Infected Files and Registery Keys

View previous topic View next topic Go down

Infected Files and Registery Keys

Post by Vista on Sun Jun 19, 2011 7:58 pm

Hello,
I started getting this error message when I boot the PC saying "Missing RUNDLL Entry". Can you please help me clean my PC? Thank you!

Malwarebytes' Anti-Malware 1.51.0.1200
[You must be registered and logged in to see this link.]

Database version: 6897

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/19/2011 3:49:32 PM
mbam-log-2011-06-19 (15-49-18).txt

Scan type: Quick scan
Objects scanned: 176039
Time elapsed: 20 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\YontooIEClient.Layers.1 (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\YontooIEClient.Layers (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Agent) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\yontoo layers client\yontooieclient.dll (Adware.Agent) -> No action taken.

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32764
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected Files and Registery Keys

Post by Sneakyone on Mon Jun 20, 2011 5:21 am

Hi,

Please download [You must be registered and logged in to see this link.] to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time


Note: in the event that OTL fails to run, please use alternate download links to try again:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected Files and Registery Keys

Post by Vista on Mon Jun 20, 2011 8:23 pm

OTL logfile created on: 6/20/2011 3:05:47 PM - Run 6
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Valerie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 223.00 Mb Available Physical Memory | 44.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 203.77 Gb Free Space | 87.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VALERIE-DAAA710
Current User Name: Valerie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2011/06/16 07:47:01 | 000,103,736 | ---- | M] () -- C:\WINDOWS\Downlo~1\MyWebEx\319\RAAGTAPP.EXE
PRC - [2011/05/25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Valerie\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/05/24 16:02:04 | 000,143,360 | ---- | M] () -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2010/08/25 11:11:06 | 000,050,464 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/06/10 17:45:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valerie\Desktop\OTL.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/03/29 12:51:28 | 000,016,776 | ---- | M] () -- C:\WINDOWS\Downlo~1\MyWebEx\319\atnthost.exe
PRC - [2009/12/03 17:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. ([You must be registered and logged in to see this link.] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/12 17:33:02 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcjcoms.exe
PRC - [2002/12/12 08:45:00 | 000,541,184 | R--- | M] (Symantec Corporation) -- C:\Program Files\WinFax\WFXMOD32.EXE
PRC - [2000/09/28 23:58:42 | 000,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\WFXSVC.EXE


========== Modules (SafeList) ==========

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/06/10 17:45:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valerie\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2011/05/24 16:02:04 | 000,143,360 | ---- | M] () [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/08/25 11:11:06 | 000,050,464 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/03/29 12:51:28 | 000,016,776 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Downlo~1\MyWebEx\319\atnthost.exe -- (atnthost)
SRV - [2009/12/03 17:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. ([You must be registered and logged in to see this link.] [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2005/07/12 17:33:02 | 000,491,520 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\System32\dlcjcoms.exe -- (dlcj_device)
SRV - [2005/03/30 16:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2000/09/28 23:58:42 | 000,129,536 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\WINDOWS\system32\WFXSVC.EXE -- (wfxsvc)


========== Driver Services (SafeList) ==========

DRV - [2010/10/01 10:37:50 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (kl1)
DRV - [2010/05/07 11:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/11/02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2005/06/16 14:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005/03/31 08:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 07:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 07:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005/03/31 07:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 07:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2004/08/13 03:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 02:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 02:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 02:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 02:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 02:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 02:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 02:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 02:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 02:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 04:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/07/14 12:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 12:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/06/15 23:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.8
FF - prefs.js..extensions.enabledItems: feedly@devhd:5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:11.0.2.579
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:11.0.2.579
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:11.0.2.579
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011/05/31 11:35:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011/05/31 11:35:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011/05/31 11:35:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/17 20:23:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/03 07:56:29 | 000,000,000 | ---D | M]

[2011/03/09 12:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Extensions
[2011/06/19 15:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\extensions
[2011/03/10 13:43:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/15 09:31:07 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/06/11 13:28:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}
[2011/06/11 13:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\extensions\feedly@devhd
[2011/06/11 13:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\extensions\staged-xpis
[2011/06/11 13:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\extensions\feedly@devhd\content\app\extension
[2011/06/19 15:18:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/05 17:03:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/04 14:11:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2011/04/04 14:11:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2011/04/05 17:01:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/05/19 19:20:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DLCJCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.DLL ()
O4 - Startup: C:\Documents and Settings\Valerie\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Valerie\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O15 - HKCU\..Trusted Domains: intuit.com ([community] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [You must be registered and logged in to see this link.] (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} [You must be registered and logged in to see this link.] (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} [You must be registered and logged in to see this link.] (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: vzTCPConfig [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2005\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\Valerie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Valerie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files\WinFax\WFXSEH32.DLL (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/18 14:12:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/04/18 14:11:59 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Controller.LNK - C:\Program Files\WinFax\WFXCTL32.EXE - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Intuit Data Protect.lnk - C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe - (Intuit Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk - C:\PROGRA~1\MCAFEE~1\10BCA1~1.150\SSSCHE~1.EXE - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Remote Access.lnk - C:\WINDOWS\Downlo~1\MyWebEx\319\raagtx.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe - (Intuit Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk - C:\Program Files\Intuit\QuickBooks 2005\QBW32.EXE - (Intuit Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^Valerie^Start Menu^Programs^Startup^Adobe Media Player.lnk - C:\Program Files\Adobe Media Player\Adobe Media Player.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Valerie^Start Menu^Programs^Startup^Dropbox.lnk - C:\Documents and Settings\Valerie\Application Data\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeUpdater6 - hkey= - key= - C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BbInstallUser - hkey= - key= - C:\Program Files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe (Bluebeam Software, Inc.)
MsConfig - StartUpReg: BbPrintMonitor - hkey= - key= - C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe (Bluebeam Software, Inc.)
MsConfig - StartUpReg: Carbonite Backup - hkey= - key= - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
MsConfig - StartUpReg: cdloader - hkey= - key= - C:\Documents and Settings\Valerie\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
MsConfig - StartUpReg: dla - hkey= - key= - File not found
MsConfig - StartUpReg: dlcjmon.exe - hkey= - key= - C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe (Dell)
MsConfig - StartUpReg: igfxhkcmd - hkey= - key= - File not found
MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
MsConfig - StartUpReg: igfxtray - hkey= - key= - File not found
MsConfig - StartUpReg: Intuit SyncManager - hkey= - key= - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
MsConfig - StartUpReg: JFSW2Launch - hkey= - key= - C:\Documents and Settings\Valerie\Application Data\Transcend\JFSW2\JFSW2Launch.exe ()
MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: MemoryCardManager - hkey= - key= - C:\Program Files\Dell Photo AIO Printer 964\memcard.exe ()
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: UpdateManager - hkey= - key= - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
MsConfig - StartUpReg: WFXSwtch - hkey= - key= - C:\Program Files\WinFax\WFXSWTCH.exe ()
MsConfig - StartUpReg: WinFaxAppPortStarter - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 1

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {188D7FBC-A52A-50CB-B301-5D968EF05E48} - Outlook Express
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - C:\WINDOWS\system32\Adobe
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A2F2C425-EC0B-C5D9-1FE5-038C23AA962D} - Browser Customizations
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Adobe
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32764
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected Files and Registery Keys

Post by Vista on Mon Jun 20, 2011 8:23 pm

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/16 13:41:23 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/09 09:14:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valerie\Desktop\pitapecalc.aspx_files
[1 C:\Documents and Settings\Valerie\My Documents\*.tmp files -> C:\Documents and Settings\Valerie\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/20 14:50:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/20 11:35:09 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{76D70BD6-ADEF-4772-B82F-52AD730EEB58}.job
[2011/06/20 11:33:34 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/06/20 11:33:28 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure Startup.job
[2011/06/20 11:33:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/20 11:32:57 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/20 08:42:50 | 000,001,094 | ---- | M] () -- C:\WINDOWS\win.ini
[2011/06/20 08:42:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011/06/20 08:42:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/19 17:58:34 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\Valerie\ntuser.dat
[2011/06/19 17:57:34 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Valerie\ntuser.ini
[2011/06/19 14:39:14 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2011/06/17 14:33:32 | 000,523,312 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011/06/17 14:33:32 | 000,444,434 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/17 14:33:32 | 000,072,310 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/17 12:31:38 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Selbyville Tractor.doc
[2011/06/17 00:17:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/09 09:23:07 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Buena Vista 2.doc
[2011/06/09 09:15:01 | 000,009,186 | ---- | M] () -- C:\Documents and Settings\Valerie\Desktop\pitapecalc.aspx.htm
[2011/06/09 07:50:00 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Medicaid Letter.doc
[2011/06/09 07:39:28 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Middletown Fire Company.doc
[2011/06/08 11:48:11 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Firebirds Restaurant3.doc
[2011/06/08 11:36:12 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Penske Trucking.doc
[2011/06/07 08:38:16 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Miller, William.doc
[2011/06/07 08:29:12 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Ballou, Linda.doc
[2011/06/07 08:27:41 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Shuty, Laverne.doc
[2011/06/06 19:48:15 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Kline, Judy2.doc
[2011/06/06 19:38:07 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Geshay, Jeff2.doc
[2011/06/06 18:50:17 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Hamilton, Anna.doc
[2011/06/04 21:36:26 | 004,839,424 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2011/06/04 21:36:19 | 003,591,168 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2011/06/03 15:58:01 | 000,001,030 | ---- | M] () -- C:\Documents and Settings\Valerie\Start Menu\Programs\Startup\Dropbox.lnk
[2011/06/03 15:58:00 | 000,001,030 | ---- | M] () -- C:\Documents and Settings\Valerie\Desktop\Dropbox.lnk
[2011/06/03 15:52:11 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/03 07:07:56 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Kline, Judy.doc
[2011/06/03 06:58:53 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Lyon, Barbara.doc
[2011/06/02 07:33:23 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Gazze, Kathy.doc
[2011/05/31 22:42:22 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Holdridge, Jim.doc
[2011/05/31 21:31:51 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Craig, Sue.doc
[2011/05/31 20:48:50 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Valerie\Desktop\Microsoft Office Word 2003.lnk
[2011/05/31 20:26:41 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Email, Serv. Magic.doc
[2011/05/31 20:26:29 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Valerie\Desktop\Email, Serv. Magic.doc
[2011/05/30 18:19:48 | 005,964,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/25 21:00:28 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Rail, Julia.doc
[2011/05/25 20:31:37 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Cooke, Steve.doc
[2011/05/25 19:50:04 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Teti2.doc
[2011/05/25 14:27:06 | 000,092,166 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Eclipse Solar Products Insurance.pdf
[2011/05/25 08:03:58 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Jerry2.doc
[2011/05/23 21:32:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/23 10:52:01 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/05/21 20:05:38 | 001,149,680 | ---- | M] () -- C:\Documents and Settings\Valerie\Desktop\100_1582.jpg
[1 C:\Documents and Settings\Valerie\My Documents\*.tmp files -> C:\Documents and Settings\Valerie\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/17 12:31:37 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Selbyville Tractor.doc
[2011/06/09 09:14:52 | 000,009,186 | ---- | C] () -- C:\Documents and Settings\Valerie\Desktop\pitapecalc.aspx.htm
[2011/06/09 07:50:00 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Medicaid Letter.doc
[2011/06/08 11:48:11 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Firebirds Restaurant3.doc
[2011/06/08 11:36:11 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Penske Trucking.doc
[2011/06/07 08:38:16 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Miller, William.doc
[2011/06/07 08:12:47 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Ballou, Linda.doc
[2011/06/07 08:09:27 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Shuty, Laverne.doc
[2011/06/06 19:46:25 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Kline, Judy2.doc
[2011/06/06 19:15:35 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Geshay, Jeff2.doc
[2011/06/06 18:45:32 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Hamilton, Anna.doc
[2011/06/03 07:07:55 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Kline, Judy.doc
[2011/06/03 06:58:48 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Lyon, Barbara.doc
[2011/06/02 07:30:29 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Gazze, Kathy.doc
[2011/05/31 22:42:22 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Holdridge, Jim.doc
[2011/05/31 21:31:50 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Craig, Sue.doc
[2011/05/31 20:26:40 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Email, Serv. Magic.doc
[2011/05/31 20:26:27 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Valerie\Desktop\Email, Serv. Magic.doc
[2011/05/25 21:00:27 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Rail, Julia.doc
[2011/05/25 20:31:36 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Cooke, Steve.doc
[2011/05/25 19:50:03 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Teti2.doc
[2011/05/25 14:27:06 | 000,092,166 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Eclipse Solar Products Insurance.pdf
[2011/05/25 08:03:57 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Jerry2.doc
[2011/05/23 20:49:08 | 001,149,680 | ---- | C] () -- C:\Documents and Settings\Valerie\Desktop\100_1582.jpg
[2011/02/19 20:33:06 | 000,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/02/16 12:57:24 | 000,000,134 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/19 20:59:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.Valerie.ini
[2009/04/21 21:05:26 | 000,000,070 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2009/04/02 21:02:54 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/05/06 08:39:42 | 000,688,128 | R--- | C] () -- C:\WINDOWS\System32\Bluebeam Javascript Library.dll
[2008/04/30 15:28:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI
[2008/04/30 15:17:21 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
[2008/04/30 15:17:21 | 000,000,378 | ---- | C] () -- C:\WINDOWS\WINFAX.INI
[2008/04/30 15:17:18 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2008/04/29 11:40:08 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\dlcjvs.dll
[2008/04/29 11:39:08 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcjserv.dll
[2008/04/29 11:39:08 | 001,122,304 | ---- | C] () -- C:\WINDOWS\System32\dlcjusb1.dll
[2008/04/29 11:39:08 | 000,630,784 | ---- | C] () -- C:\WINDOWS\System32\dlcjpmui.dll
[2008/04/29 11:39:08 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjprox.dll
[2008/04/29 11:39:08 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcjpplc.dll
[2008/04/29 11:39:07 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcjhbn3.dll
[2008/04/29 11:39:07 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomc.dll
[2008/04/29 11:39:07 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcjlmpm.dll
[2008/04/29 11:39:07 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomm.dll
[2008/04/29 11:39:06 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcjutil.dll
[2008/04/29 11:39:04 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsb.dll
[2008/04/29 11:39:04 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcjjswr.dll
[2008/04/29 11:39:04 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsr.dll
[2008/04/29 11:39:03 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjins.dll
[2008/04/29 11:39:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcjcub.dll
[2008/04/29 11:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcjcu.dll
[2008/04/29 11:39:02 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcjcur.dll
[2008/04/28 12:13:33 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/04/18 14:48:50 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/18 14:47:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/10 09:43:24 | 003,563,520 | R--- | C] () -- C:\WINDOWS\System32\BGP856.dll
[2005/10/14 17:09:48 | 000,050,652 | ---- | C] () -- C:\WINDOWS\System32\drivers\atntwink.sys
[2005/06/01 12:53:38 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcjcfg.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2004/08/12 09:19:04 | 000,033,280 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\eventcls.dll
[2008/04/13 20:11:53 | 000,380,445 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\expsrv.dll
[2008/04/13 20:11:54 | 000,344,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\hnetcfg.dll
[2010/10/05 20:27:04 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\klogon.dll
[2004/08/12 09:23:50 | 001,355,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm50.dll
[2008/04/13 20:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\kl1.sys
[2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\kl2.sys
[2010/10/01 10:37:50 | 000,475,736 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\klif.sys
[2010/05/07 11:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\klim5.sys
[2009/11/02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\klmouflt.sys

< %systemroot%\System32\config\*.sav >
[2008/04/18 08:24:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/04/18 08:24:46 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/04/18 08:24:46 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/12 09:17:21 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/12 09:18:15 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/12 09:19:36 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/12 09:20:44 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/12 09:20:45 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/12 09:25:08 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/12 09:25:08 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/12 09:25:08 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/12 09:25:09 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/12 09:25:09 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/12 09:25:11 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/12 09:25:11 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/12 09:25:11 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/12 09:25:12 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/12 09:25:12 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 14:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2011/03/03 09:21:11 | 001,857,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 20:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 20:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 20:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 20:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 20:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 20:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 20:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 20:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 20:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 20:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 20:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 20:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 20:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 20:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 20:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >
[2005/03/30 16:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe

< %SYSTEMDRIVE%\*.* >
[2009/03/20 17:22:01 | 000,067,718 | ---- | M] () -- C:\.T08
[2008/04/09 10:24:09 | 032,805,060 | ---- | M] () -- C:\ACR ONLY.zip
[2009/05/30 21:18:51 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2009/03/20 17:28:40 | 000,070,249 | ---- | M] () -- C:\Amended 2008 Return.T08
[2008/04/18 14:12:30 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/19 10:57:06 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2011/02/28 14:50:48 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/06/13 19:14:19 | 000,079,025 | ---- | M] () -- C:\ComboFix.txt
[2008/04/18 14:12:30 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/04/21 21:28:03 | 000,034,364 | ---- | M] () -- C:\CybDefInstallInfo.log
[2008/05/22 15:51:33 | 002,016,403 | ---- | M] () -- C:\DELAWARE GLASS TINTING, INC May 22,2008 03 51 PM.QBB
[2011/03/19 16:32:14 | 000,012,906 | ---- | M] () -- C:\dlcj.log
[2011/06/20 08:42:54 | 000,123,196 | ---- | M] () -- C:\dlcjscan.log
[2010/06/09 22:05:44 | 003,873,025 | ---- | M] () -- C:\EasyShare.dmp
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/02/18 18:42:13 | 000,000,067 | ---- | M] () -- C:\inferno.log
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2008/04/18 14:12:30 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/06 10:40:37 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2008/04/18 14:12:30 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/12 09:25:07 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/04/01 08:05:18 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/06/20 08:42:31 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2009/03/25 16:19:28 | 000,075,384 | ---- | M] () -- C:\Personal Taxes 2008 2.T08
[2009/03/20 23:50:45 | 000,080,225 | ---- | M] () -- C:\Personal Taxes 2008.T08
[2009/03/25 14:07:16 | 000,080,630 | ---- | M] () -- C:\Personal Taxes 20083.T08
[2011/04/01 21:11:55 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2008/04/29 11:42:54 | 000,000,172 | ---- | M] () -- C:\setupfax.log
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %PROGRAMFILES%\*. >
[2008/04/30 12:38:22 | 000,000,000 | ---D | M] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
[2009/04/02 21:02:50 | 000,000,000 | ---D | M] -- C:\Program Files\activePDF
[2011/03/10 09:56:27 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/10/29 11:26:42 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/06/29 19:35:20 | 000,000,000 | ---D | M] -- C:\Program Files\Bluebeam Software
[2010/02/12 11:31:05 | 000,000,000 | ---D | M] -- C:\Program Files\Carbonite
[2008/04/30 13:28:20 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2011/01/31 22:34:02 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/04/18 14:09:06 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/04/21 11:08:31 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009/04/03 07:38:08 | 000,000,000 | ---D | M] -- C:\Program Files\DeductionPro 2008
[2008/04/18 14:53:00 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2010/01/25 11:38:12 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Photo AIO Printer 964
[2010/02/12 18:44:31 | 000,000,000 | ---D | M] -- C:\Program Files\Design Science
[2011/06/20 12:45:58 | 000,000,000 | ---D | M] -- C:\Program Files\Dl_cats
[2011/01/31 21:43:37 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/06/29 19:43:32 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/03/12 21:03:38 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/06/17 00:09:00 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/04/18 14:41:37 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2008/04/21 16:05:17 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2011/04/05 17:00:44 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/04/04 14:02:13 | 000,000,000 | ---D | M] -- C:\Program Files\Kaspersky Lab
[2009/04/02 13:02:06 | 000,000,000 | ---D | M] -- C:\Program Files\Kodak
[2011/06/03 15:53:17 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/25 10:10:26 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/03/23 20:22:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/04/18 14:46:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2008/04/18 14:12:51 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/05/12 11:23:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/03/23 20:28:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2008/04/18 14:46:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/03/24 00:04:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2011/02/19 20:02:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/03/25 12:59:38 | 000,000,000 | ---D | M] -- C:\Program Files\MIE
[2010/08/12 00:04:01 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/06/17 12:42:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/05 21:37:46 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/05/12 11:22:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/04/01 08:17:44 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/04/18 14:08:41 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/05/21 16:34:38 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/04/01 08:11:24 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2011/01/31 21:16:06 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Security Scan
[2010/10/05 14:04:39 | 000,000,000 | ---D | M] -- C:\Program Files\One-Click Export
[2008/04/18 14:10:55 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/17 16:59:32 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/02/12 18:47:04 | 000,000,000 | ---D | M] -- C:\Program Files\Paint.NET
[2010/11/15 14:11:12 | 000,000,000 | ---D | M] -- C:\Program Files\ParetoLogic
[2011/02/01 14:16:31 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/08/05 21:37:31 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/06/11 09:51:19 | 000,000,000 | ---D | M] -- C:\Program Files\Sapro Systems Paymee V3
[2008/04/18 14:48:50 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2008/06/16 13:26:17 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2010/09/20 12:20:58 | 000,000,000 | ---D | M] -- C:\Program Files\Swag_Bucks
[2008/04/30 15:18:36 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2010/05/19 11:05:31 | 000,000,000 | ---D | M] -- C:\Program Files\TaxCut08
[2009/01/27 14:43:37 | 000,000,000 | ---D | M] -- C:\Program Files\TeamViewer
[2009/01/25 15:26:31 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/03/18 15:24:14 | 000,000,000 | ---D | M] -- C:\Program Files\TurboTax
[2008/04/18 15:33:10 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/01/10 13:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon
[2011/03/31 20:22:31 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2010/03/23 20:39:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/02/27 18:20:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/04/15 20:48:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/04/15 20:48:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/04/01 08:11:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/04/18 14:11:00 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2011/05/23 07:34:29 | 000,000,000 | ---D | M] -- C:\Program Files\WinFax
[2008/04/18 14:12:51 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/12/15 14:16:45 | 000,000,000 | ---D | M] -- C:\Program Files\Yontoo Layers Client

< %appdata%\*.* >
[2008/04/18 08:26:07 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Valerie\Application Data\desktop.ini
[2010/09/01 10:50:51 | 000,000,077 | ---- | M] () -- C:\Documents and Settings\Valerie\Application Data\Rim.Desktop.Exception.log
[2010/09/20 12:10:44 | 000,001,573 | ---- | M] () -- C:\Documents and Settings\Valerie\Application Data\Rim.Desktop.HttpServerSetup.log
[2009/02/26 10:50:36 | 000,013,019 | ---- | M] () -- C:\Documents and Settings\Valerie\Application Data\Tab Separated Values (Windows).CAL


< MD5 for: AGP440.SYS >
[2004/08/12 09:29:28 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/04/01 07:54:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/04/01 07:54:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/12 09:29:28 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/04/01 07:54:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/04/01 07:54:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/12 09:17:27 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/12 09:29:28 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/04/01 07:54:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2009/04/01 07:54:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/12 09:18:39 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/12 09:19:04 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2004/08/12 09:36:15 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/12 09:24:31 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/12 09:27:47 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/12 09:29:28 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2009/04/01 07:54:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2009/04/01 07:54:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-06-17 04:25:52

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Valerie\My Documents\LARRYS PICS 001.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Valerie\My Documents\christmas pics 2007.png:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Valerie\My Documents\christmas pics 1 2007.png:SummaryInformation
< End of report >
[b][i]

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32764
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected Files and Registery Keys

Post by Vista on Mon Jun 20, 2011 8:25 pm

* I forgot to say that I do not get sound on my PC. Can you tell me how to fix that too please? Thanks.

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32764
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected Files and Registery Keys

Post by Sneakyone on Tue Jun 21, 2011 2:50 am

Hi,

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    PRC - [2011/06/16 07:47:01 | 000,103,736 | ---- | M] () -- C:\WINDOWS\Downlo~1\MyWebEx\319\RAAGTAPP.EXE
    PRC - [2010/03/29 12:51:28 | 000,016,776 | ---- | M] () -- C:\WINDOWS\Downlo~1\MyWebEx\319\atnthost.exe
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O15 - HKCU\..Trusted Domains: intuit.com ([community] https in Trusted sites)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
    O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [You must be registered and logged in to see this link.] (DLM Control)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} [You must be registered and logged in to see this link.] (Verizon Wireless Media Upload)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} [You must be registered and logged in to see this link.] (Windows Live Hotmail Photo Upload Tool)
    O16 - DPF: vzTCPConfig [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    MsConfig - StartUpReg: dla - hkey= - key= - File not found
    MsConfig - StartUpReg: igfxhkcmd - hkey= - key= - File not found
    MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
    MsConfig - StartUpReg: igfxtray - hkey= - key= - File not found
    MsConfig - StartUpReg: WinFaxAppPortStarter - hkey= - key= - File not found

    :files
    C:\WINDOWS\Downlo~1\MyWebEx

    :commands
    [emptytemp]
    [resethosts]


  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

---------------

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected Files and Registery Keys

Post by Vista on Thu Jun 23, 2011 1:41 pm

I copied and pasted in OTL and everything was going thru until when it got to "reset hosts" it stopped and gave me an error message " Can not create file C/Windows/System32/drivers/ect/Hosts. Then it would not proceed from there. Just froze.Had to shut down and boot up again. Can you help me please?

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32764
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected Files and Registery Keys

Post by Sneakyone on Fri Jun 24, 2011 6:44 am

Do this::OTL
PRC - [2011/06/16 07:47:01 | 000,103,736 | ---- | M] () -- C:\WINDOWS\Downlo~1\MyWebEx\319\RAAGTAPP.EXE
PRC - [2010/03/29 12:51:28 | 000,016,776 | ---- | M] () -- C:\WINDOWS\Downlo~1\MyWebEx\319\atnthost.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O15 - HKCU\..Trusted Domains: intuit.com ([community] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [You must be registered and logged in to see this link.] (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} [You must be registered and logged in to see this link.] (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} [You must be registered and logged in to see this link.] (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: vzTCPConfig [You must be registered and logged in to see this link.] (Reg Error: Key error.)
MsConfig - StartUpReg: dla - hkey= - key= - File not found
MsConfig - StartUpReg: igfxhkcmd - hkey= - key= - File not found
MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
MsConfig - StartUpReg: igfxtray - hkey= - key= - File not found
MsConfig - StartUpReg: WinFaxAppPortStarter - hkey= - key= - File not found

:files
C:\WINDOWS\Downlo~1\MyWebEx

:commands
[emptytemp]


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected Files and Registery Keys

Post by Vista on Sun Jun 26, 2011 7:00 pm

All processes killed
========== OTL ==========
No active process named RAAGTAPP.EXE was found!
No active process named atnthost.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\community\ not found.
Starting removal of ActiveX control {0CCA191D-13A6-4E29-B746-314DEE697D83}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ not found.
Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}
C:\WINDOWS\Downloaded Program Files\swdir.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Starting removal of ActiveX control {233C1507-6A77-46A4-9443-F871F945D258}
C:\WINDOWS\Downloaded Program Files\swdir.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{233C1507-6A77-46A4-9443-F871F945D258}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\ not found.
Starting removal of ActiveX control {406B5949-7190-4245-91A9-30A17DE16AD0}
C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{406B5949-7190-4245-91A9-30A17DE16AD0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{406B5949-7190-4245-91A9-30A17DE16AD0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{406B5949-7190-4245-91A9-30A17DE16AD0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{406B5949-7190-4245-91A9-30A17DE16AD0}\ not found.
Starting removal of ActiveX control {41564D57-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wmvadvd.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{41564D57-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{41564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564D57-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
C:\WINDOWS\Downloaded Program Files\DownloadManagerV2.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}\ not found.
Starting removal of ActiveX control {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
C:\WINDOWS\Downloaded Program Files\MsnPUpld.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {8100D56A-5661-482C-BEE8-AFECE305D968}
C:\WINDOWS\Downloaded Program Files\PhotoUploader55.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8100D56A-5661-482C-BEE8-AFECE305D968}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8100D56A-5661-482C-BEE8-AFECE305D968}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8100D56A-5661-482C-BEE8-AFECE305D968}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8100D56A-5661-482C-BEE8-AFECE305D968}\ not found.
Starting removal of ActiveX control {8A0019EB-51FA-4AE5-A40B-C0496BBFC739}
C:\WINDOWS\Downloaded Program Files\VerizonWirelessUploadControl.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0019EB-51FA-4AE5-A40B-C0496BBFC739}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A0019EB-51FA-4AE5-A40B-C0496BBFC739}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A0019EB-51FA-4AE5-A40B-C0496BBFC739}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A0019EB-51FA-4AE5-A40B-C0496BBFC739}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\WINDOWS\Downlo~1\ieatgpc.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control {E77F23EB-E7AB-4502-8F37-247DBAF1A147}
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MsnUpld.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}\ not found.
Starting removal of ActiveX control vzTCPConfig
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\vzTCPConfig\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\vzTCPConfig\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\vzTCPConfig\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\dla\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\igfxhkcmd\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\igfxpers\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\igfxtray\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\WinFaxAppPortStarter\ deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\Downlo~1\MyWebEx not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Valerie
->Temp folder emptied: 11246373 bytes
->Temporary Internet Files folder emptied: 278681 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 92669111 bytes
->Flash cache emptied: 1322 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 225631 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 100.00 mb


OTL by OldTimer - Version 3.2.6.0 log created on 06262011_144635

Files\Folders moved on Reboot...
C:\WINDOWS\temp\kls3F5B.tmp moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_cd4.dat not found!

Registry entries deleted on Reboot...

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32764
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected Files and Registery Keys

Post by Vista on Sun Jun 26, 2011 8:39 pm

ComboFix 11-06-26.01 - Valerie 06/26/2011 15:28:34.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.140 [GMT -4:00]
Running from: c:\documents and settings\Valerie\My Documents\Downloads\commy.exe.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\commy.exe
c:\commy.exe\023.dat
c:\commy.exe\023v.dat
c:\commy.exe\023w7.dat
c:\commy.exe\AppDataFile.cfx
c:\commy.exe\AppDataFolder.cfx
c:\commy.exe\appinit.bad
c:\commy.exe\asp.str
c:\commy.exe\Assoc.cmd
c:\commy.exe\ATTRIB.cfxxe
c:\commy.exe\Auto-RC.cmd
c:\commy.exe\av.cmd
c:\commy.exe\av.vbs
c:\commy.exe\AWF.cmd
c:\commy.exe\badclsid
c:\commy.exe\Boot-Rk.cmd
c:\commy.exe\Boot.bat
c:\commy.exe\BootDrv.vbs
c:\commy.exe\c.bat
c:\commy.exe\c.mrk
c:\commy.exe\Catch-sub.cmd
c:\commy.exe\catchme.cfxxe
c:\commy.exe\CCS.bat
c:\commy.exe\CF-Script.cmd
c:\commy.exe\CF10534.cfxxe
c:\commy.exe\CHCP.bat
c:\commy.exe\clsid.c
c:\commy.exe\clsid.dat
c:\commy.exe\clsid.hiv
c:\commy.exe\Combobatch.bat
c:\commy.exe\ComboFix-Download.cfxxe
c:\commy.exe\Create.cmd
c:\commy.exe\Creg.dat
c:\commy.exe\CregC.cmd
c:\commy.exe\CregC.dat
c:\commy.exe\CregC_.dat
c:\commy.exe\CSCRIPT.cfxxe
c:\commy.exe\CSet.cmd
c:\commy.exe\d-delA.dat
c:\commy.exe\dd.cfxxe
c:\commy.exe\ddsDo.sed
c:\commy.exe\DelClsid.bat
c:\commy.exe\desktop.ini
c:\commy.exe\DesktopFile.cfx
c:\commy.exe\DisclaimED.dat
c:\commy.exe\DPF.str
c:\commy.exe\DrvRun.vbs
c:\commy.exe\dumphive.cfxxe
c:\commy.exe\embedded.sed
c:\commy.exe\ERDNT.e_e
c:\commy.exe\ERDNTDOS.LOC
c:\commy.exe\ERDNTWIN.LOC
c:\commy.exe\ERUNT.cfxxe
c:\commy.exe\erunt.dat
c:\commy.exe\ERUNT.LOC
c:\commy.exe\Exe.reg
c:\commy.exe\extract.cfxxe
c:\commy.exe\f_system
c:\commy.exe\FavoriteFolder.cfx
c:\commy.exe\FavoritesFile.cfx
c:\commy.exe\FD-SV.cmd
c:\commy.exe\ffdefstr.dll
c:\commy.exe\FileKill.cfxxe
c:\commy.exe\files.pif
c:\commy.exe\Fin.dat
c:\commy.exe\FIND3M.bat
c:\commy.exe\FIXLSP.bat
c:\commy.exe\FKMGen.cmd
c:\commy.exe\ForeignWht
c:\commy.exe\GetHive.cmd
c:\commy.exe\grep.cfxxe
c:\commy.exe\gsar.cfxxe
c:\commy.exe\handle.cfxxe
c:\commy.exe\HDPEInfo.cfxxe
c:\commy.exe\hidec.cfxxe
c:\commy.exe\history.bat
c:\commy.exe\hwid.pif
c:\commy.exe\iexplore.exe
c:\commy.exe\image001.gif
c:\commy.exe\Imefile.dat
c:\commy.exe\Install-RC.cmd
c:\commy.exe\katch.cmd
c:\commy.exe\Kill-All.cmd
c:\commy.exe\kmd.dat
c:\commy.exe\Lang.bat
c:\commy.exe\LatestVer
c:\commy.exe\List-B.bat
c:\commy.exe\List-C.bat
c:\commy.exe\List-D.bat
c:\commy.exe\List.bat
c:\commy.exe\lnkread.vbs
c:\commy.exe\LocalAppDataFile.cfx
c:\commy.exe\LocalAppDataFolder.cfx
c:\commy.exe\LocalService.dat
c:\commy.exe\LocalServiceNetworkRestricted.dat
c:\commy.exe\LocalSettingsFile.cfx
c:\commy.exe\LocalSystemNetworkRestricted.dat
c:\commy.exe\mbr.cfxxe
c:\commy.exe\mbr.chk
c:\commy.exe\md5sum.pif
c:\commy.exe\Mirrors
c:\commy.exe\MoveIt.bat
c:\commy.exe\mtee.cfxxe
c:\commy.exe\MtPt00
c:\commy.exe\MWindows.dat
c:\commy.exe\mynul.dat
c:\commy.exe\N_\13647
c:\commy.exe\N_\3858
c:\commy.exe\ncmd.com
c:\commy.exe\ND_.bat
c:\commy.exe\ND_64.bat
c:\commy.exe\ndis_combofix.dat
c:\commy.exe\netsvc.bad.dat
c:\commy.exe\netsvc.dat
c:\commy.exe\NetworkService.dat
c:\commy.exe\NirCmd.cfxxe
c:\commy.exe\NircmdB.exe
c:\commy.exe\NirCmdC.cfxxe
c:\commy.exe\NIRKMD.cfxxe
c:\commy.exe\NlsLanguageDefault
c:\commy.exe\NT-OS.cmd
c:\commy.exe\NULL
c:\commy.exe\OsId.txt
c:\commy.exe\OSid.vbs
c:\commy.exe\OsVer
c:\commy.exe\pausep.cfxxe
c:\commy.exe\PersonalFile.cfx
c:\commy.exe\PersonalFolder.cfx
c:\commy.exe\pev.cfxxe
c:\commy.exe\pevb.cfxxe
c:\commy.exe\PING.cfxxe
c:\commy.exe\Policies.dat
c:\commy.exe\powp.dat
c:\commy.exe\Prep.inf
c:\commy.exe\ProfileList.bat
c:\commy.exe\ProfileList00
c:\commy.exe\Profiles.Folder.cfu
c:\commy.exe\Profiles.Folder.dat
c:\commy.exe\ProfilesFile.cfx
c:\commy.exe\ProfilesFolder.cfx
c:\commy.exe\ProfilesFolder02
c:\commy.exe\ProfilesHive00
c:\commy.exe\progfile.dat
c:\commy.exe\ProgramsFile.cfx
c:\commy.exe\ProgramsFolder.cfx
c:\commy.exe\Purity.dat
c:\commy.exe\PV.cfxxe
c:\commy.exe\pv.com
c:\commy.exe\rar_sfx.cmd
c:\commy.exe\RCLink.dat
c:\commy.exe\RcVer00
c:\commy.exe\REGDACL.sed
c:\commy.exe\RegDo.sed
c:\commy.exe\region.dat
c:\commy.exe\RegScan.cmd
c:\commy.exe\REGT.cfxxe
c:\commy.exe\Resident.txt
c:\commy.exe\restore_pt.dat
c:\commy.exe\restore_pt.vbs
c:\commy.exe\Rkey.cmd
c:\commy.exe\rmbr.cfxxe
c:\commy.exe\rogues.dat
c:\commy.exe\ROUTE.cfxxe
c:\commy.exe\run2.sed
c:\commy.exe\Rust.str
c:\commy.exe\s0rt.cfxxe
c:\commy.exe\safeboot.dat
c:\commy.exe\safeboot.def.dat
c:\commy.exe\sed.cfxxe
c:\commy.exe\SetEnvmt.bat
c:\commy.exe\SetPath.bat
c:\commy.exe\setpath.cfxxe
c:\commy.exe\setpath_N.cmd
c:\commy.exe\SF.exe
c:\commy.exe\sfx.cmd
c:\commy.exe\SnapShot.cmd
c:\commy.exe\SRestore.cmd
c:\commy.exe\srizbi.md5
c:\commy.exe\Start_dat
c:\commy.exe\StartMenuFile.cfx
c:\commy.exe\StartMenuFolder.cfx
c:\commy.exe\StartUpFile.cfx
c:\commy.exe\SuppScan.cmd
c:\commy.exe\svc_wht.dat
c:\commy.exe\SvcDrv.vbs
c:\commy.exe\svchost.dat
c:\commy.exe\svchost.vista.x64.dat
c:\commy.exe\swreg.cfxxe
c:\commy.exe\swsc.cfxxe
c:\commy.exe\swxcacls.cfxxe
c:\commy.exe\SysPath.dat
c:\commy.exe\system_ini.dat
c:\commy.exe\tail.cfxxe
c:\commy.exe\TemplatesFile.cfx
c:\commy.exe\TemplatesFolder.cfx
c:\commy.exe\toolbar.sed
c:\commy.exe\Update-CF.cmd
c:\commy.exe\Valerie.user.cf
c:\commy.exe\VerCF.bat
c:\commy.exe\version.txt
c:\commy.exe\VInfo
c:\commy.exe\VInfo2
c:\commy.exe\VINFO3
c:\commy.exe\Vipev.dat
c:\commy.exe\vistaMcode.dat
c:\commy.exe\vun.dat
c:\commy.exe\w_sock.dll
c:\commy.exe\w7Mcode.dat
c:\commy.exe\Wmi_rem.vbs
c:\commy.exe\XP.mac
c:\commy.exe\xpmcode.dat
c:\commy.exe\xpreg.dat
c:\commy.exe\XPSBoot.reg
c:\commy.exe\zDomain.dat
c:\commy.exe\zhsvc.dat
c:\commy.exe\zip.cfxxe
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\20091215131614.log
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\Valerie\GoToAssistDownloadHelper.exe
C:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-26 to 2011-06-26 )))))))))))))))))))))))))))))))
.
.
2011-06-16 17:41 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-26 19:41 . 2011-04-05 21:05 1409 ----a-w- c:\windows\QTFont.for
2011-05-29 13:11 . 2009-01-25 20:24 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2009-01-25 20:25 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-04 08:52 . 2011-04-05 21:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 06:25 . 2008-06-16 17:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2008-04-18 18:09 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2004-08-12 13:22 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-08-12 13:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-12 13:21 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-12 13:20 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-12 13:19 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-12 13:23 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2009-11-20 19:16 194912 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Valerie\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Valerie\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Valerie\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Valerie\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-04-02 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-03 365336]
"DLCJCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2005-08-15 73728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\documents and settings\Valerie\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Valerie\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Controller.LNK]
backup=c:\windows\pss\Controller.LNKCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Intuit Data Protect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
backup=c:\windows\pss\Intuit Data Protect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Remote Access.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Remote Access.lnk
backup=c:\windows\pss\QuickBooks Remote Access.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
backup=c:\windows\pss\QuickBooks_Standard_21.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Valerie^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\Valerie\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Valerie^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Valerie\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2009-01-08 12:36 2521464 ----a-w- c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BbInstallUser]
2008-11-25 21:29 49824 ----a-w- c:\program files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BbPrintMonitor]
2008-04-16 18:04 156320 ----a-w- c:\program files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Carbonite Backup]
2009-12-03 21:52 670864 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2009-04-10 13:53 50520 ----a-w- c:\documents and settings\Valerie\Application Data\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcjmon.exe]
2005-09-30 14:51 430080 ----a-w- c:\program files\Dell Photo AIO Printer 964\dlcjmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2010-08-09 14:17 1394440 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JFSW2Launch]
2008-04-02 16:28 45056 ------w- c:\documents and settings\Valerie\Application Data\Transcend\JFSW2\JFSW2Launch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-05-29 13:11 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2005-08-10 14:12 286720 ----a-w- c:\program files\Dell Photo AIO Printer 964\memcard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 20:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-04-02 17:03 77824 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 08:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-05-07 12:27 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WFXSwtch]
2002-12-12 12:45 28160 ----a-r- c:\progra~1\WinFax\WFXSWTCH.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dlcjcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlcjpswx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Documents and Settings\\Valerie\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Valerie\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2005\\QBDBMgrN.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 4:43 PM 11352]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 6:06 PM 143360]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32856]
S2 atnthost;WebEx Remote Access Agent;"c:\windows\Downlo~1\MyWebEx\319\atnthost.exe" --> c:\windows\Downlo~1\MyWebEx\319\atnthost.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 8:04 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 8:04 PM 135664]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-26 c:\windows\Tasks\DriverCure Startup.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2010-06-17 21:28]
.
2011-06-26 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2010-06-17 21:28]
.
2011-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 00:03]
.
2011-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 00:03]
.
2011-06-26 c:\windows\Tasks\User_Feed_Synchronization-{76D70BD6-ADEF-4772-B82F-52AD730EEB58}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\Intuit\QuickBooks 2005\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\documents and settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Anti-Banner: [You must be registered and logged in to see this link.] - c:\program files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
FF - Ext: Kaspersky URL Advisor: [You must be registered and logged in to see this link.] - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [You must be registered and logged in to see this link.] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Kaspersky Virtual Keyboard: [You must be registered and logged in to see this link.] - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - Ext: Anti-Banner: [You must be registered and logged in to see this link.] - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - Ext: Kaspersky URL Advisor: [You must be registered and logged in to see this link.] - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yoono: {d9284e50-81fc-11da-a72b-0800200c9a66} - %profile%\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}
FF - Ext: feedly: feedly@devhd - %profile%\extensions\feedly@devhd
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-06-26 16:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,RunDLLEntry???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3388)
c:\windows\system32\WININET.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\documents and settings\Valerie\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\system32\WFXSVC.EXE
c:\program files\WinFax\WFXMOD32.EXE
c:\windows\System32\vssvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msdtc.exe
.
**************************************************************************
.
Completion time: 2011-06-26 16:32:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-26 20:32
ComboFix2.txt 2010-06-13 23:14
.
Pre-Run: 219,174,182,912 bytes free
Post-Run: 218,952,884,224 bytes free
.
- - End Of File - - 1543148ABC6136FFBA16935D4B2A30EB

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32764
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected Files and Registery Keys

Post by Sneakyone on Mon Jun 27, 2011 4:23 am

Hi,

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected Files and Registery Keys

Post by Vista on Wed Jun 29, 2011 1:37 pm

Hello,
I am having a hard time locating the logfile for ESET.The only file that showed up is as follows. Also it did not give me an option to "Remove found threats." Not sure if this is what you need. Please advise.

2008/1/29 14:09:24 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/1/29 14:09:28 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/1/29 14:12:00 Exception of type CSoapTransportException in Function: Login Failed
Send Error 400(190)
2008/1/29 14:13:30 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error 400(190)
2008/1/29 16:54:51 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/1/30 07:23:50 Exception of type CSoapTransportException in Function: QueryArchive
Send Error 400(190)
2008/1/30 07:23:52 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/1/30 09:23:54 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/1/30 09:27:02 Exception of type CSoapTransportException in Function: Login Failed
Send Error 400(190)
2008/1/30 13:09:28 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/1/30 15:29:39 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/1/30 16:10:02 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/1/30 16:50:16 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/1/31 06:23:16 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/1/31 06:23:37 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/1/31 06:26:42 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/1/31 06:27:27 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/1/31 06:27:48 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/1/31 06:29:08 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/2/1 13:43:17 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/1 13:47:19 Exception of type CSoapTransportException in Function: GetDesigns
Send Error 400(190)
2008/2/1 15:29:32 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/2 07:16:21 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/3 10:40:21 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/2/3 13:52:57 Exception of type CSoapTransportException in Function: Login Failed
Send Error 400(190)
2008/2/3 13:53:31 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error 400(190)
2008/2/3 22:55:42 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/4 03:35:50 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/4 04:16:12 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/4 05:16:35 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/2/4 05:39:47 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/2/4 05:44:07 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/2/4 05:44:29 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/2/4 05:45:20 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/2/4 05:47:05 Exception of type CSoapTransportException in Function: QueryArchive
Send Error
2008/2/4 05:48:50 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/2/4 05:49:02 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/2/4 05:49:27 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/2/4 05:50:12 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error
2008/2/4 05:50:54 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/2/4 05:52:32 Exception of type CSoapFaultException in Function: QueryArchive
SOAP-ENV:Client.Relogin: Client must relogin
2008/2/4 05:53:09 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/2/4 05:53:41 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/2/4 05:54:46 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error
2008/2/4 05:55:28 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/2/4 05:56:47 Exception of type CSoapFaultException in Function: QueryArchive
SOAP-ENV:Client.Relogin: Client must relogin
2008/2/4 05:58:42 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error 400(190)
2008/2/4 06:00:08 Exception of type CSoapTransportException in Function: QueryArchive
Send Error
2008/2/4 06:01:03 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/2/4 06:02:12 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/2/4 06:03:49 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/4 07:04:29 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/4 09:24:39 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/4 09:24:46 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error 400(190)
2008/2/4 12:45:42 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/4 14:46:01 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/4 16:06:08 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/5 06:31:00 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/2/5 06:31:06 Exception of type CSoapTransportException in Function: WebTokens
Send Error 400(190)
2008/2/5 07:31:06 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/5 08:31:08 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/5 10:11:38 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/5 11:12:08 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/5 11:32:30 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/5 11:52:53 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/5 15:13:49 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/5 22:54:17 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/6 04:14:46 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/6 04:16:43 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/2/6 04:20:03 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/2/6 04:21:42 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/2/6 04:23:46 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/2/6 04:26:48 Exception of type CSoapFaultException in Function: QueryArchive
SOAP-ENV:Client.Relogin: Client must relogin
2008/2/6 04:27:38 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/2/6 15:04:59 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/7 08:19:09 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/7 10:42:03 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/7 11:22:28 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/7 13:15:20 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error
2008/2/7 13:38:43 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/7 14:39:12 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/8 06:26:30 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/2/8 06:26:37 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/8 13:07:17 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/8 15:27:42 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/2/9 13:16:07 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/9 15:16:15 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/10 13:53:38 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/10 16:33:42 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/11 09:38:06 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/2/11 09:38:12 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error 400(190)
2008/2/11 09:38:13 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/2/12 09:42:35 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/12 10:02:57 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/2/12 16:24:04 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/13 07:02:33 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/2/13 13:03:44 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/13 13:24:16 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/13 14:04:21 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/13 14:44:43 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/13 15:04:48 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/13 15:07:55 Exception of type CSoapTransportException in Function: QueryArchive
Send Error 400(190)
2008/2/13 15:07:56 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/13 15:48:18 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/14 08:07:23 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/2/14 11:08:03 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/14 12:07:58 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error
2008/2/14 13:31:35 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/14 17:52:47 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/2/14 17:52:49 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/2/14 17:52:49 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/2/14 17:52:59 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/2/15 09:58:26 Exception of type CSoapTransportException in Function: QueryArchive
Send Error
2008/2/15 13:19:10 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/15 13:59:33 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/15 16:19:55 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/15 16:40:11 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/15 21:03:03 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/16 15:14:43 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/16 15:34:44 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/16 15:34:49 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error 400(190)
2008/2/17 17:33:41 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error 400(190)
2008/2/17 17:33:47 Exception of type CSoapTransportException in Function: QueryArchive
Send Error 400(190)
2008/2/18 08:52:53 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error 400(190)
2008/2/18 20:53:31 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/2/19 06:58:39 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/20 08:25:08 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/20 11:08:02 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/20 12:48:38 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/20 14:09:09 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/20 17:29:29 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/21 06:31:19 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/2/21 06:32:01 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/2/21 06:32:26 Exception of type CSoapTransportException in Function: QueryArchive
Send Error
2008/2/21 06:33:47 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/2/21 06:34:09 Exception of type CSoapTransportException in Function: WebTokens
Send Error
2008/2/21 10:15:20 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/21 11:55:36 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/21 14:36:29 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/22 01:16:53 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/22 06:32:32 Exception of type CSoapTransportException in Function: GetDesigns
Send Error 400(190)
2008/2/22 07:37:25 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/22 14:28:52 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/23 14:47:41 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/2/23 14:47:43 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error 400(190)
2008/2/23 14:47:49 Exception of type CSoapTransportException in Function: GetDesigns
Send Error 400(190)
2008/2/26 06:45:56 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/26 09:46:06 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/2/26 10:26:30 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/27 10:34:24 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/27 10:35:10 Exception of type CSoapTransportException in Function: WebTokens
Send Error
2008/2/27 17:18:28 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/27 18:38:31 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/29 11:21:02 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/29 20:02:09 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/2 12:23:44 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/3 07:24:16 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/3 12:45:07 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/3/3 13:05:32 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/3 13:45:34 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/3 19:06:09 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/4 16:02:11 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/4 19:49:50 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error 400(190)
2008/3/4 19:49:52 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/3/4 19:49:54 Exception of type CSoapTransportException in Function: QueryArchive
Send Error 400(190)
2008/3/4 19:49:55 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/4 19:49:55 Exception of type CSoapTransportException in Function: GetDesigns
Send Error 400(190)
2008/3/4 23:10:45 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/5 00:30:47 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/5 01:10:58 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/5 04:11:24 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/5 04:12:31 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/5 04:14:30 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error
2008/3/5 04:15:12 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/3/5 04:15:56 Exception of type CSoapFaultException in Function: QueryArchive
SOAP-ENV:Client.Relogin: Client must relogin
2008/3/5 04:20:43 Exception of type CSoapTransportException in Function: WebTokens
Send Error
2008/3/5 04:21:10 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/3/5 04:21:34 Exception of type CSoapTransportException in Function: QueryArchive
Send Error
2008/3/5 04:22:02 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/5 04:22:50 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/3/5 04:23:22 Exception of type CSoapTransportException in Function: QueryArchive
Send Error
2008/3/5 04:23:28 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/5 10:45:10 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/5 17:45:45 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/6 11:13:26 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/6 11:33:32 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/6 13:54:05 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/6 14:14:30 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/6 14:23:01 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/3/6 14:23:43 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/3/6 14:24:26 Exception of type CSoapTransportException in Function: QueryArchive
Send Error
2008/3/6 14:26:12 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/8 15:34:50 Exception of type CSoapTransportException in Function: QueryArchive
Send Error 400(190)
2008/3/10 14:55:22 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/10 20:15:46 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/11 11:40:46 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/11 17:41:02 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/12 12:55:48 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/12 23:56:26 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/13 01:36:51 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/13 07:46:53 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/13 07:48:07 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/13 07:50:11 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/3/13 07:53:18 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/3/13 07:55:33 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/13 07:57:28 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/3/13 07:58:43 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/3/13 07:59:58 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/3/13 08:02:55 Exception of type CSoapTransportException in Function: QueryArchive
Send Error
2008/3/13 08:03:57 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error
2008/3/13 08:05:30 Exception of type CSoapTransportException in Function: QueryArchive
Send Error
2008/3/13 08:06:42 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/13 08:10:40 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/13 08:12:16 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/3/13 08:14:59 Exception of type CSoapTransportException in Function: QueryArchive
Send Error
2008/3/13 08:36:13 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/13 10:17:32 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/13 10:19:38 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/3/13 10:20:02 Exception of type CSoapTransportException in Function: WebTokens
Send Error
2008/3/13 10:23:02 Exception of type CSoapTransportException in Function: QueryArchive
Send Error
2008/3/13 10:24:15 Exception of type CSoapTransportException in Function: Login Failed
Send Error 400(190)
2008/3/13 10:25:17 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/3/13 10:26:00 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/3/13 10:26:32 Exception of type CSoapTransportException in Function: QueryArchive
Send Error 400(190)
2008/3/13 10:28:10 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/13 10:28:54 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/3/14 15:48:36 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/14 17:28:41 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/3/14 20:48:47 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/3/14 23:48:57 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/16 11:17:58 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/17 08:41:14 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error 400(190)
2008/3/17 08:41:15 Exception of type CSoapTransportException in Function: WebTokens
Send Error 400(190)
2008/3/17 10:21:31 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/17 11:41:34 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/3/18 14:07:13 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/18 14:09:33 Exception of type CSoapTransportException in Function: QueryArchive
Send Error 400(190)
2008/3/18 15:09:50 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/18 16:09:54 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/18 16:50:01 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/19 09:51:43 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/19 12:32:21 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/19 14:33:22 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/19 15:33:32 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/3/20 10:08:58 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/20 12:09:05 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/20 13:29:17 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/20 21:30:01 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/21 09:45:06 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error 400(190)
2008/3/21 09:45:19 Exception of type CSoapTransportException in Function: WebTokens
Send Error 400(190)
2008/3/23 08:27:10 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/3/23 08:27:10 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/3/23 18:47:17 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/24 07:05:36 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/24 07:06:35 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/3/24 07:07:31 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/24 07:09:16 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/3/24 07:12:16 Exception of type CSoapTransportException in Function: WebTokens
Send Error
2008/3/24 10:12:28 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/24 13:12:55 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/24 18:55:47 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/25 02:36:00 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/3/25 06:56:23 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/25 07:16:45 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/25 07:28:30 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/25 07:29:42 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/25 07:30:49 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/25 07:33:13 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/3/25 08:34:03 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/25 11:25:00 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/25 11:25:53 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/3/25 11:28:27 Exception of type CSoapFaultException in Function: QueryArchive
SOAP-ENV:Client.Relogin: Client must relogin
2008/3/25 12:12:13 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/26 08:33:16 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/3/27 06:14:47 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/27 06:41:58 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/27 06:44:42 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/27 06:45:55 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/27 06:47:09 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/27 06:48:34 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error
2008/3/27 06:49:31 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/3/27 06:50:29 Exception of type CSoapFaultException in Function: QueryArchive
SOAP-ENV:Client.Relogin: Client must relogin
2008/3/27 06:51:05 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/3/27 06:51:27 Exception of type CSoapTransportException in Function: WebTokens
Send Error
2008/3/27 06:52:09 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/3/27 06:52:18 Exception of type CSoapFaultException in Function: QueryArchive
SOAP-ENV:Client.Relogin: Client must relogin
2008/3/27 06:54:24 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/27 06:54:51 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/3/28 14:23:06 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/30 10:22:33 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error 400(190)
2008/3/31 09:07:07 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/31 19:48:26 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/3/31 23:09:21 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/4/1 04:10:15 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/4/1 04:13:14 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/4/1 04:13:36 Exception of type CSoapTransportException in Function: WebTokens
Send Error
2008/4/1 04:16:25 Exception of type CSoapFaultException in Function: QueryArchive
SOAP-ENV:Client.Relogin: Client must relogin
2008/4/1 08:58:53 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/4/1 11:39:02 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/4/1 13:39:57 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/4/1 14:20:57 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/4/1 16:01:22 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/4/1 19:41:33 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/4/2 06:40:59 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/4/2 09:01:06 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/4/2 09:01:51 Exception of type CSoapTransportException in Function: WebTokens
Send Error 400(190)
2008/4/2 17:05:58 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/4/3 06:42:49 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/4/3 06:50:33 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/4/3 06:50:59 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/4/3 06:52:00 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/4/3 06:53:00 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/4/3 06:53:55 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/4/3 06:55:06 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/4/3 06:56:13 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/4/3 06:57:12 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/4/3 06:57:44 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/4/3 06:58:10 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/4/3 06:59:09 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/4/3 07:00:38 Exception of type CSoapFaultException in Function: QueryArchive
SOAP-ENV:Client.Relogin: Client must relogin
2008/4/3 07:01:02 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/4/3 07:02:09 Exception of type CSoapTransportException in Function: WebTokens
Send Error
2008/4/3 07:04:17 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/4/3 07:05:03 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/4/3 07:07:10 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/4/3 07:08:13 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/4/3 07:08:41 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/4/3 07:09:16 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/4/3 07:10:33 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error
2008/4/3 07:11:05 Exception of type CSoapTransportException in Function: WebTokens
Send Error
2008/4/3 07:11:47 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/4/3 07:12:41 Exception of type CSoapTransportException in Function: QueryArchive
Send Error
2008/4/3 07:14:46 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/4/3 07:16:55 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/4/3 07:19:40 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/4/3 07:20:47 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/4/3 07:22:28 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/4/4 12:31:20 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/4/4 17:31:31 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/4/5 16:50:02 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/4/6 12:21:08 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error 400(190)
2008/4/6 13:32:29 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/4/6 13:46:06 Exception of type CSoapTransportException in Function: Login Failed
Send Error 400(190)
2008/4/6 13:46:42 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/4/6 13:46:43 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error 400(190)
2008/4/6 13:57:31 Exception of type CSoapTransportException in Function: QueryArchive
Send Error 400(190)

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32764
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected Files and Registery Keys

Post by Sneakyone on Thu Jun 30, 2011 2:29 am

Hi,

Could you please re-run ComboFix?


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected Files and Registery Keys

Post by Vista on Thu Jun 30, 2011 4:22 pm

ComboFix 11-06-30.01 - Valerie 06/30/2011 10:46:41.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.195 [GMT -4:00]
Running from: c:\documents and settings\Valerie\desktop\commy.exe
Command switches used :: /stepdel
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Valerie\Local Settings\Temporary Internet Files\3300DELAWAREGLASSTINTINGINCpffcenter.html
c:\documents and settings\Valerie\Local Settings\Temporary Internet Files\3300DELAWAREGLASSTINTINGINCreviewDialog.html
c:\documents and settings\Valerie\Local Settings\Temporary Internet Files\3300DELAWAREGLASSTINTINGINCreviewNotesPopUp.html
c:\documents and settings\Valerie\Local Settings\Temporary Internet Files\3300DELAWAREGLASSTINTINGINCtaskNotesDialog.html
c:\documents and settings\Valerie\Local Settings\Temporary Internet Files\4008DELAWAREGLASSTINTINGINCpffcenter.html
c:\documents and settings\Valerie\Local Settings\Temporary Internet Files\4008DELAWAREGLASSTINTINGINCreviewDialog.html
c:\documents and settings\Valerie\Local Settings\Temporary Internet Files\4008DELAWAREGLASSTINTINGINCreviewNotesPopUp.html
c:\documents and settings\Valerie\Local Settings\Temporary Internet Files\4008DELAWAREGLASSTINTINGINCtaskNotesDialog.html
c:\documents and settings\Valerie\Local Settings\Temporary Internet Files\mootools.svn.js
c:\documents and settings\Valerie\Local Settings\Temporary Internet Files\pffCenter.js
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-30 )))))))))))))))))))))))))))))))
.
.
2011-06-28 11:57 . 2011-06-28 11:57 -------- d-----w- c:\documents and settings\Valerie\Local Settings\Application Data\PCHealth
2011-06-27 12:54 . 2011-06-27 12:54 -------- d-----w- c:\program files\ESET
2011-06-16 17:41 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-30 14:34 . 2011-04-05 21:05 1409 ----a-w- c:\windows\QTFont.for
2011-05-29 13:11 . 2009-01-25 20:24 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2009-01-25 20:25 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-04 08:52 . 2011-04-05 21:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 06:25 . 2008-06-16 17:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2008-04-18 18:09 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-12 13:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-12 13:22 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-08-12 13:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-12 13:21 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-12 13:20 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-12 13:19 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-12 13:23 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2009-11-20 19:16 194912 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Valerie\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Valerie\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Valerie\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Valerie\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-04-02 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-03 365336]
"DLCJCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2005-08-15 73728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\documents and settings\Valerie\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Valerie\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Controller.LNK]
backup=c:\windows\pss\Controller.LNKCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Intuit Data Protect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
backup=c:\windows\pss\Intuit Data Protect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Remote Access.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Remote Access.lnk
backup=c:\windows\pss\QuickBooks Remote Access.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
backup=c:\windows\pss\QuickBooks_Standard_21.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Valerie^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\Valerie\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Valerie^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Valerie\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2009-01-08 12:36 2521464 ----a-w- c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BbInstallUser]
2008-11-25 21:29 49824 ----a-w- c:\program files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BbPrintMonitor]
2008-04-16 18:04 156320 ----a-w- c:\program files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Carbonite Backup]
2009-12-03 21:52 670864 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2009-04-10 13:53 50520 ----a-w- c:\documents and settings\Valerie\Application Data\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcjmon.exe]
2005-09-30 14:51 430080 ----a-w- c:\program files\Dell Photo AIO Printer 964\dlcjmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2010-08-09 14:17 1394440 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JFSW2Launch]
2008-04-02 16:28 45056 ------w- c:\documents and settings\Valerie\Application Data\Transcend\JFSW2\JFSW2Launch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-05-29 13:11 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2005-08-10 14:12 286720 ----a-w- c:\program files\Dell Photo AIO Printer 964\memcard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 20:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-04-02 17:03 77824 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 08:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-05-07 12:27 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WFXSwtch]
2002-12-12 12:45 28160 ----a-r- c:\progra~1\WinFax\WFXSWTCH.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dlcjcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlcjpswx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Documents and Settings\\Valerie\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Valerie\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2005\\QBDBMgrN.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 4:43 PM 11352]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 6:06 PM 143360]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32856]
S2 atnthost;WebEx Remote Access Agent;"c:\windows\Downlo~1\MyWebEx\319\atnthost.exe" --> c:\windows\Downlo~1\MyWebEx\319\atnthost.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 8:04 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 8:04 PM 135664]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-30 c:\windows\Tasks\DriverCure Startup.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2010-06-17 21:28]
.
2011-06-29 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2010-06-17 21:28]
.
2011-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 00:03]
.
2011-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 00:03]
.
2011-06-30 c:\windows\Tasks\User_Feed_Synchronization-{76D70BD6-ADEF-4772-B82F-52AD730EEB58}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\Intuit\QuickBooks 2005\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\documents and settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Anti-Banner: [You must be registered and logged in to see this link.] - c:\program files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
FF - Ext: Kaspersky URL Advisor: [You must be registered and logged in to see this link.] - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [You must be registered and logged in to see this link.] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Kaspersky Virtual Keyboard: [You must be registered and logged in to see this link.] - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - Ext: Anti-Banner: [You must be registered and logged in to see this link.] - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - Ext: Kaspersky URL Advisor: [You must be registered and logged in to see this link.] - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yoono: {d9284e50-81fc-11da-a72b-0800200c9a66} - %profile%\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}
FF - Ext: feedly: feedly@devhd - %profile%\extensions\feedly@devhd
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-06-30 11:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,RunDLLEntry???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-06-30 11:19:03
ComboFix-quarantined-files.txt 2011-06-30 15:18
ComboFix2.txt 2011-06-26 20:33
ComboFix3.txt 2010-06-13 23:14
.
Pre-Run: 218,374,828,032 bytes free
Post-Run: 218,421,047,296 bytes free
.
- - End Of File - - 0270612EBE20A004421DF163706AD34F

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32764
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected Files and Registery Keys

Post by Sneakyone on Fri Jul 01, 2011 3:09 am

Hi,

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected Files and Registery Keys

Post by Vista on Fri Jul 01, 2011 5:39 pm

Malwarebytes' Anti-Malware 1.51.0.1200
[You must be registered and logged in to see this link.]

Database version: 6994

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/1/2011 1:29:27 PM
mbam-log-2011-07-01 (13-29-26).txt

Scan type: Quick scan
Objects scanned: 175830
Time elapsed: 8 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32764
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected Files and Registery Keys

Post by Sneakyone on Sat Jul 02, 2011 4:32 am

Hi,

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected Files and Registery Keys

Post by Vista on Tue Jul 12, 2011 5:23 pm

This computer is still slow loading pages. [/b][/i] Even when I type it is delayed. Not sure why~Valerie

Malwarebytes' Anti-Malware 1.51.0.1200
[You must be registered and logged in to see this link.]

Database version: 7088

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/12/2011 12:43:59 PM
mbam-log-2011-07-12 (12-43-58).txt

Scan type: Quick scan
Objects scanned: 178130
Time elapsed: 11 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
[i][b]

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32764
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected Files and Registery Keys

Post by Sneakyone on Wed Jul 13, 2011 5:59 am

Hi,

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected Files and Registery Keys

Post by Vista on Thu Jul 14, 2011 6:59 pm

2008/1/29 14:09:24 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/1/29 14:09:28 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/1/29 14:12:00 Exception of type CSoapTransportException in Function: Login Failed
Send Error 400(190)
2008/1/29 14:13:30 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error 400(190)
2008/1/29 16:54:51 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/1/30 07:23:50 Exception of type CSoapTransportException in Function: QueryArchive
Send Error 400(190)
2008/1/30 07:23:52 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/1/30 09:23:54 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/1/30 09:27:02 Exception of type CSoapTransportException in Function: Login Failed
Send Error 400(190)
2008/1/30 13:09:28 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/1/30 15:29:39 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/1/30 16:10:02 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/1/30 16:50:16 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/1/31 06:23:16 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/1/31 06:23:37 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/1/31 06:26:42 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/1/31 06:27:27 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/1/31 06:27:48 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/1/31 06:29:08 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/2/1 13:43:17 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/1 13:47:19 Exception of type CSoapTransportException in Function: GetDesigns
Send Error 400(190)
2008/2/1 15:29:32 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/2 07:16:21 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/3 10:40:21 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/2/3 13:52:57 Exception of type CSoapTransportException in Function: Login Failed
Send Error 400(190)
2008/2/3 13:53:31 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error 400(190)
2008/2/3 22:55:42 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/4 03:35:50 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/4 04:16:12 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/4 05:16:35 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/2/4 05:39:47 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/2/4 05:44:07 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/2/4 05:44:29 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/2/4 05:45:20 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/2/4 05:47:05 Exception of type CSoapTransportException in Function: QueryArchive
Send Error
2008/2/4 05:48:50 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/2/4 05:49:02 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/2/4 05:49:27 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/2/4 05:50:12 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error
2008/2/4 05:50:54 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/2/4 05:52:32 Exception of type CSoapFaultException in Function: QueryArchive
SOAP-ENV:Client.Relogin: Client must relogin
2008/2/4 05:53:09 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/2/4 05:53:41 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/2/4 05:54:46 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error
2008/2/4 05:55:28 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/2/4 05:56:47 Exception of type CSoapFaultException in Function: QueryArchive
SOAP-ENV:Client.Relogin: Client must relogin
2008/2/4 05:58:42 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error 400(190)
2008/2/4 06:00:08 Exception of type CSoapTransportException in Function: QueryArchive
Send Error
2008/2/4 06:01:03 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/2/4 06:02:12 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/2/4 06:03:49 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/4 07:04:29 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/4 09:24:39 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/4 09:24:46 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error 400(190)
2008/2/4 12:45:42 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/4 14:46:01 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/4 16:06:08 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/5 06:31:00 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/2/5 06:31:06 Exception of type CSoapTransportException in Function: WebTokens
Send Error 400(190)
2008/2/5 07:31:06 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/5 08:31:08 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/5 10:11:38 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/5 11:12:08 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/5 11:32:30 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/5 11:52:53 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/5 15:13:49 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/5 22:54:17 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/6 04:14:46 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/6 04:16:43 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/2/6 04:20:03 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/2/6 04:21:42 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/2/6 04:23:46 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/2/6 04:26:48 Exception of type CSoapFaultException in Function: QueryArchive
SOAP-ENV:Client.Relogin: Client must relogin
2008/2/6 04:27:38 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/2/6 15:04:59 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/7 08:19:09 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/7 10:42:03 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/7 11:22:28 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/7 13:15:20 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error
2008/2/7 13:38:43 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/7 14:39:12 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/8 06:26:30 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/2/8 06:26:37 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/8 13:07:17 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/8 15:27:42 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/2/9 13:16:07 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/9 15:16:15 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/10 13:53:38 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/10 16:33:42 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/11 09:38:06 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/2/11 09:38:12 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error 400(190)
2008/2/11 09:38:13 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/2/12 09:42:35 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/12 10:02:57 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/2/12 16:24:04 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/13 07:02:33 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/2/13 13:03:44 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/13 13:24:16 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/13 14:04:21 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/13 14:44:43 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/13 15:04:48 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/13 15:07:55 Exception of type CSoapTransportException in Function: QueryArchive
Send Error 400(190)
2008/2/13 15:07:56 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/13 15:48:18 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/14 08:07:23 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/2/14 11:08:03 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/14 12:07:58 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error
2008/2/14 13:31:35 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/14 17:52:47 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/2/14 17:52:49 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/2/14 17:52:49 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/2/14 17:52:59 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/2/15 09:58:26 Exception of type CSoapTransportException in Function: QueryArchive
Send Error
2008/2/15 13:19:10 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/15 13:59:33 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/15 16:19:55 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/15 16:40:11 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/15 21:03:03 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/16 15:14:43 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/16 15:34:44 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/16 15:34:49 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error 400(190)
2008/2/17 17:33:41 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error 400(190)
2008/2/17 17:33:47 Exception of type CSoapTransportException in Function: QueryArchive
Send Error 400(190)
2008/2/18 08:52:53 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error 400(190)
2008/2/18 20:53:31 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/2/19 06:58:39 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/20 08:25:08 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/20 11:08:02 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/20 12:48:38 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/20 14:09:09 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/20 17:29:29 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/21 06:31:19 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/2/21 06:32:01 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/2/21 06:32:26 Exception of type CSoapTransportException in Function: QueryArchive
Send Error
2008/2/21 06:33:47 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/2/21 06:34:09 Exception of type CSoapTransportException in Function: WebTokens
Send Error
2008/2/21 10:15:20 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/21 11:55:36 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/21 14:36:29 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/22 01:16:53 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/22 06:32:32 Exception of type CSoapTransportException in Function: GetDesigns
Send Error 400(190)
2008/2/22 07:37:25 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/22 14:28:52 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/23 14:47:41 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/2/23 14:47:43 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error 400(190)
2008/2/23 14:47:49 Exception of type CSoapTransportException in Function: GetDesigns
Send Error 400(190)
2008/2/26 06:45:56 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/26 09:46:06 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/2/26 10:26:30 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/27 10:34:24 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/2/27 10:35:10 Exception of type CSoapTransportException in Function: WebTokens
Send Error
2008/2/27 17:18:28 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/27 18:38:31 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/29 11:21:02 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/2/29 20:02:09 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/2 12:23:44 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/3 07:24:16 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/3 12:45:07 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/3/3 13:05:32 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/3 13:45:34 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/3 19:06:09 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/4 16:02:11 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/4 19:49:50 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error 400(190)
2008/3/4 19:49:52 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/3/4 19:49:54 Exception of type CSoapTransportException in Function: QueryArchive
Send Error 400(190)
2008/3/4 19:49:55 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/4 19:49:55 Exception of type CSoapTransportException in Function: GetDesigns
Send Error 400(190)
2008/3/4 23:10:45 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/5 00:30:47 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/5 01:10:58 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/5 04:11:24 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/5 04:12:31 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/5 04:14:30 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error
2008/3/5 04:15:12 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/3/5 04:15:56 Exception of type CSoapFaultException in Function: QueryArchive
SOAP-ENV:Client.Relogin: Client must relogin
2008/3/5 04:20:43 Exception of type CSoapTransportException in Function: WebTokens
Send Error
2008/3/5 04:21:10 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/3/5 04:21:34 Exception of type CSoapTransportException in Function: QueryArchive
Send Error
2008/3/5 04:22:02 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/5 04:22:50 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/3/5 04:23:22 Exception of type CSoapTransportException in Function: QueryArchive
Send Error
2008/3/5 04:23:28 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/5 10:45:10 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/5 17:45:45 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/6 11:13:26 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/6 11:33:32 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/6 13:54:05 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/6 14:14:30 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/6 14:23:01 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/3/6 14:23:43 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/3/6 14:24:26 Exception of type CSoapTransportException in Function: QueryArchive
Send Error
2008/3/6 14:26:12 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/8 15:34:50 Exception of type CSoapTransportException in Function: QueryArchive
Send Error 400(190)
2008/3/10 14:55:22 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/10 20:15:46 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/11 11:40:46 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/11 17:41:02 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/12 12:55:48 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/12 23:56:26 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/13 01:36:51 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/13 07:46:53 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/13 07:48:07 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/13 07:50:11 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/3/13 07:53:18 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/3/13 07:55:33 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/13 07:57:28 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/3/13 07:58:43 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/3/13 07:59:58 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/3/13 08:02:55 Exception of type CSoapTransportException in Function: QueryArchive
Send Error
2008/3/13 08:03:57 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error
2008/3/13 08:05:30 Exception of type CSoapTransportException in Function: QueryArchive
Send Error
2008/3/13 08:06:42 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/13 08:10:40 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/13 08:12:16 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/3/13 08:14:59 Exception of type CSoapTransportException in Function: QueryArchive
Send Error
2008/3/13 08:36:13 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/13 10:17:32 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/13 10:19:38 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/3/13 10:20:02 Exception of type CSoapTransportException in Function: WebTokens
Send Error
2008/3/13 10:23:02 Exception of type CSoapTransportException in Function: QueryArchive
Send Error
2008/3/13 10:24:15 Exception of type CSoapTransportException in Function: Login Failed
Send Error 400(190)
2008/3/13 10:25:17 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/3/13 10:26:00 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/3/13 10:26:32 Exception of type CSoapTransportException in Function: QueryArchive
Send Error 400(190)
2008/3/13 10:28:10 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/13 10:28:54 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/3/14 15:48:36 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/14 17:28:41 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/3/14 20:48:47 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/3/14 23:48:57 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/16 11:17:58 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/17 08:41:14 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error 400(190)
2008/3/17 08:41:15 Exception of type CSoapTransportException in Function: WebTokens
Send Error 400(190)
2008/3/17 10:21:31 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/17 11:41:34 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/3/18 14:07:13 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/18 14:09:33 Exception of type CSoapTransportException in Function: QueryArchive
Send Error 400(190)
2008/3/18 15:09:50 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/18 16:09:54 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/18 16:50:01 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/19 09:51:43 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/19 12:32:21 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/19 14:33:22 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/19 15:33:32 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/3/20 10:08:58 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/20 12:09:05 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/20 13:29:17 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/20 21:30:01 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/21 09:45:06 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error 400(190)
2008/3/21 09:45:19 Exception of type CSoapTransportException in Function: WebTokens
Send Error 400(190)
2008/3/23 08:27:10 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/3/23 08:27:10 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/3/23 18:47:17 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/24 07:05:36 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/24 07:06:35 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/3/24 07:07:31 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/24 07:09:16 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/3/24 07:12:16 Exception of type CSoapTransportException in Function: WebTokens
Send Error
2008/3/24 10:12:28 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/24 13:12:55 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/24 18:55:47 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/25 02:36:00 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/3/25 06:56:23 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/25 07:16:45 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/25 07:28:30 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/25 07:29:42 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/25 07:30:49 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/25 07:33:13 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/3/25 08:34:03 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/25 11:25:00 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/25 11:25:53 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/3/25 11:28:27 Exception of type CSoapFaultException in Function: QueryArchive
SOAP-ENV:Client.Relogin: Client must relogin
2008/3/25 12:12:13 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/26 08:33:16 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/3/27 06:14:47 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/3/27 06:41:58 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/27 06:44:42 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/27 06:45:55 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/27 06:47:09 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/27 06:48:34 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error
2008/3/27 06:49:31 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/3/27 06:50:29 Exception of type CSoapFaultException in Function: QueryArchive
SOAP-ENV:Client.Relogin: Client must relogin
2008/3/27 06:51:05 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/3/27 06:51:27 Exception of type CSoapTransportException in Function: WebTokens
Send Error
2008/3/27 06:52:09 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/3/27 06:52:18 Exception of type CSoapFaultException in Function: QueryArchive
SOAP-ENV:Client.Relogin: Client must relogin
2008/3/27 06:54:24 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/3/27 06:54:51 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/3/28 14:23:06 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/30 10:22:33 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error 400(190)
2008/3/31 09:07:07 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/3/31 19:48:26 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/3/31 23:09:21 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/4/1 04:10:15 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/4/1 04:13:14 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/4/1 04:13:36 Exception of type CSoapTransportException in Function: WebTokens
Send Error
2008/4/1 04:16:25 Exception of type CSoapFaultException in Function: QueryArchive
SOAP-ENV:Client.Relogin: Client must relogin
2008/4/1 08:58:53 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/4/1 11:39:02 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/4/1 13:39:57 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/4/1 14:20:57 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/4/1 16:01:22 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/4/1 19:41:33 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/4/2 06:40:59 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/4/2 09:01:06 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/4/2 09:01:51 Exception of type CSoapTransportException in Function: WebTokens
Send Error 400(190)
2008/4/2 17:05:58 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/4/3 06:42:49 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/4/3 06:50:33 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/4/3 06:50:59 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/4/3 06:52:00 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/4/3 06:53:00 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/4/3 06:53:55 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/4/3 06:55:06 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/4/3 06:56:13 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/4/3 06:57:12 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/4/3 06:57:44 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/4/3 06:58:10 Exception of type CSoapTransportException in Function: GetPromotions
Send Error
2008/4/3 06:59:09 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/4/3 07:00:38 Exception of type CSoapFaultException in Function: QueryArchive
SOAP-ENV:Client.Relogin: Client must relogin
2008/4/3 07:01:02 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/4/3 07:02:09 Exception of type CSoapTransportException in Function: WebTokens
Send Error
2008/4/3 07:04:17 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/4/3 07:05:03 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/4/3 07:07:10 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/4/3 07:08:13 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error
2008/4/3 07:08:41 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/4/3 07:09:16 Exception of type CSoapTransportException in Function: QueryNew
Send Error
2008/4/3 07:10:33 Exception of type CSoapTransportException in Function: GetStoreInfo
Send Error
2008/4/3 07:11:05 Exception of type CSoapTransportException in Function: WebTokens
Send Error
2008/4/3 07:11:47 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/4/3 07:12:41 Exception of type CSoapTransportException in Function: QueryArchive
Send Error
2008/4/3 07:14:46 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/4/3 07:16:55 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/4/3 07:19:40 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/4/3 07:20:47 Exception of type CSoapTransportException in Function: Login Failed
Send Error
2008/4/3 07:22:28 Exception of type CSoapTransportException in Function: GetURL
Send Error
2008/4/4 12:31:20 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/4/4 17:31:31 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/4/5 16:50:02 Exception of type CSoapTransportException in Function: QueryNew
Send Error 400(190)
2008/4/6 12:21:08 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error 400(190)
2008/4/6 13:32:29 Exception of type CSoapTransportException in Function: GetURL
Send Error 400(190)
2008/4/6 13:46:06 Exception of type CSoapTransportException in Function: Login Failed
Send Error 400(190)
2008/4/6 13:46:42 Exception of type CSoapTransportException in Function: GetPromotions
Send Error 400(190)
2008/4/6 13:46:43 Exception of type CSoapTransportException in Function: GetGiftStores
Send Error 400(190)
2008/4/6 13:57:31 Exception of type CSoapTransportException in Function: QueryArchive
Send Error 400(190)

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32764
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected Files and Registery Keys

Post by Sneakyone on Fri Jul 15, 2011 3:50 am

What am I looking at? Are you sure that's ESET? The date of that is 3 years ago.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected Files and Registery Keys

Post by Vista on Fri Jul 15, 2011 12:00 pm

I thought the same thing when I saw it.
Let me make sure I am doing it right. When fiinished scanning Open Notepad and in the address bar put C:\Program Files\EsetOnlineScanner\log.txt. then look for the date of the logfile, open then copy paste& post. Am I doing it right or should I retrieve it somewhere else?


Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32764
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected Files and Registery Keys

Post by Sneakyone on Sat Jul 16, 2011 4:18 am

That is probably an old log. Navigate to the folder and see if there are any log1.txt log2.txt and try and to find the most recent one.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected Files and Registery Keys

Post by Vista on Mon Jul 18, 2011 3:57 pm

I am having trouble finding this... would this be it. It was located under "dlcjscan" Let me know please.

2008/04/28-14:31:24.109 SCW AcquireImage failure
2008/09/10-21:06:53.062 MON LCS client failure in enumHids TRANSPORT_ALL. Retrying.
2009/02/17-15:04:20.906 DRS CCmdScanCmd::SetScanParameter error writing ColorFormatCmd -6
2009/02/17-15:06:50.250 DRS CCmdScanCmd::SetScanParameter error writing ColorFormatCmd -12
2009/02/17-15:07:02.453 DRS CCmdScanCmd::SetScanParameter error writing ColorFormatCmd -6
2009/04/01-07:39:51.812 DRS Requested Scan Area is not within Scan Bed Area
2009/04/01-07:40:03.125 DRS Requested Scan Area is not within Scan Bed Area
2009/04/01-07:40:03.140 DRS Requested Scan Area is not within Scan Bed Area
2009/04/01-07:40:29.953 DRS Requested Scan Area is not within Scan Bed Area
2009/04/01-07:40:36.343 DRS Requested Scan Area is not within Scan Bed Area
2009/04/01-07:40:36.359 DRS Requested Scan Area is not within Scan Bed Area
2009/04/01-07:41:37.796 DRS Requested Scan Area is not within Scan Bed Area
2009/04/01-07:41:44.468 DRS Requested Scan Area is not within Scan Bed Area
2009/04/23-10:14:37.031 SCW Not Enough Memory
2009/04/25-19:34:55.687 DDS DDS_E_APP_LAUNCH_FAILED: Launch failed on send to Other
2009/04/25-19:58:40.968 DDS DDS_E_APP_LAUNCH_FAILED: Launch failed on send to Other
2009/04/28-08:04:27.906 DDS DDS_E_APP_LAUNCH_FAILED: Launch failed on send to Other
2009/05/11-10:45:28.484 SCW Not Enough Memory
2009/06/10-11:39:49.109 SCW Not Enough Memory
2009/07/12-20:04:10.875 DRS CCmdScanCmd::SetScanParameter error writing ColorFormatCmd -6
2009/07/13-13:34:49.171 SCW Not Enough Memory
2009/07/16-12:31:22.234 SCW Not Enough Memory
2009/07/29-09:55:25.421 SCW Not Enough Memory
2010/01/21-21:09:46.437 DRS CUSBDataComm::OpenChannel invalid filename
2010/01/21-21:09:46.875 DRS CUSBDataComm::OpenChannel invalid filename
2010/01/21-21:09:47.437 DRS CUSBDataComm::OpenChannel invalid filename
2010/01/21-21:09:47.796 DRS CUSBDataComm::OpenChannel invalid filename
2010/01/28-10:21:18.453 SCW Not Enough Memory
2010/03/01-14:04:01.984 SCW Not Enough Memory
2010/04/07-16:59:52.759 DRS CUSBDataComm::ReadChannel ReadFile failed
2010/04/07-16:59:52.790 DRS CUSBDataComm::ReadChannel ReadFile failed
2010/04/19-20:44:21.218 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/19-20:44:22.468 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:44:22.671 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:44:22.750 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/19-20:44:22.750 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:44:22.750 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:45:04.921 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/19-20:45:05.781 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:45:05.781 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:45:05.781 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/19-20:45:05.781 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:45:05.796 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:45:05.796 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:45:05.796 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:45:05.796 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:45:05.796 DRS CUSBDataComm::WriteChannel INVALID_HANDLE_VALUE
2010/04/19-20:45:05.796 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/19-20:45:05.796 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/19-20:45:05.812 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:45:05.812 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:45:13.812 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/19-20:45:14.546 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:45:14.546 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:45:14.546 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/19-20:45:14.546 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:45:14.562 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:45:14.562 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:45:14.562 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:45:14.562 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:45:14.562 DRS CUSBDataComm::WriteChannel INVALID_HANDLE_VALUE
2010/04/19-20:45:14.562 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/19-20:45:14.562 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/19-20:45:14.578 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:45:14.578 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:45:15.406 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/19-20:45:16.093 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:45:16.093 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:45:16.093 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/19-20:45:16.093 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:45:16.109 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:45:16.109 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:45:16.109 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:45:16.125 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:45:16.125 DRS CUSBDataComm::WriteChannel INVALID_HANDLE_VALUE
2010/04/19-20:45:16.125 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/19-20:45:16.125 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/19-20:45:16.125 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:45:16.125 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:47:08.906 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/19-20:47:10.046 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:47:10.453 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:47:10.453 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/19-20:47:10.453 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:47:10.468 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:47:10.468 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:47:10.468 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:47:10.468 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:47:10.468 DRS CUSBDataComm::WriteChannel INVALID_HANDLE_VALUE
2010/04/19-20:47:10.468 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/19-20:47:10.484 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/19-20:47:10.484 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:47:10.484 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:51:20.437 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/19-20:51:21.156 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:51:21.156 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:51:21.156 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/19-20:51:21.156 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:51:21.171 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:51:21.171 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:51:21.171 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:51:21.171 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:51:21.171 DRS CUSBDataComm::WriteChannel INVALID_HANDLE_VALUE
2010/04/19-20:51:21.171 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/19-20:51:21.171 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/19-20:51:21.187 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/19-20:51:21.187 DRS CUSBDataComm::OpenChannel invalid filename
2010/04/20-22:00:19.078 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/20-22:00:19.796 DRS CUSBDataComm::OpenChannel could not open channel
2010/04/20-22:00:19.796 DRS CUSBDataComm::OpenChannel could not open channel
2010/04/20-22:00:22.031 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/20-22:00:22.640 DRS CUSBDataComm::OpenChannel could not open channel
2010/04/20-22:00:22.640 DRS CUSBDataComm::OpenChannel could not open channel
2010/04/26-13:47:28.109 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/26-13:47:28.890 DRS CUSBDataComm::OpenChannel could not open channel
2010/04/26-13:47:28.890 DRS CUSBDataComm::OpenChannel could not open channel
2010/04/26-13:47:30.296 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/26-13:47:31.046 DRS CUSBDataComm::OpenChannel could not open channel
2010/04/26-13:47:31.437 DRS CUSBDataComm::OpenChannel could not open channel
2010/04/26-19:23:04.625 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/26-19:23:05.250 DRS CUSBDataComm::OpenChannel could not open channel
2010/04/26-19:23:05.250 DRS CUSBDataComm::OpenChannel could not open channel
2010/04/26-19:23:08.046 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/26-19:23:08.812 DRS CUSBDataComm::OpenChannel could not open channel
2010/04/26-19:23:08.812 DRS CUSBDataComm::OpenChannel could not open channel
2010/04/27-12:45:48.875 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/27-12:45:49.531 DRS CUSBDataComm::OpenChannel could not open channel
2010/04/27-12:45:49.531 DRS CUSBDataComm::OpenChannel could not open channel
2010/04/27-12:45:51.671 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/27-12:45:52.093 DRS CUSBDataComm::OpenChannel could not open channel
2010/04/27-12:45:52.093 DRS CUSBDataComm::OpenChannel could not open channel
2010/04/27-14:50:21.421 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/27-14:50:22.062 DRS CUSBDataComm::OpenChannel could not open channel
2010/04/27-14:50:22.078 DRS CUSBDataComm::OpenChannel could not open channel
2010/04/27-14:50:23.656 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/27-14:50:24.078 DRS CUSBDataComm::OpenChannel could not open channel
2010/04/27-14:50:24.187 DRS CUSBDataComm::OpenChannel could not open channel
2010/04/27-21:29:07.234 DRS CUSBDataComm::ReadChannel ReadFile failed
2010/04/27-21:29:07.328 DRS CUSBDataComm::ReadChannel ReadFile failed
2010/04/28-09:09:28.562 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/28-09:09:29.171 DRS CUSBDataComm::OpenChannel could not open channel
2010/04/28-09:09:29.171 DRS CUSBDataComm::OpenChannel could not open channel
2010/04/28-09:09:30.296 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/28-09:09:30.906 DRS CUSBDataComm::OpenChannel could not open channel
2010/04/28-09:09:30.906 DRS CUSBDataComm::OpenChannel could not open channel
2010/04/29-15:09:32.484 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/29-15:09:33.250 DRS CUSBDataComm::OpenChannel could not open channel
2010/04/29-15:09:33.265 DRS CUSBDataComm::OpenChannel could not open channel
2010/04/29-15:09:33.703 DRS CScanCmd::GetPortName() failed to parse port string.
2010/04/29-15:09:34.187 DRS CUSBDataComm::OpenChannel could not open channel
2010/04/29-15:09:34.218 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/01-10:38:14.031 DRS CScanCmd::GetPortName() failed to parse port string.
2010/05/01-10:38:14.718 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/01-10:38:14.734 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/01-10:38:15.875 DRS CScanCmd::GetPortName() failed to parse port string.
2010/05/01-10:38:16.296 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/01-10:38:16.296 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/05-08:39:11.421 DRS CScanCmd::GetPortName() failed to parse port string.
2010/05/05-08:39:12.031 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/05-08:39:12.031 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/05-08:39:13.234 DRS CScanCmd::GetPortName() failed to parse port string.
2010/05/05-08:39:13.875 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/05-08:39:13.875 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/06-12:36:45.265 DRS CScanCmd::GetPortName() failed to parse port string.
2010/05/06-12:36:46.296 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/06-12:36:46.296 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/06-12:36:47.187 DRS CScanCmd::GetPortName() failed to parse port string.
2010/05/06-12:36:47.609 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/06-12:36:47.609 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/07-06:29:40.437 DRS CScanCmd::GetPortName() failed to parse port string.
2010/05/07-06:29:41.140 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/07-06:29:41.140 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/07-06:29:42.703 DRS CScanCmd::GetPortName() failed to parse port string.
2010/05/07-06:29:43.312 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/07-06:29:43.312 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/12-00:23:28.687 DRS CScanCmd::GetPortName() failed to parse port string.
2010/05/12-00:23:29.296 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/12-00:23:29.296 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/12-00:23:29.921 DRS CScanCmd::GetPortName() failed to parse port string.
2010/05/12-00:23:30.531 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/12-00:23:30.531 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/12-14:40:32.703 DRS CScanCmd::GetPortName() failed to parse port string.
2010/05/12-14:40:34.156 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/12-14:40:34.171 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/12-14:40:34.187 DRS CScanCmd::GetPortName() failed to parse port string.
2010/05/12-14:40:34.187 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/12-14:40:34.203 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/13-10:24:55.593 DRS CScanCmd::GetPortName() failed to parse port string.
2010/05/13-10:24:56.203 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/13-10:24:56.203 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/13-10:24:57.546 DRS CScanCmd::GetPortName() failed to parse port string.
2010/05/13-10:24:58.187 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/13-10:24:58.218 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/18-09:02:20.281 DRS CScanCmd::GetPortName() failed to parse port string.
2010/05/18-09:02:20.890 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/18-09:02:20.890 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/18-09:02:22.640 DRS CScanCmd::GetPortName() failed to parse port string.
2010/05/18-09:02:23.250 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/18-09:02:23.250 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/19-10:59:17.578 DRS CScanCmd::GetPortName() failed to parse port string.
2010/05/19-10:59:18.187 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/19-10:59:18.187 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/19-10:59:19.687 DRS CScanCmd::GetPortName() failed to parse port string.
2010/05/19-10:59:20.296 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/19-10:59:20.296 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/19-13:17:15.265 DRS CScanCmd::GetPortName() failed to parse port string.
2010/05/19-13:17:15.875 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/19-13:17:15.875 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/19-13:17:17.171 DRS CScanCmd::GetPortName() failed to parse port string.
2010/05/19-13:17:17.796 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/19-13:17:17.796 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/19-19:18:42.843 DRS CScanCmd::GetPortName() failed to parse port string.
2010/05/19-19:18:43.562 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/19-19:18:43.578 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/19-19:18:45.656 DRS CScanCmd::GetPortName() failed to parse port string.
2010/05/19-19:18:46.265 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/19-19:18:46.265 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/20-10:57:38.093 DRS CScanCmd::GetPortName() failed to parse port string.
2010/05/20-10:57:38.703 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/20-10:57:38.703 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/20-10:57:40.703 DRS CScanCmd::GetPortName() failed to parse port string.
2010/05/20-10:57:41.468 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/20-10:57:41.546 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/25-08:44:09.953 DRS CScanCmd::GetPortName() failed to parse port string.
2010/05/25-08:44:10.578 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/25-08:44:10.578 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/25-08:44:13.125 DRS CScanCmd::GetPortName() failed to parse port string.
2010/05/25-08:44:13.750 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/25-08:44:13.765 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/26-07:23:37.781 DRS CScanCmd::GetPortName() failed to parse port string.
2010/05/26-07:23:38.390 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/26-07:23:38.390 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/26-07:23:40.859 DRS CScanCmd::GetPortName() failed to parse port string.
2010/05/26-07:23:41.468 DRS CUSBDataComm::OpenChannel could not open channel
2010/05/26-07:23:41.468 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/01-14:02:39.359 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/01-14:02:39.968 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/01-14:02:39.968 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/01-14:02:40.453 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/01-14:02:40.468 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/01-14:02:40.468 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/08-14:26:27.078 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/08-14:26:27.703 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/08-14:26:27.703 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/08-14:26:28.984 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/08-14:26:29.406 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/08-14:26:29.500 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/10-09:47:47.796 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/10-09:47:48.406 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/10-09:47:48.937 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/10-09:47:50.765 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/10-09:47:51.375 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/10-09:47:51.390 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/11-09:51:55.156 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/11-09:51:55.937 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/11-09:51:55.953 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/11-09:51:57.875 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/11-09:51:58.484 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/11-09:51:58.484 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/11-10:33:10.937 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/11-10:33:11.562 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/11-10:33:11.578 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/11-10:33:13.687 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/11-10:33:14.296 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/11-10:33:14.296 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/12-13:32:17.687 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/12-13:32:18.296 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/12-13:32:18.375 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/12-13:32:19.890 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/12-13:32:20.546 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/12-13:32:20.656 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/13-17:27:36.765 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/13-17:27:37.375 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/13-17:27:37.375 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/13-17:27:38.203 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/13-17:27:38.812 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/13-17:27:38.843 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/14-12:57:14.328 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/14-12:57:14.968 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/14-12:57:14.968 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/14-12:57:17.968 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/14-12:57:18.750 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/14-12:57:18.906 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:17:53.156 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:17:53.656 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:17:53.671 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:17:53.734 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:17:53.750 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:17:53.765 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:18:30.468 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:18:30.656 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:18:30.687 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:18:30.687 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:18:30.687 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:18:30.703 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:18:30.718 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:18:30.718 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:18:30.734 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:18:30.734 DRS CUSBDataComm::WriteChannel INVALID_HANDLE_VALUE
2010/06/18-23:18:30.734 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:18:30.765 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:18:30.781 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:18:30.796 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:18:36.640 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:18:36.812 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:18:36.828 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:18:36.828 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:18:36.843 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:18:36.843 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:18:36.859 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:18:36.859 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:18:36.875 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:18:36.875 DRS CUSBDataComm::WriteChannel INVALID_HANDLE_VALUE
2010/06/18-23:18:36.875 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:18:36.875 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:18:36.890 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:18:36.890 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:18:37.984 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:18:38.156 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:18:38.171 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:18:38.171 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:18:38.187 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:18:38.187 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:18:38.203 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:18:38.218 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:18:38.218 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:18:38.218 DRS CUSBDataComm::WriteChannel INVALID_HANDLE_VALUE
2010/06/18-23:18:38.234 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:18:38.234 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:18:38.234 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:18:38.250 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:01.640 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:19:01.828 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:01.828 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:01.843 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:19:01.843 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:01.859 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:01.859 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:01.875 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:01.875 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:01.875 DRS CUSBDataComm::WriteChannel INVALID_HANDLE_VALUE
2010/06/18-23:19:01.875 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:19:01.875 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:19:01.890 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:01.890 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:12.328 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:19:12.500 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:12.515 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:12.515 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:19:12.531 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:12.531 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:12.546 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:12.546 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:12.562 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:12.562 DRS CUSBDataComm::WriteChannel INVALID_HANDLE_VALUE
2010/06/18-23:19:12.562 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:19:12.562 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:19:12.562 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:12.578 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:18.312 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:19:18.500 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:18.515 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:18.515 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:19:18.515 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:18.531 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:18.531 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:18.546 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:18.546 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:18.546 DRS CUSBDataComm::WriteChannel INVALID_HANDLE_VALUE
2010/06/18-23:19:18.562 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:19:18.562 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:19:18.562 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:18.578 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:47.640 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:19:47.828 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:47.828 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:47.843 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:19:47.843 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:47.859 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:47.859 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:47.875 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:47.875 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:47.875 DRS CUSBDataComm::WriteChannel INVALID_HANDLE_VALUE
2010/06/18-23:19:47.906 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:19:47.906 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:19:47.906 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:19:47.921 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:58:05.171 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:58:05.359 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:58:05.359 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:58:05.546 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/18-23:58:05.562 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/18-23:58:05.609 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/22-19:05:55.453 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/22-19:05:56.109 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/22-19:05:56.109 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/22-19:05:58.406 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/22-19:05:58.812 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/22-19:05:58.812 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/22-19:13:16.031 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/22-19:13:16.718 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/22-19:13:16.765 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/22-19:13:17.546 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/22-19:13:17.953 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/22-19:13:17.968 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/23-00:29:29.812 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/23-00:29:30.421 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/23-00:29:30.421 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/23-00:29:32.531 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/23-00:29:33.156 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/23-00:29:33.156 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/26-12:41:18.343 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/26-12:41:18.984 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/26-12:41:18.984 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/26-12:41:21.890 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/26-12:41:22.312 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/26-12:41:22.343 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/30-12:32:08.187 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/30-12:32:08.796 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/30-12:32:08.796 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/30-12:32:10.859 DRS CScanCmd::GetPortName() failed to parse port string.
2010/06/30-12:32:11.531 DRS CUSBDataComm::OpenChannel could not open channel
2010/06/30-12:32:11.562 DRS CUSBDataComm::OpenChannel could not open channel
2010/07/02-16:27:02.609 DRS CScanCmd::GetPortName() failed to parse port string.
2010/07/02-16:27:03.218 DRS CUSBDataComm::OpenChannel could not open channel
2010/07/02-16:27:03.218 DRS CUSBDataComm::OpenChannel could not open channel
2010/07/02-16:27:04.875 DRS CScanCmd::GetPortName() failed to parse port string.
2010/07/02-16:27:05.484 DRS CUSBDataComm::OpenChannel could not open channel
2010/07/02-16:27:05.484 DRS CUSBDataComm::OpenChannel could not open channel
2010/07/05-13:52:24.109 DRS CScanCmd::GetPortName() failed to parse port string.
2010/07/05-13:52:24.515 DRS CUSBDataComm::OpenChannel could not open channel
2010/07/05-13:52:24.562 DRS CUSBDataComm::OpenChannel could not open channel
2010/07/05-13:52:26.875 DRS CScanCmd::GetPortName() failed to parse port string.
2010/07/05-13:52:27.281 DRS CUSBDataComm::OpenChannel could not open channel
2010/07/05-13:52:27.281 DRS CUSBDataComm::OpenChannel could not

Vista
Senior
Senior

Posts Posts : 341
Joined Joined : 2009-02-12
Gender Gender : Female
OS OS : Windows 8
Points Points : 32764
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected Files and Registery Keys

Post by Sneakyone on Tue Jul 19, 2011 4:27 am

Nope, but lets try something else.

Right click on your favourite web browser (Internet Explorer, Firefox, etc) and select Run As Administrator to run it.

Go to [You must be registered and logged in to see this link.] and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.


  • I'm livin' life in the fast lane.

    Sneakyone
    Master
    Master

    Posts Posts : 2707
    Joined Joined : 2010-01-10
    Gender Gender : Male
    OS OS : Windows 7 Ultimate 64-bit
    Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
    Points Points : 56084
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Infected Files and Registery Keys

    Post by Vista on Thu Jul 28, 2011 11:52 pm

    Startup Objects Scan: completed 2 hours ago (events: 21, objects: 1684, time: 00:12:30)
    7/28/2011 5:15:08 PM Task started
    7/28/2011 5:16:01 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\disk.sys
    7/28/2011 5:16:03 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\dmio.sys
    7/28/2011 5:16:04 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\dmusic.sys
    7/28/2011 5:16:06 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\fdc.sys
    7/28/2011 5:16:06 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\flpydisk.sys
    7/28/2011 5:16:07 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\fltmgr.sys
    7/28/2011 5:16:12 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\intelppm.sys
    7/28/2011 5:16:12 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\ip6fw.sys
    7/28/2011 5:16:13 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\ipinip.sys
    7/28/2011 5:16:18 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\mspqm.sys
    7/28/2011 5:16:18 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\mssmbios.sys
    7/28/2011 5:16:21 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\npfs.sys
    7/28/2011 5:16:25 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\raspppoe.sys
    7/28/2011 5:16:30 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\redbook.sys
    7/28/2011 5:16:33 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\swenum.sys
    7/28/2011 5:16:37 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\update.sys
    7/28/2011 5:16:38 PM Packed: PE_Patch c:\WINDOWS\system32\drivers\usbstor.sys
    7/28/2011 5:18:20 PM Packed: UPX c:\Documents and Settings\Valerie\Desktop\commy.exe
    7/28/2011 5:20:07 PM Packed: Py2Exe c:\Documents and Settings\Valerie\Application Data\Dropbox\bin\Dropbox.exe
    7/28/2011 5:27:41 PM Task completed

    Vista
    Senior
    Senior

    Posts Posts : 341
    Joined Joined : 2009-02-12
    Gender Gender : Female
    OS OS : Windows 8
    Points Points : 32764
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Infected Files and Registery Keys

    Post by Sneakyone on Fri Jul 29, 2011 5:33 am

    Hi,

    How's your computer running now?


    I'm livin' life in the fast lane.

    Sneakyone
    Master
    Master

    Posts Posts : 2707
    Joined Joined : 2010-01-10
    Gender Gender : Male
    OS OS : Windows 7 Ultimate 64-bit
    Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
    Points Points : 56084
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Infected Files and Registery Keys

    Post by Vista on Tue Aug 09, 2011 2:23 pm

    Hi,
    Just came back from a well needed vacation. The computer still hangs a bit when opening up a new page or opening a program. Have to wait about 20-30 seconds before it starts to open. Not sure what that is from. Is there anything I can do about that? Also, the RUNDLL still comes up in the begining. Thanks for your help!

    Vista
    Senior
    Senior

    Posts Posts : 341
    Joined Joined : 2009-02-12
    Gender Gender : Female
    OS OS : Windows 8
    Points Points : 32764
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Infected Files and Registery Keys

    Post by Vista on Tue Aug 09, 2011 2:34 pm

    Sorry, I mispoke....it is taking over 2-3 min. to load a page....

    Vista
    Senior
    Senior

    Posts Posts : 341
    Joined Joined : 2009-02-12
    Gender Gender : Female
    OS OS : Windows 8
    Points Points : 32764
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Infected Files and Registery Keys

    Post by Sneakyone on Wed Aug 10, 2011 5:49 am

    Hi,

    Could you please re-run OTL?


    I'm livin' life in the fast lane.

    Sneakyone
    Master
    Master

    Posts Posts : 2707
    Joined Joined : 2010-01-10
    Gender Gender : Male
    OS OS : Windows 7 Ultimate 64-bit
    Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
    Points Points : 56084
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Infected Files and Registery Keys

    Post by Vista on Mon Aug 22, 2011 4:27 pm

    The error message comes up when boot up begins still saying "Missing RUNDLL Entry".

    OTL logfile created on: 8/22/2011 11:42:31 AM - Run 8
    OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Valerie\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    502.00 Mb Total Physical Memory | 68.00 Mb Available Physical Memory | 14.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.82 Gb Total Space | 203.29 Gb Free Space | 87.31% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    Drive E: | 387.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: VALERIE-DAAA710
    Current User Name: Valerie
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    ========== Processes (SafeList) ==========

    PRC - [2011/05/25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Valerie\Application Data\Dropbox\bin\Dropbox.exe
    PRC - [2011/05/24 16:02:04 | 000,143,360 | ---- | M] () -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    PRC - [2011/01/30 19:00:37 | 000,016,824 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
    PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    PRC - [2010/08/25 11:11:06 | 000,050,464 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    PRC - [2010/06/10 17:45:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valerie\Desktop\OTL.exe
    PRC - [2009/12/03 17:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. ([You must be registered and logged in to see this link.] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2002/12/12 08:45:00 | 000,541,184 | R--- | M] (Symantec Corporation) -- C:\Program Files\WinFax\WFXMOD32.EXE
    PRC - [2000/09/28 23:58:42 | 000,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\WFXSVC.EXE


    ========== Modules (SafeList) ==========

    MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2010/06/10 17:45:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valerie\Desktop\OTL.exe
    MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (atnthost)
    SRV - [2011/05/24 16:02:04 | 000,143,360 | ---- | M] () [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
    SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
    SRV - [2010/08/25 11:11:06 | 000,050,464 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2009/12/03 17:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. ([You must be registered and logged in to see this link.] [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
    SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2005/07/12 17:33:02 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcjcoms.exe -- (dlcj_device)
    SRV - [2005/03/30 16:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
    SRV - [2000/09/28 23:58:42 | 000,129,536 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\WINDOWS\system32\WFXSVC.EXE -- (wfxsvc)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/10/01 10:37:50 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
    DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
    DRV - [2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (kl1)
    DRV - [2010/05/07 11:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
    DRV - [2009/11/02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
    DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2005/06/16 14:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
    DRV - [2005/03/31 08:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
    DRV - [2005/03/31 07:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
    DRV - [2005/03/31 07:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
    DRV - [2005/03/31 07:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
    DRV - [2005/03/31 07:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
    DRV - [2004/08/13 03:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
    DRV - [2004/08/13 02:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
    DRV - [2004/08/13 02:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
    DRV - [2004/08/13 02:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
    DRV - [2004/08/13 02:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
    DRV - [2004/08/13 02:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
    DRV - [2004/08/13 02:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
    DRV - [2004/08/13 02:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
    DRV - [2004/08/13 02:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
    DRV - [2004/08/13 02:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
    DRV - [2004/08/04 04:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
    DRV - [2004/07/14 12:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
    DRV - [2004/07/14 12:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
    DRV - [2004/06/15 23:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
    DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
    DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
    DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
    DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.8
    FF - prefs.js..extensions.enabledItems: feedly@devhd:5.5
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
    FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:11.0.2.579
    FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:11.0.2.579
    FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:11.0.2.579
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011/05/31 11:35:15 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011/05/31 11:35:09 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011/05/31 11:35:12 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/05 15:05:26 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 20:23:13 | 000,000,000 | ---D | M]

    [2011/03/09 12:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Extensions
    [2011/08/17 16:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\extensions
    [2011/03/10 13:43:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/03/15 09:31:07 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    [2011/06/11 13:28:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}
    [2011/06/11 13:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\extensions\feedly@devhd
    [2011/06/11 13:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\extensions\staged-xpis
    [2011/06/11 13:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\extensions\feedly@devhd\content\app\extension
    [2011/08/17 16:09:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2011/04/05 17:03:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/06/26 14:19:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/04/04 14:11:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
    [2011/04/04 14:11:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
    [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2011/06/30 11:09:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
    O4 - HKLM..\Run: [DLCJCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.DLL ()
    O4 - Startup: C:\Documents and Settings\Valerie\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Valerie\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
    O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
    O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2005\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
    O24 - Desktop WallPaper: C:\Documents and Settings\Valerie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Valerie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files\WinFax\WFXSEH32.DLL (Symantec Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/04/18 14:12:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001/07/25 17:14:48 | 000,180,224 | R--- | M] (Dell Computer Corporation) - E:\AUTORCD.EXE -- [ CDFS ]
    O32 - AutoRun File - [2000/01/11 18:51:40 | 000,000,049 | RH-- | M] () - E:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/08/11 01:51:21 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
    [2011/08/11 01:50:54 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
    [1 C:\Documents and Settings\Valerie\My Documents\*.tmp files -> C:\Documents and Settings\Valerie\My Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/08/22 11:58:33 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/08/22 11:37:37 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
    [2011/08/22 11:37:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/08/22 11:37:04 | 000,001,099 | ---- | M] () -- C:\WINDOWS\win.ini
    [2011/08/22 11:36:57 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure Startup.job
    [2011/08/22 11:36:53 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/08/22 11:36:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2011/08/22 11:36:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/08/22 11:23:47 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure.job
    [2011/08/21 19:02:45 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{76D70BD6-ADEF-4772-B82F-52AD730EEB58}.job
    [2011/08/18 12:53:11 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Burnett, Richard.doc
    [2011/08/18 12:44:35 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Valerie\My Documents\~$nway, Frank.doc
    [2011/08/18 09:04:14 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\Valerie\ntuser.dat
    [2011/08/18 09:01:52 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Valerie\Desktop\Microsoft Office Word 2003.lnk
    [2011/08/17 21:58:57 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Valerie\ntuser.ini
    [2011/08/17 21:56:48 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\SPRINT PSWDS..doc
    [2011/08/14 11:52:42 | 000,397,960 | ---- | M] () -- C:\Documents and Settings\Valerie\Desktop\Vista-Spec-Sheet-April-2010.pdf
    [2011/08/14 10:06:32 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
    [2011/08/13 00:09:34 | 000,505,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2011/08/13 00:09:34 | 000,444,488 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/08/13 00:09:34 | 000,072,364 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/08/12 01:36:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/08/11 12:05:15 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Blood Bank of DE2.doc
    [2011/08/11 10:37:24 | 000,117,907 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Vista Residential Warranty.pdf
    [2011/08/11 10:36:46 | 000,112,634 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\VISTA RES GOLD WARRTY.pdf
    [2011/08/11 10:35:54 | 000,196,133 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\VistaWarrantyTransfer.pdf
    [2011/08/11 10:12:37 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Santangelo, Jill.doc
    [2011/08/09 13:23:51 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Day, Christy.doc
    [2011/08/09 11:30:33 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Un Poco de Mexico.doc
    [2011/08/09 10:17:29 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Christiana Care Main Lobby2.doc
    [2011/08/08 17:24:22 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Casanova, Carmen2.doc
    [2011/08/01 22:06:39 | 000,515,276 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\val w2.pdf
    [2011/08/01 22:02:09 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Financial Aid, Larry2.doc
    [2011/08/01 20:26:37 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Valerie\My Documents\~$mmons Response[1].doc
    [2011/08/01 19:06:40 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Summons Response[1].doc
    [2011/08/01 14:48:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/07/31 21:51:20 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Voshell, Courtney.doc
    [2011/07/31 21:17:42 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Patel, Ashok5.doc
    [2011/07/25 11:17:44 | 005,969,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
    [1 C:\Documents and Settings\Valerie\My Documents\*.tmp files -> C:\Documents and Settings\Valerie\My Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/08/18 12:53:03 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Burnett, Richard.doc
    [2011/08/18 12:44:35 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Valerie\My Documents\~$nway, Frank.doc
    [2011/08/17 20:18:00 | 000,054,784 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\SPRINT PSWDS..doc
    [2011/08/14 11:52:42 | 000,397,960 | ---- | C] () -- C:\Documents and Settings\Valerie\Desktop\Vista-Spec-Sheet-April-2010.pdf
    [2011/08/14 10:06:32 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
    [2011/08/14 10:06:31 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
    [2011/08/11 12:05:14 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Blood Bank of DE2.doc
    [2011/08/11 10:36:46 | 000,112,634 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\VISTA RES GOLD WARRTY.pdf
    [2011/08/11 10:35:47 | 000,196,133 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\VistaWarrantyTransfer.pdf
    [2011/08/11 10:12:37 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Santangelo, Jill.doc
    [2011/08/09 13:23:50 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Day, Christy.doc
    [2011/08/09 11:30:29 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Un Poco de Mexico.doc
    [2011/08/09 10:17:24 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Christiana Care Main Lobby2.doc
    [2011/08/01 22:06:30 | 000,515,276 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\val w2.pdf
    [2011/08/01 22:02:06 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Financial Aid, Larry2.doc
    [2011/08/01 20:26:37 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Valerie\My Documents\~$mmons Response[1].doc
    [2011/08/01 19:06:38 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Summons Response[1].doc
    [2011/07/31 21:51:19 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Voshell, Courtney.doc
    [2011/07/31 21:17:42 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Patel, Ashok5.doc
    [2011/02/19 20:33:06 | 000,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
    [2010/02/16 12:57:24 | 000,000,134 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/05/19 20:59:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.Valerie.ini
    [2009/04/21 21:05:26 | 000,000,070 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
    [2009/04/02 21:02:54 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
    [2008/05/06 08:39:42 | 000,688,128 | R--- | C] () -- C:\WINDOWS\System32\Bluebeam Javascript Library.dll
    [2008/04/30 15:28:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI
    [2008/04/30 15:17:21 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
    [2008/04/30 15:17:21 | 000,000,378 | ---- | C] () -- C:\WINDOWS\WINFAX.INI
    [2008/04/30 15:17:18 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
    [2008/04/29 11:40:08 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\dlcjvs.dll
    [2008/04/29 11:39:08 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcjserv.dll
    [2008/04/29 11:39:08 | 001,122,304 | ---- | C] () -- C:\WINDOWS\System32\dlcjusb1.dll
    [2008/04/29 11:39:08 | 000,630,784 | ---- | C] () -- C:\WINDOWS\System32\dlcjpmui.dll
    [2008/04/29 11:39:08 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjprox.dll
    [2008/04/29 11:39:08 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcjpplc.dll
    [2008/04/29 11:39:07 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcjhbn3.dll
    [2008/04/29 11:39:07 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomc.dll
    [2008/04/29 11:39:07 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcjlmpm.dll
    [2008/04/29 11:39:07 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomm.dll
    [2008/04/29 11:39:06 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcjutil.dll
    [2008/04/29 11:39:04 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsb.dll
    [2008/04/29 11:39:04 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcjjswr.dll
    [2008/04/29 11:39:04 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsr.dll
    [2008/04/29 11:39:03 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjins.dll
    [2008/04/29 11:39:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcjcub.dll
    [2008/04/29 11:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcjcu.dll
    [2008/04/29 11:39:02 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcjcur.dll
    [2008/04/28 12:13:33 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
    [2008/04/18 14:48:50 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2008/04/18 14:47:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/04/10 09:43:24 | 003,563,520 | R--- | C] () -- C:\WINDOWS\System32\BGP856.dll
    [2005/10/14 17:09:48 | 000,050,652 | ---- | C] () -- C:\WINDOWS\System32\drivers\atntwink.sys
    [2005/06/01 12:53:38 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcjcfg.dll
    [2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Valerie\My Documents\LARRYS PICS 001.jpg:SummaryInformation
    @Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Valerie\My Documents\christmas pics 2007.png:SummaryInformation
    @Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Valerie\My Documents\christmas pics 1 2007.png:SummaryInformation
    < End of report >

    Vista
    Senior
    Senior

    Posts Posts : 341
    Joined Joined : 2009-02-12
    Gender Gender : Female
    OS OS : Windows 8
    Points Points : 32764
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Infected Files and Registery Keys

    Post by Dr Jay on Tue Aug 23, 2011 11:35 am

    Hi there...

    does this error message also refer to a certain file path, or is it just an open dialog box saying that?


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13719
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302143
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: Infected Files and Registery Keys

    Post by Vista on Mon Aug 29, 2011 3:23 pm

    the error says:
    Error in C:/Windows/System32/spool/Drivers/w32x86/3/
    Missing Entry: RunDLL Entry

    FYI: I am not sure this error has anything to do with not having sound on my computer.

    Vista
    Senior
    Senior

    Posts Posts : 341
    Joined Joined : 2009-02-12
    Gender Gender : Female
    OS OS : Windows 8
    Points Points : 32764
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Infected Files and Registery Keys

    Post by Dr Jay on Wed Aug 31, 2011 10:40 am

    Have you installed a printer recently? Do you have a printer?


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13719
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302143
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: Infected Files and Registery Keys

    Post by Vista on Wed Aug 31, 2011 1:37 pm

    Yes, I do have a printer. I had the same printer for over 5 years. It is a Dell All In One.

    Vista
    Senior
    Senior

    Posts Posts : 341
    Joined Joined : 2009-02-12
    Gender Gender : Female
    OS OS : Windows 8
    Points Points : 32764
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Infected Files and Registery Keys

    Post by Vista on Wed Aug 31, 2011 1:38 pm

    I have 2 viruses on my laptop. Should I post in a new forum or can I post my Malwarebytes log here? Thanks.

    Vista
    Senior
    Senior

    Posts Posts : 341
    Joined Joined : 2009-02-12
    Gender Gender : Female
    OS OS : Windows 8
    Points Points : 32764
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Infected Files and Registery Keys

    Post by Dr Jay on Thu Sep 01, 2011 11:13 am

    Post a new topic for that.

    As for the Dell All-In-One, do you have any discs available for reinstalling the printer drivers?


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13719
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302143
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: Infected Files and Registery Keys

    Post by Vista on Thu Sep 01, 2011 11:55 am

    Yes, I do have the disk.

    Vista
    Senior
    Senior

    Posts Posts : 341
    Joined Joined : 2009-02-12
    Gender Gender : Female
    OS OS : Windows 8
    Points Points : 32764
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Infected Files and Registery Keys

    Post by Dr Jay on Sat Sep 03, 2011 12:24 am

    Please reinstall those drivers, and see if the error pops up anymore...


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13719
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302143
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: Infected Files and Registery Keys

    Post by Vista on Fri Sep 09, 2011 6:36 pm

    Don't know if this changes anything since I don't have any sound. When I check Device Manager it shows a yellow question mark infront of multimedia audio controllers. When I check the properties, it says the device has no drivers.
    When I go to install the CD (Drivers and Utilities for my Dell Photo All in one printer 964) it does nothing. Nothing pops up. I am not sure how to go about re installing the drivers. What do I do after putting in the CD and do I UNINSTALL anything first? Thanks

    Vista
    Senior
    Senior

    Posts Posts : 341
    Joined Joined : 2009-02-12
    Gender Gender : Female
    OS OS : Windows 8
    Points Points : 32764
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: Infected Files and Registery Keys

    Post by Dr Jay on Sat Sep 10, 2011 11:58 am

    Right-click on My Computer and select Manage.

    Click Device Manager in the left pane.

    Find your Printer in the list, right-click and select Uninstall.

    Reboot your computer. Make sure the printer is on before it finishes starting up, and then allow it to queue the driver setup. When the prompt appears...insert the driver CD and continue through the wizard to completion.

    Let me know if that works.. (we'll work on sound issue later).


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13719
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302143
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    View previous topic View next topic Back to top

    - Similar topics

     
    Permissions in this forum:
    You cannot reply to topics in this forum