FakeSysDef

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

FakeSysDef

Post by Rivers on Fri 30 Dec 2011, 12:04 pm

First got an error message "Windows detected a hard disk problem." Then got multiple tiled boxes that read "Windows - Delayed Write Failed. Failed to save all the components for the file \\systems\\00004386. The file is corrupted or unreadable. This error may be caused by a PC hardware problem."

Windows was totally inoperable and all the programs and files were hidden. Nothing would run except DOS files. Has changed now somewhat and some programs are listed in the start menu and they do open some documents. But only some are listed and the full start menu is not there.

Avira updated and gave a warning that the threat TR/FakeSysdef.466944.47 was found in file C:\Documents and Settings\...\hFITnUFOxHN.exe.

I have been able to open Windows in safe mode with networking and open the browser.

Any help is appreciated!

Here are the OTL and aswMBR logs:

OTL logfile created on: 12/21/2011 9:05:47 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.02% Memory free
3.85 Gb Paging File | 2.76 Gb Available in Paging File | 71.62% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 278.32 Gb Total Space | 191.28 Gb Free Space | 68.73% Space Free | Partition Type: NTFS
Drive D: | 0.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1009.72 Mb Total Space | 850.31 Mb Free Space | 84.21% Space Free | Partition Type: FAT

Computer Name: MMARTIN3 | User Name: mmartin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/21 18:35:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\OTL.com
PRC - [2011/12/21 16:30:07 | 000,447,360 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\hFITnUFOxHN.exe
PRC - [2011/11/22 10:56:38 | 000,273,528 | -H-- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/01 09:53:40 | 000,025,656 | -H-- | M] (Apache Software Foundation) -- C:\Program Files\Spiceworks\httpd\bin\spiceworks-httpd.exe
PRC - [2011/11/01 09:53:36 | 000,047,672 | -H-- | M] (Spiceworks, Inc.) -- C:\Program Files\Spiceworks\bin\spiceworks.exe
PRC - [2011/11/01 09:53:32 | 000,275,512 | -H-- | M] (Spiceworks, Inc.) -- C:\Program Files\Spiceworks\bin\spicetray.exe
PRC - [2011/07/01 09:32:59 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 15:15:53 | 000,076,968 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 15:15:40 | 000,136,360 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 15:15:29 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/01/07 12:12:22 | 000,505,576 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/09/29 08:17:50 | 000,013,088 | -H-- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/01/12 12:45:05 | 000,098,304 | -H-- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
PRC - [2009/01/12 12:42:53 | 000,020,572 | -H-- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | -H-- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 18:12:14 | 000,389,120 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2007/10/30 20:51:44 | 000,492,720 | -H-- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007/10/30 20:11:48 | 000,909,208 | -H-- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2007/10/30 20:07:40 | 000,140,568 | -H-- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007/10/30 20:07:38 | 000,427,288 | -H-- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/10/30 20:06:42 | 002,595,616 | -H-- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2006/08/03 05:12:36 | 000,577,536 | -H-- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2003/12/05 15:41:44 | 000,049,152 | -H-- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2003/10/03 11:52:50 | 000,061,440 | -H-- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
PRC - [2002/09/10 20:26:26 | 000,368,706 | -H-- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/21 16:30:07 | 000,447,360 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\hFITnUFOxHN.exe
MOD - [2011/11/01 09:51:16 | 000,024,576 | -H-- | M] () -- C:\Program Files\Spiceworks\pkg\gems\sqlite3-ruby-1.3.1\lib\sqlite3\sqlite3_native.so
MOD - [2011/11/01 09:51:12 | 000,052,224 | -H-- | M] () -- C:\Program Files\Spiceworks\pkg\gems\nokogiri-1.4.1\lib\nokogiri\nokogiri.so
MOD - [2011/11/01 09:51:12 | 000,027,648 | -H-- | M] () -- C:\Program Files\Spiceworks\pkg\gems\net-snmp-0.2.3\lib\netsnmp_api.so
MOD - [2011/11/01 09:51:10 | 000,060,416 | -H-- | M] () -- C:\Program Files\Spiceworks\pkg\gems\curb-0.7.12\lib\curb_core.so
MOD - [2011/11/01 09:51:10 | 000,011,776 | -H-- | M] () -- C:\Program Files\Spiceworks\pkg\gems\image_science-1.2.1\lib\image_science.so
MOD - [2011/11/01 09:50:00 | 000,101,376 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\site_ruby\1.9.1\i386-msvcr90\event_log.so
MOD - [2011/11/01 09:50:00 | 000,052,736 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\site_ruby\1.9.1\i386-msvcr90\efs.so
MOD - [2011/11/01 09:50:00 | 000,045,568 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\site_ruby\1.9.1\i386-msvcr90\bits.so
MOD - [2011/11/01 09:50:00 | 000,026,112 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\site_ruby\1.9.1\i386-msvcr90\async_ping.so
MOD - [2011/11/01 09:49:58 | 000,176,640 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\openssl.so
MOD - [2011/11/01 09:49:58 | 000,171,520 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\nkf.so
MOD - [2011/11/01 09:49:58 | 000,093,696 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\enc\trans\single_byte.so
MOD - [2011/11/01 09:49:58 | 000,084,480 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\socket.so
MOD - [2011/11/01 09:49:58 | 000,078,336 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\syck.so
MOD - [2011/11/01 09:49:58 | 000,077,824 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\zlib.so
MOD - [2011/11/01 09:49:58 | 000,074,752 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\win32ole.so
MOD - [2011/11/01 09:49:58 | 000,047,104 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\dl.so
MOD - [2011/11/01 09:49:58 | 000,039,936 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\bigdecimal.so
MOD - [2011/11/01 09:49:58 | 000,022,016 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\stringio.so
MOD - [2011/11/01 09:49:58 | 000,021,504 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\json\ext\generator.so
MOD - [2011/11/01 09:49:58 | 000,018,944 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\iconv.so
MOD - [2011/11/01 09:49:58 | 000,017,920 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\json\ext\parser.so
MOD - [2011/11/01 09:49:58 | 000,017,408 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\strscan.so
MOD - [2011/11/01 09:49:58 | 000,015,872 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\digest\sha2.so
MOD - [2011/11/01 09:49:58 | 000,015,360 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\racc\cparse.so
MOD - [2011/11/01 09:49:58 | 000,013,312 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\enc\trans\transdb.so
MOD - [2011/11/01 09:49:58 | 000,012,800 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\digest\sha1.so
MOD - [2011/11/01 09:49:58 | 000,012,288 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\digest.so
MOD - [2011/11/01 09:49:58 | 000,011,776 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\enc\trans\utf_16_32.so
MOD - [2011/11/01 09:49:58 | 000,011,776 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\enc\encdb.so
MOD - [2011/11/01 09:49:58 | 000,010,752 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\enc\shift_jis.so
MOD - [2011/11/01 09:49:58 | 000,010,752 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\enc\euc_jp.so
MOD - [2011/11/01 09:49:58 | 000,010,240 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\digest\md5.so
MOD - [2011/11/01 09:49:58 | 000,009,216 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\enc\utf_16le.so
MOD - [2011/11/01 09:49:58 | 000,009,216 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\enc\utf_16be.so
MOD - [2011/11/01 09:49:58 | 000,009,216 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\enc\iso_8859_1.so
MOD - [2011/11/01 09:49:58 | 000,008,704 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\etc.so
MOD - [2011/11/01 09:49:58 | 000,008,192 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\enc\utf_32le.so
MOD - [2011/11/01 09:49:58 | 000,008,192 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\enc\utf_32be.so
MOD - [2011/11/01 09:49:58 | 000,008,192 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\monitor_mixin.so
MOD - [2011/11/01 09:49:58 | 000,007,680 | -H-- | M] () -- C:\Program Files\Spiceworks\lib\ruby\1.9.1\i386-mswin32_90\fcntl.so
MOD - [2011/11/01 09:49:54 | 000,067,584 | -H-- | M] () -- C:\Program Files\Spiceworks\httpd\bin\zlib1.dll
MOD - [2011/11/01 09:49:54 | 000,067,584 | -H-- | M] () -- C:\Program Files\Spiceworks\bin\zlib1.dll
MOD - [2011/11/01 09:49:52 | 000,374,272 | -H-- | M] () -- C:\Program Files\Spiceworks\bin\sqlite3.dll
MOD - [2011/11/01 09:49:50 | 000,996,352 | -H-- | M] () -- C:\Program Files\Spiceworks\bin\libxml2.dll
MOD - [2011/11/01 09:49:50 | 000,397,312 | -H-- | M] () -- C:\Program Files\Spiceworks\bin\netsnmp.dll
MOD - [2011/11/01 09:49:50 | 000,171,008 | -H-- | M] () -- C:\Program Files\Spiceworks\bin\libxslt.dll
MOD - [2011/11/01 09:49:50 | 000,168,960 | -H-- | M] () -- C:\Program Files\Spiceworks\bin\qdbm.dll
MOD - [2011/11/01 09:49:48 | 000,061,440 | -H-- | M] () -- C:\Program Files\Spiceworks\bin\libexslt.dll
MOD - [2011/11/01 09:49:42 | 000,864,768 | -H-- | M] () -- C:\Program Files\Spiceworks\bin\iconv.dll
MOD - [2011/04/21 08:38:52 | 011,486,720 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
MOD - [2011/04/21 08:34:02 | 003,149,824 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/04/21 08:34:02 | 002,048,000 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011/04/21 08:34:01 | 002,933,248 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/04/21 08:34:00 | 000,425,984 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2011/04/21 08:33:56 | 000,626,688 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/04/21 08:33:56 | 000,303,104 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/04/21 08:33:55 | 000,258,048 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2011/04/21 08:33:54 | 000,261,632 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/04/21 08:33:52 | 000,114,688 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2011/04/21 08:33:47 | 005,025,792 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2010/06/17 14:27:22 | 000,355,688 | -H-- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/04/09 22:27:27 | 000,854,016 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/04/09 22:27:26 | 000,471,040 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2010/04/09 22:27:26 | 000,403,456 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2010/04/09 22:27:24 | 000,419,616 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2010/04/09 22:27:24 | 000,046,880 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2010/04/09 22:27:24 | 000,023,840 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2010/04/09 22:27:24 | 000,018,720 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2010/04/09 22:27:24 | 000,012,064 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2010/04/09 22:27:23 | 000,270,112 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2010/04/09 22:27:23 | 000,120,096 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2010/04/09 22:27:23 | 000,070,432 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2010/04/09 22:27:22 | 000,121,632 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2009/10/30 14:59:36 | 000,212,992 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll
MOD - [2009/10/30 14:55:28 | 007,868,416 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
MOD - [2009/09/04 22:15:06 | 000,067,872 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/04/07 17:17:41 | 001,058,304 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2009/04/07 17:17:41 | 000,471,040 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2009/04/07 17:17:40 | 000,402,208 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2009/04/07 17:17:40 | 000,238,368 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2009/04/07 17:17:40 | 000,047,392 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2009/04/07 17:17:40 | 000,018,720 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2009/04/07 17:17:39 | 000,130,848 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2009/04/07 17:17:39 | 000,120,608 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2009/04/07 17:17:39 | 000,072,992 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2009/04/07 17:14:13 | 000,755,712 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
MOD - [2009/04/07 17:14:12 | 000,270,336 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2009/04/07 17:14:11 | 000,458,752 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
MOD - [2009/04/07 17:14:11 | 000,065,536 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
MOD - [2009/04/07 17:14:11 | 000,045,056 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
MOD - [2009/04/07 17:14:10 | 000,073,728 | -H-- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
MOD - [2009/01/12 12:42:55 | 000,053,349 | -H-- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\zip.dll
MOD - [2009/01/12 12:42:55 | 000,053,342 | -H-- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\verify.dll
MOD - [2009/01/12 12:42:54 | 000,032,864 | -H-- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\net.dll
MOD - [2009/01/12 12:42:53 | 000,802,901 | -H-- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\hotspot\jvm.dll
MOD - [2009/01/12 12:42:53 | 000,094,308 | -H-- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\java.dll
MOD - [2009/01/12 12:42:53 | 000,028,776 | -H-- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\hpi.dll
MOD - [2009/01/12 12:42:53 | 000,020,572 | -H-- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
MOD - [2008/04/13 18:11:59 | 000,014,336 | -H-- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/10/30 20:51:44 | 000,492,720 | -H-- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
MOD - [2007/10/29 19:53:32 | 001,328,408 | -H-- | M] () -- C:\Program Files\Acronis\TrueImageHome\fox.dll
MOD - [2003/06/16 15:52:48 | 000,074,752 | -H-- | M] () -- C:\WINDOWS\system32\jst.dll
MOD - [2002/09/10 20:26:26 | 000,368,706 | -H-- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
MOD - [2002/07/02 14:32:00 | 000,184,431 | -H-- | M] () -- C:\Program Files\BroadJump\Client Foundation\TimerManager.dll
MOD - [2002/07/02 14:22:34 | 000,122,993 | -H-- | M] () -- C:\Program Files\BroadJump\Client Foundation\AppProperties.dll
MOD - [2002/07/02 14:10:42 | 000,110,695 | -H-- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComBase.dll
MOD - [2002/06/04 19:33:54 | 000,106,601 | -H-- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComSRCManager.dll
MOD - [2002/06/04 17:48:26 | 000,143,489 | -H-- | M] () -- C:\Program Files\BroadJump\Client Foundation\BasicLoaderService.dll
MOD - [2002/06/04 17:48:10 | 000,163,951 | -H-- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComRT.dll
MOD - [2002/05/03 15:40:32 | 000,094,274 | -H-- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
MOD - [2002/04/17 09:49:22 | 000,024,576 | -H-- | M] () -- C:\Program Files\hp\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2001/09/26 02:23:08 | 000,196,695 | -H-- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJIntlCore_1_1_DDR.dll
MOD - [2001/09/23 14:41:10 | 000,524,377 | -H-- | M] () -- C:\Program Files\BroadJump\Client Foundation\stlport_4_0_0_DDR.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/07/01 09:32:59 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/28 15:15:40 | 000,136,360 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/09/29 08:17:50 | 000,013,088 | -H-- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/01/23 15:27:40 | 000,651,720 | -H-- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/29 15:09:02 | 000,394,704 | -H-- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/10/30 20:51:44 | 000,492,720 | -H-- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/10/30 20:07:38 | 000,427,288 | -H-- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2002/12/04 02:24:20 | 000,065,536 | RH-- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/07/01 09:33:01 | 000,138,192 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/01 09:33:01 | 000,066,616 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/04/19 20:29:20 | 000,018,432 | -H-- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/06/11 15:46:46 | 000,082,380 | -H-- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2009/04/28 00:13:23 | 003,565,568 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/02/03 20:31:17 | 000,170,496 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2009/01/12 15:45:24 | 000,441,760 | -H-- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/01/12 15:45:24 | 000,044,384 | -H-- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/01/12 15:45:20 | 000,129,248 | -H-- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/01/12 15:45:16 | 000,368,544 | -H-- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2009/01/11 13:45:58 | 000,016,694 | -H-- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2008/10/09 15:42:42 | 000,017,408 | -H-- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/04/13 12:56:49 | 000,012,800 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 11:46:22 | 000,015,232 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007/10/04 20:27:26 | 000,019,240 | -H-- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2007/10/04 20:27:24 | 000,116,776 | -H-- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SI3114R.sys -- (SI3114r)
DRV - [2006/11/02 07:00:08 | 000,039,368 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (winusb)
DRV - [2006/09/20 15:01:12 | 004,019,072 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/08/06 15:44:24 | 000,014,336 | -H-- | M] (ATI Technologies Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atinpdxx.sys -- (PCDCODEC)
DRV - [2003/08/06 15:44:11 | 000,013,824 | -H-- | M] (ATI Technologies Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2003/08/06 15:41:07 | 000,104,960 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2003/08/06 15:39:59 | 000,063,488 | -H-- | M] (ATI Technologies Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atinxsxx.sys -- (ATIXSAudio)
DRV - [2003/08/06 15:39:05 | 000,051,712 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinraxx.sys -- (ativraxx)
DRV - [2003/08/06 15:35:20 | 000,056,832 | -H-- | M] (ATI Technologies Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atintuxx.sys -- (ATITUNEP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..keyword.URL: "http://search.avg.com/?d=4d63328c&i=23&tp=ab&nt=1&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\palmOne\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\mmartin\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\mmartin\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\mmartin\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\mmartin\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/22 10:57:12 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/22 10:57:00 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/22 10:57:44 | 000,000,000 | -H-D | M]

[2009/01/13 15:17:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\mmartin\Application Data\Mozilla\Extensions
[2011/12/17 21:46:36 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\mmartin\Application Data\Mozilla\Firefox\Profiles\p5a9s7yp.default\extensions
[2011/12/17 21:46:36 | 000,000,000 | -H-D | M] (FireShot) -- C:\Documents and Settings\mmartin\Application Data\Mozilla\Firefox\Profiles\p5a9s7yp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011/07/29 15:18:44 | 000,000,000 | -H-D | M] (BitDefender QuickScan) -- C:\Documents and Settings\mmartin\Application Data\Mozilla\Firefox\Profiles\p5a9s7yp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/11/08 22:21:40 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/08 22:21:34 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/10/26 09:00:08 | 000,016,896 | -H-- | M] () -- C:\Program Files\mozilla firefox\components\tmfftb.dll
[2011/05/18 15:49:47 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 09:51:41 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/08 22:21:34 | 000,002,040 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/05/16 17:32:46 | 000,000,027 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Time Matters) - {00F17ECE-12DA-46A0-B541-BDE4EB7DF027} - C:\TMW9\tmietb.dll (LexisNexis, a division of Reed Elsevier Inc. )
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Time Matters) - {00F17ECE-12DA-46A0-B541-BDE4EB7DF027} - C:\TMW9\tmietb.dll (LexisNexis, a division of Reed Elsevier Inc. )
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [hFITnUFOxHN.exe] C:\Documents and Settings\All Users\Application Data\hFITnUFOxHN.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Spiceworks] C:\Program Files\Spiceworks\bin\spicetray_silent.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Add to Evernote - C:\Program Files\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} [You must be registered and logged in to see this link.] (NSHelp Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = blackwarriorriver.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55126A71-4597-46AB-8F9E-B840B3F4513F}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\mmartin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mmartin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/08 11:48:13 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTRSupport - Reg Error: Value error.
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0F5C3557-9462-6B04-BD71-78589BDDBE66} - Outlook Express
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/12/21 21:04:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\mmartin\Recent
[2011/12/21 19:39:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\mmartin\Application Data\Avira
[2011/12/01 14:28:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\mmartin\Start Menu\Programs\Spiceworks
[2011/12/01 14:27:52 | 000,000,000 | -H-D | C] -- C:\Program Files\Spiceworks
[2011/11/23 10:57:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/22 10:57:17 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\xing shared



Rivers

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2011-05-13
Operating System : Windows XP

View user profile

Back to top Go down

Re: FakeSysDef

Post by Rivers on Fri 30 Dec 2011, 12:05 pm

Here's the rest of the log:

========== Files - Modified Within 30 Days ==========

[2011/12/21 20:53:01 | 000,000,888 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/21 20:31:55 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1556828984-474624404-3004363705-1143.job
[2011/12/21 20:31:37 | 000,013,646 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/21 20:31:28 | 000,000,884 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/21 20:31:26 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1556828984-474624404-3004363705-1143.job
[2011/12/21 20:28:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/21 20:27:52 | 000,000,986 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1556828984-474624404-3004363705-1143UA.job
[2011/12/21 16:30:07 | 000,447,360 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\hFITnUFOxHN.exe
[2011/12/20 22:26:00 | 000,000,934 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1556828984-474624404-3004363705-1143Core.job
[2011/12/19 20:28:38 | 000,002,300 | -H-- | M] () -- C:\Documents and Settings\mmartin\Desktop\Google Chrome.lnk
[2011/12/11 20:25:07 | 000,425,130 | -H-- | M] () -- C:\Documents and Settings\mmartin\Desktop\CLEalabama-Trial_Skills-121611.pdf
[2011/12/11 19:56:36 | 000,102,318 | -H-- | M] () -- C:\Documents and Settings\mmartin\Desktop\rule-book-2007.pdf
[2011/12/05 21:15:21 | 000,044,541 | -H-- | M] () -- C:\Documents and Settings\mmartin\Desktop\ALNFD Administrative Officer job announcement.pdf
[2011/12/05 21:09:56 | 000,149,939 | -H-- | M] () -- C:\Documents and Settings\mmartin\Desktop\Memorandum Opinion.pdf
[2011/12/05 18:31:21 | 000,005,632 | -H-- | M] () -- C:\Documents and Settings\mmartin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/05 11:19:55 | 000,002,429 | -H-- | M] () -- C:\Documents and Settings\mmartin\Desktop\WordPerfect.lnk
[2011/12/01 15:23:07 | 000,000,746 | -H-- | M] () -- C:\Documents and Settings\mmartin\Desktop\Spiceworks Desktop.lnk
[2011/11/30 10:00:44 | 000,001,223 | -H-- | M] () -- C:\Documents and Settings\mmartin\Desktop\Shortcut to ACTIVE.lnk
[2011/11/30 10:00:26 | 000,000,914 | -H-- | M] () -- C:\Documents and Settings\mmartin\Desktop\Shortcut to fred.lnk
[2011/11/22 10:57:00 | 000,198,832 | -H-- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/11/22 10:56:45 | 000,006,656 | -H-- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/11/22 10:56:45 | 000,005,632 | -H-- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/11/22 10:56:41 | 000,272,896 | -H-- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll

========== Files Created - No Company Name ==========

[2011/12/21 16:33:11 | 000,447,360 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\hFITnUFOxHN.exe
[2011/12/11 20:25:07 | 000,425,130 | -H-- | C] () -- C:\Documents and Settings\mmartin\Desktop\CLEalabama-Trial_Skills-121611.pdf
[2011/12/11 19:56:35 | 000,102,318 | -H-- | C] () -- C:\Documents and Settings\mmartin\Desktop\rule-book-2007.pdf
[2011/12/05 21:15:20 | 000,044,541 | -H-- | C] () -- C:\Documents and Settings\mmartin\Desktop\ALNFD Administrative Officer job announcement.pdf
[2011/12/05 21:09:56 | 000,149,939 | -H-- | C] () -- C:\Documents and Settings\mmartin\Desktop\Memorandum Opinion.pdf
[2011/12/01 15:23:07 | 000,000,746 | -H-- | C] () -- C:\Documents and Settings\mmartin\Desktop\Spiceworks Desktop.lnk
[2011/05/11 14:02:39 | 000,000,120 | -H-- | C] () -- C:\WINDOWS\Cvitima.dat
[2011/05/11 14:02:39 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Pcinidedu.bin
[2011/04/21 08:35:27 | 000,222,592 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/22 17:01:22 | 000,000,050 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/11/15 18:34:12 | 000,005,632 | -H-- | C] () -- C:\Documents and Settings\mmartin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/13 15:00:13 | 000,095,276 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/11 10:41:03 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\QuickInstall.INI
[2009/07/22 18:59:30 | 000,561,152 | RH-- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2009/06/19 13:54:21 | 000,593,920 | -H-- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/06/16 15:49:52 | 000,000,037 | -H-- | C] () -- C:\WINDOWS\Acroread.ini
[2009/06/11 21:15:52 | 000,363,520 | -H-- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009/06/11 21:01:04 | 000,000,010 | -H-- | C] () -- C:\WINDOWS\WININIT.INI
[2009/06/10 12:38:51 | 000,000,161 | -H-- | C] () -- C:\WINDOWS\DISPARAM.INI
[2009/03/25 14:56:27 | 000,000,130 | -H-- | C] () -- C:\Documents and Settings\mmartin\Local Settings\Application Data\fusioncache.dat
[2009/01/13 17:02:39 | 000,061,678 | -H-- | C] () -- C:\Documents and Settings\mmartin\Application Data\PFP120JPR.{PB
[2009/01/13 17:02:39 | 000,012,358 | -H-- | C] () -- C:\Documents and Settings\mmartin\Application Data\PFP120JCM.{PB
[2009/01/12 12:44:08 | 000,074,752 | -H-- | C] () -- C:\WINDOWS\System32\jst.dll
[2009/01/12 12:44:08 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
[2009/01/12 12:40:48 | 000,049,152 | RH-- | C] () -- C:\WINDOWS\System32\hpbprnfx.exe
[2009/01/12 12:40:19 | 000,013,438 | -H-- | C] () -- C:\WINDOWS\hpbins01.dat
[2009/01/12 12:40:19 | 000,001,380 | -H-- | C] () -- C:\WINDOWS\hpbmdl01.dat
[2009/01/12 12:40:14 | 000,000,750 | -H-- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2009/01/12 12:40:07 | 000,221,184 | RH-- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dll
[2009/01/12 12:40:07 | 000,000,412 | RH-- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dat
[2009/01/12 12:39:18 | 000,004,216 | -H-- | C] () -- C:\WINDOWS\hplj3380.ini
[2009/01/12 12:30:18 | 000,000,527 | -H-- | C] () -- C:\WINDOWS\TMW.INI
[2009/01/09 16:15:08 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/01/09 15:25:51 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/08 18:16:11 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/01/08 18:15:48 | 000,000,164 | -H-- | C] () -- C:\WINDOWS\avrack.ini
[2009/01/08 18:15:40 | 000,143,360 | -H-- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/01/08 18:13:31 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/01/08 18:13:02 | 000,110,592 | -H-- | C] () -- C:\WINDOWS\System32\Instdll.dll
[2009/01/08 11:49:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/08 11:46:17 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/08 04:59:59 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/08 04:59:08 | 000,430,360 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/02 20:47:46 | 003,107,788 | -H-- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/06/02 20:47:46 | 003,107,788 | -H-- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/06/02 20:47:46 | 000,887,724 | -H-- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/05/26 20:59:42 | 000,018,904 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/28 15:09:09 | 000,189,051 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/09/27 09:51:02 | 000,020,698 | -H-- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | -H-- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | -H-- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2003/09/26 06:42:46 | 000,002,421 | -H-- | C] () -- C:\WINDOWS\System32\scrubber.ini
[2003/03/31 06:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 06:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 06:00:00 | 000,496,358 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 06:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 06:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 06:00:00 | 000,091,892 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 06:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 06:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 06:00:00 | 000,004,461 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 06:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 06:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/03 15:40:32 | 000,094,274 | -H-- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001/03/28 12:37:14 | 000,000,033 | -H-- | C] () -- C:\WINDOWS\System32\hppcap.ini
[2001/03/28 12:37:14 | 000,000,033 | -H-- | C] () -- C:\WINDOWS\hppcap.ini

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2009/06/12 16:59:05 | 037,663,360 | -H-- | M] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\mmartin\Desktop\8-6_xp32_dd_ccc_wdm_enu_64783.exe
[2009/06/11 20:48:51 | 040,091,352 | -H-- | M] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\mmartin\Desktop\9-3_xp32_dd_ccc_wdm_enu.exe
[2011/05/18 15:43:36 | 048,536,984 | -H-- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\mmartin\Desktop\AdbeRdr1001_en_US.exe
[2009/01/23 15:07:43 | 688,270,496 | -H-- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\mmartin\Desktop\APRO9_Win_WEB_WWEFG.exe
[2009/11/15 20:51:11 | 006,008,376 | -H-- | M] (ashampoo GmbH & Co. KG ) -- C:\Documents and Settings\mmartin\Desktop\ashampoo_burning_studio_6_free_676_4280.exe
[2010/01/12 12:00:56 | 000,277,816 | -H-- | M] (Autodesk, Inc.) -- C:\Documents and Settings\mmartin\Desktop\AutodeskDesignRevSetup.exe
[2011/05/12 15:07:42 | 000,718,104 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\mmartin\Desktop\avgremover.exe
[2011/05/17 20:51:29 | 052,676,424 | -H-- | M] () -- C:\Documents and Settings\mmartin\Desktop\avira_antivir_personal_en.exe
[2010/02/16 23:51:04 | 012,180,688 | -H-- | M] (PY Software, Inc.) -- C:\Documents and Settings\mmartin\Desktop\AWC-PYS.exe
[2009/12/18 22:33:17 | 000,563,872 | -H-- | M] (Google Inc.) -- C:\Documents and Settings\mmartin\Desktop\GoogleEarthSetup.exe
[2011/05/18 16:35:14 | 016,883,056 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\mmartin\Desktop\IE8-WindowsXP-x86-ENU.exe
[2009/10/13 21:10:31 | 004,938,616 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\mmartin\Desktop\Silverlight.exe
[2009/11/17 19:54:54 | 065,683,960 | -H-- | M] (Sling Media Inc.) -- C:\Documents and Settings\mmartin\Desktop\SlingPlayer-2.0.4-Setup.exe
[2009/10/30 15:23:32 | 004,360,208 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\mmartin\Desktop\SyncToySetupPackage.exe
[2009/01/12 17:19:06 | 005,520,400 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\mmartin\Desktop\WindowsSearch-KB940157-XP-x86-enu.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/11/08 22:21:33 | 000,125,912 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/11/08 22:21:33 | 000,924,632 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/11/08 22:21:30 | 000,016,856 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/11/08 22:21:29 | 000,269,272 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2009/06/10 12:46:09 | 000,000,000 | -H-D | M] -- C:\Program Files\ABBYY FineReader for ScanSnap
[2009/01/12 15:45:05 | 000,000,000 | -H-D | M] -- C:\Program Files\Acronis
[2011/07/29 16:05:09 | 000,000,000 | -H-D | M] -- C:\Program Files\Active WebCam
[2011/05/18 15:58:09 | 000,000,000 | -H-D | M] -- C:\Program Files\Adobe
[2011/10/04 21:41:05 | 000,000,000 | -H-D | M] -- C:\Program Files\Amazon
[2009/08/03 14:33:09 | 000,000,000 | -H-D | M] -- C:\Program Files\Apple Software Update
[2009/11/15 20:56:40 | 000,000,000 | -H-D | M] -- C:\Program Files\Ashampoo
[2011/04/20 09:48:05 | 000,000,000 | -H-D | M] -- C:\Program Files\ATI
[2011/04/15 13:05:37 | 000,000,000 | -H-D | M] -- C:\Program Files\ATI Technologies
[2010/01/12 12:02:08 | 000,000,000 | -H-D | M] -- C:\Program Files\Autodesk
[2011/02/21 16:05:59 | 000,000,000 | -H-D | M] -- C:\Program Files\AVG
[2011/05/18 09:23:25 | 000,000,000 | -H-D | M] -- C:\Program Files\Avira
[2009/01/08 18:15:48 | 000,000,000 | -H-D | M] -- C:\Program Files\AvRack
[2011/04/08 21:36:43 | 000,000,000 | -H-D | M] -- C:\Program Files\Bonjour
[2009/05/13 16:53:29 | 000,000,000 | -H-D | M] -- C:\Program Files\BroadJump
[2011/11/22 10:57:17 | 000,000,000 | -H-D | M] -- C:\Program Files\Common Files
[2009/01/08 11:46:16 | 000,000,000 | -H-D | M] -- C:\Program Files\ComPlus Applications
[2011/05/16 17:48:34 | 000,000,000 | -H-D | M] -- C:\Program Files\ESET
[2009/08/19 22:07:27 | 000,000,000 | -H-D | M] -- C:\Program Files\Evernote
[2010/03/24 10:28:28 | 000,000,000 | -H-D | M] -- C:\Program Files\FastStone Image Viewer
[2009/09/28 17:48:21 | 000,000,000 | -H-D | M] -- C:\Program Files\FileZilla FTP Client
[2011/11/24 23:35:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Free CraigsList Reader Pro from CraigsPal
[2011/11/23 10:56:54 | 000,000,000 | -H-D | M] -- C:\Program Files\Google
[2011/04/26 20:12:41 | 000,000,000 | -H-D | M] -- C:\Program Files\HashTab Shell Extension
[2011/09/22 14:07:28 | 000,000,000 | -H-D | M] -- C:\Program Files\Hewlett-Packard
[2009/06/11 15:46:48 | 000,000,000 | -H-D | M] -- C:\Program Files\hp
[2009/11/17 20:04:43 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/01/08 18:12:38 | 000,000,000 | -H-D | M] -- C:\Program Files\Intel
[2011/05/18 17:36:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Internet Explorer
[2009/01/13 14:53:37 | 000,000,000 | -H-D | M] -- C:\Program Files\Intuit
[2011/04/08 21:40:18 | 000,000,000 | -H-D | M] -- C:\Program Files\iPod
[2011/04/08 21:41:06 | 000,000,000 | -H-D | M] -- C:\Program Files\iTunes
[2010/03/03 17:30:22 | 000,000,000 | -H-D | M] -- C:\Program Files\Java
[2009/11/15 22:13:59 | 000,000,000 | -H-D | M] -- C:\Program Files\Laplink
[2009/05/23 15:54:13 | 000,000,000 | -H-D | M] -- C:\Program Files\Logitech
[2011/05/11 21:51:25 | 000,000,000 | -H-D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/01/09 22:07:59 | 000,000,000 | -H-D | M] -- C:\Program Files\Messenger
[2009/11/15 22:08:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft
[2009/01/08 11:48:24 | 000,000,000 | -H-D | M] -- C:\Program Files\microsoft frontpage
[2009/10/30 13:26:34 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft IntelliPoint
[2009/10/30 13:19:27 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft IntelliType Pro
[2009/01/10 09:54:48 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Office
[2011/11/20 22:18:34 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Silverlight
[2009/01/10 09:54:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/01/12 14:13:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Windows Small Business Server
[2009/01/10 09:55:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Works
[2011/02/09 14:43:38 | 000,000,000 | -H-D | M] -- C:\Program Files\Movie Maker
[2011/11/08 22:21:40 | 000,000,000 | -H-D | M] -- C:\Program Files\Mozilla Firefox
[2009/06/10 12:37:06 | 000,000,000 | -H-D | M] -- C:\Program Files\MSBuild
[2009/01/08 11:46:07 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN Gaming Zone
[2009/01/09 20:27:52 | 000,000,000 | -H-D | M] -- C:\Program Files\NetMeeting
[2009/01/08 11:46:13 | 000,000,000 | -H-D | M] -- C:\Program Files\Online Services
[2011/02/09 14:45:36 | 000,000,000 | -H-D | M] -- C:\Program Files\Outlook Express
[2009/08/11 10:56:27 | 000,000,000 | -H-D | M] -- C:\Program Files\Palm Inc
[2009/08/11 11:58:38 | 000,000,000 | -H-D | M] -- C:\Program Files\palmOne
[2009/06/10 12:38:07 | 000,000,000 | -H-D | M] -- C:\Program Files\PFU
[2011/04/08 21:22:45 | 000,000,000 | -H-D | M] -- C:\Program Files\QuickTime
[2011/05/26 09:47:42 | 000,000,000 | -H-D | M] -- C:\Program Files\Real
[2009/01/08 18:15:43 | 000,000,000 | -H-D | M] -- C:\Program Files\Realtek AC97
[2009/01/08 18:15:48 | 000,000,000 | -H-D | M] -- C:\Program Files\Realtek Sound Manager
[2009/01/09 20:15:03 | 000,000,000 | -H-D | M] -- C:\Program Files\REALTEK USB Wireless LAN Driver and Utility
[2009/06/10 12:34:58 | 000,000,000 | -H-D | M] -- C:\Program Files\Reference Assemblies
[2009/01/08 18:13:10 | 000,000,000 | -H-D | M] -- C:\Program Files\Silicon Image
[2009/11/17 20:04:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Sling Media
[2011/04/26 21:49:16 | 000,000,000 | -H-D | M] -- C:\Program Files\SmartFTP Client
[2011/04/26 21:47:33 | 000,000,000 | -H-D | M] -- C:\Program Files\SmartFTP Client 4.0 Setup Files
[2011/12/01 14:29:01 | 000,000,000 | -H-D | M] -- C:\Program Files\Spiceworks
[2009/01/09 16:41:41 | 000,000,000 | -H-D | M] -- C:\Program Files\SpywareBlaster
[2011/08/27 14:15:57 | 000,000,000 | -H-D | M] -- C:\Program Files\The Noteable Software Company
[2010/04/09 22:20:03 | 000,000,000 | -H-D | M] -- C:\Program Files\TurboTax
[2009/11/27 21:48:01 | 000,000,000 | -H-D | M] -- C:\Program Files\TweetDeck
[2009/01/08 12:02:02 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/09/08 19:06:06 | 000,000,000 | -H-D | M] -- C:\Program Files\WebEx
[2011/02/09 14:42:51 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Desktop Search
[2009/06/10 20:50:13 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Media Components
[2009/07/10 09:35:54 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Media Player
[2009/10/08 10:07:27 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows NT
[2009/01/08 11:46:13 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/01/11 12:41:01 | 000,000,000 | -H-D | M] -- C:\Program Files\WordPerfect Office 12
[2009/01/08 11:48:24 | 000,000,000 | -H-D | M] -- C:\Program Files\xerox
[2009/01/12 12:45:06 | 000,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry


< MD5 for: AGP440.SYS >
[2009/01/09 16:22:46 | 022,245,337 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/01/09 20:23:21 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/01/09 16:22:46 | 022,245,337 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/01/09 20:23:21 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:41 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/03/31 06:00:00 | 010,158,890 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2009/01/09 16:22:46 | 022,245,337 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/01/09 20:23:21 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/01/09 16:22:46 | 022,245,337 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/01/09 20:23:21 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/03/31 06:00:00 | 000,086,912 | -H-- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:42 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2003/03/31 06:00:00 | 010,158,890 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2009/01/09 16:22:46 | 022,245,337 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/01/09 20:23:21 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2009/01/09 16:22:46 | 022,245,337 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2009/01/09 20:23:21 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/03 23:59:54 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 12:40:47 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 12:40:47 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 01:56:44 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-01-10 02:35:59

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\mmartin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/12/07 05:16:29 | 001,047,096 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/08 22:21:30 | 000,713,560 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/08 22:21:30 | 000,713,560 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/08 22:21:30 | 000,713,560 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/11/08 22:21:33 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/08 22:21:33 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/11/08 22:21:33 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\mmartin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/12/07 05:16:29 | 001,047,096 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\mmartin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/12/07 05:16:29 | 001,047,096 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\mmartin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/12/07 05:16:29 | 001,047,096 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\mmartin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/12/07 05:16:29 | 001,047,096 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/03/08 03:32:54 | 000,173,056 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/03/08 03:32:54 | 000,173,056 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/03/08 03:32:54 | 000,173,056 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\mmartin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/12/07 05:16:29 | 001,047,096 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/08 22:21:30 | 000,713,560 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/08 22:21:30 | 000,713,560 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/08 22:21:30 | 000,713,560 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/11/08 22:21:33 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/08 22:21:33 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/11/08 22:21:33 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\mmartin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/12/07 05:16:29 | 001,047,096 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\mmartin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/12/07 05:16:29 | 001,047,096 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\mmartin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/12/07 05:16:29 | 001,047,096 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\mmartin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/12/07 05:16:29 | 001,047,096 | -H-- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/03/08 03:32:54 | 000,173,056 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/03/08 03:32:54 | 000,173,056 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/03/08 03:32:54 | 000,173,056 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40F038C5
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >


aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software
Run date: 2011-12-21 21:38:34
-----------------------------
21:38:34.359 OS Version: Windows 5.1.2600 Service Pack 3
21:38:34.359 Number of processors: 2 586 0x205
21:38:34.359 ComputerName: MMARTIN3 UserName: mmartin
21:38:36.046 Initialze error 0 - driver not loaded
21:41:07.515 Service scanning
21:41:08.734 Modules scanning
21:41:08.734 Disk 0 trace - called modules:
21:41:08.734
21:41:08.734 Scan finished successfully
21:41:32.656 The log file has been saved successfully to "E:\aswMBR.txt"

Thanks,
Rivers

Rivers

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2011-05-13
Operating System : Windows XP

View user profile

Back to top Go down

Re: FakeSysDef

Post by Belahzur on Fri 30 Dec 2011, 12:37 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:

    :OTL
    PRC - [2011/12/21 16:30:07 | 000,447,360 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\hFITnUFOxHN.exe
    O4 - HKLM..\Run: [hFITnUFOxHN.exe] C:\Documents and Settings\All Users\Application Data\hFITnUFOxHN.exe ()


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: FakeSysDef

Post by Rivers on Fri 30 Dec 2011, 2:53 pm

I did that and OTL ran but it failed to create a log. An error message said it failed to create a log and the notepad file was blank. I ran it again and got the same result.

Rivers

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2011-05-13
Operating System : Windows XP

View user profile

Back to top Go down

Re: FakeSysDef

Post by Rivers on Sun 01 Jan 2012, 6:42 am

Belahzur,

Looks like you've taken the weekend off. Judging from the number of posts you've made recently, I'd say you deserve the break. Have a Happy New Year and hopefully we can get this fixed when you get back.

In the meantime, I've been poking around on the computer. The Windows Search function still works, so I searched for and found Windows Explorer. It looks like all my folders have been set to "hidden" file attribute. Great to know they are still there. I set Windows Explorer to view hidden files and was able to copy some important documents to a thumb drive and transfer them to my laptop. I was able to restore a background image to the desktop, but still can't get any icons to appear and the start menu still has only a few things in it. I copied a shortcut to Windows Explorer to the desktop folder, but even it does not appear on the desktop. Don't know if any of this info will be helpful, but thought I'd share.

Later,
Rivers

Rivers

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2011-05-13
Operating System : Windows XP

View user profile

Back to top Go down

Re: FakeSysDef

Post by Belahzur on Tue 03 Jan 2012, 11:29 am

Hi,
Okay, lets see if we can sort the hidden files out.


Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

When saving ComboFix rename it to Belahzur.exe to prevent it from being blocked by malware.


Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click Belahzur.exe to run it.

    You will see the following image:


Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: FakeSysDef

Post by Rivers on Wed 04 Jan 2012, 10:03 am

ComboFix 12-01-03.04 - mmartin 01/03/2012 15:38:39.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1145 [GMT -6:00]
Running from: K:\belahzur.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\mmartin\Local Settings\Application Data\assembly\tmp
c:\windows\alcrmv.exe
c:\windows\dasetup.log
.
.
((((((((((((((((((((((((( Files Created from 2011-12-03 to 2012-01-03 )))))))))))))))))))))))))))))))
.
.
2011-12-23 04:26 . 2011-12-29 23:36 -------- d-----w- c:\windows\system32\NtmsData
2011-12-22 01:39 . 2011-12-22 01:39 -------- d--h--w- c:\documents and settings\mmartin\Application Data\Avira
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-16 16:24 . 2011-05-25 14:57 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-09 04:21 . 2011-03-24 16:37 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2007-10-26 15:00 . 2009-01-12 18:19 16896 ----a-w- c:\program files\mozilla firefox\components\tmfftb.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2003-10-03 61440]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-04-09 184320]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe" [2009-01-12 98304]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-31 2595616]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-31 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-31 140568]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"Share-to-Web Namespace Daemon"="c:\program files\hp\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-28 61440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-22 273528]
"Spiceworks"="c:\program files\Spiceworks\bin\spicetray_silent.exe" [2011-11-01 68664]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-6-9 2355200]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
CardMinder Viewer.lnk - c:\program files\PFU\ScanSnap\CardMinder\CardLauncher.exe [2009-6-10 77824]
Conversion to PDF with ScanSnap Organizer.lnk - c:\program files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2009-6-10 15360]
HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2008-1-3 1392640]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-6 815104]
SATARaid.lnk - c:\program files\Silicon Image\SiISATARaid\SATARaid.exe [2009-1-8 1019961]
ScanSnap Manager.lnk - c:\program files\PFU\ScanSnap\Driver\PfuSsMon.exe [2009-6-10 1048576]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\Laplink\\PCsync\\SFTHost.exe"=
"c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"=
"c:\\Documents and Settings\\mmartin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Spiceworks\\bin\\spiceworks.exe"=
"c:\\Program Files\\Spiceworks\\bin\\spiceworks-finder.exe"=
"c:\\Program Files\\Spiceworks\\httpd\\bin\\spiceworks-httpd.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/18/2011 9:23 AM 136360]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [1/9/2009 2:16 PM 38144]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/18/2009 10:33 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/18/2009 10:33 PM 135664]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [8/4/2009 11:06 AM 18432]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys --> c:\windows\system32\DRIVERS\RTL8187B.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 04:33]
.
2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 04:33]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1556828984-474624404-3004363705-1143Core.job
- c:\documents and settings\mmartin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 16:33]
.
2012-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1556828984-474624404-3004363705-1143UA.job
- c:\documents and settings\mmartin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 16:33]
.
2012-01-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1556828984-474624404-3004363705-1143.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2012-01-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1556828984-474624404-3004363705-1143.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\documents and settings\mmartin\Application Data\Mozilla\Firefox\Profiles\p5a9s7yp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Active WebCam - c:\program files\Active WebCam\PY_UNINSTAL.EXE SOFTWARE\PySoft\Act_WebCam
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\mmartin\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-01-03 16:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
c:\windows\system32\HPBPRO.EXE [8900] 0x878E7DA0
c:\windows\system32\HPBPRO.EXE [7300] 0x87CB7DA0
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-01-03 16:44:58
ComboFix-quarantined-files.txt 2012-01-03 22:44
.
Pre-Run: 204,879,024,128 bytes free
Post-Run: 205,516,451,840 bytes free
.
- - End Of File - - 31382CC13AE6B45B62EB21979C17743F

Rivers

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2011-05-13
Operating System : Windows XP

View user profile

Back to top Go down

Re: FakeSysDef

Post by Rivers on Fri 06 Jan 2012, 10:27 am

Everything looks normal now and programs seem to work ok. BUT, Avira is still finding a virus. Also getting messages from a fake virus scan. Avira also warns that a program is trying to take over the system. I'm not out of the woods yet.

Rivers

Rivers

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2011-05-13
Operating System : Windows XP

View user profile

Back to top Go down

Re: FakeSysDef

Post by Belahzur on Sat 07 Jan 2012, 4:30 am

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: FakeSysDef

Post by Rivers on Sat 07 Jan 2012, 6:34 am

I've had a major set-back. I am unable to go on-line to run ESET. The virus has taken control again and it's even worse then before. I can boot into Windows but the only thing on the screen is my background photo. There is not even the Start menu this time. No icons or anything. I booted into safe mode with networking and attempted to launch Internet Explorer but it would not run. I tried Firefox and it runs but will not go to the web. I get an error message that the server is not found. Should I run OTL and aswMBR again?

Rivers

Rivers

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2011-05-13
Operating System : Windows XP

View user profile

Back to top Go down

Re: FakeSysDef

Post by Rivers on Thu 12 Jan 2012, 7:37 am

Ran OTL again.

OTL logfile created on: 1/11/2012 12:14:26 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 86.37% Memory free
3.85 Gb Paging File | 3.77 Gb Available in Paging File | 97.95% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 278.32 Gb Total Space | 191.74 Gb Free Space | 68.89% Space Free | Partition Type: NTFS
Drive D: | 0.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1009.72 Mb Total Space | 848.25 Mb Free Space | 84.01% Space Free | Partition Type: FAT

Computer Name: MMARTIN3 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/21 18:35:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\OTL.com
PRC - [2008/04/13 18:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2011/07/01 09:32:59 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/28 15:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/09/29 08:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/01/23 15:27:40 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/29 15:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/10/30 20:51:44 | 000,492,720 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/10/30 20:07:38 | 000,427,288 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2002/12/04 02:24:20 | 000,065,536 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/07/01 09:33:01 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/01 09:33:01 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/04/19 20:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/06/11 15:46:46 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2009/04/28 00:13:23 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/02/03 20:31:17 | 000,170,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2009/01/12 15:45:24 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/01/12 15:45:24 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/01/12 15:45:20 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/01/12 15:45:16 | 000,368,544 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2009/01/11 13:45:58 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/04/13 12:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 11:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007/10/04 20:27:26 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2007/10/04 20:27:24 | 000,116,776 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SI3114R.sys -- (SI3114r)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (winusb)
DRV - [2006/09/20 15:01:12 | 004,019,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/08/06 15:44:24 | 000,014,336 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atinpdxx.sys -- (PCDCODEC)
DRV - [2003/08/06 15:44:11 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2003/08/06 15:41:07 | 000,104,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2003/08/06 15:39:59 | 000,063,488 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atinxsxx.sys -- (ATIXSAudio)
DRV - [2003/08/06 15:39:05 | 000,051,712 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinraxx.sys -- (ativraxx)
DRV - [2003/08/06 15:35:20 | 000,056,832 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atintuxx.sys -- (ATITUNEP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\palmOne\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/22 10:57:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/22 10:57:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/22 10:57:44 | 000,000,000 | ---D | M]

[2009/01/09 15:25:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/01/10 10:49:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\txphsxyh.default\extensions
[2011/11/08 22:21:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX
[2011/12/20 11:23:39 | 000,000,000 | ---D | M] ("TimeMatters toolbar") -- C:\TMW9
[2011/11/08 22:21:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/10/26 09:00:08 | 000,016,896 | ---- | M] () -- C:\Program Files\mozilla firefox\components\tmfftb.dll
[2011/05/18 15:49:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 09:51:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/08 22:21:34 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/03 16:20:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Time Matters) - {00F17ECE-12DA-46A0-B541-BDE4EB7DF027} - C:\TMW9\tmietb.dll (LexisNexis, a division of Reed Elsevier Inc. )
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Time Matters) - {00F17ECE-12DA-46A0-B541-BDE4EB7DF027} - C:\TMW9\tmietb.dll (LexisNexis, a division of Reed Elsevier Inc. )
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Spiceworks] C:\Program Files\Spiceworks\bin\spicetray_silent.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\palmOne Registration.lnk = C:\Program Files\palmOne\register.exe (palmOne/Leader Technologies)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CardMinder Viewer.lnk = C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk = C:\Program Files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SATARaid.lnk = C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe (Silicon Image, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ScanSnap Manager.lnk = C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} [You must be registered and logged in to see this link.] (NSHelp Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = blackwarriorriver.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55126A71-4597-46AB-8F9E-B840B3F4513F}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/08 11:48:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: DHCP - File not found
NetSvcs: EventSystem - File not found
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: LanmanServer - File not found
NetSvcs: LanmanWorkstation - File not found
NetSvcs: Messenger - File not found
NetSvcs: Nla - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Remoteaccess - File not found
NetSvcs: Schedule - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: Themes - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: winmgmt - C:\WINDOWS\system32\wbem\winmgmt.exe (Microsoft Corporation)
NetSvcs: TermService - File not found
NetSvcs: BITS - File not found
NetSvcs: ShellHWDetection - File not found
NetSvcs: helpsvc - File not found
NetSvcs: WmdmPmSN - File not found
NetSvcs: napagent - File not found
NetSvcs: hkmsvc - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: CryptSvc - Service
SafeBootMin: DcomLaunch - Service
SafeBootMin: dmserver - Service
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcSs - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: SRService - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinMgmt - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Browser - Service
SafeBootNet: CryptSvc - Service
SafeBootNet: DcomLaunch - Service
SafeBootNet: Dhcp - Service
SafeBootNet: dmserver - Service
SafeBootNet: DnsCache - Service
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: LanmanServer - File not found
SafeBootNet: LanmanWorkstation - Service
SafeBootNet: LmHosts - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: NetMan - Service
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTRSupport - Reg Error: Value error.
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: RpcSs - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: sharedaccess - File not found
SafeBootNet: SRService - Service
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: termservice - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: WinMgmt - Service
SafeBootNet: WZCSVC - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0F5C3557-9462-6B04-BD71-78589BDDBE66} - Outlook Express
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

CREATERESTOREPOINT
Error creating restore point.

Rivers

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2011-05-13
Operating System : Windows XP

View user profile

Back to top Go down

Re: FakeSysDef

Post by Rivers on Thu 12 Jan 2012, 7:38 am

========== Files/Folders - Created Within 30 Days ==========

[2012/01/03 15:27:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/03 15:27:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/03 15:27:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/03 15:27:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/03 15:26:17 | 000,000,000 | ---D | C] -- C:\belahzur
[2012/01/03 15:20:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/22 22:27:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/12/22 22:26:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

========== Files - Modified Within 30 Days ==========

[2012/01/11 11:59:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/11 11:54:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/06 13:30:38 | 000,012,170 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\458b23d65nwbwx3n7jmr6o
[2012/01/05 16:53:01 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/05 16:26:01 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1556828984-474624404-3004363705-1143UA.job
[2012/01/05 11:29:26 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1556828984-474624404-3004363705-1143.job
[2012/01/05 11:29:25 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1556828984-474624404-3004363705-1143.job
[2012/01/05 11:04:52 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/03 16:20:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/29 22:26:01 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1556828984-474624404-3004363705-1143Core.job

========== Files Created - No Company Name ==========

[2012/01/05 17:06:48 | 000,012,170 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\458b23d65nwbwx3n7jmr6o
[2012/01/03 15:27:44 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/03 15:27:44 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/03 15:27:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/03 15:27:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/03 15:27:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/11 14:02:39 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Cvitima.dat
[2011/05/11 14:02:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Pcinidedu.bin
[2011/04/21 08:35:27 | 000,222,592 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/22 17:01:22 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/09/13 15:00:13 | 000,095,276 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/11 10:41:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2009/07/22 18:59:30 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2009/06/19 13:54:21 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/06/16 15:49:52 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Acroread.ini
[2009/06/11 21:15:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009/06/11 21:01:04 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/06/10 12:38:51 | 000,000,161 | ---- | C] () -- C:\WINDOWS\DISPARAM.INI
[2009/01/12 17:00:58 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PFP120JPR.{PB
[2009/01/12 17:00:58 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PFP120JCM.{PB
[2009/01/12 12:44:08 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
[2009/01/12 12:44:08 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
[2009/01/12 12:40:48 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\hpbprnfx.exe
[2009/01/12 12:40:19 | 000,013,438 | ---- | C] () -- C:\WINDOWS\hpbins01.dat
[2009/01/12 12:40:19 | 000,001,380 | ---- | C] () -- C:\WINDOWS\hpbmdl01.dat
[2009/01/12 12:40:14 | 000,000,750 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2009/01/12 12:40:07 | 000,221,184 | R--- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dll
[2009/01/12 12:40:07 | 000,000,412 | R--- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dat
[2009/01/12 12:39:18 | 000,004,216 | ---- | C] () -- C:\WINDOWS\hplj3380.ini
[2009/01/12 12:30:18 | 000,000,527 | ---- | C] () -- C:\WINDOWS\TMW.INI
[2009/01/09 16:15:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/01/09 15:25:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/08 18:16:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/01/08 18:15:48 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009/01/08 18:15:40 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/01/08 18:13:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/01/08 18:13:02 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Instdll.dll
[2009/01/08 11:49:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/08 11:46:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/08 04:59:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/08 04:59:08 | 000,430,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/02 20:47:46 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/06/02 20:47:46 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/06/02 20:47:46 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/28 15:09:09 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2003/09/26 06:42:46 | 000,002,421 | ---- | C] () -- C:\WINDOWS\System32\scrubber.ini
[2003/03/31 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 06:00:00 | 001,033,728 | ---- | C] () -- C:\WINDOWS\expl.dat
[2003/03/31 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 06:00:00 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\winl.dat
[2003/03/31 06:00:00 | 000,496,358 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 06:00:00 | 000,091,892 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 06:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\svch.dat
[2003/03/31 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/03 15:40:32 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001/03/28 12:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\System32\hppcap.ini
[2001/03/28 12:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppcap.ini

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2009/01/10 11:10:01 | 005,520,400 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\WindowsSearch-KB940157-XP-x86-enu.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/11/08 22:21:33 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/11/08 22:21:33 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/11/08 22:21:30 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/11/08 22:21:29 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2009/06/10 12:46:09 | 000,000,000 | ---D | M] -- C:\Program Files\ABBYY FineReader for ScanSnap
[2009/01/12 15:45:05 | 000,000,000 | ---D | M] -- C:\Program Files\Acronis
[2011/07/29 16:05:09 | 000,000,000 | ---D | M] -- C:\Program Files\Active WebCam
[2011/05/18 15:58:09 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/10/04 21:41:05 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2009/08/03 14:33:09 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/11/15 20:56:40 | 000,000,000 | ---D | M] -- C:\Program Files\Ashampoo
[2011/04/20 09:48:05 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
[2011/04/15 13:05:37 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2010/01/12 12:02:08 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk
[2011/02/21 16:05:59 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2011/05/18 09:23:25 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2009/01/08 18:15:48 | 000,000,000 | ---D | M] -- C:\Program Files\AvRack
[2011/04/08 21:36:43 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/05/13 16:53:29 | 000,000,000 | ---D | M] -- C:\Program Files\BroadJump
[2012/01/03 15:56:42 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/01/08 11:46:16 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2011/05/16 17:48:34 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2009/08/19 22:07:27 | 000,000,000 | ---D | M] -- C:\Program Files\Evernote
[2010/03/24 10:28:28 | 000,000,000 | ---D | M] -- C:\Program Files\FastStone Image Viewer
[2009/09/28 17:48:21 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client
[2012/01/03 17:01:32 | 000,000,000 | ---D | M] -- C:\Program Files\Free CraigsList Reader Pro from CraigsPal
[2011/11/23 10:56:54 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011/04/26 20:12:41 | 000,000,000 | ---D | M] -- C:\Program Files\HashTab Shell Extension
[2011/09/22 14:07:28 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/06/11 15:46:48 | 000,000,000 | ---D | M] -- C:\Program Files\hp
[2009/11/17 20:04:43 | 000,000,000 | ---D | M] -- C:\Program Files\InstallShield Installation Information
[2009/01/08 18:12:38 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/05/18 17:36:23 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/01/13 14:53:37 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2011/04/08 21:40:18 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/04/08 21:41:06 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/03/03 17:30:22 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/11/15 22:13:59 | 000,000,000 | ---D | M] -- C:\Program Files\Laplink
[2009/05/23 15:54:13 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2011/05/11 21:51:25 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/01/09 22:07:59 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/11/15 22:08:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/01/08 11:48:24 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/10/30 13:26:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliPoint
[2009/10/30 13:19:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliType Pro
[2009/01/10 09:54:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/11/20 22:18:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/01/10 09:54:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/01/12 14:13:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Windows Small Business Server
[2009/01/10 09:55:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2011/02/09 14:43:38 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/11/08 22:21:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/06/10 12:37:06 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/01/08 11:46:07 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/01/09 20:27:52 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/01/08 11:46:13 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2011/02/09 14:45:36 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/08/11 10:56:27 | 000,000,000 | ---D | M] -- C:\Program Files\Palm Inc
[2009/08/11 11:58:38 | 000,000,000 | ---D | M] -- C:\Program Files\palmOne
[2009/06/10 12:38:07 | 000,000,000 | ---D | M] -- C:\Program Files\PFU
[2011/04/08 21:22:45 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2011/05/26 09:47:42 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/01/08 18:15:43 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek AC97
[2009/01/08 18:15:48 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek Sound Manager
[2009/01/09 20:15:03 | 000,000,000 | ---D | M] -- C:\Program Files\REALTEK USB Wireless LAN Driver and Utility
[2009/06/10 12:34:58 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/01/08 18:13:10 | 000,000,000 | ---D | M] -- C:\Program Files\Silicon Image
[2009/11/17 20:04:00 | 000,000,000 | ---D | M] -- C:\Program Files\Sling Media
[2011/04/26 21:49:16 | 000,000,000 | ---D | M] -- C:\Program Files\SmartFTP Client
[2011/04/26 21:47:33 | 000,000,000 | ---D | M] -- C:\Program Files\SmartFTP Client 4.0 Setup Files
[2011/12/01 14:29:01 | 000,000,000 | ---D | M] -- C:\Program Files\Spiceworks
[2009/01/09 16:41:41 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2011/08/27 14:15:57 | 000,000,000 | ---D | M] -- C:\Program Files\The Noteable Software Company
[2010/04/09 22:20:03 | 000,000,000 | ---D | M] -- C:\Program Files\TurboTax
[2009/11/27 21:48:01 | 000,000,000 | ---D | M] -- C:\Program Files\TweetDeck
[2009/01/08 12:02:02 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
[2009/09/08 19:06:06 | 000,000,000 | ---D | M] -- C:\Program Files\WebEx
[2011/02/09 14:42:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2009/06/10 20:50:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Components
[2009/07/10 09:35:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/10/08 10:07:27 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/01/08 11:46:13 | 000,000,000 | ---D | M] -- C:\Program Files\WindowsUpdate
[2009/01/11 12:41:01 | 000,000,000 | ---D | M] -- C:\Program Files\WordPerfect Office 12
[2009/01/08 11:48:24 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/01/12 12:45:06 | 000,000,000 | ---D | M] -- C:\Program Files\Zero G Registry


< MD5 for: AGP440.SYS >
[2009/01/09 16:22:46 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/01/09 20:23:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/01/09 16:22:46 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/01/09 20:23:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/03/31 06:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2009/01/09 16:22:46 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/01/09 20:23:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/01/09 16:22:46 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/01/09 20:23:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/03/31 06:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2003/03/31 06:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2009/01/09 16:22:46 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/01/09 20:23:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2009/01/09 16:22:46 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2009/01/09 20:23:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/03 23:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 12:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 12:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 01:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-01-10 02:35:59

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\mmartin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/12/07 05:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/08 22:21:30 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/08 22:21:30 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/08 22:21:30 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/08 22:21:33 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Documents and Settings\mmartin\Local Settings\Application Data\oen.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/05 17:06:47 | 000,274,432 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\mmartin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/12/07 05:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\mmartin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/12/07 05:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\mmartin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/12/07 05:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\mmartin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/12/07 05:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/03/08 03:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/03/08 03:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/03/08 03:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\mmartin\Local Settings\Application Data\oen.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe" [2012/01/05 17:06:47 | 000,274,432 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\mmartin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/12/07 05:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/08 22:21:30 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/08 22:21:30 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/08 22:21:30 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/08 22:21:33 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Documents and Settings\mmartin\Local Settings\Application Data\oen.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/05 17:06:47 | 000,274,432 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\mmartin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/12/07 05:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\mmartin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/12/07 05:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\mmartin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/12/07 05:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\mmartin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/12/07 05:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/03/08 03:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/03/08 03:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/03/08 03:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Documents and Settings\mmartin\Local Settings\Application Data\oen.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe" [2012/01/05 17:06:47 | 000,274,432 | ---- | M] (Microsoft Corporation)

< End of report >

Rivers

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2011-05-13
Operating System : Windows XP

View user profile

Back to top Go down

Re: FakeSysDef

Post by Rivers on Thu 12 Jan 2012, 7:42 am

I have been unable to run aswMBR from the thumb drive, can't copy it to the desktop and can't go online. I'll try again with a fresh download of the file. I was able to scan with Avira and here is the log. It did detect two viruses but I did not quarantine the files.



Avira AntiVir Personal
Report file date: Wednesday, January 11, 2012 13:20

Scanning for 3029016 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Safe mode with network
Username : mmartin
Computer name : MMARTIN3

Version information:
BUILD.DAT : 10.2.0.704 35934 Bytes 9/28/2011 13:34:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 7/1/2011 15:32:59
AVSCAN.DLL : 10.0.5.0 47464 Bytes 7/1/2011 15:32:59
LUKE.DLL : 10.3.0.5 45416 Bytes 7/1/2011 15:33:01
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 7/1/2011 15:33:01
AVREG.DLL : 10.3.0.9 88833 Bytes 7/13/2011 14:03:43
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 21:15:47
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 16:53:35
VBASE003.VDF : 7.11.19.171 2048 Bytes 12/20/2011 16:53:35
VBASE004.VDF : 7.11.19.172 2048 Bytes 12/20/2011 16:53:35
VBASE005.VDF : 7.11.19.173 2048 Bytes 12/20/2011 16:53:35
VBASE006.VDF : 7.11.19.174 2048 Bytes 12/20/2011 16:53:35
VBASE007.VDF : 7.11.19.175 2048 Bytes 12/20/2011 16:53:36
VBASE008.VDF : 7.11.19.176 2048 Bytes 12/20/2011 16:53:36
VBASE009.VDF : 7.11.19.177 2048 Bytes 12/20/2011 16:53:36
VBASE010.VDF : 7.11.19.178 2048 Bytes 12/20/2011 16:53:36
VBASE011.VDF : 7.11.19.179 2048 Bytes 12/20/2011 16:53:36
VBASE012.VDF : 7.11.19.180 2048 Bytes 12/20/2011 16:53:36
VBASE013.VDF : 7.11.19.217 182784 Bytes 12/22/2011 23:32:47
VBASE014.VDF : 7.11.19.255 148480 Bytes 12/24/2011 23:32:49
VBASE015.VDF : 7.11.20.29 164352 Bytes 12/27/2011 23:32:50
VBASE016.VDF : 7.11.20.70 180224 Bytes 12/29/2011 23:32:51
VBASE017.VDF : 7.11.20.102 240640 Bytes 1/2/2012 20:57:52
VBASE018.VDF : 7.11.20.139 164864 Bytes 1/4/2012 17:06:35
VBASE019.VDF : 7.11.20.140 2048 Bytes 1/4/2012 17:06:35
VBASE020.VDF : 7.11.20.141 2048 Bytes 1/4/2012 17:06:36
VBASE021.VDF : 7.11.20.142 2048 Bytes 1/4/2012 17:06:36
VBASE022.VDF : 7.11.20.143 2048 Bytes 1/4/2012 17:06:36
VBASE023.VDF : 7.11.20.144 2048 Bytes 1/4/2012 17:06:37
VBASE024.VDF : 7.11.20.145 2048 Bytes 1/4/2012 17:06:37
VBASE025.VDF : 7.11.20.146 2048 Bytes 1/4/2012 17:06:37
VBASE026.VDF : 7.11.20.147 2048 Bytes 1/4/2012 17:06:37
VBASE027.VDF : 7.11.20.148 2048 Bytes 1/4/2012 17:06:38
VBASE028.VDF : 7.11.20.149 2048 Bytes 1/4/2012 17:06:38
VBASE029.VDF : 7.11.20.150 2048 Bytes 1/4/2012 17:06:38
VBASE030.VDF : 7.11.20.151 2048 Bytes 1/4/2012 17:06:39
VBASE031.VDF : 7.11.20.171 137728 Bytes 1/5/2012 17:06:39
Engineversion : 8.2.8.18
AEVDF.DLL : 8.1.2.2 106868 Bytes 10/26/2011 13:51:33
AESCRIPT.DLL : 8.1.3.95 479612 Bytes 12/29/2011 23:33:14
AESCN.DLL : 8.1.7.2 127349 Bytes 3/28/2011 21:15:27
AESBX.DLL : 8.2.4.5 434549 Bytes 12/5/2011 01:15:41
AERDL.DLL : 8.1.9.15 639348 Bytes 9/9/2011 23:58:19
AEPACK.DLL : 8.2.15.1 770423 Bytes 12/18/2011 03:36:39
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 12/29/2011 23:33:13
AEHEUR.DLL : 8.1.3.14 4260216 Bytes 12/29/2011 23:33:12
AEHELP.DLL : 8.1.18.0 254327 Bytes 10/26/2011 13:51:15
AEGEN.DLL : 8.1.5.17 405877 Bytes 12/9/2011 16:15:01
AEEMU.DLL : 8.1.3.0 393589 Bytes 3/28/2011 21:15:19
AECORE.DLL : 8.1.24.3 201079 Bytes 12/29/2011 23:33:00
AEBB.DLL : 8.1.1.0 53618 Bytes 3/28/2011 21:15:19
AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/28/2011 21:15:31
AVPREF.DLL : 10.0.3.2 44904 Bytes 7/1/2011 15:32:59
AVREP.DLL : 10.0.0.10 174120 Bytes 5/18/2011 15:25:38
AVARKT.DLL : 10.0.26.1 255336 Bytes 7/1/2011 15:32:58
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 7/1/2011 15:32:59
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/28/2011 21:15:30
NETNT.DLL : 10.0.0.0 11624 Bytes 3/28/2011 21:15:39
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 7/1/2011 15:32:57
RCTEXT.DLL : 10.0.64.0 97640 Bytes 7/1/2011 15:32:57

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: Default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Advanced

Start of the scan: Wednesday, January 11, 2012 13:20

Starting search for hidden objects.
The driver could not be initialized.
C:\WINDOWS\Explorer.exe
[DETECTION] Is the TR/Patched.Gen Trojan

The scan of running processes will be started
Scan process 'avscan.exe' - '59' Module(s) have been scanned
Scan process 'avcenter.exe' - '60' Module(s) have been scanned
Scan process 'Explorer.EXE' - '114' Module(s) have been scanned
Module is infected ->
[DETECTION] Is the TR/Patched.Gen Trojan
[WARNING] The file was ignored!
Scan process 'lsass.exe' - '48' Module(s) have been scanned
Scan process 'services.exe' - '34' Module(s) have been scanned
Scan process 'winlogon.exe' - '67' Module(s) have been scanned
Module is infected ->
[DETECTION] Is the TR/Patched.Gen Trojan
[WARNING] The file was ignored!
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).
C:\WINDOWS\Explorer.exe
[DETECTION] Is the TR/Patched.Gen Trojan
[WARNING] The file was ignored!


End of the scan: Wednesday, January 11, 2012 13:22
Used time: 01:31 Minute(s)

The scan has been done completely.

0 Scanned directories
1522 Files were scanned
3 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1519 Files not concerned
6 Archives were scanned
3 Warnings
0 Notes


Rivers

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2011-05-13
Operating System : Windows XP

View user profile

Back to top Go down

Re: FakeSysDef

Post by Rivers on Thu 12 Jan 2012, 7:59 am

Downloaded a fresh copy and ran it from the USB thumb drive, E:

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-11 14:51:51
-----------------------------
14:51:51.500 OS Version: Windows 5.1.2600 Service Pack 3
14:51:51.500 Number of processors: 2 586 0x205
14:51:51.500 ComputerName: MMARTIN3 UserName: mmartin
14:51:52.125 Initialze error 0 - driver not loaded
14:52:11.421 AVAST engine download error: 0
14:52:44.500 Service scanning
14:52:47.875 Modules scanning
14:52:47.875 Disk 0 trace - called modules:
14:52:47.875
14:52:47.890 Scan finished successfully
14:53:15.906 The log file has been saved successfully to "E:\aswMBR.txt"

Rivers

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2011-05-13
Operating System : Windows XP

View user profile

Back to top Go down

Re: FakeSysDef

Post by Belahzur on Fri 13 Jan 2012, 12:02 pm

Hello.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    explorer.exe
    winlogon.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: FakeSysDef

Post by Rivers on Fri 13 Jan 2012, 12:32 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 19:28 on 12/01/2012 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "explorer.exe"
C:\WINDOWS\explorer.exe --a---- 1058816 bytes [12:00 31/03/2003] [00:12 14/04/2008] 44184BDA2DA24E71860AAFB6452AEA0C
C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe --a---- 1033216 bytes [11:26 13/06/2007] [11:26 13/06/2007] 7712DF0CDDE3A5AC89843E61CD5B3658
C:\WINDOWS\$NtServicePackUninstall$\explorer.exe -----c- 1033216 bytes [02:23 10/01/2009] [10:23 13/06/2007] 97BD6515465659FF8F3B7BE375B2EA87
C:\WINDOWS\$NtUninstallKB938828$\explorer.exe -----c- 1032192 bytes [23:45 09/01/2009] [07:56 04/08/2004] A0732187050030AE399B241436565E64
C:\WINDOWS\ERDNT\cache\explorer.exe --a---- 1033728 bytes [21:41 12/05/2011] [00:12 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923
C:\WINDOWS\ServicePackFiles\i386\explorer.exe ------- 1033728 bytes [07:56 04/08/2004] [00:12 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923

Searching for "winlogon.exe"
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe --a---- 182856 bytes [23:55 12/01/2012] [23:50 24/12/2011] B382935AB01B27D0E14F267DBF288896
C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe -----c- 502272 bytes [02:23 10/01/2009] [07:56 04/08/2004] 01C3346C241652F43AED8E2149881BFE
C:\WINDOWS\ERDNT\cache\winlogon.exe --a---- 507904 bytes [21:41 12/05/2011] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS\ServicePackFiles\i386\winlogon.exe ------- 507904 bytes [07:56 04/08/2004] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS\system32\winlogon.exe --a---- 545280 bytes [12:00 31/03/2003] [00:12 14/04/2008] 950112AEB8F00842AAD888C48AEEE369

-= EOF =-

Rivers

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2011-05-13
Operating System : Windows XP

View user profile

Back to top Go down

Re: FakeSysDef

Post by Rivers on Thu 26 Jan 2012, 1:57 am

Hello? It's been 13 days since my last post. Is anyone there? My computer is still inoperable. I've been patiently waiting, knowing that this is a free service and the helpers are dedicated volunteers. But my computer has been down for over a month and it looks like Belahzur has lost interest. Can someone else help me or am I left to do this by myself? Reformat and reinstall?

Rivers

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2011-05-13
Operating System : Windows XP

View user profile

Back to top Go down

Re: FakeSysDef

Post by Belahzur on Thu 26 Jan 2012, 5:35 am

Sorry, been super busy.


Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    FCopy::
    C:\WINDOWS\ServicePackFiles\i386\explorer.exe | C:\WINDOWS\explorer.exe
    C:\WINDOWS\ServicePackFiles\i386\winlogon.exe | C:\WINDOWS\system32\winlogon.exe
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.




@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: FakeSysDef

Post by Rivers on Thu 26 Jan 2012, 1:06 pm

Welcome back. Thanks for helping. I'm sorry to be a pest.

I'm unable to drag and drop the text file. Drag and drop isn't working. Is there any other way to do it?

Rivers

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2011-05-13
Operating System : Windows XP

View user profile

Back to top Go down

Re: FakeSysDef

Post by Rivers on Thu 26 Jan 2012, 1:29 pm

I tried it again and just ran combofix that we saved as Belahzur earlier. Then I pasted the text in. The program immediately flashed off and disappeared. Maybe that's how it runs, but I couldn't find a log.

Rivers

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2011-05-13
Operating System : Windows XP

View user profile

Back to top Go down

Re: FakeSysDef

Post by Rivers on Thu 26 Jan 2012, 2:21 pm

Ok, found it. It's an error message: "The file name, directory name, or volume label syntax is incorrect." I doubled checked and it pasted correctly. I also checked the files and that is the right path. I couldn't manually move them.

Rivers

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2011-05-13
Operating System : Windows XP

View user profile

Back to top Go down

Re: FakeSysDef

Post by Belahzur on Sat 28 Jan 2012, 7:26 am

Okay lets try it this way.

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


Files to move:
C:\WINDOWS\ServicePackFiles\i386\explorer.exe | C:\WINDOWS\explorer.exe
C:\WINDOWS\ServicePackFiles\i386\winlogon.exe | C:\WINDOWS\system32\winlogon.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: FakeSysDef

Post by Rivers on Sat 28 Jan 2012, 10:30 am

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.

Rivers

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2011-05-13
Operating System : Windows XP

View user profile

Back to top Go down

Re: FakeSysDef

Post by Rivers on Sat 28 Jan 2012, 11:04 am

After running the above, and logging into safe mode with networking, I no longer have any icons and, so, no access to Windows Explorer. So I logged in with safe mode and command prompt. I checked the directory and the two files were not moved. But I was able to move them with DOS commands. I hope that's ok. Rebooted and no change. I re-checked the directory and they are still there. Normal reboot, no change. Boot to safe mode with command prompt, no change. Boot to safe mode with networking, I get an error message - Explorer.EXE - Application Error. The instruction at "0x015f5f94" referenced memory at "0x01100414". The memory could not be "written". Click on OK to terminate the program. Click on CANCEL to debug the program. I clicked cancel and nothing happened. I am still able to boot into command mode and can run programs on the USB thumb drive.

Rivers

Newbie Surfer
Newbie Surfer

Posts : 32
Joined : 2011-05-13
Operating System : Windows XP

View user profile

Back to top Go down

Re: FakeSysDef

Post by Belahzur on Tue 31 Jan 2012, 12:14 pm

Open the Task Manager via ctrl/alt/del. Go to the "Applications" tab, and press "New Task..."

In the open field, type in explorer.exe and hit the OK button.

Does your Desktop load now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: FakeSysDef

Post by Sponsored content Today at 11:23 am


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum