had "Windows XP Repair " malware

View previous topic View next topic Go down

had "Windows XP Repair " malware

Post by sdowner on 23rd June 2011, 2:28 pm

think it has been removed using COMBOFIX, Malewarebytes and SUPERAntiSpyware Free Edition, but I am still getting browser redirects and SUPERAntiSpyware Free Edition or Spybot search and destroy still find Adaware.

aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-06-23 10:14:33
-----------------------------
10:14:33.817 OS Version: Windows 5.1.2600 Service Pack 3
10:14:33.817 Number of processors: 1 586 0xF0D
10:14:33.817 ComputerName: SLS-LX-H023KH1 UserName: sdowner
10:14:37.002 Initialize success
10:14:59.905 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
10:14:59.905 Disk 0 Vendor: SAMSUNG_HM121HI LZ100-11 Size: 114473MB BusType: 3
10:15:01.948 Disk 0 MBR read successfully
10:15:01.948 Disk 0 MBR scan
10:15:01.948 Disk 0 Windows XP default MBR code found via API
10:15:01.948 Disk 0 unknown MBR code
10:15:01.948 Disk 0 MBR hidden
10:15:03.961 Disk 0 scanning sectors +234436545
10:15:04.011 Disk 0 scanning C:\WINDOWS\system32\drivers
10:15:13.024 Service scanning
10:15:14.115 Disk 0 trace - called modules:
10:15:14.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8712df16]<<
10:15:14.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87148030]
10:15:14.125 3 CLASSPNP.SYS[f76bdfd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8713ed98]
10:15:14.496 \Driver\atapi[0x871c7690] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8712df16
10:15:14.496 Scan finished successfully
10:16:42.573 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\sdowner\Desktop\MBR.dat"
10:16:42.573 The log file has been saved successfully to "C:\Documents and Settings\sdowner\Desktop\aswMBR.txt"


OTL Extras logfile created on: 6/23/2011 10:00:14 AM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\sdowner\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.29 Mb Total Physical Memory | 214.21 Mb Available Physical Memory | 21.12% Memory free
1.63 Gb Paging File | 0.77 Gb Available in Paging File | 47.46% Paging File free
Paging file location(s): C:\pagefile.sys 756 2277 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 78.05 Gb Free Space | 69.82% Space Free | Partition Type: NTFS
Drive E: | 488.84 Mb Total Space | 488.80 Mb Free Space | 99.99% Space Free | Partition Type: FAT
Drive X: | 249.02 Gb Total Space | 7.33 Gb Free Space | 2.95% Space Free | Partition Type: NTFS
Drive Z: | 93.56 Gb Total Space | 39.58 Gb Free Space | 42.31% Space Free | Partition Type: NTFS

Computer Name: SLS-LX-H023KH1 | User Name: sdowner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 0
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings]
"Enabled" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint]
"Enabled" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop]
"Enabled" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"5060:UDP" = 5060:UDP:*:Enabled:TekSIP SIP Signalling (UDP)
"5060:TCP" = 5060:TCP:*:Enabled:TekSIP SIP Signalling (TCP)
"67:UDP" = 67:UDP:*:Enabled:Acuative DHCP Service (UDP 67)
"68:UDP" = 68:UDP:*:Enabled:Acuative DHCP Service (UDP 68)
"80:TCP" = 80:TCP:*:Enabled:Acuative Web Service (TCP 80)
"443:TCP" = 443:TCP:*:Enabled:Acuative Web Service (TCP 443)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\TekSIP\TekSIP.exe" = C:\Program Files\TekSIP\TekSIP.exe:*:Enabled:TekSIP Service -- (Yasin KAPLAN)
"C:\Program Files\TekSIP\TSManager.exe" = C:\Program Files\TekSIP\TSManager.exe:*:Enabled:TekSIP Manager -- (Yasin KAPLAN)
"C:\Program Files\Cisco Systems\Cisco Unified Personal Communicator\CUPCK9.exe" = C:\Program Files\Cisco Systems\Cisco Unified Personal Communicator\CUPCK9.exe:*:Enabled:Cisco Unified Personal Communicator -- (Cisco Systems, Inc.)
"c:\ceboot\cebootsvr.exe" = c:\ceboot\cebootsvr.exe:*:Enabled:Acuative Boot Service -- (Acuative)
"c:\ceboot\cebootsvr64.exe" = c:\ceboot\cebootsvr64.exe:*:Enabled:Acuative Boot Service 64-bit -- (Acuative)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Cisco Systems\Cisco Unified Personal Communicator\CUPCK9.exe" = C:\Program Files\Cisco Systems\Cisco Unified Personal Communicator\CUPCK9.exe:*:Enabled:Cisco Unified Personal Communicator -- (Cisco Systems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = TIPCI
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 23
"{26A24AE4-039D-4CA4-87B4-2F83216012F0}" = Java(TM) 6 Update 12
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{2C42ED1E-6315-4E63-89E6-057EA114EBB8}" = MetaFrame Presentation Server Client
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{539D63C6-4EF4-4B9E-9926-85053F119171}" = Microsoft Dynamics CRM 4.0 for Microsoft Office Outlook
"{5A71CA98-3865-4B56-AD26-B1A3681F4D90}" = Cisco Unified Personal Communicator
"{5E994A95-9388-4D10-8E68-54B8CBF894D3}" = Microsoft Application Error Reporting
"{668842FC-6827-4B6F-82BF-3828BE6D3007}" = Cisco AnyConnect VPN Client
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73EF6DFE-68FB-4B22-8B80-9145895E2699}" = NETGEAR XET1001 Powerline Encryption Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{84B70C16-7032-41EE-965C-3C8D9D566CBB}" = Symantec Endpoint Protection
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISSTD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISSTD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISSTD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0053-0000-0000-0000000FF1CE}" = Microsoft Office Visio Standard 2007
"{90120000-0053-0000-0000-0000000FF1CE}_VISSTD_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0053-0000-0000-0000000FF1CE}_VISSTD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISSTD_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISSTD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISSTD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{903A0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Standard 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5B1B858-96D1-4FF2-AC80-EE4C34433AE6}" = RTC Client
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B03954CC-E130-4E57-BC83-869978685902}" = LG United Mobile Drivers
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5CB0955-2A43-42F4-A44F-5C2BFC52E977}" = Cisco Systems VPN Client 5.0.00.0090
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BF101FA0-7FF2-4367-8B8B-1D06F2BB0179}" = msxml 4.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D491FEB0-3D6A-49DE-8C97-8D4D0036E07E}" = WebEx Meeting Manager for Firefox/Netscape/Chrome
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{E60E0B9B-AC8C-4B83-9FB5-778ACBC8942B}" = TekSIP
"{EF429587-8A51-11D5-9FDD-00A0CC536920}" = StarCAD 9000
"{F09AA348-9694-4D27-BC70-2F9A0139ACD7}" = InsidEdge Report Portal Shortcut
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3CDaemon" = 3CDaemon
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"Aspell French Dictionary_is1" = Aspell French Dictionary-0.50-3
"Aspell Spanish Dictionary_is1" = Aspell Spanish Dictionary-0.50-2
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Canon MP620 series User Registration" = Canon MP620 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Cisco Unified Communications Sales Accelerator 3.0" = Cisco Unified Communications Sales Accelerator 3.0
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"GNU Aspell_is1" = GNU Aspell 0.50-3
"Google Updater" = Google Updater
"GTK 2.0" = GTK+ Runtime 2.12.12 rev a (remove only)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Installing HSP56 MicroModem Drivers" = PCTEL 2304WT V.9x MDC Modem Drivers
"InstallShield_{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{73EF6DFE-68FB-4B22-8B80-9145895E2699}" = NETGEAR XET1001 Powerline Encryption Utility
"IZArc 3.5 beta 3_is1" = IZArc 3.5 beta 3
"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"Pidgin" = Pidgin
"STANDARD" = Microsoft Office Standard 2007
"SyncBack_is1" = SyncBack
"SysAid_is1" = SysAid Agent version 7.5.06
"VISSTD" = Microsoft Office Visio Standard 2007
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X-Lite 1.5_is1" = X-Lite 3.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"GoToMeeting" = GoToMeeting 4.5.0.457
"Juniper_Setup_Client" = Juniper Networks Setup Client

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >







sdowner
Novice
Novice

Posts Posts : 7
Joined Joined : 2011-06-23
OS OS : XP SP3
Points Points : 20061
# Likes # Likes : 0

View user profile

Back to top Go down

OTL.txt part 1

Post by sdowner on 23rd June 2011, 2:29 pm

OTL logfile created on: 6/23/2011 10:00:04 AM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\sdowner\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.29 Mb Total Physical Memory | 214.21 Mb Available Physical Memory | 21.12% Memory free
1.63 Gb Paging File | 0.77 Gb Available in Paging File | 47.46% Paging File free
Paging file location(s): C:\pagefile.sys 756 2277 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 78.05 Gb Free Space | 69.82% Space Free | Partition Type: NTFS
Drive E: | 488.84 Mb Total Space | 488.80 Mb Free Space | 99.99% Space Free | Partition Type: FAT
Drive X: | 249.02 Gb Total Space | 7.33 Gb Free Space | 2.95% Space Free | Partition Type: NTFS
Drive Z: | 93.56 Gb Total Space | 39.58 Gb Free Space | 42.31% Space Free | Partition Type: NTFS

Computer Name: SLS-LX-H023KH1 | User Name: sdowner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/23 09:58:55 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sdowner\My Documents\Downloads\OTL.com
PRC - [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/08 11:25:02 | 001,064,448 | ---- | M] (SysAid Ltd) -- C:\Program Files\SysAid\IliAS.exe
PRC - [2011/01/13 16:01:37 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011/01/13 16:01:36 | 001,893,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2011/01/13 16:01:36 | 001,839,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2011/01/13 16:01:36 | 001,459,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2011/01/13 16:01:36 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/10/21 14:35:55 | 000,194,808 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnui.exe
PRC - [2010/10/21 14:33:56 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | -HS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/02 13:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/06/06 16:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/05/22 14:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/05/10 10:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
PRC - [2007/02/05 12:22:30 | 001,512,488 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2006/09/08 15:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2004/02/21 00:08:54 | 000,016,656 | ---- | M] () -- C:\Program Files\Citrix\ICA Client\ssonsvr.exe


========== Modules (SafeList) ==========

MOD - [2011/06/23 09:58:55 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sdowner\My Documents\Downloads\OTL.com
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/02/15 20:45:44 | 000,102,400 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hccutils.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/08 11:25:02 | 001,064,448 | ---- | M] (SysAid Ltd) [Auto | Running] -- C:\Program Files\SysAid\IliAS.exe -- (SysAidAgent)
SRV - [2011/01/13 16:01:37 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/01/13 16:01:37 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/01/13 16:01:36 | 001,893,728 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/01/13 16:01:36 | 001,839,776 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2011/01/13 16:01:36 | 000,357,744 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/10/21 14:33:56 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010/04/09 16:35:08 | 000,299,008 | ---- | M] (Yasin KAPLAN) [On_Demand | Stopped] -- C:\Program Files\TekSIP\TekSIP.exe -- (TekSIP)
SRV - [2010/03/22 15:29:18 | 000,201,728 | ---- | M] (Acuative) [On_Demand | Stopped] -- c:\ceboot\cebootsvr.exe -- (CEBootService)
SRV - [2009/11/17 15:53:24 | 000,204,800 | ---- | M] () [On_Demand | Stopped] -- c:\jetty-6\bin\Jetty-Service.exe -- (Jetty)
SRV - [2009/09/15 15:19:08 | 000,148,992 | ---- | M] (Ph. Jounin) [On_Demand | Stopped] -- c:\dhcp\tftpd32_svc.exe -- (Tftpd32 svc)
SRV - [2009/08/12 18:20:28 | 000,615,720 | ---- | M] (Juniper Networks) [On_Demand | Stopped] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2007/05/10 10:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\Sigmatel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV)
SRV - [2007/02/05 12:22:30 | 001,512,488 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


========== Driver Services (SafeList) ==========

DRV - [2011/06/22 16:14:52 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110622.052\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/06/22 16:14:52 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110622.052\NAVENG.SYS -- (NAVENG)
DRV - [2011/06/21 13:14:34 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/10 09:21:28 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/02/23 13:06:12 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/01/13 16:01:37 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2011/01/13 16:01:37 | 000,284,720 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2011/01/13 16:01:37 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/12/16 12:25:21 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/12/07 14:23:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2010/12/07 14:23:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2010/12/07 14:23:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandgps.sys -- (AndGps)
DRV - [2010/12/07 14:22:58 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandbus.sys -- (Andbus)
DRV - [2010/10/21 14:20:39 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/03 16:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/03 16:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/24 17:20:36 | 000,035,256 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\XET1001Sp50.sys -- (XET1001Sp50)
DRV - [2009/08/12 18:07:02 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2007/10/09 19:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/08/02 17:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/08/02 17:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/08/02 17:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/06/25 18:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/02/05 12:21:32 | 000,305,784 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/10/02 18:45:40 | 000,126,864 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2006/05/10 16:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/04/06 16:49:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2006/03/27 16:02:06 | 000,074,752 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/04/30 16:01:56 | 003,281,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005/03/10 17:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/01/31 16:07:02 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/01/26 08:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/06/17 16:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/05/30 19:45:16 | 000,477,403 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2003/05/30 18:50:46 | 000,690,973 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2003/05/28 13:08:12 | 000,066,111 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2003/02/24 16:30:02 | 000,135,292 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ptserial.sys -- (Ptserial)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 10:42:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2008/11/24 20:32:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sdowner\Application Data\Mozilla\Extensions
[2011/06/20 21:29:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sdowner\Application Data\Mozilla\Firefox\Profiles\ijmwznjo.default\extensions
[2010/11/01 09:04:01 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Documents and Settings\sdowner\Application Data\Mozilla\Firefox\Profiles\ijmwznjo.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/04/27 16:25:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\sdowner\Application Data\Mozilla\Firefox\Profiles\ijmwznjo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/20 21:29:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sdowner\Application Data\Mozilla\Firefox\Profiles\ijmwznjo.default\extensions\trash
[2010/09/28 23:39:14 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\sdowner\Application Data\Mozilla\Firefox\Profiles\ijmwznjo.default\searchplugins\askcom.xml
[2009/08/26 18:11:56 | 000,001,344 | ---- | M] () -- C:\Documents and Settings\sdowner\Application Data\Mozilla\Firefox\Profiles\ijmwznjo.default\searchplugins\epicurious.xml
[2011/06/22 10:42:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2008/12/12 15:27:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/16 00:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/21 22:04:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O15 - HKCU\..Trusted Domains: dell.com ([ecomm2] https in Trusted sites)
O15 - HKCU\..Trusted Domains: dell.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: reports ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: telsource.com ([crm] http in Trusted sites)
O15 - HKCU\..Trusted Domains: telsource.net ([cle-crm-001] * in Trusted sites)
O15 - HKCU\..Trusted Domains: telsource.net ([crm] http in Trusted sites)
O15 - HKCU\..Trusted Domains: telsource.net ([intranet] http in Trusted sites)
O16 - DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} [You must be registered and logged in to see this link.] (RSClientPrint 2005 Class)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} [You must be registered and logged in to see this link.] (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} [You must be registered and logged in to see this link.] (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = telsource.net
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\sdowner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\sdowner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/07/11 11:10:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BlackBerryAutoUpdate - hkey= - key= - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
MsConfig - StartUpReg: BluetoothAuthenticationAgent - hkey= - key= - File not found
MsConfig - StartUpReg: BYRUA_AGENT - hkey= - key= - C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWUAAgent.exe (LG Electronics)
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig - StartUpReg: eFax 4.4 - hkey= - key= - C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
MsConfig - StartUpReg: H/PC Connection Agent - hkey= - key= - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: IJNetworkScanUtility - hkey= - key= - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
MsConfig - StartUpReg: MSCRM - hkey= - key= - c:\Program Files\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe (Microsoft Corporation)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: PCTVOICE - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe ()

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SmcService - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/23 10:00:47 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Documents and Settings\sdowner\Desktop\aswMBR.exe
[2011/06/23 09:07:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sdowner\Start Menu\Programs\HiJackThis
[2011/06/23 09:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/22 14:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sdowner\My Documents\pana
[2011/06/22 10:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/06/22 09:55:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/21 22:21:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/06/21 21:25:30 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/06/21 13:02:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sdowner\Application Data\SUPERAntiSpyware.com
[2011/06/21 12:20:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/06/21 12:20:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/06/21 12:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/21 11:24:11 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/21 11:04:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/21 11:04:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/21 11:04:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/21 11:04:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/21 11:00:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/21 10:57:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/20 17:05:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\sdowner\Recent
[2011/06/15 15:20:38 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/13 12:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sdowner\My Documents\NILA_BLACKBERRY
[2011/06/09 09:11:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Verizon
[2011/06/09 09:10:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sdowner\Local Settings\Application Data\V CAST Media Manager
[2011/06/09 09:07:08 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2011/06/09 09:04:41 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon V CAST Media Manager
[2011/06/07 13:41:35 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4a.dll
[2011/06/07 10:38:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VZW Utility Application - LG
[2011/06/07 10:38:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2011/06/07 10:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2011/06/07 08:56:04 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/06 10:49:02 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2011/06/06 10:49:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/06/01 09:55:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR Powerline Encryption Utility
[2011/06/01 09:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR XET1001 Powerline Encryption Utility
[2011/05/31 09:41:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sdowner\Application Data\Reviversoft
[2011/05/31 09:40:51 | 000,016,704 | ---- | C] (ReviverSoft) -- C:\WINDOWS\System32\roboot.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/23 10:01:12 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Documents and Settings\sdowner\Desktop\aswMBR.exe
[2011/06/23 09:48:03 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\sdowner\Desktop\HiJackThis.lnk
[2011/06/23 09:38:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/23 09:18:08 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/23 08:38:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/23 08:03:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/23 07:57:56 | 000,000,000 | ---- | M] () -- C:\t1ds.3
[2011/06/23 07:57:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/22 10:42:24 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/21 22:04:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/21 15:38:14 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\sdowner\Desktop\Shortcut to ComboFix.lnk
[2011/06/21 12:48:20 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/06/21 12:20:26 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/21 11:24:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/06/20 14:38:06 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\sdowner\Desktop\Shortcut to Recycle Bin.lnk
[2011/06/20 10:46:25 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/20 08:25:09 | 000,000,000 | ---- | M] () -- C:\t1dg.2
[2011/06/16 08:54:04 | 000,000,000 | ---- | M] () -- C:\t1ds.2
[2011/06/15 15:54:02 | 000,002,427 | ---- | M] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011/06/15 15:32:18 | 000,501,478 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/15 15:32:18 | 000,088,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/15 15:14:04 | 000,000,000 | ---- | M] () -- C:\t1ds.1
[2011/06/13 14:00:04 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2011/06/13 08:02:49 | 000,000,000 | ---- | M] () -- C:\t1dg.1
[2011/06/10 09:34:57 | 000,091,019 | ---- | M] () -- C:\Documents and Settings\sdowner\My Documents\226919_2081124953338_1401499594_2461391_2643060_n.jpg
[2011/06/10 09:34:22 | 000,134,976 | ---- | M] () -- C:\Documents and Settings\sdowner\My Documents\259597_2131716738101_1401499594_2534259_5175580_o.jpg
[2011/05/30 18:19:48 | 005,964,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/23 09:07:57 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\sdowner\Desktop\HiJackThis.lnk
[2011/06/23 07:57:56 | 000,000,000 | ---- | C] () -- C:\t1ds.3
[2011/06/22 10:42:24 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/06/22 10:42:24 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/21 15:38:14 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\sdowner\Desktop\Shortcut to ComboFix.lnk
[2011/06/21 12:48:20 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/06/21 12:20:26 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/21 11:24:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/06/21 11:24:14 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/21 11:04:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/21 11:04:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/21 11:04:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/21 11:04:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/21 11:04:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/20 14:38:06 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\sdowner\Desktop\Shortcut to Recycle Bin.lnk
[2011/06/20 08:25:09 | 000,000,000 | ---- | C] () -- C:\t1dg.2
[2011/06/16 08:54:04 | 000,000,000 | ---- | C] () -- C:\t1ds.2
[2011/06/15 15:14:04 | 000,000,000 | ---- | C] () -- C:\t1ds.1
[2011/06/13 08:02:49 | 000,000,000 | ---- | C] () -- C:\t1dg.1
[2011/06/10 09:43:45 | 000,134,976 | ---- | C] () -- C:\Documents and Settings\sdowner\My Documents\259597_2131716738101_1401499594_2534259_5175580_o.jpg
[2011/06/10 09:43:45 | 000,091,019 | ---- | C] () -- C:\Documents and Settings\sdowner\My Documents\226919_2081124953338_1401499594_2461391_2643060_n.jpg
[2011/06/09 09:07:09 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/06/07 10:38:59 | 000,002,427 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2011/01/19 20:03:31 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/12/19 11:47:26 | 000,000,161 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/12/05 18:46:39 | 000,000,333 | ---- | C] () -- C:\Program Files\startlvs.bat
[2010/09/13 09:57:12 | 000,227,840 | ---- | C] () -- C:\Program Files\xdelta3.exe
[2010/09/13 09:57:12 | 000,000,519 | ---- | C] () -- C:\Program Files\startlvs_3cx.bat
[2010/09/13 09:57:12 | 000,000,224 | ---- | C] () -- C:\Program Files\register_service64.bat
[2010/09/13 09:57:12 | 000,000,220 | ---- | C] () -- C:\Program Files\register_service.bat
[2010/09/13 09:57:12 | 000,000,215 | ---- | C] () -- C:\Program Files\setup_dedicated.bat
[2010/09/13 09:57:12 | 000,000,034 | ---- | C] () -- C:\Program Files\teksipservice.bat
[2009/06/10 13:02:07 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2009/04/02 12:26:41 | 000,000,151 | ---- | C] () -- C:\WINDOWS\VMMI.INI
[2009/02/27 11:23:57 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\sdowner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/13 11:54:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/11/24 20:32:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/07 16:46:15 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\sdowner\Application Data\$_hpcst$.hpc
[2008/10/22 15:16:13 | 000,000,178 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/09/29 13:56:43 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/09/29 13:56:41 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/09/29 13:56:41 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2008/09/29 13:19:34 | 001,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2008/09/29 13:19:34 | 001,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2008/09/29 13:19:34 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/09/29 13:19:34 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2007/02/05 12:22:42 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/02/05 12:22:28 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/02/27 18:13:34 | 000,012,790 | ---- | C] () -- C:\WINDOWS\dci.ini
[2006/02/16 18:38:58 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\TrueSoft.dat
[2005/10/18 14:16:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\Stac97co.dll
[2005/10/14 17:09:48 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2005/07/13 13:18:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/12 17:15:31 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\uninscpw.exe
[2005/07/12 16:48:04 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/12 10:13:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\pctspk.exe
[2005/07/12 10:13:32 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mdmmoh.dll
[2005/07/12 10:13:32 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\pthsp.dat
[2005/07/11 11:13:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/07/11 11:07:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/07/11 06:27:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/07/11 06:26:04 | 000,142,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/16 17:26:50 | 000,013,770 | ---- | C] () -- C:\WINDOWS\System32\drivers\fnetusb.sys
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,501,478 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,088,884 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >
[2011/01/08 16:00:53 | 000,001,746 | ---- | M] () -- C:\Documents and Settings\sdowner\Application Data\Microsoft\LastFlashConfig.WFC

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/06/23 10:01:12 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Documents and Settings\sdowner\Desktop\aswMBR.exe
[2011/04/21 14:40:00 | 001,069,560 | ---- | M] (VoiceRite, Inc. ) -- C:\Documents and Settings\sdowner\Desktop\RetailConnectSetup.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/06/16 00:17:34 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/06/16 00:17:34 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/06/16 00:17:34 | 000,265,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2009/08/13 10:17:01 | 000,000,000 | ---D | M] -- C:\Program Files\2BrightSparks
[2009/05/29 13:50:37 | 000,000,000 | ---D | M] -- C:\Program Files\3Com
[2009/08/19 13:39:32 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/12/12 11:08:38 | 000,000,000 | ---D | M] -- C:\Program Files\Aspell
[2008/01/18 11:20:11 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2010/04/05 20:32:54 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2008/12/24 11:33:32 | 000,000,000 | ---D | M] -- C:\Program Files\CanonBJ
[2011/06/20 21:02:44 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/11/09 10:09:58 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2011/01/12 17:49:21 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco Systems
[2011/01/26 13:20:25 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2011/06/21 21:49:49 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/07/11 11:06:50 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2005/10/18 14:02:13 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/04/08 13:46:30 | 000,000,000 | ---D | M] -- C:\Program Files\CounterPath
[2008/09/29 13:53:17 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2008/09/29 13:22:25 | 000,000,000 | ---D | M] -- C:\Program Files\DellTPad
[2010/07/12 10:46:46 | 000,000,000 | ---D | M] -- C:\Program Files\eFax Messenger 4.4
[2010/09/27 09:26:33 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011/06/09 09:08:39 | 000,000,000 | ---D | M] -- C:\Program Files\InstallShield Installation Information
[2008/09/29 13:36:17 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2009/08/03 12:48:42 | 000,000,000 | ---D | M] -- C:\Program Files\Interactive Intelligence
[2011/06/15 15:28:30 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2006/02/27 17:55:29 | 000,000,000 | ---D | M] -- C:\Program Files\IZArc
[2011/01/12 18:12:30 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/04/16 11:02:17 | 000,000,000 | ---D | M] -- C:\Program Files\Juniper Networks
[2011/06/09 10:38:35 | 000,000,000 | ---D | M] -- C:\Program Files\LG Electronics
[2011/03/30 12:21:17 | 000,000,000 | ---D | M] -- C:\Program Files\lvs3
[2011/06/03 12:22:45 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/09/25 06:04:05 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2008/11/07 17:07:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/09/29 14:45:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2010/03/08 13:11:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Dynamics CRM
[2005/07/11 11:10:36 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/01/13 22:30:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliPoint
[2009/02/06 09:47:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliType Pro
[2008/11/07 16:53:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/06/15 15:49:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2005/07/12 16:46:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/10/21 09:43:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/07/26 10:31:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/17 13:37:04 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/06/22 10:42:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2008/09/25 06:51:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/09/29 14:32:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2005/07/11 11:05:52 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2005/07/11 11:06:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/01/18 11:59:38 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2011/06/06 10:49:02 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2011/06/01 09:59:34 | 000,000,000 | ---D | M] -- C:\Program Files\NETGEAR XET1001 Powerline Encryption Utility
[2008/06/20 12:43:30 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2005/07/12 10:08:23 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/15 19:28:38 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2008/12/12 11:08:41 | 000,000,000 | ---D | M] -- C:\Program Files\Pidgin
[2009/01/28 17:50:27 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/04/01 13:56:06 | 000,000,000 | ---D | M] -- C:\Program Files\Realtime Landscaping Architect 2 Trial
[2008/09/25 06:48:50 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/01/19 19:39:36 | 000,000,000 | ---D | M] -- C:\Program Files\Research In Motion
[2005/10/18 14:34:35 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2008/12/25 16:00:06 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2010/03/15 16:09:50 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/21 16:51:12 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2011/02/23 13:06:12 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2011/05/03 17:22:05 | 000,000,000 | ---D | M] -- C:\Program Files\SysAid
[2011/05/09 17:35:17 | 000,000,000 | ---D | M] -- C:\Program Files\TekSIP
[2010/03/24 08:34:16 | 000,000,000 | ---D | M] -- C:\Program Files\Telsource
[2011/06/23 09:07:56 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2005/07/11 11:35:29 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
[2011/06/09 09:37:45 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon V CAST Media Manager
[2009/12/11 10:04:46 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2008/09/25 06:02:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/09/25 06:02:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/06/20 12:43:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/07/11 11:08:46 | 000,000,000 | ---D | M] -- C:\Program Files\WindowsUpdate
[2005/07/11 11:10:36 | 000,000,000 | ---D | M] -- C:\Program Files\xerox


< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/06/20 12:34:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/06/20 12:34:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/06/20 12:34:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/06/20 12:34:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/06/20 12:34:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/06/20 12:34:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 08:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-06-21 12:47:20

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)



sdowner
Novice
Novice

Posts Posts : 7
Joined Joined : 2011-06-23
OS OS : XP SP3
Points Points : 20061
# Likes # Likes : 0

View user profile

Back to top Go down

Re: had "Windows XP Repair " malware

Post by sdowner on 23rd June 2011, 2:32 pm

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >

sdowner
Novice
Novice

Posts Posts : 7
Joined Joined : 2011-06-23
OS OS : XP SP3
Points Points : 20061
# Likes # Likes : 0

View user profile

Back to top Go down

Re: had "Windows XP Repair " malware

Post by sdowner on 23rd June 2011, 2:38 pm

This all started on the 20th.

sdowner
Novice
Novice

Posts Posts : 7
Joined Joined : 2011-06-23
OS OS : XP SP3
Points Points : 20061
# Likes # Likes : 0

View user profile

Back to top Go down

Re: had "Windows XP Repair " malware

Post by sdowner on 28th June 2011, 2:16 pm

5 days and no response. I formatted PC, you guys use to be very responsive.

sdowner
Novice
Novice

Posts Posts : 7
Joined Joined : 2011-06-23
OS OS : XP SP3
Points Points : 20061
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum