Apparent Virus, Rogue Security Suite?, Icons/Programs disappearance

View previous topic View next topic Go down

Apparent Virus, Rogue Security Suite?, Icons/Programs disappearance

Post by vrathgeber3 on Thu Jun 23, 2011 1:36 am

System: IBM ThinkPad Model T61 running Windows XP
Symptoms: A window purporting to run a security scan came up at some point. My friend, whose computer this is, doesn't recall if she clicked on any buttons offered by the window (which said it would fix all the so-called viruses it found). After this happened, all of her desktop icons disappeared as did all her programs on the Start button. (So she gave the system to me to look into trying to sort this out). If you go into Windows Explorer to look at the file structure, the drives appear but you cannot view the directories or files. If you click on the "+" to expand the disk, then the "+" just disappears. If you right-click and select open (to show the contents of the drive), then all that happens is another Explorer window opens up showing the same thing (just the drives). I managed to get Internet Explorer to open through a link in Control Panel and was then able to download a couple of Anti Spyware programs (Spybot, MalwareBytes, Webroot, SpyHunter). When I installed them, then these programs do show up in the Start > Programs area and on the Desktop. I ran these and one did say that it found a high risk "Rogue Security Suite" and offered to clean it for $40. Based on past experience, the likelihood is that I pay the $40 and it doesn't really fix anything. The other scans found nothing other than low risk tracker cookies. So, I am turning to the GeekPolice. I have run OTC and aswMBR and have pasted the logs below. Any feedback is greatly appreciated!

OTL logfile created on: 6/22/2011 7:27:13 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = E:\My Documents\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 54.04% Memory free
3.81 Gb Paging File | 3.02 Gb Available in Paging File | 79.29% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 5.98 Gb Free Space | 12.24% Space Free | Partition Type: NTFS
Drive E: | 56.24 Gb Total Space | 47.34 Gb Free Space | 84.18% Space Free | Partition Type: NTFS

Computer Name: MBA09-9A7B8CF | User Name: jmm6 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/22 19:17:09 | 000,579,072 | ---- | M] (OldTimer Tools) -- E:\My Documents\Desktop\OTL.com
PRC - [2011/06/21 23:02:15 | 001,383,496 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2011/06/21 23:02:12 | 003,363,168 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/06/09 22:53:19 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2011/05/23 14:31:42 | 003,907,248 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2010/07/28 17:34:02 | 000,569,752 | -H-- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/07/28 17:33:58 | 006,995,864 | -H-- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010/07/28 17:33:58 | 001,485,208 | -H-- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/07/21 18:16:06 | 000,169,312 | -H-- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2008/07/21 18:15:14 | 000,193,888 | -H-- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/06/19 15:24:16 | 000,611,664 | -H-- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/17 11:08:46 | 001,528,608 | -H-- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/18 07:53:02 | 000,808,304 | -H-- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2007/12/18 07:53:00 | 000,779,632 | -H-- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2007/12/03 23:12:54 | 000,427,384 | -H-- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2007/11/29 13:04:00 | 000,059,168 | -H-- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2007/09/06 20:45:40 | 000,300,392 | -H-- | M] (Trend Micro Inc.) -- C:\WINDOWS\Temp\NUF376.EXE
PRC - [2007/09/06 20:45:26 | 000,710,000 | -H-- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2007/08/03 18:10:46 | 000,644,408 | -H-- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/07/05 05:07:42 | 000,110,592 | -H-- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2007/06/07 18:43:46 | 000,013,312 | -H-- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2007/03/21 15:42:38 | 000,364,629 | -H-- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2007/03/09 00:49:42 | 000,066,176 | -H-- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007/03/07 23:16:48 | 000,073,776 | -H-- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007/02/08 15:11:32 | 000,569,344 | -H-- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/02/08 15:00:06 | 000,022,016 | -H-- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2007/02/08 13:40:16 | 000,045,056 | -H-- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2007/01/04 21:48:52 | 000,112,152 | RH-- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/28 21:48:10 | 000,569,344 | -H-- | M] (Sonix) -- C:\WINDOWS\vsnp2uvc.exe
PRC - [2006/09/06 02:39:10 | 000,091,688 | -H-- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2006/02/02 07:20:00 | 000,122,940 | -H-- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE


========== Modules (SafeList) ==========

MOD - [2011/06/22 19:17:09 | 000,579,072 | ---- | M] (OldTimer Tools) -- E:\My Documents\Desktop\OTL.com
MOD - [2010/08/23 11:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/07/05 05:07:36 | 000,065,536 | -H-- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2007/01/25 01:25:52 | 000,069,720 | -H-- | M] () -- C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2011/06/21 23:02:12 | 003,363,168 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/06/09 22:53:19 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (Rpcnet) Remote Procedure Call (RPC)
SRV - [2011/05/23 14:31:42 | 003,907,248 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Auto | Running] -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2010/07/28 17:34:02 | 000,569,752 | -H-- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2008/07/21 18:15:14 | 000,193,888 | -H-- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2008/06/19 15:24:16 | 000,611,664 | -H-- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/04/17 11:08:46 | 001,528,608 | -H-- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/12/18 07:53:02 | 000,808,304 | -H-- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2007/12/18 07:53:00 | 000,779,632 | -H-- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2007/08/03 18:10:46 | 000,644,408 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/06/07 18:43:46 | 000,013,312 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2007/04/27 20:35:28 | 000,575,064 | -H-- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2007/03/21 15:42:38 | 000,364,629 | -H-- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (acs)
SRV - [2007/02/08 15:11:32 | 000,569,344 | -H-- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/02/08 13:40:16 | 000,045,056 | -H-- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007/01/04 21:48:52 | 000,112,152 | RH-- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2005/10/06 20:12:30 | 000,855,552 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)


========== Driver Services (SafeList) ==========

DRV - [2011/05/23 13:09:30 | 000,181,008 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2011/05/23 13:09:30 | 000,045,584 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\ssfmonm.sys -- (ssfmonm)
DRV - [2011/05/23 13:09:30 | 000,024,496 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2010/06/23 18:12:50 | 000,027,072 | -H-- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2009/12/18 12:13:02 | 000,020,480 | -H-- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2009/12/18 12:13:00 | 000,230,912 | -H-- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/12/18 12:12:58 | 000,174,720 | -H-- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2009/12/18 12:12:58 | 000,174,720 | -H-- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/12/18 12:12:58 | 000,174,720 | -H-- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2008/05/02 16:22:00 | 000,205,328 | -H-- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2008/05/02 16:21:52 | 000,036,368 | -H-- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2008/05/02 16:17:18 | 001,169,240 | -H-- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
DRV - [2008/04/17 11:07:52 | 000,306,299 | -H-- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/04/13 13:41:01 | 000,052,352 | -H-- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/03/29 19:36:28 | 000,125,328 | -H-- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/12/24 17:37:00 | 000,138,384 | -H-- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/12/06 11:22:00 | 000,004,442 | -H-- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2007/11/29 13:04:00 | 000,007,168 | -H-- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007/10/26 03:20:36 | 000,549,184 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/10/16 20:33:00 | 000,103,472 | -H-- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2007/10/16 20:32:00 | 000,019,504 | -H-- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007/08/31 15:16:48 | 000,078,864 | -H-- | M] (Trend Micro Incorporated.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2007/07/03 20:46:24 | 000,057,344 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/06/07 19:36:44 | 000,081,280 | -H-- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LenovoRd.sys -- (LenovoRd)
DRV - [2007/05/22 17:59:38 | 000,030,336 | -H-- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2007/05/22 02:59:34 | 000,021,376 | -H-- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007/05/03 14:37:08 | 000,022,152 | -H-- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/02/16 17:09:06 | 009,598,080 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/01/18 19:28:02 | 000,005,275 | -H-- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/12/21 21:56:00 | 000,988,800 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/21 21:56:00 | 000,209,664 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/21 21:55:00 | 000,730,112 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/02/02 07:20:00 | 000,094,332 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/02/02 07:20:00 | 000,087,036 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/02/02 07:20:00 | 000,086,652 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/02/02 07:20:00 | 000,025,628 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/02/02 07:20:00 | 000,014,684 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/02/02 07:20:00 | 000,006,364 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/02/02 07:20:00 | 000,002,496 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/11/18 14:02:50 | 000,005,660 | -H-- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 14:02:10 | 000,022,684 | -H-- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://jonesgsm.rice.edu/jonesgsm/Default.asp"

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/19 12:59:03 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/13 19:50:47 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/13 19:50:47 | 000,000,000 | -H-D | M]

[2009/08/20 14:40:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\mba10\Application Data\Mozilla\Extensions
[2008/06/16 15:09:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\mba10\Application Data\Mozilla\Firefox\Profiles\ws5g7iuf.default\extensions
[2008/06/16 15:09:54 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\mba10\Application Data\Mozilla\Firefox\Profiles\ws5g7iuf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/08/20 14:40:58 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/19 16:16:28 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 16:16:29 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKCU..\Run: [EA Core] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [UYhaQsSEGdkYay] File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O4 - Startup: C:\Documents and Settings\mba10\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk = C:\Documents and Settings\mba10\Application Data\Microsoft\Installer\{39A908FD-7322-41AE-B374-C7A076B2FC97}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\mba10\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O4 - Startup: C:\Documents and Settings\mba10\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O4 - Startup: C:\Documents and Settings\mba10\Start Menu\Programs\Startup\Shortcut to WBALANCE.lnk = C:\Program Files\WBALANCE.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} [You must be registered and logged in to see this link.] (ObjWinNTCheck Class)
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} [You must be registered and logged in to see this link.] (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} [You must be registered and logged in to see this link.] (LinkedIn ContactFinderControl)
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} [You must be registered and logged in to see this link.] (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} [You must be registered and logged in to see this link.] (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} [You must be registered and logged in to see this link.] (P3DActiveX Control)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} [You must be registered and logged in to see this link.] (Toontown Installer ActiveX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} [You must be registered and logged in to see this link.] (JuniperSetupControlXP Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} [You must be registered and logged in to see this link.] (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\mba10\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mba10\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 02:13:35 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1565096e-4918-11dd-a018-001fe1c757fe}\Shell\AutoRun\command - "" = F:\wd_windows_tools\setup.exe
O33 - MountPoints2\{3ab7dae0-51ab-11e0-9f8e-001fe1c75b1d}\Shell - "" = AutoRun
O33 - MountPoints2\{3ab7dae0-51ab-11e0-9f8e-001fe1c75b1d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3ab7dae0-51ab-11e0-9f8e-001fe1c75b1d}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{3ab7dae5-51ab-11e0-9f8e-001fe1c75b1d}\Shell - "" = AutoRun
O33 - MountPoints2\{3ab7dae5-51ab-11e0-9f8e-001fe1c75b1d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3ab7dae5-51ab-11e0-9f8e-001fe1c75b1d}\Shell\AutoRun\command - "" = G:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{4ae02f15-dc98-11df-9f6c-001fe1c75b1d}\Shell\AutoRun\command - "" = F:\wd_windows_tools\WDSetup.exe
O33 - MountPoints2\{dc4a821a-3bda-11dd-ae5b-001fe1c75e79}\Shell\AutoRun\command - "" = F:\wd_windows_tools\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WebrootSpySweeperService - C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe (Webroot Software, Inc. ([You must be registered and logged in to see this link.]
SafeBootMin: WRConsumerService - C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WebrootSpySweeperService - C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe (Webroot Software, Inc. ([You must be registered and logged in to see this link.]
SafeBootNet: WRConsumerService - C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} - Microsoft Office Communicator 2007
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/22 19:19:12 | 001,904,128 | ---- | C] (AVAST Software) -- E:\My Documents\Desktop\aswMBR.exe
[2011/06/22 19:17:03 | 000,579,072 | ---- | C] (OldTimer Tools) -- E:\My Documents\Desktop\OTL.com
[2011/06/21 23:05:16 | 000,181,008 | ---- | C] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] -- C:\WINDOWS\System32\drivers\ssidrv.sys
[2011/06/21 23:05:16 | 000,045,584 | ---- | C] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] -- C:\WINDOWS\System32\drivers\ssfmonm.sys
[2011/06/21 23:05:16 | 000,024,496 | ---- | C] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] -- C:\WINDOWS\System32\drivers\sshrmd.sys
[2011/06/21 23:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Webroot
[2011/06/21 23:02:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{24F72050-686C-4A15-B137-09FEB449D545}
[2011/06/21 23:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2011/06/21 23:01:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2011/06/21 23:01:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mba10\Local Settings\Application Data\PackageAware
[2011/06/19 16:22:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/19 16:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/19 16:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/19 15:57:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/12 21:02:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\mba10\Recent
[2011/06/09 10:32:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\mba10\Start Menu\Programs\Windows XP Restore
[2011/05/28 14:19:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\mba10\Application Data\go
[2011/05/28 14:19:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2008/06/10 12:32:03 | 000,167,936 | -H-- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2008/06/10 12:32:03 | 000,053,248 | -H-- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2007/12/14 16:09:02 | 000,217,088 | -H-- | C] ( ) -- C:\Documents and Settings\mba10\Local Settings\Application Data\Interop.Microsoft.Office.Core.dll
[2007/08/09 15:50:38 | 000,016,384 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\mba10\Local Settings\Application Data\stdole.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/22 19:23:25 | 000,002,278 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/22 19:22:03 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2011/06/22 19:21:50 | 000,000,878 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/22 19:21:50 | 000,000,260 | -H-- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/06/22 19:21:50 | 000,000,236 | -H-- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/06/22 19:21:36 | 000,017,408 | -H-- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2011/06/22 19:21:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/22 19:20:55 | 2103,750,656 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/22 19:19:12 | 001,904,128 | ---- | M] (AVAST Software) -- E:\My Documents\Desktop\aswMBR.exe
[2011/06/22 19:17:09 | 000,579,072 | ---- | M] (OldTimer Tools) -- E:\My Documents\Desktop\OTL.com
[2011/06/21 23:02:24 | 000,001,143 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus with Spy Sweeper.lnk
[2011/06/21 22:51:00 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/21 22:13:05 | 000,017,408 | -H-- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2011/06/19 22:57:00 | 000,000,254 | -H-- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/06/19 16:22:25 | 000,000,958 | ---- | M] () -- C:\Documents and Settings\mba10\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/19 16:22:25 | 000,000,816 | ---- | M] () -- E:\My Documents\Desktop\Spybot - Search & Destroy.lnk
[2011/06/12 20:43:16 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/10 20:07:33 | 000,058,288 | -H-- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2011/06/09 22:53:19 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.exe
[2011/06/09 10:32:20 | 000,000,732 | -H-- | M] () -- E:\My Documents\Desktop\Windows XP Restore.lnk
[2011/06/09 10:32:20 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17882916r
[2011/06/09 10:32:20 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17882916
[2011/06/09 10:31:54 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\17882916
[2011/06/05 22:27:45 | 000,011,776 | -H-- | M] () -- C:\Documents and Settings\mba10\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/03 10:53:12 | 000,002,449 | -H-- | M] () -- C:\Documents and Settings\mba10\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk
[2011/05/28 14:19:35 | 000,001,730 | -H-- | M] () -- E:\My Documents\Desktop\Play games (EasyBits GO).lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/22 19:20:55 | 2103,750,656 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/21 23:05:18 | 000,030,424 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2011/06/21 23:05:18 | 000,017,472 | ---- | C] () -- C:\WINDOWS\System32\SsiEfr.exe
[2011/06/21 23:02:24 | 000,001,143 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Webroot AntiVirus with Spy Sweeper.lnk
[2011/06/19 16:22:25 | 000,000,958 | ---- | C] () -- C:\Documents and Settings\mba10\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/19 16:22:25 | 000,000,816 | ---- | C] () -- E:\My Documents\Desktop\Spybot - Search & Destroy.lnk
[2011/06/09 10:32:20 | 000,000,732 | -H-- | C] () -- E:\My Documents\Desktop\Windows XP Restore.lnk
[2011/06/09 10:32:20 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~17882916r
[2011/06/09 10:32:02 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~17882916
[2011/06/09 10:31:48 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\17882916
[2011/05/28 14:19:35 | 000,001,856 | -H-- | C] () -- C:\Documents and Settings\mba10\Start Menu\Programs\Play games (EasyBits GO).lnk
[2011/05/28 14:19:35 | 000,001,730 | -H-- | C] () -- E:\My Documents\Desktop\Play games (EasyBits GO).lnk
[2010/10/02 21:38:05 | 000,000,254 | -H-- | C] () -- C:\WINDOWS\System32\SunData.ini
[2010/10/02 21:32:48 | 000,000,127 | -H-- | C] () -- C:\WINDOWS\TTL3.ini
[2010/09/09 16:35:37 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/07 18:57:39 | 000,057,395 | -H-- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/05/19 12:58:01 | 000,023,110 | -H-- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/05/19 12:50:14 | 000,077,374 | -H-- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/04/25 13:53:45 | 000,146,829 | -H-- | C] () -- C:\WINDOWS\hpoins31.dat
[2010/04/25 13:53:45 | 000,000,945 | -H-- | C] () -- C:\WINDOWS\hpomdl31.dat
[2010/03/06 15:35:12 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\DATA.INI
[2010/02/27 12:36:02 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\PowerReg.dat
[2009/08/03 16:07:42 | 000,403,816 | -H-- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | -H-- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/07 22:14:29 | 000,011,776 | -H-- | C] () -- C:\Documents and Settings\mba10\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/06 06:50:13 | 000,045,132 | -H-- | C] () -- C:\Documents and Settings\mba10\Application Data\JuniperExtXP.exe
[2009/03/22 15:43:24 | 000,162,304 | -H-- | C] () -- C:\WINDOWS\System32\Unwise32.exe
[2009/03/22 15:42:50 | 000,000,570 | -H-- | C] () -- C:\WINDOWS\DTOOLS.INI
[2009/02/25 23:58:59 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/02/21 12:57:35 | 000,017,408 | -H-- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2009/02/21 12:54:47 | 000,017,408 | -H-- | C] () -- C:\WINDOWS\System32\rpcnetp.exe
[2008/07/01 09:33:13 | 000,001,160 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2008/06/30 10:10:38 | 000,000,228 | -H-- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/06/19 12:48:33 | 000,001,024 | -H-- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/06/19 12:48:33 | 000,001,024 | -H-- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/06/19 12:48:33 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008/06/19 12:48:33 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2008/06/19 12:48:33 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2008/06/19 12:48:33 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2008/06/19 11:40:34 | 000,001,024 | -H-- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2008/06/19 11:40:34 | 000,001,024 | -H-- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2008/06/19 11:40:34 | 000,000,100 | -H-- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2008/06/19 11:35:57 | 000,001,025 | -H-- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/06/19 11:35:57 | 000,000,205 | -H-- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/06/16 15:20:45 | 000,000,062 | -H-- | C] () -- C:\Program Files\Pcounter.ini
[2008/06/16 15:20:41 | 000,086,528 | -H-- | C] () -- C:\Program Files\WBALANCE.EXE
[2008/06/16 15:12:57 | 000,012,888 | -H-- | C] () -- C:\WINDOWS\cfgall.ini
[2008/06/16 15:07:22 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/10 13:09:15 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/10 12:48:02 | 000,114,688 | -H-- | C] () -- C:\WINDOWS\desktopset.exe
[2008/06/10 12:42:49 | 000,000,126 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2008/06/10 12:41:11 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/06/10 12:41:11 | 000,200,704 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/06/10 12:41:11 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/06/10 12:41:11 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/06/10 12:41:11 | 000,188,416 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/06/10 12:41:11 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/06/10 12:34:24 | 000,910,464 | -H-- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/06/10 12:34:24 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4860.dll
[2008/06/10 12:32:04 | 000,015,497 | -H-- | C] () -- C:\WINDOWS\snp2uvc.ini
[2008/06/10 12:32:03 | 009,598,080 | -H-- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008/06/10 12:31:51 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2008/06/10 12:31:43 | 000,651,264 | -H-- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008/06/10 12:31:43 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/06/10 12:30:33 | 000,016,384 | -H-- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2008/06/10 12:30:33 | 000,004,442 | -H-- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2008/06/10 12:25:39 | 000,000,138 | -H-- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2008/05/26 22:59:42 | 000,018,904 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/16 11:58:04 | 000,012,632 | -H-- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/04/17 11:08:56 | 000,197,408 | -H-- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/04/17 11:08:44 | 000,193,312 | -H-- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/09/27 11:51:02 | 000,020,698 | -H-- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | -H-- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | -H-- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/01/16 10:12:12 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2006/04/30 02:31:51 | 000,004,670 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 02:22:10 | 000,000,791 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/30 02:19:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/30 02:10:07 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/04/30 01:56:07 | 000,052,352 | -H-- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys
[2006/04/30 01:55:59 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/04/30 01:55:55 | 000,513,426 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/30 01:55:55 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/04/30 01:55:55 | 000,097,960 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/30 01:55:55 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/04/30 01:55:54 | 000,004,547 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/04/30 01:55:52 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/04/30 01:55:50 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/04/30 01:55:44 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/04/30 01:55:44 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/04/30 01:55:37 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/04/30 01:55:28 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/04/29 19:04:28 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/29 19:03:29 | 000,270,984 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/04/02 11:26:22 | 000,262,144 | -H-- | C] () -- C:\WINDOWS\System32\PDFSpooler.exe
[2001/10/28 19:42:30 | 000,116,224 | -H-- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/05/13 19:50:37 | 000,107,480 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/05/13 19:50:37 | 000,912,344 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/05/13 19:50:40 | 000,016,856 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/05/13 19:50:41 | 000,246,744 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2011/05/23 14:31:14 | 000,017,472 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\SsiEfr.exe
[2011/05/23 14:31:36 | 000,030,424 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wrLZMA.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2010/10/03 22:33:03 | 000,000,000 | -H-D | M] -- C:\Program Files\Adobe
[2008/06/28 02:48:35 | 000,000,000 | -H-D | M] -- C:\Program Files\AMOS 16.0
[2008/06/10 12:34:07 | 000,000,000 | -H-D | M] -- C:\Program Files\Analog Devices
[2008/06/27 14:07:07 | 000,000,000 | -H-D | M] -- C:\Program Files\Apple Software Update
[2011/06/09 18:32:25 | 000,000,000 | -H-D | M] -- C:\Program Files\ArcSoft
[2010/10/03 09:25:11 | 000,000,000 | -H-D | M] -- C:\Program Files\Atari
[2010/07/07 18:57:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Belkin
[2008/06/16 15:26:56 | 000,000,000 | -H-D | M] -- C:\Program Files\Cisco Systems
[2011/05/05 22:18:09 | 000,000,000 | -H-D | M] -- C:\Program Files\Common Files
[2008/06/10 12:06:13 | 000,000,000 | -H-D | M] -- C:\Program Files\ComPlus Applications
[2008/06/10 12:33:14 | 000,000,000 | -H-D | M] -- C:\Program Files\CONEXANT
[2010/06/06 12:41:51 | 000,000,000 | -H-D | M] -- C:\Program Files\Coupons
[2008/06/10 12:33:26 | 000,000,000 | -H-D | M] -- C:\Program Files\Digital Line Detect
[2009/08/30 16:04:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Disney
[2010/10/09 18:58:34 | 000,000,000 | -H-D | M] -- C:\Program Files\EA GAMES
[2010/11/20 16:45:35 | 000,000,000 | -H-D | M] -- C:\Program Files\Electronic Arts
[2010/09/19 11:30:37 | 000,000,000 | -H-D | M] -- C:\Program Files\GameMill Entertainment
[2011/05/22 19:46:50 | 000,000,000 | -H-D | M] -- C:\Program Files\Google
[2010/04/25 13:55:25 | 000,000,000 | -H-D | M] -- C:\Program Files\Hewlett-Packard
[2011/06/09 18:34:45 | 000,000,000 | -H-D | M] -- C:\Program Files\HP
[2010/02/27 12:34:48 | 000,000,000 | -H-D | M] -- C:\Program Files\Infogrames Interactive
[2011/06/09 18:32:20 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/04/12 15:10:34 | 000,000,000 | -H-D | M] -- C:\Program Files\Internet Explorer
[2008/06/10 12:41:25 | 000,000,000 | -H-D | M] -- C:\Program Files\InterVideo
[2008/06/10 12:40:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Java
[2009/12/31 02:03:56 | 000,000,000 | -H-D | M] -- C:\Program Files\Kodak
[2008/06/19 15:23:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Lavasoft
[2008/06/17 05:08:31 | 000,000,000 | -H-D | M] -- C:\Program Files\Lenovo
[2010/05/17 22:19:39 | 000,000,000 | -H-D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/05 11:09:04 | 000,000,000 | -H-D | M] -- C:\Program Files\Maxtor
[2010/10/29 22:45:51 | 000,000,000 | -H-D | M] -- C:\Program Files\Memeo
[2009/02/28 09:36:32 | 000,000,000 | -H-D | M] -- C:\Program Files\Messenger
[2008/06/30 15:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008/06/10 12:06:13 | 000,000,000 | -H-D | M] -- C:\Program Files\microsoft frontpage
[2008/06/16 15:50:32 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Office
[2008/06/19 13:13:57 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Office Communicator
[2011/04/21 15:32:08 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Silverlight
[2008/06/28 02:50:05 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Small Business
[2011/03/22 15:03:53 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft SQL Server
[2008/06/16 15:50:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Visual Studio
[2008/06/16 15:48:32 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2009/10/20 15:03:19 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Works
[2008/06/10 13:06:21 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft.NET
[2010/08/12 15:02:03 | 000,000,000 | -H-D | M] -- C:\Program Files\Movie Maker
[2011/06/05 19:00:21 | 000,000,000 | -H-D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/09 21:19:10 | 000,000,000 | -H-D | M] -- C:\Program Files\MSBuild
[2008/06/10 12:06:14 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN
[2008/06/10 12:06:17 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN Gaming Zone
[2008/06/10 12:30:29 | 000,000,000 | -H-D | M] -- C:\Program Files\MSXML 4.0
[2008/06/19 13:08:21 | 000,000,000 | -H-D | M] -- C:\Program Files\MSXML 6.0
[2008/06/10 12:42:49 | 000,000,000 | -H-D | M] -- C:\Program Files\Multimedia Center for Think Offerings
[2009/02/28 09:29:30 | 000,000,000 | -H-D | M] -- C:\Program Files\NetMeeting
[2008/06/10 12:33:24 | 000,000,000 | -H-D | M] -- C:\Program Files\NetWaiting
[2011/03/18 17:01:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Novatel Wireless
[2008/06/10 12:06:17 | 000,000,000 | -H-D | M] -- C:\Program Files\Online Services
[2010/12/18 09:27:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Outlook Express
[2009/03/22 15:43:15 | 000,000,000 | -H-D | M] -- C:\Program Files\Palisade
[2008/06/10 12:48:35 | 000,000,000 | -H-D | M] -- C:\Program Files\PCDR5
[2011/05/04 21:06:26 | 000,000,000 | -H-D | M] -- C:\Program Files\PDFCreator
[2008/06/10 12:49:15 | 000,000,000 | -H-D | M] -- C:\Program Files\Picasa2
[2008/06/27 14:07:34 | 000,000,000 | -H-D | M] -- C:\Program Files\QuickTime
[2009/08/09 21:19:03 | 000,000,000 | -H-D | M] -- C:\Program Files\Reference Assemblies
[2008/06/16 15:00:11 | 000,000,000 | -H-D | M] -- C:\Program Files\SecureW2
[2009/11/07 23:39:44 | 000,000,000 | RH-D | M] -- C:\Program Files\Skype
[2008/06/10 12:42:52 | 000,000,000 | -H-D | M] -- C:\Program Files\Sonic
[2008/06/10 12:42:57 | 000,000,000 | -H-D | M] -- C:\Program Files\Sonic Icons for Lenovo
[2008/06/19 11:50:52 | 000,000,000 | -H-D | M] -- C:\Program Files\SPSSInc
[2011/06/19 16:22:25 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2008/06/16 15:30:51 | 000,000,000 | -H-D | M] -- C:\Program Files\SSH Communications Security
[2008/06/10 12:31:51 | 000,000,000 | -H-D | M] -- C:\Program Files\Synaptics
[2008/06/10 12:49:02 | 000,000,000 | -H-D | M] -- C:\Program Files\ThinkPad
[2008/06/17 05:19:37 | 000,000,000 | -H-D | M] -- C:\Program Files\ThinkVantage
[2010/03/06 15:35:08 | 000,000,000 | -H-D | M] -- C:\Program Files\TreeAge
[2008/06/16 14:30:34 | 000,000,000 | -H-D | M] -- C:\Program Files\Trend Micro
[2008/06/10 12:06:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/06/09 18:37:47 | 000,000,000 | -H-D | M] -- C:\Program Files\Verizon Wireless
[2011/06/21 23:01:34 | 000,000,000 | ---D | M] -- C:\Program Files\Webroot
[2010/10/29 22:46:13 | 000,000,000 | -H-D | M] -- C:\Program Files\Western Digital
[2010/10/29 22:44:37 | 000,000,000 | -H-D | M] -- C:\Program Files\Western Digital Technologies
[2009/06/13 15:13:44 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Desktop Search
[2008/06/17 03:08:06 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Live Toolbar
[2008/06/10 12:25:56 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Media Connect 2
[2009/02/28 09:29:26 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Media Player
[2009/02/28 09:29:26 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows NT
[2008/06/10 12:06:19 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/06/10 12:06:19 | 000,000,000 | -H-D | M] -- C:\Program Files\xerox


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 07:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/02/28 09:24:25 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/02/28 09:24:25 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:42 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/02/28 09:24:25 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/02/28 09:24:25 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2007/04/03 05:39:42 | 000,096,384 | -H-- | M] (Microsoft Corporation) MD5=2218E3FD674DC284CE98C807086CAB14 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

Note from me: OTC to be continued

vrathgeber3
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-06-22
Gender Gender : Male
OS OS : Windows XP SP3
Protection Protection : Tried several (Spybot/MalwareBytes/McAfee/Windows)
Points Points : 20096
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Apparent Virus, Rogue Security Suite?, Icons/Programs disappearance

Post by vrathgeber3 on Thu Jun 23, 2011 1:40 am

< MD5 for: DISK.SYS >
[2004/08/04 07:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\I386\sp2.cab:disk.sys
[2004/08/04 07:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/02/28 09:24:25 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2009/02/28 09:24:25 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 07:00:00 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys


< MD5 for: IASTOR.SYS >
[2007/02/11 23:36:54 | 000,277,784 | -H-- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\drivers\other\iastor.sys
[2007/02/11 23:36:54 | 000,277,784 | -H-- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys
[2007/02/12 12:36:54 | 000,277,784 | -H-- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-11 20:05:09

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/13 19:50:41 | 000,552,464 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/13 19:50:41 | 000,552,464 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/13 19:50:41 | 000,552,464 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/05/13 19:50:37 | 000,912,344 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/13 19:50:37 | 000,912,344 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/13 19:50:37 | 000,912,344 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 06:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 06:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 06:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/13 19:50:41 | 000,552,464 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/13 19:50:41 | 000,552,464 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/13 19:50:41 | 000,552,464 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/05/13 19:50:37 | 000,912,344 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/13 19:50:37 | 000,912,344 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/13 19:50:37 | 000,912,344 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 06:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 06:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 06:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)

< End of report >

OTL Extras logfile created on: 6/22/2011 7:27:13 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = E:\My Documents\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 54.04% Memory free
3.81 Gb Paging File | 3.02 Gb Available in Paging File | 79.29% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 5.98 Gb Free Space | 12.24% Space Free | Partition Type: NTFS
Drive E: | 56.24 Gb Total Space | 47.34 Gb Free Space | 84.18% Space Free | Partition Type: NTFS

Computer Name: MBA09-9A7B8CF | User Name: jmm6 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"62228:TCP" = 62228:TCP:*:Enabled:Trend Micro OfficeScan Listener

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SPSSInc\SPSS16\spss.exe" = C:\Program Files\SPSSInc\SPSS16\spss.exe:*:Disabled:SPSS 16.0 for Windows (1033:exe) -- (SPSS Inc)
"C:\Program Files\SPSSInc\SPSS16\spss.com" = C:\Program Files\SPSSInc\SPSS16\spss.com:*:Disabled:SPSS 16.0 for Windows (1033:com) -- (SPSS Inc)
"C:\Program Files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe" = C:\Program Files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor (1033) -- (SPSS Inc.)
"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007 -- (Microsoft Corporation)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager
"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator 0.8.0
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{39A908FD-7322-41AE-B374-C7A076B2FC97}" = Memeo AutoBackup
"{41AA7187-8272-462c-9EED-7B614DA1404E}" = The Sims™ 2 Fun with Pets Collection
"{41C18715-AFF0-49E9-B940-287A50532D33}" = Cisco Clean Access Agent
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{49F51417-DF8C-4272-94E3-A0D4B64060EA}" = TONKA Firefighter
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C271126-C295-4828-A901-5910AE0C258B}" = Cisco Systems VPN Client 5.0.03.0530
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{621025AE-3510-478E-BC27-1A647150976F}" = SPSS 16.0 for Windows
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68DC42FA-962C-4973-A306-D595D861FA1E}" = MySims™
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78AC18A2-12A9-4102-B0B7-C7558182D212}" = C6300
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{88D18C5E-5113-4A1E-8EC9-2B7E24688A14}" = PS_AIO_04_C6300_Software_Min
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC2BA148-EE9C-4F1A-AFCE-F38C2C71D29B}" = Mobile Broadband Generic Drivers
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BA8DF709-6BAB-4092-91E0-4D67EFC12A98}" = HP Photosmart C6300 All-In-One Driver Software 12.0 Rel .4
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C22E50B4-B9D0-4a07-B1F3-12362514FEA7}" = The Sims™ 2 Double Deluxe
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C51CD33D-D7A0-4328-A802-3CD9DA437208}" = Type to Learn 3 Home
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E5BA0430-919F-46DD-B656-0796F8A5ADFF}" = Microsoft Office Communicator 2007
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EA61B3FD-10FF-4979-BC69-D3CC9E753765}" = SPSS SmartViewer 16.0
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F362902D-BC94-4187-8960-3B51F55B2EB0}" = Verizon Wireless USB760 Firmware Updates
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Disney's Toontown Online" = Disney's Toontown Online
"EA Download Manager" = EA Download Manager
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Hidden Mysteries Civil War" = Hidden Mysteries Civil War
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OfficeScanNT" = Trend Micro OfficeScan Client
"OnScreenDisplay" = On Screen Display
"PALISADEBK11" = Palisade Numerical Tools - Book Version
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Picasa2" = Picasa 2
"Power Management Driver" = ThinkPad Power Management Driver
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel(R) PRO Network Connections Drivers
"Remove Multimedia Center" = Remove Multimedia Center
"SecureW2 TTLS Client" = SecureW2 TTLS Client 3.3.1 for Windows
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TONKA Monster Trucks" = Uninstall TONKA Monster Trucks
"TreeAge Pro" = TreeAge Pro
"Webroot Software" = Webroot Software
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"InstallShield_{39A908FD-7322-41AE-B374-C7A076B2FC97}" = Memeo AutoBackup
"Juniper_Setup_Client" = Juniper Networks Setup Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/11/2011 3:32:54 PM | Computer Name = MBA09-9A7B8CF | Source = Windows Search Service | ID = 3013
Description = The entry in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 6/11/2011 5:35:41 PM | Computer Name = MBA09-9A7B8CF | Source = Windows Search Service | ID = 3013
Description = The entry in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 6/11/2011 5:35:41 PM | Computer Name = MBA09-9A7B8CF | Source = Windows Search Service | ID = 3013
Description = The entry in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 6/11/2011 5:35:41 PM | Computer Name = MBA09-9A7B8CF | Source = Windows Search Service | ID = 3013
Description = The entry in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 6/11/2011 5:35:41 PM | Computer Name = MBA09-9A7B8CF | Source = Windows Search Service | ID = 3013
Description = The entry in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 6/11/2011 5:35:41 PM | Computer Name = MBA09-9A7B8CF | Source = Windows Search Service | ID = 3013
Description = The entry in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 6/11/2011 5:35:41 PM | Computer Name = MBA09-9A7B8CF | Source = Windows Search Service | ID = 3013
Description = The entry in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 6/12/2011 10:00:15 PM | Computer Name = MBA09-9A7B8CF | Source = Windows Search Service | ID = 3013
Description = The entry in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 6/12/2011 10:00:19 PM | Computer Name = MBA09-9A7B8CF | Source = Windows Search Service | ID = 3013
Description = The entry in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 6/12/2011 10:00:20 PM | Computer Name = MBA09-9A7B8CF | Source = Windows Search Service | ID = 3013
Description = The entry in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

[ OSession Events ]
Error - 4/10/2009 11:56:25 PM | Computer Name = MBA09-9A7B8CF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5069
seconds with 480 seconds of active time. This session ended with a crash.

Error - 11/15/2009 2:01:03 AM | Computer Name = MBA09-9A7B8CF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 33702 seconds with 4740 seconds of active time. This session ended with
a crash.

Error - 4/23/2010 3:44:42 PM | Computer Name = MBA09-9A7B8CF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 21464 seconds with 10380 seconds of active time. This session ended with
a crash.

Error - 4/23/2010 7:19:01 PM | Computer Name = MBA09-9A7B8CF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 33705
seconds with 2040 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/21/2011 9:39:47 PM | Computer Name = MBA09-9A7B8CF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/21/2011 9:40:33 PM | Computer Name = MBA09-9A7B8CF | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm tmtdi TPHKDRV TPPWRIF TSMAPIP

Error - 6/21/2011 10:16:27 PM | Computer Name = MBA09-9A7B8CF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/21/2011 10:16:27 PM | Computer Name = MBA09-9A7B8CF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/21/2011 10:18:51 PM | Computer Name = MBA09-9A7B8CF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/21/2011 10:18:57 PM | Computer Name = MBA09-9A7B8CF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/21/2011 10:19:02 PM | Computer Name = MBA09-9A7B8CF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/21/2011 11:58:00 PM | Computer Name = MBA09-9A7B8CF | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm tmtdi TPHKDRV TPPWRIF TSMAPIP

Error - 6/21/2011 11:59:49 PM | Computer Name = MBA09-9A7B8CF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/22/2011 8:20:01 PM | Computer Name = MBA09-9A7B8CF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-06-22 19:57:45
-----------------------------
19:57:45.500 OS Version: Windows 5.1.2600 Service Pack 3
19:57:45.500 Number of processors: 2 586 0xF0B
19:57:45.500 ComputerName: MBA09-9A7B8CF UserName: jmm6
19:57:46.265 Initialize success
19:57:54.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
19:57:54.468 Disk 0 Vendor: HITACHI_ BB2Z Size: 114473MB BusType: 3
19:57:54.500 Disk 0 MBR read successfully
19:57:54.500 Disk 0 MBR scan
19:57:54.500 Disk 0 unknown MBR code
19:57:54.500 Disk 0 scanning sectors +234435600
19:57:54.531 Disk 0 scanning C:\WINDOWS\system32\drivers
19:58:01.203 Service scanning
19:58:02.109 Disk 0 trace - called modules:
19:58:02.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
19:58:02.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7bf030]
19:58:02.125 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\00000090[0x8a78e958]
19:58:02.125 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a79d030]
19:58:02.125 Scan finished successfully
19:58:10.343 Disk 0 MBR has been saved successfully to "E:\My Documents\Desktop\MBR.dat"
19:58:10.359 The log file has been saved successfully to "E:\My Documents\Desktop\aswMBR.txt"



vrathgeber3
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-06-22
Gender Gender : Male
OS OS : Windows XP SP3
Protection Protection : Tried several (Spybot/MalwareBytes/McAfee/Windows)
Points Points : 20096
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Apparent Virus, Rogue Security Suite?, Icons/Programs disappearance

Post by Sneakyone on Thu Jun 23, 2011 5:06 am

Hi,

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Apparent Virus, Rogue Security Suite?, Icons/Programs disappearance

Post by vrathgeber3 on Fri Jun 24, 2011 1:41 am

Thank you. I ran combofix and the log is below. I had to fight to get TrendMicro OfficeScan disabled and I think it was disabled when combofix ran. TM Office required a password to disable/uninstall and noone around knew the password so I tried to kill all the associated processes now that I can access Task Manager (which is progress). After I ran Combofix, the missing programs and icons HAVE NOW REAPPEARED!! Great progress. The system looks normal again but I will hold onto it until I hear from you guys about the contents of the log. Again, profuse thanks for getting me this far!

ComboFix 11-06-23.01 - jmm6 06/23/2011 20:11:45.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2006.1356 [GMT -5:00]
Running from: e:\my documents\Desktop\com.exe
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {A0AE76E8-288F-435A-8E73-4739FEBA4F5F}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\mba10\Application Data\JuniperExtXP.exe
C:\Thumbs.db
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\pthreadVC.dll
c:\windows\system32\Thumbs.db
.


.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-05-24 to 2011-06-24 )))))))))))))))))))))))))))))))
.
.
2011-06-22 04:02 . 2011-06-22 04:02 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{24F72050-686C-4A15-B137-09FEB449D545}
2011-06-22 04:01 . 2011-06-22 04:01 -------- d-----w- c:\documents and settings\mba10\Local Settings\Application Data\PackageAware
2011-06-19 21:22 . 2011-06-20 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-06-19 21:22 . 2011-06-19 21:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-28 19:19 . 2011-06-09 14:41 -------- d--h--w- c:\documents and settings\mba10\Application Data\go
2011-05-28 19:19 . 2011-06-09 15:41 -------- d--h--w- c:\documents and settings\All Users\Application Data\Easybits GO
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-24 01:18 . 2009-02-21 17:54 17408 ---ha-w- c:\windows\system32\rpcnetp.exe
2011-06-24 00:54 . 2009-02-21 17:57 17408 ---ha-w- c:\windows\system32\rpcnetp.dll
2011-06-11 01:07 . 2008-07-03 15:54 58288 ---ha-w- c:\windows\system32\rpcnet.dll
2011-06-10 03:53 . 2007-06-12 18:02 58288 ------w- c:\windows\system32\rpcnet.exe
2011-05-15 21:46 . 2011-05-15 21:46 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2007-03-27 03:50 . 2008-06-16 20:20 86528 ---ha-w- c:\program files\WBALANCE.EXE
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-12-06 200704]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-12-06 208896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 512000]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2006-12-29 569344]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 59168]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"TpShocks"="TpShocks.exe" [2007-11-22 181536]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 536576]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 120368]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-09-07 710000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\mba10\Start Menu\Programs\Startup\
Memeo AutoBackup Launcher.lnk - c:\documents and settings\mba10\Application Data\Microsoft\Installer\{39A908FD-7322-41AE-B374-C7A076B2FC97}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2010-10-29 73728]
PowerReg Scheduler V3.exe [2010-10-3 225280]
PowerReg Scheduler.exe [2010-2-27 256000]
Shortcut to WBALANCE.lnk - c:\program files\WBALANCE.EXE [2008-6-16 86528]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-9-17 2056275]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-10 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]
VPN Client.lnk - c:\windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2008-6-16 6144]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ---ha-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ---ha-w- c:\program files\Lenovo\HOTKEY\tphklock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.com"=
"c:\\Program Files\\SPSSInc\\SPSS16\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"62228:TCP"= 62228:TCP:Trend Micro OfficeScan Listener
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/16/2007 8:32 PM 19504]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [5/2/2008 4:22 PM 205328]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [5/2/2008 4:21 PM 36368]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/8/2007 3:11 PM 569344]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [6/10/2008 12:18 PM 81280]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [5/22/2007 5:59 PM 30336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/22/2011 7:45 PM 136176]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [12/18/2009 12:13 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [12/18/2009 12:12 PM 174720]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [4/27/2007 8:35 PM 575064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-24 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]
.
2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-23 00:45]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-23 00:45]
.
2011-06-24 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 21:07]
.
2011-06-24 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-06-10 16:22]
.
2011-06-24 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\mba10\Application Data\Mozilla\Firefox\Profiles\ws5g7iuf.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-UYhaQsSEGdkYay - c:\documents and settings\All Users\Application Data\UYhaQsSEGdkYay.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-06-23 20:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1580)
c:\program files\Lenovo\HOTKEY\tphklock.dll
.
- - - - - - - > 'explorer.exe'(5376)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\acs.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Trend Micro\OfficeScan Client\ntrtscan.exe
c:\windows\system32\rpcnet.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\Trend Micro\OfficeScan Client\tmlisten.exe
c:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
c:\windows\TEMP\OF29B8.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\TpShocks.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\SearchProtocolHost.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2011-06-23 20:31:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-24 01:31
.
Pre-Run: 6,392,705,024 bytes free
Post-Run: 6,668,091,392 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 2E3CE21CD57090ECAAF8C17B66051895

vrathgeber3
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-06-22
Gender Gender : Male
OS OS : Windows XP SP3
Protection Protection : Tried several (Spybot/MalwareBytes/McAfee/Windows)
Points Points : 20096
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Apparent Virus, Rogue Security Suite?, Icons/Programs disappearance

Post by Sneakyone on Fri Jun 24, 2011 6:35 am

Hi,

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Apparent Virus, Rogue Security Suite?, Icons/Programs disappearance

Post by vrathgeber3 on Fri Jun 24, 2011 4:11 pm

Downloaded and run MalwareBytes per your instructions. Looks pretty clean? Here is the Quick Scan Log:

Malwarebytes' Anti-Malware 1.51.0.1200
[You must be registered and logged in to see this link.]

Database version: 6939

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/24/2011 11:06:21 AM
mbam-log-2011-06-24 (11-06-21).txt

Scan type: Quick scan
Objects scanned: 187359
Time elapsed: 10 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

vrathgeber3
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-06-22
Gender Gender : Male
OS OS : Windows XP SP3
Protection Protection : Tried several (Spybot/MalwareBytes/McAfee/Windows)
Points Points : 20096
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Apparent Virus, Rogue Security Suite?, Icons/Programs disappearance

Post by Sneakyone on Sun Jun 26, 2011 5:39 am

Hi,

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Apparent Virus, Rogue Security Suite?, Icons/Programs disappearance

Post by vrathgeber3 on Tue Jun 28, 2011 2:50 am

Hi, I ran the ESET Online Scanner as instructed and it came up with zero everything; didn't even give the option for a log which I guess wouldn't have said much extra since nothing was found. So....it appears all is well for now. Thank you so much for the assistance! You guys do a great service!

vrathgeber3
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-06-22
Gender Gender : Male
OS OS : Windows XP SP3
Protection Protection : Tried several (Spybot/MalwareBytes/McAfee/Windows)
Points Points : 20096
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Apparent Virus, Rogue Security Suite?, Icons/Programs disappearance

Post by Sneakyone on Tue Jun 28, 2011 8:48 pm

You're welcome, glad to help. Smile


Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

Updating System Restore

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:




  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE.





You now have a clean restore point.

To get rid of the bad ones:




  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do a calculation of temporary/old files, and then display a dialogue box.
  • Select the More Options Tab.
  • At the bottom will be a System Restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done.





========

Removing the tools

Now, to remove all of the tools we used and the files and folders they created, please do the following:

Download [URL="http://www.itxassociates.com/OT-Tools/OTC.exe"]OTC.exe[/URL] by OldTimer:




  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.





============

Update Programs

Please download the newest version of Adobe Acrobat Reader from [URL="http://www.adobe.com/products/acrobat/readstep2.html"]Adobe.com[/URL]

Please download the newest version of Java from [URL="http://www.java.com/en/download/manual.jsp"]Java.com[/URL].

===============

Staying Protected

If you don't have a anti-virus I recommend to download one of these free anti-virus programs:
1. [URL="http://www.avast.com/"]Avast![/URL]
2. [URL="http://www.avira.com/en/support-download-free-antivirus"]Avira[/URL]
3. [URL="http://www.microsoft.com/security_essentials/default.aspx"]Microsoft Security Essentials[/URL]

If you have Windows XP, then I recommend downloading one of these free firewalls if you do not already have one:
1. [URL="http://www.comodo.com/home/internet-security/firewall.php"]Comodo Firewall[/URL]
2. [URL="http://www.tallemu.com/products-online-armor-free.php"]Tallemu Online Armor[/URL]

I recommend using [URL="http://www.malwarebytes.org/mbam.php"]MalwareBytes Anti-Malware[/URL] for a anti-malware program.

If you don't have a anti-spyware I recommend to download this free program to help keep you spyware free:
1. [URL="http://www.javacoolsoftware.com/spywareblaster.html"]SpywareBlaster[/URL]

Please don't download more than one anti-virus, firewall, or anti-spyware because they will conflict with each other making your computer slow, data loss, and false results so please just don't do it.

================

Here are some prevention tips:

1. Torrents are a conduit of malware; this is why we highly recommend not using them as chances are extremely high that you will be infected from them.

2. Cracks/warez/keygens are another conduit of malware and are illegal so don't use them.

3. Disable auto-run to prevent auto-run worms from infecting your machine through USB drives.[URL="http://www.engadget.com/2004/06/29/how-to-tuesday-disable-autorun-on-windows/"]XP[/URL] or [URL="http://www.howtogeek.com/howto/windows-vista/disable-autoplay-in-windows-vista/"]Vista/7[/URL]

4. Always make sure you have the latest [URL="http://windowsupdate.microsoft.com"]Windows update[/URL].

5. Use a Site Advisor so you don't go to sites that will infect you. [URL="http://www.mywot.com/en/download"]Web-of-Trust[/URL] or [URL="http://www.siteadvisor.com/download/windows.html"]Mcafee Siteadvisor[/URL]

6. Also there are many holes and flaws in Internet Explorer I recommend using [URL="http://www.getfirefox.com/"]Firefox[/URL] or [URL="http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95346"]Google Chrome[/URL] to keep you more safe.

7. Always keep your [URL="http://www.java.com/en/download/installed.jsp"]Java[/URL] and Adobe Reader updated and all older versions removed to keep clear from exploits.

8. Don't fall for Scareware. What is Scareware? A rogue anti-virus on your system that will scare you into buying their fake software due to false detections.

9. Be sure to always have a firewall and anti-virus installed at all times.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Apparent Virus, Rogue Security Suite?, Icons/Programs disappearance

Post by vrathgeber3 on Tue Jun 28, 2011 8:58 pm

Thank you for the help and the great advice! Big Grin

vrathgeber3
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-06-22
Gender Gender : Male
OS OS : Windows XP SP3
Protection Protection : Tried several (Spybot/MalwareBytes/McAfee/Windows)
Points Points : 20096
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Apparent Virus, Rogue Security Suite?, Icons/Programs disappearance

Post by Sneakyone on Thu Jun 30, 2011 2:22 am

You're welcome, glad to help. Smile


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56084
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum