Virus Unknown - from link (tekenburo-welling.nl)

View previous topic View next topic Go down

Virus Unknown - from link (tekenburo-welling.nl)

Post by sibob50 on 17th June 2011, 5:28 pm

I clicked on a link in an email from someone that I know and it created a virus on my PC (Windows XP).
Avast tried to stop it but failed and I got a blue screen and was unable to load Windows.
I downloaded OTLP and it allowed me to save some files and burn them to a DVD,
I ran the Scan and then tried to run aswMBR and Security Check but got error messages.
I would appreciate any help to getting up and running safely again.
Below are the contents of the 2 logs.


aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-17 13:16:11
-----------------------------
13:16:11.468 OS Version: Windows 5.1.2600
13:16:11.468 Number of processors: 1 586 0x401
13:16:11.468 ComputerName: REATOGO UserName: SYSTEM
13:16:16.500 Initialze error 0
13:16:37.609 The log file has been saved successfully to "C:\aswMBR.txt"


Results of screen317's Security Check version 0.99.13
Windows XP
[You must be registered and logged in to see this link.]
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
```````````````````````````````
Anti-malware/Other Utilities Check:

````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````


OTL logfile created on: 6/17/2011 12:51:14 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 30.43 Gb Free Space | 39.68% Space Free | Partition Type: NTFS
Drive E: | 2.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 4.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1.86 Gb Total Space | 0.84 Gb Free Space | 45.01% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Disabled] -- -- (CPUCooLServer)
SRV - File not found [Disabled] -- -- (avgwd)
SRV - File not found [Auto] -- -- (AVGIDSAgent)
SRV - File not found [Disabled] -- -- (AVG Security Toolbar Service)
SRV - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/03/29 15:41:46 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2011/03/09 08:30:08 | 000,092,592 | ---- | M] (TomTom) [On_Demand] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/12/17 17:36:24 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/07/09 10:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) [On_Demand] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/05/21 17:25:30 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [Disabled] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/04/13 20:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2006/04/06 11:53:50 | 000,880,128 | R--- | M] (Nero AG) [Disabled] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2006/04/06 11:53:50 | 000,880,128 | R--- | M] (Nero AG) [Disabled] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2004/11/30 17:08:30 | 001,122,304 | ---- | M] (Ahead Software AG) [Disabled] -- C:\Program Files\Ahead\NeroNET\NeroNET.exe -- (NeroNET)
SRV - [2002/07/22 16:13:14 | 000,159,744 | ---- | M] (Executive Software International, Inc.) [Auto] -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe -- (Diskeeper)
SRV - [2001/11/01 18:28:32 | 000,491,561 | ---- | M] (American Power Conversion Corporation) [Auto] -- C:\Program Files\Pwrchute\ups.exe -- (UPS)


========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- -- (TVICHW32)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MRESP50)
DRV - File not found [Kernel | On_Demand] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMPR5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMP50)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (exdisk)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 08:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 07:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/08 05:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 14:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/11/05 12:28:27 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/05/21 21:19:27 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/05/21 21:19:26 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/18 12:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/08/14 18:12:00 | 000,019,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpvmp.sys -- (RDPVDD)
DRV - [2009/08/14 18:11:59 | 000,009,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpdispm.sys -- (RDPDISPM)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/07/09 10:05:22 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | System] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/05/16 06:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 06:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) Crystal SoundFusion(tm)
DRV - [2007/11/06 16:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/07/19 16:10:28 | 000,127,768 | ---- | M] (Kaspersky Lab) [File_System | System] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2006/12/11 11:15:56 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/24 13:51:38 | 000,052,720 | ---- | M] (Adaptec) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdr4_2k.sys -- (Cdr4_2K)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/06/27 17:27:07 | 000,004,484 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\drivers\cpuidlep.sys -- (cpuidlep)
DRV - [2006/04/06 19:02:10 | 000,102,016 | ---- | M] (Nero AG) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/04/06 19:02:10 | 000,029,440 | ---- | M] (Nero AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2006/04/06 18:49:38 | 000,008,704 | ---- | M] (Nero AG) [Recognizer | System] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2006/04/06 12:02:08 | 000,033,408 | ---- | M] (Nero AG) [Kernel | System] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005/05/02 21:15:50 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel (R)
DRV - [2005/01/10 08:01:12 | 000,018,048 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2004/06/08 18:13:49 | 000,003,968 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2003/10/27 14:58:58 | 000,003,072 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\AOpen\SilentTek\OpenDrv.SYS -- (OpenDrv)
DRV - [2003/10/04 00:25:56 | 000,401,152 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/06/11 12:54:36 | 000,196,352 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/06/11 12:54:36 | 000,030,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/06/11 12:54:34 | 001,063,040 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/06/11 12:54:32 | 000,631,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2002/09/09 15:19:06 | 000,130,309 | ---- | M] (DUCam Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MR97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2002/01/08 17:06:08 | 000,004,858 | ---- | M] (Winbond Electronics Corp.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\WBHWDOCT.SYS -- (WBHWDOCT)
DRV - [2001/08/17 13:49:00 | 000,075,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atimpae.sys -- (atirage3)
DRV - [2001/08/17 13:19:48 | 000,093,952 | ---- | M] (Crystal Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cwcwdm.sys -- (cwcwdm) Crystal SoundFusion(tm)
DRV - [2001/08/17 13:19:36 | 000,111,872 | ---- | M] (Crystal Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cwcspud.sys -- (cwcspud) Crystal SoundFusion(tm)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Value error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService.NT_AUTHORITY_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService.NT_AUTHORITY_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




O1 HOSTS File: ([2003/09/30 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Winamp Toolbar BHO) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (CitiUSBrowserHelper Class) - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Value error. File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O3 - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O3 - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe (r2 studios)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 0
O7 - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O7 - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\Admin.ADMIN-PUVGJ3MTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O9 - Extra 'Tools' menuitem : &7 Robo Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O9 - Extra Button: Identities - {45DB34C3-955C-11D3-ABEF-444553540000} - C:\Program Files\Siber Systems\AI RoboForm\Identities.exe (Siber Systems)
O9 - Extra 'Tools' menuitem : &3 Robo Edit Identities - {45DB34C3-955C-11D3-ABEF-444553540000} - C:\Program Files\Siber Systems\AI RoboForm\Identities.exe (Siber Systems)
O9 - Extra Button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe (Orbiscom Ltd. All rights reserved.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O9 - Extra 'Tools' menuitem : Robo Show(Hide) &Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - Reg Error: Value error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\RSLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\RSLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\System32\RSLSP.dll ()
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} [You must be registered and logged in to see this link.] (Device Detection)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} [You must be registered and logged in to see this link.] (WebIQ Engine Application Object)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} [You must be registered and logged in to see this link.] (MSN Money Charting)
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} [You must be registered and logged in to see this link.] (WebIQ Technology Client)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6602D627-F946-4A6E-BD5F-DCF8A0FB8AD1} [You must be registered and logged in to see this link.] (FIR ActiveX Control Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} [You must be registered and logged in to see this link.] (ActiveScan 2.0 Installer Class)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} [You must be registered and logged in to see this link.] (cpbrkpie Control)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} [You must be registered and logged in to see this link.] (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} [You must be registered and logged in to see this link.] (SysInfo Class)
O16 - DPF: {D1278801-B2C0-4332-BD3E-2F64D2204EDF} [You must be registered and logged in to see this link.] (Windows Live Mesh Upload Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (get_atlcom Class)
O16 - DPF: {E7B6AC3E-4F3F-41E2-BD03-F1772CC343E6} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} [You must be registered and logged in to see this link.] (PCPitstop Exam)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: vzTCPConfig [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Value error. File not found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\x-atng {7e8717b0-d862-11d5-8c9e-00010304f989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll (Fidelity Investments)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2005/01/24 22:43:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]
O32 - AutoRun File - [2005/08/22 22:06:10 | 000,000,052 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/01/02 07:00:23 | 000,004,013 | ---- | M] () - C:\AutoSetup.log -- [ NTFS ]
O32 - AutoRun File - [2005/01/24 22:43:02 | 000,000,000 | R--- | M] () - E:\AUTOEXEC.001 -- [ UDF ]
O32 - AutoRun File - [2005/08/22 22:06:10 | 000,000,052 | R--- | M] () - E:\AUTOEXEC.BAT -- [ UDF ]
O32 - AutoRun File - [2003/01/02 07:00:23 | 000,004,013 | R--- | M] () - E:\AutoSetup.log -- [ UDF ]
O32 - AutoRun File - [2006/05/24 06:36:40 | 000,000,157 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "wfxsvc"
MsConfig - Services: "WZCSVC"
MsConfig - Services: "StatusAgent"
MsConfig - Services: "RemoteRegistry"
MsConfig - Services: "RDSessMgr"
MsConfig - Services: "RasMan"
MsConfig - Services: "RasAuto"
MsConfig - Services: "mnmsrvc"
MsConfig - Services: "EPSON_PM_RPCV2_02"
MsConfig - Services: "CAISafe"
MsConfig - Services: "iPodService"
MsConfig - Services: "WANMiniportService"
MsConfig - Services: "Symantec Core LC"
MsConfig - Services: "Speed Disk service"
MsConfig - Services: "RetroWDSvc"
MsConfig - Services: "Retrospect Helper"
MsConfig - Services: "RetroLauncher"
MsConfig - Services: "NProtectService"
MsConfig - Services: "NeroNET"
MsConfig - Services: "LightScribeService"
MsConfig - Services: "iPod Service"
MsConfig - Services: "InCDsrvR"
MsConfig - Services: "InCDsrv"
MsConfig - Services: "IDriverT"
MsConfig - Services: "CPUCooLServer"
MsConfig - Services: "ccSetMgr"
MsConfig - Services: "ccPwdSvc"
MsConfig - Services: "ccEvtMgr"
MsConfig - Services: "AOL ACS"
MsConfig - Services: "Fax"
MsConfig - Services: "clr_optimization_v2.0.50727_32"
MsConfig - Services: "gusvc"
MsConfig - Services: "aawservice"
MsConfig - Services: "Diskeeper"
MsConfig - Services: "Apple Mobile Device"
MsConfig - Services: "PLFlash DeviceIoControl Service"
MsConfig - Services: "NBService"
MsConfig - Services: "nmraapache"
MsConfig - Services: "sdCoreService"
MsConfig - Services: "sdAuxService"
MsConfig - Services: "idsvc"
MsConfig - Services: "TomTomHOMEService"
MsConfig - Services: "rpcapd"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - StartUpFolder: C:^Documents and Settings^Admin.ADMIN-PUVGJ3MTW^Start Menu^Programs^Startup^America Online 5.0 Tray Icon.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Admin.ADMIN-PUVGJ3MTW^Start Menu^Programs^Startup^MemTurbo.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Admin.ADMIN-PUVGJ3MTW^Start Menu^Programs^Startup^ZoneLab.lnk - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe - (Zone Labs, LLC)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^AOL 9.5 Tray Icon.lnk - C:\America Online 5.0\aoltray.exe - (America Online, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Logitech Music Anywhere Settings.lnk - C:\Program Files\Logitech\Music Anywhere\LMASysTray.exe - (Logitech Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^WinFax Application Port Starter.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^WinFax PRO Controller.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig - StartUpReg: Advanced Ram Recover - hkey= - key= - C:\Program Files\Advanced RAM Recovery\ramsetup.exe ()
MsConfig - StartUpReg: AnyDVD - hkey= - key= - C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: CARPService - hkey= - key= - C:\WINDOWS\carpserv.exe (Conexant Systems)
MsConfig - StartUpReg: ccApp - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: CoolSwitch - hkey= - key= - File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: DU Meter - hkey= - key= - C:\Documents and Settings\All Users.WINDOWS\Documents\DU Meter\DUMeter.exe (Hagel Technologies)
MsConfig - StartUpReg: Error Nuker - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: igfxhkcmd - hkey= - key= - File not found
MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: InCD - hkey= - key= - C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
MsConfig - StartUpReg: IndexSearch - hkey= - key= - C:\PAPRPORT\IndexSearch.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: InstantAccess - hkey= - key= - File not found
MsConfig - StartUpReg: ISTray - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: MBM 5 - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: MimBoot - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Mirror for Photos - hkey= - key= - C:\Program Files\Memorex\Mirror for Photos\MMFP.exe (Imation Corp)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: Multi-Media Keyboard - hkey= - key= - C:\Program Files\Multi-Media Keyboard\MMKey.exe ()
MsConfig - StartUpReg: NBJ - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: Nero PhotoShow Media Manager - hkey= - key= - C:\Program Files\Nero\Nero PhotoShow 4\data\Xtras\mssysmgr.exe (Nero AG / Nero Inc.)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: NeroNETTrayIcon - hkey= - key= - C:\Program Files\Ahead\NeroNET\nnservicectrl.exe (Ahead Software AG)
MsConfig - StartUpReg: nmapp - hkey= - key= - C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
MsConfig - StartUpReg: Orb - hkey= - key= - C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks)
MsConfig - StartUpReg: PaperPort PTD - hkey= - key= - C:\PAPRPORT\pptd40nt.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: PC Pitstop Optimize Reminder - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: PPWebCap - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: PxDotNetLoader - hkey= - key= - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe (Fidelity Investments)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RegisterDropHandler - hkey= - key= - C:\Program Files\TextBridge Pro 9.0\Bin\RegisterDropHandler.exe ()
MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: TBPS - hkey= - key= - File not found
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig - StartUpReg: UserFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: Verizon_McciTrayApp - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: WD Button Manager - hkey= - key= - File not found
MsConfig - StartUpReg: WinampAgent - hkey= - key= - File not found
MsConfig - StartUpReg: WinTools - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: SolutoService - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SolutoService - Service
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {02f78298-8af6-495c-9ecb-b6ae68678186} - KB867282
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {96543d59-497a-4801-a1f3-5936aacaf7b1} - Q828750
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: vidc.dmb1 - m3jpeg32.dll File not found
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.MJPG - m3jpeg32.dll File not found
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll ([You must be registered and logged in to see this link.]
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========

[2011/06/16 18:51:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/05/20 09:49:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/20 09:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/17 11:59:22 | 3171,203,072 | ---- | M] () -- C:\backup061711b.iso
[2011/06/17 11:59:22 | 000,004,326 | ---- | M] () -- C:\backup061711b.MDS
[2011/06/17 10:50:41 | 920,289,280 | ---- | M] () -- C:\backup061711a.iso
[2011/06/17 10:50:41 | 000,004,326 | ---- | M] () -- C:\backup061711a.MDS
[2011/06/17 10:28:22 | 161,277,952 | ---- | M] () -- C:\backup061711.iso
[2011/06/17 10:28:22 | 000,004,325 | ---- | M] () -- C:\backup061711.MDS
[2011/06/16 19:25:35 | 180,174,880 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2011/06/16 19:25:35 | 002,419,352 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2011/06/16 19:25:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/16 19:12:57 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/16 18:47:27 | 000,352,878 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/06/16 18:47:24 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/16 18:45:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/09 05:34:10 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Desktop\Microsoft Word.lnk
[2011/06/07 17:11:41 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Desktop\Microsoft Excel.lnk
[2011/06/07 14:46:57 | 000,000,529 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2011/06/07 14:46:57 | 000,000,079 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2011/06/06 19:32:13 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Desktop\Microsoft Access.lnk
[2011/05/20 09:51:41 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/20 09:51:41 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader X.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========

[2011/06/17 11:59:22 | 000,004,326 | ---- | C] () -- C:\backup061711b.MDS
[2011/06/17 11:54:55 | 3171,203,072 | ---- | C] () -- C:\backup061711b.iso
[2011/06/17 10:50:41 | 000,004,326 | ---- | C] () -- C:\backup061711a.MDS
[2011/06/17 10:48:40 | 920,289,280 | ---- | C] () -- C:\backup061711a.iso
[2011/06/17 10:28:22 | 000,004,325 | ---- | C] () -- C:\backup061711.MDS
[2011/06/17 10:28:08 | 161,277,952 | ---- | C] () -- C:\backup061711.iso
[2011/05/20 09:51:41 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/20 09:51:41 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader X.lnk
[2010/12/20 11:05:15 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\RSLSP.dll
[2010/12/18 19:01:23 | 000,087,960 | ---- | C] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/18 19:00:24 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/12/01 17:43:23 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10A.DAT
[2010/12/01 17:24:12 | 000,032,270 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/12/01 15:19:50 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\usb
[2010/10/21 21:11:43 | 000,210,307 | ---- | C] () -- C:\WINDOWS\aolunins_us.exe
[2010/07/12 18:22:23 | 000,000,062 | ---- | C] () -- C:\WINDOWS\pcvcdbr.INI
[2010/07/12 18:22:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcvcdvw.INI
[2010/04/28 14:05:31 | 000,000,078 | ---- | C] () -- C:\WINDOWS\PODW.INI
[2009/12/14 15:14:30 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/12/11 17:37:58 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/11 17:37:57 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/12/11 17:37:55 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/12/11 17:37:55 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/11 17:37:55 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/12/11 17:32:18 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/09/12 12:51:02 | 000,001,037 | ---- | C] () -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Local Settings\Application Data\Account.atomsvc
[2009/03/09 15:30:27 | 000,060,744 | ---- | C] () -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\g2mdlhlpx.exe
[2008/11/11 19:12:17 | 180,174,880 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/11/11 19:07:12 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/08/26 21:10:27 | 000,817,152 | R--- | C] () -- C:\WINDOWS\System32\bootman.exe
[2008/07/01 17:58:31 | 000,182,992 | ---- | C] () -- C:\WINDOWS\ 9AnyDVD-uninst.ini
[2008/02/19 10:32:21 | 000,892,224 | ---- | C] () -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\RVLHJL4.zip
[2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/10/10 17:23:15 | 001,228,854 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbError.bmp
[2007/10/10 14:09:34 | 000,000,107 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2007/10/10 13:52:26 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2007/10/10 13:52:26 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2007/10/10 13:52:26 | 000,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini
[2007/08/30 21:17:01 | 000,951,455 | ---- | C] () -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\RVLHJL7.zip
[2007/06/13 16:15:15 | 000,316,825 | ---- | C] () -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\RVLHJL6.zip
[2007/04/11 19:32:30 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2007/02/23 15:36:01 | 000,448,489 | ---- | C] () -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\RVLHJL0207.zip
[2007/02/23 13:44:26 | 000,390,405 | ---- | C] () -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\RVLHJL3.zip
[2007/02/22 17:50:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/02/01 11:54:23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/12/16 18:18:09 | 000,233,472 | ---- | C] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\s-1-5-19.rrr
[2006/12/16 18:17:55 | 005,480,448 | ---- | C] () -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\s-1-5-21-484763869-963894560-725345543-1003.rrr
[2006/12/16 18:17:52 | 000,233,472 | ---- | C] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\s-1-5-20.rrr
[2006/12/08 18:49:16 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/09/18 14:47:30 | 000,000,084 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2006/09/18 14:47:30 | 000,000,068 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006/08/23 15:14:13 | 000,036,864 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2006/08/21 11:39:07 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2006/08/21 11:39:06 | 000,000,951 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2006/08/21 11:39:06 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2006/08/21 11:38:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2006/08/21 11:24:10 | 000,000,529 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/08/21 11:24:10 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/08/21 11:15:28 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\BntRC.dll
[2006/06/27 20:19:51 | 000,000,053 | ---- | C] () -- C:\WINDOWS\zbj22.ini
[2006/06/27 19:59:25 | 000,000,087 | ---- | C] () -- C:\WINDOWS\bj22.ini
[2006/06/27 17:27:07 | 000,004,484 | ---- | C] () -- C:\WINDOWS\System32\drivers\cpuidlep.sys
[2006/06/14 17:00:42 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\.googlewebacchosts
[2006/05/19 17:51:49 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/05/19 17:50:18 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/05/09 18:13:21 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
[2006/04/21 18:08:37 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\WavCodec.wff
[2006/01/14 17:40:24 | 000,000,051 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2006/01/14 17:35:40 | 000,000,055 | ---- | C] () -- C:\WINDOWS\GCCASINO.INI
[2006/01/13 11:29:05 | 000,000,286 | ---- | C] () -- C:\WINDOWS\pcps.ini
[2005/12/29 19:45:51 | 000,370,828 | ---- | C] () -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\RVLHJL06.zip
[2005/12/13 17:17:48 | 001,574,598 | ---- | C] () -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\RVLHJL2.zip
[2005/10/24 11:53:04 | 000,000,231 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/10/13 20:11:03 | 000,000,066 | ---- | C] () -- C:\WINDOWS\calera.ini
[2005/09/10 18:32:49 | 000,000,068 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/09/10 17:52:25 | 000,182,966 | ---- | C] () -- C:\WINDOWS\Aolunins.exe
[2005/08/29 14:45:00 | 000,000,065 | ---- | C] () -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\default.pls
[2005/08/22 22:06:38 | 000,004,826 | ---- | C] () -- C:\WINDOWS\ATM.INI
[2005/08/22 22:06:00 | 000,000,177 | ---- | C] () -- C:\WINDOWS\kpcms.ini
[2005/08/22 22:05:59 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/08/22 22:05:57 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2005/08/22 22:05:57 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2005/08/22 22:05:02 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\LTFIL62N.DLL
[2005/08/22 22:05:02 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\LTTWN62N.DLL
[2005/08/22 22:05:02 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\ftpclient.dll
[2005/08/22 22:05:02 | 000,003,200 | ---- | C] () -- C:\WINDOWS\System32\LTTHK62W.DLL
[2005/08/22 18:36:53 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/18 11:24:31 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2005/08/09 13:26:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/04/08 21:14:51 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Local Settings\Application Data\fusioncache.dat
[2005/03/25 18:32:07 | 000,001,089 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2005/03/24 19:49:36 | 000,022,016 | ---- | C] () -- C:\WINDOWS\exeshl.dll
[2005/03/24 19:49:36 | 000,000,071 | ---- | C] () -- C:\WINDOWS\netctrl.ini
[2005/03/16 21:43:22 | 000,000,066 | ---- | C] () -- C:\WINDOWS\StationRipper.INI
[2005/03/16 21:41:03 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/03/04 19:07:44 | 000,012,126 | ---- | C] () -- C:\WINDOWS\System32\Pixpcz.dll
[2005/03/04 19:07:44 | 000,011,934 | ---- | C] () -- C:\WINDOWS\System32\Pixpnr.dll
[2005/03/04 19:07:43 | 000,004,528 | ---- | C] () -- C:\WINDOWS\System32\Setbrows.exe
[2005/03/04 18:40:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\viewlink.ini
[2005/03/04 18:31:36 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2005/03/04 18:31:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2005/03/04 18:31:36 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2005/03/04 18:31:22 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2005/02/24 18:47:33 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\Xnmba458.dll
[2005/02/24 18:47:33 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\Xnmhb458.dll
[2005/02/24 18:47:33 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\Xnmte458.dll
[2005/02/24 18:47:33 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\Xnmhn458.dll
[2005/02/24 11:38:36 | 000,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2005/02/23 15:24:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PPViewer.INI
[2005/02/23 14:50:56 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\Thumb.dll
[2005/02/21 16:10:21 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\APCSnmp.dll
[2005/02/21 15:20:09 | 000,373,760 | ---- | C] () -- C:\WINDOWS\System32\xnmba450.dll
[2005/02/21 15:20:09 | 000,086,528 | ---- | C] () -- C:\WINDOWS\System32\xnmhb450.dll
[2005/02/21 15:20:09 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\xnmte450.dll
[2005/02/21 15:20:09 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\xnmhn450.dll
[2005/02/21 15:18:16 | 000,002,396 | ---- | C] () -- C:\WINDOWS\acroread.ini
[2005/02/21 14:51:15 | 000,000,291 | ---- | C] () -- C:\WINDOWS\EReg206.dat
[2005/02/18 19:17:24 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\EBUtil2.dll
[2005/02/18 19:14:48 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2005/02/18 10:04:41 | 000,004,410 | ---- | C] () -- C:\WINDOWS\З9AnyDVD-uninst.ini
[2005/02/17 21:03:05 | 000,025,904 | ---- | C] () -- C:\WINDOWS\System32\CDROM16.DLL
[2005/02/17 21:03:04 | 000,219,136 | ---- | C] () -- C:\WINDOWS\System32\MPEGAVMM.DLL
[2005/02/17 21:03:04 | 000,217,600 | ---- | C] () -- C:\WINDOWS\System32\MPEGAV32.DLL
[2005/02/17 21:03:04 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\CDROM32.DLL

Rest to follow in separate post


Last edited by sibob50 on 17th June 2011, 5:38 pm; edited 1 time in total

sibob50
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2011-06-17
OS OS : xp
Points Points : 20066
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Unknown - from link (tekenburo-welling.nl)

Post by sibob50 on 17th June 2011, 5:30 pm

The information is for my PC . The computer that I am using is a different one (my wife's) as I can not load Windows on mine.

sibob50
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2011-06-17
OS OS : xp
Points Points : 20066
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Unknown - from link (tekenburo-welling.nl)

Post by Belahzur on 17th June 2011, 6:09 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Virus - Unknown

Post by sibob50 on 17th June 2011, 7:11 pm

I downloaded ComboFix but it starts with an error mesage probably because I can't disable my anti-virus Avast! because I can't start Windows in order to disable.

sibob50
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2011-06-17
OS OS : xp
Points Points : 20066
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Unknown - from link (tekenburo-welling.nl)

Post by Sneakyone on 21st June 2011, 3:53 am

Hi,

How come you can't disable Avast in your current boot?


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56124
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum