 14:38:41 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2011/03/08 07:53:14 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2011/07/24 18:00:36 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2008/02/29 00:36:28 | 000,000,000 | ---D | M] -- C:\Program Files\Bible Explorer 4
[2011/05/27 20:23:55 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/07/25 06:41:07 | 000,000,000 | ---D | M] -- C:\Program Files\CA
[2007/08/21 12:43:50 | 000,000,000 | ---D | M] -- C:\Program Files\Cakewalk
[2011/05/18 23:28:44 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2007/10/20 12:33:16 | 000,000,000 | ---D | M] -- C:\Program Files\CDKnet
[2010/12/27 21:46:02 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/08/19 17:02:56 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2011/05/15 08:46:06 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2011/05/15 08:46:04 | 000,000,000 | ---D | M] -- C:\Program Files\ConduitEngine
[2010/08/07 10:29:23 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2005/10/23 10:34:49 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2005/10/23 10:46:00 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2008/02/03 02:41:45 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2007/04/11 20:50:15 | 000,000,000 | ---D | M] -- C:\Program Files\DellSupport
[2010/09/12 13:22:52 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2007/08/28 12:41:31 | 000,000,000 | ---D | M] -- C:\Program Files\DigiTech
[2008/02/28 08:11:19 | 000,000,000 | ---D | M] -- C:\Program Files\e-Sword
[2005/10/23 10:38:40 | 000,000,000 | ---D | M] -- C:\Program Files\EarthLink Setup
[2010/11/02 21:43:32 | 000,000,000 | ---D | M] -- C:\Program Files\EasyGPS
[2007/09/24 22:06:17 | 000,000,000 | ---D | M] -- C:\Program Files\Encountering the New Testament 2
[2004/08/19 17:16:18 | 000,000,000 | ---D | M] -- C:\Program Files\EnglishOtto
[2011/01/10 21:04:02 | 000,000,000 | ---D | M] -- C:\Program Files\Finale NotePad 2007
[2010/09/12 13:22:47 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin
[2004/08/19 17:16:22 | 000,000,000 | ---D | M] -- C:\Program Files\GemMaster
[2009/03/15 07:34:17 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/06/19 15:21:00 | 000,000,000 | ---D | M] -- C:\Program Files\Hanes T-ShirtMaker Premier
[2008/05/12 20:29:05 | 000,000,000 | ---D | M] -- C:\Program Files\Homestead
[2005/10/29 15:16:26 | 000,000,000 | ---D | M] -- C:\Program Files\illiminable
[2011/07/28 21:49:43 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/07/25 06:52:33 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/07/27 22:27:00 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2005/10/23 10:39:05 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2010/09/03 15:52:54 | 000,000,000 | ---D | M] -- C:\Program Files\iolo
[2011/05/07 10:24:18 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/05/07 10:25:26 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/09/10 07:28:47 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/05/22 13:34:12 | 000,000,000 | ---D | M] -- C:\Program Files\Kodak
[2008/02/29 00:35:30 | 000,000,000 | ---D | M] -- C:\Program Files\Laridian
[2005/10/23 10:38:33 | 000,000,000 | ---D | M] -- C:\Program Files\Learn2.com
[2007/10/29 15:54:14 | 000,000,000 | ---D | M] -- C:\Program Files\Linksys
[2008/07/08 00:52:49 | 000,000,000 | ---D | M] -- C:\Program Files\Ludia
[2011/07/24 16:42:39 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/25 01:23:56 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware2
[2009/08/19 18:27:39 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2009/08/19 18:27:37 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2007/08/31 17:56:51 | 000,000,000 | ---D | M] -- C:\Program Files\Memorex exPressit Label Design Studio
[2011/07/26 22:38:59 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2008/11/06 13:14:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/02/22 18:39:55 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2007/08/15 00:30:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/09/01 20:28:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2005/10/23 10:36:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2005/10/23 10:36:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2011/04/22 15:30:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008/11/05 00:06:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2005/12/01 22:05:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Streets and Trips
[2006/10/23 19:57:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/07/28 08:34:33 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2011/07/28 22:33:06 | 000,000,000 | ---D | M] -- C:\Program Files\Modem On Hold
[2011/07/27 22:21:54 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2007/02/27 23:36:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2011/05/15 08:43:26 | 000,000,000 | ---D | M] -- C:\Program Files\MP3 Rocket
[2011/05/15 07:02:12 | 000,000,000 | ---D | M] -- C:\Program Files\MP3 Rocket FileBulldog Toolbar
[2009/08/21 21:35:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/09/01 20:28:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/01/06 19:43:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/08/19 17:01:48 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/07/26 20:53:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2011/07/25 06:26:47 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/11/13 22:39:48 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2009/02/28 19:53:48 | 000,000,000 | ---D | M] -- C:\Program Files\MySpace
[2011/07/26 20:00:29 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/07/25 08:20:45 | 000,000,000 | ---D | M] -- C:\Program Files\Oberon Media
[2006/10/23 20:26:26 | 000,000,000 | ---D | M] -- C:\Program Files\OfficeUpdate11
[2004/08/19 17:02:42 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2011/07/27 22:18:38 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2011/01/27 08:06:43 | 000,000,000 | ---D | M] -- C:\Program Files\Palm
[2006/03/25 14:29:00 | 000,000,000 | ---D | M] -- C:\Program Files\Panasonic
[2007/09/21 18:18:26 | 000,000,000 | ---D | M] -- C:\Program Files\Parsons
[2011/05/13 22:03:03 | 000,000,000 | ---D | M] -- C:\Program Files\PC Drivers HeadQuarters
[2008/04/06 19:10:45 | 000,000,000 | ---D | M] -- C:\Program Files\PIXELA
[2007/08/28 12:57:44 | 000,000,000 | ---D | M] -- C:\Program Files\Pro Tracks
[2010/12/18 10:21:05 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/12/10 14:28:48 | 000,000,000 | ---D | M] -- C:\Program Files\QuickVerse 2006
[2011/05/15 08:46:01 | 000,000,000 | ---D | M] -- C:\Program Files\quixley_v2
[2005/10/23 10:38:18 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/08/21 21:35:13 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2004/08/19 17:20:24 | 000,000,000 | ---D | M] -- C:\Program Files\RGB
[2008/11/01 08:41:09 | 000,000,000 | R--D | M] -- C:\Program Files\rnamfler
[2011/05/07 10:14:37 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2005/10/23 10:32:16 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2008/10/14 09:57:19 | 000,000,000 | ---D | M] -- C:\Program Files\SiteAdvisor
[2008/12/20 17:54:25 | 000,000,000 | ---D | M] -- C:\Program Files\Softouch
[2011/05/15 07:02:07 | 000,000,000 | ---D | M] -- C:\Program Files\somototoolbar
[2005/10/23 10:39:58 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2010/12/27 21:45:56 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2008/04/06 19:08:49 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Corporation
[2010/12/27 21:41:49 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Media Go Install
[2010/08/06 14:11:22 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2005/11/06 14:35:09 | 000,000,000 | ---D | M] -- C:\Program Files\TabIt
[2006/08/09 21:24:31 | 000,000,000 | ---D | M] -- C:\Program Files\The Weather Channel FW
[2005/10/29 15:21:36 | 000,000,000 | ---D | M] -- C:\Program Files\TrueSwitch
[2008/07/08 00:52:59 | 000,000,000 | ---D | M] -- C:\Program Files\Trymedia
[2011/01/29 11:02:25 | 000,000,000 | ---D | M] -- C:\Program Files\TurboTax
[2004/08/19 17:14:00 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
[2009/09/03 00:11:58 | 000,000,000 | ---D | M] -- C:\Program Files\Universal
[2009/09/03 00:12:14 | 000,000,000 | ---D | M] -- C:\Program Files\VersalSoft
[2007/04/14 14:13:50 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/07/05 15:55:01 | 000,000,000 | ---D | M] -- C:\Program Files\Virtual Earth 3D
[2008/04/12 22:16:13 | 000,000,000 | ---D | M] -- C:\Program Files\Visual Bible The Birth of Jesus_The Story Behind the Cross
[2005/10/23 10:43:51 | 000,000,000 | ---D | M] -- C:\Program Files\WebCyberCoach
[2006/06/20 23:53:05 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2008/11/13 23:03:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Toolbar
[2011/07/24 16:11:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2011/07/26 20:00:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/08/19 17:02:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2009/08/23 16:39:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2004/08/19 17:05:02 | 000,000,000 | ---D | M] -- C:\Program Files\WindowsUpdate
[2005/10/23 10:41:05 | 000,000,000 | ---D | M] -- C:\Program Files\WordPerfect Office 12
[2007/06/16 19:08:10 | 000,000,000 | ---D | M] -- C:\Program Files\WSfonts
[2004/08/19 17:07:50 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/02/18 00:55:53 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2010/09/11 21:33:49 | 000,000,000 | ---D | M] -- C:\Program Files\Yapta
[2005/10/23 10:37:32 | 000,000,000 | ---D | M] -- C:\Program Files\Your Company Name
[2009/08/21 14:54:27 | 000,000,000 | ---D | M] -- C:\Program Files\ZyXEL Communications Corporation


< MD5 for: AGP440.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011/07/26 19:52:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2011/07/26 19:52:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2011/07/26 19:52:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011/07/26 19:52:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011/07/26 19:52:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2011/07/26 19:52:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0028\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0029\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/10 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2011/07/26 19:52:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2011/07/26 19:52:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2011/07/26 19:52:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:disk.sys
[2004/08/10 06:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\i386\disk.sys
[2004/08/10 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: IASTOR.SYS >
[2006/05/11 12:30:52 | 000,247,808 | R--- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\cmdcons\iastor.sys
[2006/05/11 12:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtUninstallKB975467$\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\sp2qfe\netlogon.dll
[2004/08/10 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/10 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-31 19:28:51

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Book_Worm-Setup.exe:SummaryInformation

< End of report >




checkup.txt:
Results of screen317's Security Check version 0.99.18
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
McAfee Shredder
iolo technologies' System Mechanic
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 13
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
iolo Common Lib ioloServiceManager.exe
``````````End of Log````````````



mbam log:
Malwarebytes' Anti-Malware 1.51.1.1800
[You must be registered and logged in to see this link.]

Database version: 7342

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/31/2011 10:01:22 PM
mbam-log-2011-07-31 (22-01-22).txt

Scan type: Quick scan
Objects scanned: 232571
Time elapsed: 5 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

dmn3331

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2011-05-31
Operating System : windows xp service pack 3

View user profile

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by Sneakyone on Mon 01 Aug 2011, 4:33 pm

Hi,

Do you also have the ComboFix log?


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by dmn3331 on Tue 02 Aug 2011, 11:13 am

sorry, i forgot to run that one...here is the log
also, my malwarebytes and system mechanic gave me errors...i'll attach those

ComboFix 11-08-01.05 - DIANE BLUMENFIELD 08/01/2011 19:56:28.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2633 [GMT -4:00]
Running from: c:\documents and settings\DIANE BLUMENFIELD\desktop\commy.exe
Command switches used :: /stepdel
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: CA Personal Firewall *Enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\dayi.ime
c:\program files\rnamfler\radprlib.dll
c:\program files\rnamfler\stream.rep
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
c:\windows\MailSwitch.ocx
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000016_.tmp.dll
c:\windows\system32\_000017_.tmp.dll
c:\windows\system32\_000025_.tmp.dll
c:\windows\system32\dayi.ime
c:\windows\system32\drivers\1028_DELL_XPS_Dell DM051 .MRK
c:\windows\system32\drivers\DELL_XPS_Dell DM051 .MRK
c:\windows\system32\regobj.dll
K:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-07-02 to 2011-08-02 )))))))))))))))))))))))))))))))
.
.
2011-08-01 03:17 . 2011-08-01 03:17 -------- d-----w- c:\windows\system32\XPSViewer
2011-08-01 03:17 . 2011-08-01 03:17 -------- d-----w- c:\program files\MSBuild
2011-08-01 03:17 . 2011-08-01 03:17 -------- d-----w- c:\program files\Reference Assemblies
2011-08-01 03:03 . 2011-08-01 03:04 -------- d-----w- c:\windows\system32\URTTemp
2011-08-01 02:58 . 2011-01-06 17:08 1310720 ----a-w- c:\windows\system32\CNC870C.dll
2011-08-01 02:58 . 2011-01-06 17:08 110592 ----a-w- c:\windows\system32\CNC870I.dll
2011-08-01 02:58 . 2011-01-06 17:07 102400 ----a-w- c:\windows\system32\CNC870U.dll
2011-08-01 02:58 . 2009-10-19 20:29 307200 ----a-w- c:\windows\system32\CNC870L.dll
2011-08-01 02:58 . 2008-08-25 22:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2011-08-01 02:22 . 2011-08-01 02:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-31 20:37 . 2006-03-24 00:12 139264 ----a-w- c:\windows\system32\igfxres.dll
2011-07-29 01:56 . 2006-03-24 00:38 61440 ----a-w- c:\windows\system32\iAlmCoIn_v4543.dll
2011-07-29 01:56 . 2011-07-29 01:56 -------- dc----w- C:\drvrtmp
2011-07-28 13:10 . 2007-06-08 05:10 876544 ----a-w- c:\windows\system32\TEACico2.dll
2011-07-28 12:25 . 2011-08-01 02:24 -------- dc----w- c:\documents and settings\DIANE BLUMENFIELD\Local Settings\Application Data\Deployment
2011-07-27 12:33 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-07-27 12:33 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-07-27 12:33 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-07-27 12:32 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-07-27 12:31 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-07-27 10:33 . 2011-07-27 10:33 -------- dc----w- c:\documents and settings\DIANE BLUMENFIELD\Application Data\Avira
2011-07-27 02:52 . 2011-07-27 02:52 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-07-27 02:51 . 2011-07-27 02:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2011-07-27 02:51 . 2010-05-16 09:00 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPA7.DLL
2011-07-27 02:51 . 2010-05-16 09:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDA7.DLL
2011-07-27 02:51 . 2010-05-16 09:00 277504 ----a-w- c:\windows\system32\CNMLMA7.DLL
2011-07-25 10:26 . 2011-07-25 10:26 -------- d-----w- c:\program files\MSXML 6.0
2011-07-25 10:26 . 2011-04-25 16:11 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-07-25 10:26 . 2011-04-26 14:11 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-07-25 10:26 . 2011-04-25 16:11 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-07-25 10:26 . 2011-04-25 16:11 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-07-25 10:26 . 2011-04-25 16:11 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-07-25 10:26 . 2011-04-25 16:11 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-07-25 10:26 . 2011-04-25 16:11 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-07-25 09:56 . 2011-07-19 19:42 2083464 ------w- c:\windows\system32\Incinerator32.dll
2011-07-25 02:22 . 2009-07-31 14:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2011-07-25 02:22 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2011-07-25 02:22 . 2008-04-14 00:11 81920 ------w- c:\windows\system32\ieencode.dll
2011-07-25 02:05 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-07-25 02:05 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-07-25 02:05 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-07-25 02:05 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2011-07-25 02:05 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-07-25 02:05 . 2010-12-20 17:26 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2011-07-25 02:05 . 2010-12-09 15:15 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-07-25 02:05 . 2010-12-09 13:42 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-07-25 02:05 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-07-25 02:05 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-07-25 02:05 . 2010-12-09 13:38 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-07-25 02:05 . 2010-12-09 13:07 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-07-25 02:03 . 2011-02-17 13:18 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2011-07-25 02:03 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-07-25 02:03 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-07-25 02:03 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-07-25 02:03 . 2011-04-29 16:19 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-07-25 02:03 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-07-25 02:01 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-07-25 02:00 . 2009-05-21 18:46 268288 -c----w- c:\windows\system32\dllcache\httpext.dll
2011-07-25 01:58 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-07-25 01:58 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-07-25 00:50 . 2011-07-25 00:50 -------- d-----w- c:\windows\system32\STRING
2011-07-25 00:50 . 2009-10-09 15:01 137216 ------w- c:\windows\system32\CNMNPUI.DLL
2011-07-25 00:50 . 2009-10-09 15:01 354816 ------w- c:\windows\system32\CNMNPPM.DLL
2011-07-25 00:50 . 2011-07-25 00:50 -------- d-----w- c:\windows\system32\CHM
2011-07-24 23:27 . 2001-08-18 02:36 87040 -c----w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-07-24 23:27 . 2001-08-18 02:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2011-07-24 22:00 . 2011-07-25 00:55 66616 ------w- c:\windows\system32\drivers\avgntflt.sys
2011-07-24 22:00 . 2011-07-25 00:55 138192 ------w- c:\windows\system32\drivers\avipbb.sys
2011-07-24 22:00 . 2010-06-17 19:27 45416 ------w- c:\windows\system32\drivers\avgntdd.sys
2011-07-24 22:00 . 2010-06-17 19:27 22360 ------w- c:\windows\system32\drivers\avgntmgr.sys
2011-07-24 22:00 . 2011-07-24 22:00 -------- dc----w- c:\documents and settings\All Users\Application Data\Avira
2011-07-24 22:00 . 2011-07-24 22:00 -------- d-----w- c:\program files\Avira
2011-07-24 21:57 . 2011-07-24 21:52 56039816 -c----w- C:\avira_antivir_personal_en.exe
2011-07-24 20:42 . 2011-07-06 23:52 22712 ------w- c:\windows\system32\drivers\mbam.sys
2011-07-24 20:20 . 2004-08-10 08:13 73728 -c----w- c:\windows\system32\dllcache\ehresja.dll
2011-07-24 20:20 . 2004-08-10 08:13 69632 -c----w- c:\windows\system32\dllcache\ehresko.dll
2011-07-24 20:20 . 2004-08-10 08:13 69632 -c----w- c:\windows\system32\dllcache\ehresfr.dll
2011-07-24 20:20 . 2004-08-10 08:13 69632 -c----w- c:\windows\system32\dllcache\ehresde.dll
2011-07-24 20:18 . 2004-08-10 11:00 101376 -c----w- c:\windows\system32\dllcache\srusbusd.dll
2011-07-24 20:17 . 2004-08-10 11:00 92416 -c----w- c:\windows\system32\dllcache\mga.sys
2011-07-24 20:16 . 2004-08-10 11:00 10096640 -c----w- c:\windows\system32\dllcache\hwxcht.dll
2011-07-24 20:15 . 2004-08-10 11:00 10752 -c----w- c:\windows\system32\dllcache\c_iscii.dll
2011-07-24 20:15 . 2008-04-14 00:12 10240 -c----w- c:\windows\system32\dllcache\npwmsdrm.dll
2011-07-24 20:15 . 2008-04-14 00:12 364544 -c----w- c:\windows\system32\dllcache\npdsplay.dll
2011-07-24 20:15 . 2008-04-14 00:12 4639 -c----w- c:\windows\system32\dllcache\mplayer2.exe
2011-07-24 20:07 . 2004-08-10 11:00 7680 -c----w- c:\windows\system32\dllcache\inetmgr.exe
2011-07-24 19:26 . 2004-08-10 11:00 13312 -c----w- c:\windows\system32\dllcache\irclass.dll
2011-07-24 19:26 . 2004-08-10 11:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-07-24 19:26 . 2004-08-10 11:00 24661 -c----w- c:\windows\system32\dllcache\spxcoins.dll
2011-07-24 19:26 . 2004-08-10 11:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-07-24 19:26 . 2006-03-30 10:03 22339 ------r- c:\windows\SETCB.tmp
2011-07-24 19:26 . 2005-03-30 17:54 10559 ------r- c:\windows\SETCC.tmp
2011-07-24 19:26 . 2004-08-10 11:00 13753 ------r- c:\windows\SET88.tmp
2011-07-24 19:26 . 2004-08-10 11:00 1086058 ------r- c:\windows\SET7C.tmp
2011-07-24 19:26 . 2004-08-10 11:00 106147 ------r- c:\windows\SET79.tmp
2011-07-24 04:58 . 2004-08-10 11:00 16384 -c----w- c:\windows\system32\dllcache\isignup.exe
2011-07-24 04:58 . 2004-08-10 11:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-07-24 04:57 . 2008-04-14 00:12 86016 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn2.exe
2011-07-24 04:57 . 2008-04-14 00:12 214528 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe
2011-07-24 04:57 . 2008-04-14 00:12 20480 ----a-w- c:\program files\Internet Explorer\Connection Wizard\inetwiz.exe
2011-07-24 04:57 . 2008-04-14 00:11 32768 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwdl.dll
2011-07-23 21:11 . 2006-03-30 10:03 22339 ------r- c:\windows\SET1A5.tmp
2011-07-23 21:11 . 2005-03-30 17:54 10559 ------r- c:\windows\SET1A6.tmp
2011-07-23 21:11 . 2004-08-10 11:00 13753 ------r- c:\windows\SET162.tmp
2011-07-23 21:11 . 2004-08-10 11:00 1086058 ------r- c:\windows\SET156.tmp
2011-07-23 21:11 . 2004-08-10 11:00 106147 ------r- c:\windows\SET153.tmp
2011-07-23 16:54 . 2011-07-23 16:54 -------- d-----w- c:\windows\dell
2011-07-23 12:04 . 2011-07-23 01:58 299008 -c----w- C:\RUNSAS.EXE
2011-07-23 12:04 . 2011-07-23 01:59 9954344 -c----w- C:\SAS_PRO.EXE
2011-07-23 12:04 . 2011-07-23 01:59 9953832 -c----w- C:\SAS_FREE.EXE
2011-07-23 12:04 . 2011-07-23 02:00 16127536 -c----w- C:\SASSAFERUN.COM
2011-07-23 08:09 . 2011-07-22 23:38 16096200 -c----w- C:\SAS_857009.COM
2011-07-12 22:49 . 2011-03-06 22:12 2234368 -c----r- C:\OTLPE.exe
2011-07-12 22:41 . 2011-07-12 20:39 579584 -c----w- C:\OTL.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-19 20:25 . 2010-09-03 19:53 11776 ------w- c:\windows\system32\smrgdf.exe
2011-07-19 20:25 . 2010-09-03 19:52 29696 ------w- c:\windows\system32\iolobtdfg.exe
2011-07-06 23:52 . 2011-05-27 01:03 41272 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-02 14:02 . 2004-08-10 11:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-27 01:03 . 2011-05-27 01:03 7734208 -c----w- C:\mbam-setup-1.50.1.1100.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 03:44 1400712 ------w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"ArcSoft MediaImpression Monitor"="c:\program files\Kodak\MediaImpression\ArcMonitor.exe" [2010-07-20 80384]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
kasperskysetup_9.0.0.722_27.05.2011_16-20.lnk - c:\documents and settings\DIANE BLUMENFIELD\Desktop\Virus Removal Tool1\kasperskysetup_9.0.0.722_27.05.2011_16-20\startup.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Linksys\\LogViewer\\LogViewer.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
.
R1 GearAspiSys;GearAspiSys;c:\windows\system32\drivers\GEARASPISYS.SYS [8/21/2007 12:44 PM 53412]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/24/2011 6:00 PM 136360]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [9/3/2010 3:53 PM 722616]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/17/2007 12:51 PM 24652]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [12/28/2010 12:06 PM 36224]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/24/2011 4:42 PM 22712]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/26/2011 9:03 PM 366640]
S3 CEUSBAUD;DigiTech USB MIDI Driver;c:\windows\system32\drivers\ceusbaud.sys [8/28/2007 12:39 PM 15360]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/15/2009 7:34 AM 30192]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\windows\system32\PLCMPR5.SYS --> c:\windows\system32\PLCMPR5.SYS [?]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [7/30/2007 9:59 PM 17280]
S3 yeddef;YEDDEF driver;c:\windows\system32\Drivers\yeddef.sys --> c:\windows\system32\Drivers\yeddef.sys [?]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [12/28/2010 12:06 PM 134912]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ArcRec
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-08-01 c:\windows\Tasks\User_Feed_Synchronization-{076D2C88-0114-4736-B794-BBF9AE1663D4}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
2011-08-01 c:\windows\Tasks\User_Feed_Synchronization-{F1A35984-F22F-4BA0-BA99-E6E9D8122569}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Crawler Search - tbr:iemenu
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 167.206.245.130 167.206.245.129
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-08-01 20:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1120)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-08-01 20:07:57
ComboFix-quarantined-files.txt 2011-08-02 00:07
.
Pre-Run: 101,046,624,256 bytes free
Post-Run: 101,002,993,664 bytes free
.
- - End Of File - - 3421DE2C82F8AB82BBC078CF930C91CB

dmn3331

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2011-05-31
Operating System : windows xp service pack 3

View user profile

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by dmn3331 on Tue 02 Aug 2011, 11:14 am

and attached is the malwarebytes error

dmn3331

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2011-05-31
Operating System : windows xp service pack 3

View user profile

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by Sneakyone on Tue 02 Aug 2011, 2:56 pm

Hi,

Try re-installing them first.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by dmn3331 on Wed 03 Aug 2011, 9:22 pm

ok. i've reinstalled malwarebytes and system mechanic and they seem to be working, thanks!
did you see any problems in any of the output/logs i sent?
i'm not aware of any issues right now, but i just wanted to check and see if you saw anything

dmn3331

Rookie Surfer
Rookie Surfer

Posts : 67
Joined : 2011-05-31
Operating System : windows xp service pack 3

View user profile

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by Sneakyone on Thu 04 Aug 2011, 4:51 pm

Would you like Ask Toolbar removed?


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: tried to remove fake windows security, now usb won't work

Post by Sponsored content Today at 2:28 pm


Sponsored content


Back to top Go down

Page 3 of 3 Previous  1, 2, 3

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum