1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Slow computer / unresponsive script

Discussion in 'Malware and Virus Removal Archive' started by Unsprung, 2010/08/16.

Page 2 of 3
  1. 2010/08/21
    Unsprung

    Unsprung Inactive Thread Starter

    Joined:
    2010/02/21
    Messages:
    31
    Likes Received:
    0
    ComboFix 10-08-21.01 - Peter Blood 08/21/2010 16:24:31.5.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.44 [GMT -4:00]
    Running from: C:\Junk.exe
    Command switches used :: C:\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}

    FILE ::
    "c:\docume~1\PETERB~1\LOCALS~1\Temp\RGI5.tmp "
    "C:\Junk.exe "
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Junk.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-07-21 to 2010-08-21 )))))))))))))))))))))))))))))))
    .

    2010-08-17 04:03 . 2010-08-17 04:03 -------- d-----w- c:\documents and settings\Peter Blood\Local Settings\Application Data\WinZip

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-21 12:44 . 2010-01-22 06:57 -------- d-----w- c:\program files\SPAMfighter
    2010-08-17 11:52 . 2009-12-26 22:24 -------- d-----w- c:\program files\Common Files\Apple
    2010-08-17 11:46 . 2006-08-24 14:27 -------- d-----w- c:\program files\Roxio
    2010-08-16 18:11 . 2010-02-22 12:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-21 10:12 . 2008-11-03 10:53 -------- d-----w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks
    2010-07-21 10:08 . 2010-07-21 10:08 37464 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\setup\uninstall.exe
    2010-07-05 08:27 . 2010-07-05 08:27 -------- d-----w- c:\documents and settings\Peter Blood\Application Data\Turbine
    2010-07-05 00:15 . 2010-03-25 05:12 -------- d-----w- c:\program files\Turbine
    2010-07-04 20:19 . 2009-02-08 08:29 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
    2010-06-30 12:31 . 2004-08-10 17:51 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44 . 2004-08-10 17:51 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-22 23:51 . 2010-06-22 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
    2010-06-21 15:27 . 2004-08-10 17:51 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03 . 2004-08-10 17:51 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 14:31 . 2004-08-10 18:02 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-14 07:41 . 2004-08-10 17:51 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-08 07:25 . 2010-06-08 07:25 43144 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Juniper Terminal Services Client\uninstall.exe
    2010-06-08 07:25 . 2010-06-08 07:25 263536 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe
    2010-06-08 07:25 . 2010-06-08 07:25 13312 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServResource_DE.dll
    2010-06-08 07:25 . 2010-06-08 07:25 11776 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServResource_FR.dll
    2010-06-08 07:25 . 2010-06-08 07:25 11776 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServResource_ES.dll
    2010-06-08 07:25 . 2010-06-08 07:25 6656 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServResource_KO.dll
    2010-06-08 07:25 . 2010-06-08 07:25 6656 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServResource_JA.dll
    2010-06-08 07:25 . 2010-06-08 07:25 4608 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServResource_ZH_CN.dll
    2010-06-08 07:25 . 2010-06-08 07:25 4608 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServResource_ZH.dll
    2010-06-08 07:25 . 2010-06-08 07:25 10752 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServResource_en.dll
    2010-06-08 07:25 . 2010-06-08 07:25 188416 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServProxy.dll
    2010-06-08 07:24 . 2010-06-08 07:24 90112 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServDt.dll
    2010-06-08 07:24 . 2010-06-08 07:24 303104 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Juniper Terminal Services Client\dsWinClient.dll
    2010-06-08 07:24 . 2010-06-08 07:24 24576 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Juniper Terminal Services Client\dsWinClientResource_EN.dll
    2010-06-08 07:24 . 2010-06-08 07:24 45168 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Cache Cleaner 6.5.0\uninstall.exe
    2010-06-08 07:24 . 2010-06-08 07:24 304496 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Cache Cleaner 6.5.0\dsCacheCleaner.exe
    2010-06-08 07:24 . 2010-06-08 07:24 24576 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Cache Cleaner 6.5.0\dsWinClientResource_EN.dll
    2010-06-02 23:46 . 2010-06-02 23:46 50840 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Setup Client\uninstall.exe
    2010-06-02 23:46 . 2010-06-02 23:46 497008 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Setup Client\JuniperSetupClient.exe
    2010-06-02 23:46 . 2010-06-02 23:46 132464 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Setup Client\dsmmf.exe
    2010-06-02 23:46 . 2010-06-02 23:46 230768 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Setup Client\JuniperSetupDLL.dll
    2010-06-02 23:45 . 2010-06-02 23:45 330088 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe
    2010-06-02 23:45 . 2010-06-02 23:45 29696 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Setup Client\setupResource_de.dll
    2010-06-02 23:45 . 2010-06-02 23:45 2560 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Setup Client\dsmmfres_es.dll
    2010-06-02 23:45 . 2010-06-02 23:45 2560 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Setup Client\dsmmfres_de.dll
    2010-06-02 23:45 . 2010-06-02 23:45 3072 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Setup Client\dsmmfres_fr.dll
    2010-06-02 23:45 . 2010-06-02 23:45 2560 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Setup Client\dsmmfres_ko.dll
    2010-06-02 23:45 . 2010-06-02 23:45 2560 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Setup Client\dsmmfres_ja.dll
    2010-06-02 23:45 . 2010-06-02 23:45 2560 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Setup Client\dsmmfres_zh_cn.dll
    2010-06-02 23:45 . 2010-06-02 23:45 2560 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Setup Client\dsmmfres_zh.dll
    2010-06-02 23:45 . 2010-06-02 23:45 23552 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Setup Client\setupResource_zh_cn.dll
    2010-06-02 23:45 . 2010-06-02 23:45 23552 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Setup Client\setupResource_zh.dll
    2010-06-02 23:44 . 2010-06-02 23:44 25088 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Setup Client\setupResource_ko.dll
    2010-06-02 23:44 . 2010-06-02 23:44 29184 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Setup Client\setupResource_fr.dll
    2010-06-02 23:44 . 2010-06-02 23:44 28672 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Setup Client\setupResource_es.dll
    2010-06-02 23:44 . 2010-06-02 23:44 28160 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Setup Client\setupResource_en.dll
    2010-06-02 23:44 . 2010-06-02 23:44 25088 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Setup Client\setupResource_ja.dll
    2010-06-02 23:44 . 2010-06-02 23:44 218232 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\Setup Client\JuniperSetupXP.exe
    2010-06-02 23:44 . 2010-06-02 23:44 62904 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\setup\dsmmf.exe
    2010-06-02 23:44 . 2010-06-02 23:44 116080 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\setup\JuniperSetupClient.exe
    2010-06-02 23:44 . 2010-06-02 23:44 42432 ------r- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\setup\JuniperSetupApp.exe
    2010-06-02 23:44 . 2010-06-02 23:44 116160 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\setup\JuniperSetupDLL.dll
    2010-06-02 23:43 . 2010-06-02 23:43 28672 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\setup\setupResource_zh_cn.dll
    2010-06-02 23:43 . 2010-06-02 23:43 28672 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\setup\setupResource_zh.dll
    2010-06-02 23:43 . 2010-06-02 23:43 28672 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\setup\setupResource_ko.dll
    2010-06-02 23:43 . 2010-06-02 23:43 32768 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\setup\setupResource_fr.dll
    2010-06-02 23:43 . 2010-06-02 23:43 28672 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\setup\setupResource_ja.dll
    2010-06-02 23:43 . 2010-06-02 23:43 32768 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\setup\setupResource_es.dll
    2010-06-02 23:43 . 2010-06-02 23:43 32768 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\setup\setupResource_en.dll
    2010-06-02 23:43 . 2010-06-02 23:43 32768 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\setup\setupResource_de.dll
    2010-06-02 23:43 . 2010-06-02 23:43 12288 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\setup\dsmmfres_zh_cn.dll
    2010-06-02 23:43 . 2010-06-02 23:43 12288 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\setup\dsmmfres_zh.dll
    2010-06-02 23:42 . 2010-06-02 23:42 12288 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\setup\dsmmfres_ko.dll
    2010-06-02 23:42 . 2010-06-02 23:42 12288 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\setup\dsmmfres_ja.dll
    2010-06-02 23:42 . 2010-06-02 23:42 12288 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\setup\dsmmfres_fr.dll
    2010-06-02 23:42 . 2010-06-02 23:42 12288 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\setup\dsmmfres_es.dll
    2010-06-02 23:42 . 2010-06-02 23:42 12288 ----a-w- c:\documents and settings\Peter Blood\Application Data\Juniper Networks\setup\dsmmfres_de.dll
    2010-05-30 13:44 . 2010-05-30 13:44 47216 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-05-27 08:33 . 2010-05-27 08:33 503808 ----a-w- c:\documents and settings\Peter Blood\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-43960e78-n\msvcp71.dll
    2010-05-27 08:33 . 2010-05-27 08:33 499712 ----a-w- c:\documents and settings\Peter Blood\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-43960e78-n\jmc.dll
    2010-05-27 08:33 . 2010-05-27 08:33 348160 ----a-w- c:\documents and settings\Peter Blood\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-43960e78-n\msvcr71.dll
    2010-05-27 08:33 . 2010-05-27 08:33 61440 ----a-w- c:\documents and settings\Peter Blood\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-26c6006f-n\decora-sse.dll
    2010-05-27 08:33 . 2010-05-27 08:33 12800 ----a-w- c:\documents and settings\Peter Blood\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-26c6006f-n\decora-d3d.dll
    2010-03-16 23:16 . 2010-03-16 23:16 563040 ----a-w- c:\program files\googleupdatesetup.exe
    2010-01-22 08:31 . 2010-01-22 08:31 1763080 ----a-w- c:\program files\spamfighter_web.exe
    2010-01-22 03:00 . 2010-01-22 03:00 30909992 ----a-w- c:\program files\avira_antivir_personal_en.exe
    2009-04-14 11:10 . 2009-04-14 11:10 1284432 ----a-w- c:\program files\PCFixerSetup.exe
    2009-04-14 07:17 . 2009-04-14 06:53 2938128 ----a-w- c:\program files\ParetoLogic DriverCure.exe
    2008-07-07 23:37 . 2008-07-07 23:28 202071 ----a-w- c:\program files\RipIt4Me.zip
    2007-08-02 03:51 . 2007-08-02 03:28 14871552 ----a-w- c:\program files\setupeng.exe
    2006-10-08 18:37 . 2006-01-06 02:49 644 ----a-w- c:\program files\Remove_VobBlanker_WindowCoordinates.reg
    2006-10-08 18:37 . 2006-01-06 02:50 402 ----a-w- c:\program files\Remove_VobBlanker_settings.reg
    2006-10-08 18:37 . 2006-01-08 23:27 529883 ----a-w- c:\program files\VobBlanker.chm
    2006-10-08 18:37 . 2006-01-08 23:26 26030 ----a-w- c:\program files\ReadmeVobBlanker.txt
    2006-10-08 18:37 . 2006-01-08 23:36 950354 ----a-w- c:\program files\VobBlanker.exe
    2006-10-08 18:37 . 2002-02-01 19:58 26430 ----a-w- c:\program files\lgpl.txt
    2006-09-05 03:22 . 2006-09-05 03:22 2855080 ----a-w- c:\program files\aawsepersonal.exe
    2004-08-04 10:00 . 2004-08-10 17:51 94784 --sh--w- c:\windows\twain.dll
    2008-04-14 00:12 . 2004-08-10 17:51 50688 --sh--w- c:\windows\twain_32.dll
    2010-05-15 21:45 . 2010-05-15 21:45 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2008-04-14 00:11 . 2004-08-10 17:51 1028096 --sha-w- c:\windows\system32\mfc42.dll
    2008-04-14 00:12 . 2004-08-10 17:51 57344 --sh--w- c:\windows\system32\msvcirt.dll
    2008-04-14 00:12 . 2004-08-10 17:51 413696 --sha-w- c:\windows\system32\msvcp60.dll
    2008-04-14 00:12 . 2004-08-10 17:51 343040 --sha-w- c:\windows\system32\msvcrt.dll
    2008-04-14 00:12 . 2004-08-10 17:51 551936 --sh--w- c:\windows\system32\oleaut32.dll
    2008-04-14 00:12 . 2004-08-10 17:51 84992 --sh--w- c:\windows\system32\olepro32.dll
    2008-04-14 00:12 . 2004-08-10 17:51 11776 --sh--w- c:\windows\system32\regsvr32.exe
    .

    ------- Sigcheck -------

    [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
    [-] 2008-04-13 18:40 . C007FD0F471E9F72F8609A03CFBF9A72 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
    [-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
    [-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

    [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
    [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
    [-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

    [-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

    [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
    [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
    [-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

    [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
    [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
    [-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

    [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
    [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
    [-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
    [-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
    [-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys

    [-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

    [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
    [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
    [-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

    [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
    [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
    [-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

    [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
    [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
    [-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
    [-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
    [-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
    [-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

    [-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
    [-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
    [-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
    [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
    [-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

    [-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
    [-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
    [-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
    [-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

    [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
    [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
    [-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

    [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
    [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
    [-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

    [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\ERDNT\cache\kernel32.dll
    [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
    [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
    [-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
    [-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
    [-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
    [-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
    [-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
    [-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
    [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
    [-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll

    [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
    [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
    [-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
    [-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
    [-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

    [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
    [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
    [-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

    [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
    [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
    [-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll

    [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
    [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
    [-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

    [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
    [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
    [-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

    [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
    [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
    [-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

    [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
    [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
    [-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

    [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
    [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
    [-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

    [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
    [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
    [-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
    [-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
    [-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

    [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
    [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
    [-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
    [-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
    [-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
    [-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
    [-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

    [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
    [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
    [-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

    [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
    [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
    [-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

    [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
    [-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
    [-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll

    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
    [-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
    [-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

    [-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
    [-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
    [-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
    [-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
    [-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
    [-] 2005-04-28 . 5950E4F28FDA9D147576BF6798937397 . 1285120 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\ole32.dll
    [-] 2004-08-04 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\ole32.dll

    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
    [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
    [-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
    [-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
    [-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

    [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
    [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
    [-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
    [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    [-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

    [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
    [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
    [-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

    [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
    [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
    [-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
    [-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
    [-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

    [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
    [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
    [-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

    [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
    [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
    [-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

    [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
    [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
    [-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

    [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
    [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
    [-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

    [-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

    [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
    [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
    [-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
    [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
    [-] 2004-08-04 03:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
    [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
    [-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys

    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
    [-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

    [-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
    [-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
    [-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
    [-] 2004-08-04 10:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
    [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
    [-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

    [-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\ERDNT\cache\mspmsnsv.dll
    [-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
    [-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
    [-] 2004-09-15 17:27 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
    [-] 2004-09-15 17:27 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
    [-] 2004-08-04 10:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

    [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
    [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
    [-] 2004-08-04 10:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

    [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
    [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
    [-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
    [-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
    [-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll

    [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
    [-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
    [-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll

    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
    [-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll

    [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
    [-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
    [-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll

    [-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
    [-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
    [-] 2004-08-04 10:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll

    [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
    [-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
    [-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SPAMfighter Agent "= "c:\program files\SPAMfighter\SFAgent.exe" [2009-08-27 336520]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Auto Detect.lnk - c:\program files\iConcepts Music Express\MEAutoDetect.exe [2009-12-7 374104]
    SMCWUSB-G 802.11g Wireless USB Utility.lnk - c:\program files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe [2006-6-26 610304]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe "=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "57649:TCP "= 57649:TCP:pando Media Booster
    "57649:UDP "= 57649:UDP:pando Media Booster

    R0 IABFilt;Iomega Snapshot Volume Filter;c:\windows\system32\drivers\IABFilt.sys [8/30/2006 1:57 AM 19328]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/20/2010 4:19 AM 108289]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [8/27/2009 10:24 AM 189064]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
    R3 ZD1211BU(Atheros);Atheros ZD1211B IEEE 802.11 Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.sys [4/11/2008 9:52 PM 722432]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/5/2010 8:39 AM 135664]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

    2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-05 12:38]

    2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-05 12:38]

    2010-08-21 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

    2010-08-20 c:\windows\Tasks\ParetoLogic Registration.job
    - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

    2010-08-21 c:\windows\Tasks\ParetoLogic Update Version2.job
    - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

    2010-08-21 c:\windows\Tasks\User_Feed_Synchronization-{FB35A960-ABD3-46EE-8396-863BD85AE319}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = news.yahoo.com/
    uInternet Connection Wizard,ShellNext = iexplore
    IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,77,65,62,5c,72,65,6c-,61,74,65,64,2e,68,74,6d,00
    Trusted Zone: westat.com\email
    Trusted Zone: westat.com\remoteuser
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    FF - ProfilePath - c:\documents and settings\Peter Blood\Application Data\Mozilla\Firefox\Profiles\7r40gixp.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
    FF - prefs.js: browser.startup.homepage - hxxp://news.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----

    FF - user.js: browser.tabs.warnOnClose - true
    FF - user.js: dom.max_script_run_time - 10
    FF - user.js: dom.max_chrome_script_run_time - 20c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-21 16:39
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2010-08-21 16:48:43
    ComboFix-quarantined-files.txt 2010-08-21 20:48
    ComboFix2.txt 2010-08-21 08:03

    Pre-Run: 37,042,032,640 bytes free
    Post-Run: 37,019,832,320 bytes free

    - - End Of File - - 2476F3A29F58132456AF80B4D5BF9094
     
    Unsprung,
    #21
  2. 2010/08/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good :)

    How is computer doing at the moment?

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start> "Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall "
    Click OK (Vista users - press Enter).
    Restart computer.

    ==============================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #22


  3. to hide this advert.

  4. 2010/08/21
    Unsprung

    Unsprung Inactive Thread Starter

    Joined:
    2010/02/21
    Messages:
    31
    Likes Received:
    0
    I was not able to uninstall Combofix. It couldn't find it. I had changed the name to "junk" but when I typed in Junk /uninstall it could not find junk either. Can I just delete the combofix and junk files from my machine?
     
    Unsprung,
    #23
  5. 2010/08/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Delete Combofix manually....
    Delete Combofix, Qoobox folders,and Combofix.txt file from C:
     
    broni,
    #24
  6. 2010/08/22
    Unsprung

    Unsprung Inactive Thread Starter

    Joined:
    2010/02/21
    Messages:
    31
    Likes Received:
    0
    I am getting popups now telling me that my firewall is down and urging me to click on my windows secuity center to make changes. This is bogus right? I have ignored it so far.

    Here are the results:

    OTL logfile created on: 8/22/2010 1:32:14 AM - Run 1
    OTL by OldTimer - Version 3.2.10.0 Folder = C:\
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    254.00 Mb Total Physical Memory | 73.00 Mb Available Physical Memory | 29.00% Memory free
    1,009.00 Mb Paging File | 553.00 Mb Available in Paging File | 55.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 108.59 Gb Total Space | 34.53 Gb Free Space | 31.80% Space Free | Partition Type: NTFS
    Drive D: | 37.24 Gb Total Space | 12.19 Gb Free Space | 32.73% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: OFFICE
    Current User Name: Peter Blood
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/08/22 01:28:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
    PRC - [2010/07/25 14:21:08 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2009/08/27 10:24:06 | 000,189,064 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\SPAMfighter\sfus.exe
    PRC - [2009/08/27 10:23:46 | 001,192,584 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\SPAMfighter\SPAMCFG.exe
    PRC - [2009/08/27 10:23:44 | 000,336,520 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\SPAMfighter\SFAgent.exe
    PRC - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
    PRC - [2006/06/26 16:35:46 | 000,610,304 | ---- | M] () -- C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/08/22 01:28:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
    MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (KodakCCS)
    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2009/08/27 10:24:06 | 000,189,064 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files\SPAMfighter\sfus.exe -- (SPAMfighter Update Service)
    SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
    SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
    SRV - [2005/09/29 05:02:26 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcfcoms.exe -- (dlcf_device)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\PETERB~1\LOCALS~1\Temp\mbr.sys -- (mbr)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\PETERB~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/03/21 04:35:55 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2008/12/31 09:59:13 | 000,024,872 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
    DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/04/11 21:52:08 | 000,722,432 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(Atheros)) Atheros ZD1211B IEEE 802.11 Wireless LAN Driver (USB)(Atheros)
    DRV - [2006/08/24 10:20:05 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
    DRV - [2004/11/04 16:11:10 | 000,019,328 | R--- | M] (Iomega) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\IABFilt.sys -- (IABFilt)
    DRV - [2004/10/25 14:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
    DRV - [2004/09/17 15:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
    DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2003/11/17 22:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2003/11/17 22:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2003/11/17 22:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
    DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = news.yahoo.com/
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search "
    FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search "
    FF - prefs.js..browser.startup.homepage: "http://news.yahoo.com/ "
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
    FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= "


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/20 08:07:28 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/25 14:21:16 | 000,000,000 | ---D | M]

    [2010/03/14 00:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Blood\Application Data\Mozilla\Extensions
    [2010/08/21 08:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Blood\Application Data\Mozilla\Firefox\Profiles\7r40gixp.default\extensions
    [2010/07/27 03:58:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Peter Blood\Application Data\Mozilla\Firefox\Profiles\7r40gixp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/04/16 22:30:27 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\Peter Blood\Application Data\Mozilla\Firefox\Profiles\7r40gixp.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
    [2010/05/16 00:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Blood\Application Data\Mozilla\Firefox\Profiles\7r40gixp.default\extensions\support@ancestry.com
    [2010/08/21 08:55:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010/08/21 16:39:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [SPAMfighter Agent] C:\Program Files\SPAMfighter\SFAgent.exe (SPAMfighter ApS)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SMCWUSB-G 802.11g Wireless USB Utility.lnk = C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - File not found
    O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: westat.com ( https in Trusted sites)
    O15 - HKCU\..Trusted Domains: westat.com ([remoteuser] https in Trusted sites)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1268549441218 (MUCatalogWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Peter Blood\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Peter Blood\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/12/26 08:45:16 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2009/03/27 16:05:18 | 000,052,552 | ---- | M] () - D:\AutoScale.dll -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found

    Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec_dec.dll (3ivx Technologies Pty. Ltd.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
    Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
    Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
    Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
    Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (56871556046913536)

    [color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]

    [2010/08/22 01:29:45 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
    [2010/08/21 20:39:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/08/21 04:50:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Peter Blood\Recent
    [2010/08/17 00:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Blood\Local Settings\Application Data\WinZip
    [2010/07/17 07:13:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Blood\My Documents\New Folder
    [2010/07/17 07:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Blood\My Documents\My Music
    [2010/07/05 04:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Blood\My Documents\Dungeons and Dragons Online
    [2010/07/05 04:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Blood\Application Data\Turbine
    [2010/07/05 04:25:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Blood\Local Settings\Application Data\Turbine
    [2010/07/04 15:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Blood\Desktop\DDO high res install files
    [2010/07/03 17:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Blood\Desktop\DDO standard res install files
    [2010/07/03 16:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Blood\Local Settings\Application Data\PMB Files
    [2010/07/03 08:49:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Peter Blood\My Documents\My Pictures
    [2010/06/29 16:23:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Blood\My Documents\Downloads
    [2010/06/22 19:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2010/06/22 19:47:56 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
    [2010/06/21 18:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\New Folder
    [2010/06/20 23:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
    [2010/06/19 07:29:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2010/06/03 16:38:53 | 000,000,000 | ---D | C] -- C:\c4f203249bed3118c653455906
    [2010/05/27 00:19:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Blood\New Folder (2)
    [2010/05/24 07:17:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{1EA2C7B4-2EAA-4644-8506-BB70DD984779}
    [2010/05/24 07:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
    [2010/05/24 07:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Blood\Vado Folder
    [2010/03/16 19:16:27 | 000,563,040 | ---- | C] (Google Inc.) -- C:\Program Files\googleupdatesetup.exe
    [2010/01/22 04:31:41 | 001,763,080 | ---- | C] (SPAMfighter ApS) -- C:\Program Files\spamfighter_web.exe
    [2009/04/14 02:53:02 | 002,938,128 | ---- | C] (ParetoLogic Inc.) -- C:\Program Files\ParetoLogic DriverCure.exe
    [2006/08/24 09:56:50 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfserv.dll
    [2006/08/24 09:56:50 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfusb1.dll
    [2006/08/24 09:56:50 | 000,770,048 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfhbn3.dll
    [2006/08/24 09:56:50 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcomc.dll
    [2006/08/24 09:56:50 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfpmui.dll
    [2006/08/24 09:56:50 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcflmpm.dll
    [2006/08/24 09:56:50 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcomm.dll
    [2006/08/24 09:56:50 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfprox.dll
    [2006/08/24 09:56:50 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfpplc.dll

    [color=#E56717]========== Files - Modified Within 90 Days ==========[/color]

    [2010/08/22 01:28:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
    [2010/08/22 01:22:13 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/08/22 00:50:48 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/08/22 00:47:47 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FB35A960-ABD3-46EE-8396-863BD85AE319}.job
    [2010/08/22 00:40:31 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/08/22 00:40:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/08/22 00:40:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/08/22 00:40:14 | 266,391,552 | -HS- | M] () -- C:\hiberfil.sys
    [2010/08/21 21:00:07 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Peter Blood\ntuser.ini
    [2010/08/21 21:00:06 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\Peter Blood\ntuser.dat
    [2010/08/21 20:59:27 | 010,184,270 | -H-- | M] () -- C:\Documents and Settings\Peter Blood\Local Settings\Application Data\IconCache.db
    [2010/08/21 18:00:01 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
    [2010/08/21 16:40:02 | 000,000,243 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/08/21 16:39:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/08/21 15:52:21 | 000,001,647 | ---- | M] () -- C:\WINDOWS\RootsMagic.INI
    [2010/08/21 00:33:17 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
    [2010/08/20 10:34:40 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/08/16 14:11:38 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Peter Blood\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2010/08/16 07:01:57 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\Peter Blood\My Documents\spider.sav
    [2010/08/15 19:47:01 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Peter Blood\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/15 07:33:43 | 000,206,512 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/08/15 05:00:02 | 000,532,526 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/08/15 05:00:02 | 000,463,510 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/08/15 05:00:02 | 000,078,786 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/08/14 07:13:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/07/23 11:15:56 | 000,007,420 | ---- | M] () -- C:\Spear Odysser Repair Estimate.pdf
    [2010/07/21 07:28:30 | 004,695,040 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
    [2010/07/21 07:28:30 | 002,630,656 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
    [2010/07/14 03:01:51 | 000,001,124 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/07/04 20:50:37 | 000,001,716 | ---- | M] () -- C:\Documents and Settings\Peter Blood\Desktop\DDO Unlimited.lnk
    [2010/06/26 07:30:04 | 000,000,452 | ---- | M] () -- C:\Documents and Settings\Peter Blood\spider.sav
    [2010/05/30 09:44:58 | 000,047,216 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/05/27 12:53:33 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010/05/25 17:52:20 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET

    [color=#E56717]========== Files Created - No Company Name ==========[/color]

    [2010/07/23 11:15:56 | 000,007,420 | ---- | C] () -- C:\Spear Odysser Repair Estimate.pdf
    [2010/07/16 18:21:06 | 000,000,372 | ---- | C] () -- C:\Documents and Settings\Peter Blood\My Documents\spider.sav
    [2010/07/04 20:50:37 | 000,001,716 | ---- | C] () -- C:\Documents and Settings\Peter Blood\Desktop\DDO Unlimited.lnk
    [2010/06/20 23:26:40 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/05/30 09:44:58 | 000,047,216 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/05/27 12:53:31 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk
    [2010/05/15 17:45:18 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2010/03/12 17:39:53 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Peter Blood\Local Settings\Application Data\housecall.guid.cache
    [2010/03/09 19:56:40 | 000,012,680 | -HS- | C] () -- C:\Documents and Settings\Peter Blood\Local Settings\Application Data\qP17DtiM1x57HqX6JP1KhwPvl24G1b
    [2010/03/09 09:05:02 | 000,010,208 | -HS- | C] () -- C:\Documents and Settings\Peter Blood\Local Settings\Application Data\o7yIC10ETb
    [2010/03/08 20:10:07 | 000,010,634 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\o7yIC10ETb
    [2010/03/08 19:37:07 | 000,009,694 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\o7yIC10ETb
    [2010/03/02 00:56:19 | 000,009,698 | -HS- | C] () -- C:\Documents and Settings\Peter Blood\Local Settings\Application Data\S7L2
    [2010/03/02 00:55:54 | 000,007,056 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\S7L2
    [2010/01/21 23:00:02 | 030,909,992 | ---- | C] () -- C:\Program Files\avira_antivir_personal_en.exe
    [2009/05/24 07:28:21 | 000,000,057 | ---- | C] () -- C:\WINDOWS\EntPack.ini
    [2009/04/14 07:10:05 | 001,284,432 | ---- | C] () -- C:\Program Files\PCFixerSetup.exe
    [2008/12/16 07:26:04 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
    [2008/12/09 19:50:04 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
    [2008/07/07 19:28:33 | 000,202,071 | ---- | C] () -- C:\Program Files\RipIt4Me.zip
    [2008/06/05 21:36:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/05/16 08:04:57 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2008/03/28 19:25:24 | 000,000,097 | ---- | C] () -- C:\WINDOWS\CR.ini
    [2007/10/24 22:50:13 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
    [2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2007/08/26 22:45:44 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib_dec.dll
    [2007/08/03 19:15:33 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
    [2007/08/01 23:28:45 | 014,871,552 | ---- | C] () -- C:\Program Files\setupeng.exe
    [2007/07/26 23:05:59 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Peter Blood\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/07/22 14:15:59 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\SMACKW32.DLL
    [2007/07/22 14:15:59 | 000,025,266 | ---- | C] () -- C:\WINDOWS\System32\SMACKW16.DLL
    [2007/06/16 07:34:33 | 000,000,231 | ---- | C] () -- C:\WINDOWS\qtw.ini
    [2007/06/15 17:54:24 | 000,000,059 | ---- | C] () -- C:\WINDOWS\LTDLG13N.INI
    [2007/05/26 10:53:26 | 000,000,404 | ---- | C] () -- C:\WINDOWS\KA.INI
    [2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
    [2007/01/07 04:36:07 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Peter Blood\Application Data\PFP120JPR.{PB
    [2007/01/07 04:36:07 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Peter Blood\Application Data\PFP120JCM.{PB
    [2006/12/16 15:16:31 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\SH22W16.DLL
    [2006/12/16 15:16:31 | 000,004,512 | ---- | C] () -- C:\WINDOWS\hmew.dll
    [2006/12/16 15:16:31 | 000,000,259 | ---- | C] () -- C:\WINDOWS\CHICKA.INI
    [2006/10/17 18:31:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2006/09/30 13:20:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
    [2006/09/26 22:49:39 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Peter Blood\Application Data\dvd.bmk
    [2006/09/20 21:09:26 | 000,000,058 | ---- | C] () -- C:\WINDOWS\kodakPS.Peter Blood.ini
    [2006/09/04 23:22:25 | 002,855,080 | ---- | C] () -- C:\Program Files\aawsepersonal.exe
    [2006/09/02 18:43:01 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Peter Blood\Local Settings\Application Data\fusioncache.dat
    [2006/09/01 17:35:21 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2006/08/30 01:47:32 | 000,001,647 | ---- | C] () -- C:\WINDOWS\RootsMagic.INI
    [2006/08/24 10:34:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/08/24 10:27:06 | 000,000,419 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/08/24 10:23:50 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
    [2006/08/24 09:56:50 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcfutil.dll
    [2006/08/24 09:56:50 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\dlcfinsb.dll
    [2006/08/24 09:56:50 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcfins.dll
    [2006/08/24 09:56:50 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcfjswr.dll
    [2006/08/24 09:56:50 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcfinsr.dll
    [2006/08/24 09:56:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcfcub.dll
    [2006/08/24 09:56:50 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcfcu.dll
    [2006/08/24 09:56:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcfcfg.dll
    [2006/08/24 09:56:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcfvs.dll
    [2006/08/24 09:56:50 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcfcur.dll
    [2006/08/24 09:56:12 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
    [2006/08/24 09:56:10 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2006/01/08 19:36:54 | 000,950,354 | ---- | C] () -- C:\Program Files\VobBlanker.exe
    [2006/01/08 19:27:22 | 000,529,883 | ---- | C] () -- C:\Program Files\VobBlanker.chm
    [2006/01/08 19:26:34 | 000,026,030 | ---- | C] () -- C:\Program Files\ReadmeVobBlanker.txt
    [2006/01/05 22:50:30 | 000,000,402 | ---- | C] () -- C:\Program Files\Remove_VobBlanker_settings.reg
    [2006/01/05 22:49:50 | 000,000,644 | ---- | C] () -- C:\Program Files\Remove_VobBlanker_WindowCoordinates.reg
    [2005/11/10 09:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/08/31 13:11:14 | 000,000,442 | ---- | C] () -- C:\WINDOWS\System32\dlcfplc.ini
    [2005/07/12 15:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
    [2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/08/10 13:51:35 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
    [2004/08/10 13:51:35 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
    [2004/08/10 13:51:35 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
    [2004/08/10 13:51:35 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
    [2004/08/10 13:51:35 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
    [2004/08/03 23:59:44 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
    [2004/03/23 17:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
    [2002/02/01 15:58:02 | 000,026,430 | ---- | C] () -- C:\Program Files\lgpl.txt
    [2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
    [1997/07/11 00:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
    [1997/07/11 00:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

    [color=#E56717]========== LOP Check ==========[/color]

    [2010/03/20 08:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\a67f8
    [2010/01/23 22:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
    [2010/05/22 11:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/01/22 00:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
    [2009/06/19 01:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
    [2007/12/02 00:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
    [2008/11/03 06:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
    [2009/04/14 03:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
    [2010/07/04 16:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
    [2010/03/13 07:47:26 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\SGLUXHZYLD
    [2008/12/16 07:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
    [2009/11/25 23:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2007/01/27 11:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2010/06/22 19:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2010/05/24 07:17:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{1EA2C7B4-2EAA-4644-8506-BB70DD984779}
    [2009/12/26 18:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/11/25 23:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Blood\Application Data\Any DVD Shrink
    [2009/05/25 10:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Blood\Application Data\Digital Support
    [2009/04/14 03:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Blood\Application Data\DriverCure
    [2009/12/20 13:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Blood\Application Data\gtopala
    [2007/08/07 03:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Blood\Application Data\InterTrust
    [2009/12/26 18:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Blood\Application Data\Iomega Automatic Backup Pro
    [2010/07/21 06:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Blood\Application Data\Juniper Networks
    [2006/08/30 00:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Blood\Application Data\Leadertech
    [2009/10/17 22:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Blood\Application Data\OverDrive
    [2008/07/07 20:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Blood\Application Data\RipIt4Me
    [2010/03/13 23:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Blood\Application Data\Smilebox
    [2010/01/22 02:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Blood\Application Data\SPAMfighter
    [2010/07/05 04:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Blood\Application Data\Turbine
    [2007/02/10 23:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Blood\Application Data\Viewpoint
    [2009/08/22 07:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Blood\Application Data\Windows Desktop Search
    [2009/08/23 16:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Blood\Application Data\Windows Search
    [2010/08/22 00:50:48 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    [2010/08/21 18:00:01 | 000,000,454 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
    [2010/08/21 00:33:17 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
    [2010/08/22 00:47:47 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FB35A960-ABD3-46EE-8396-863BD85AE319}.job

    [color=#E56717]========== Purity Check ==========[/color]



    [color=#E56717]========== Custom Scans ==========[/color]


    [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
    [2009/09/05 13:12:53 | 007,769,488 | ---- | M] (Hewlett Packard) -- C:\5600_enu_win2k_xpinfu.exe
    [2010/02/22 14:19:13 | 000,293,376 | ---- | M] () -- C:\6932ts5i.exe
    [2009/02/08 04:17:27 | 001,606,984 | ---- | M] () -- C:\9DragonsDownloader0982.exe
    [2009/09/04 19:32:25 | 000,034,716 | ---- | M] () -- C:\aaw7boot.log
    [2009/06/16 07:09:23 | 037,452,296 | ---- | M] (Lavasoft ) -- C:\Ad-AwareAE.exe
    [2009/10/25 08:20:50 | 003,944,592 | ---- | M] ( ) -- C:\asse215.exe
    [2008/12/26 08:45:16 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/03/11 16:07:23 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/05/27 12:53:33 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [1992/09/07 00:00:00 | 000,001,264 | ---- | M] () -- C:\bounce.wav
    [2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2008/02/16 17:19:15 | 000,000,611 | ---- | M] () -- C:\cookbook.log
    [2010/02/21 09:34:56 | 000,524,288 | ---- | M] () -- C:\dds.scr
    [2006/08/24 10:00:00 | 000,005,647 | RH-- | M] () -- C:\dell.sdr
    [2010/08/22 00:41:34 | 000,311,745 | ---- | M] () -- C:\dlcf.log
    [2010/03/25 01:08:41 | 003,056,320 | ---- | M] (Turbine, Inc. ) -- C:\dndsetup.exe
    [2009/03/29 06:57:35 | 001,094,021 | ---- | M] () -- C:\dvdshrink32setup.zip
    [2007/07/26 23:15:38 | 002,266,952 | ---- | M] (Indigo Rose Corporation http://www.indigorose.com) -- C:\Free-Evidence-Scan.exe
    [1992/09/07 00:00:00 | 000,001,422 | ---- | M] () -- C:\gap.wav
    [2010/08/17 01:57:19 | 000,003,764 | ---- | M] () -- C:\gmerlog.log
    [2010/03/05 08:40:44 | 000,569,520 | ---- | M] (Google Inc.) -- C:\GoogleEarthPluginSetup.exe
    [2010/08/22 00:40:14 | 266,391,552 | -HS- | M] () -- C:\hiberfil.sys
    [2010/02/22 19:56:27 | 000,007,823 | ---- | M] () -- C:\hijackthis.log
    [2010/08/22 01:31:51 | 000,177,023 | ---- | M] () -- C:\hpfr5600.log
    [2003/06/19 19:10:59 | 000,000,173 | ---- | M] () -- C:\hpsfx.ini
    [2009/05/23 01:12:26 | 000,000,132 | ---- | M] () -- C:\httpdwl.dat
    [2006/09/01 00:56:11 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2007/12/02 00:47:33 | 000,000,429 | ---- | M] () -- C:\InstallHelper.log
    [2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2006/08/24 10:20:22 | 000,000,838 | -H-- | M] () -- C:\IPH.PH
    [2010/03/15 11:08:50 | 000,014,295 | ---- | M] () -- C:\JavaRa.log
    [1992/09/07 02:00:00 | 000,049,664 | ---- | M] () -- C:\JEZZBALL.EXE
    [1998/10/25 15:54:26 | 000,008,628 | -H-- | M] () -- C:\JEZZBALL.GID
    [1992/09/07 02:00:00 | 000,017,963 | ---- | M] () -- C:\JEZZBALL.HLP
    [1992/09/07 00:00:00 | 000,005,638 | ---- | M] () -- C:\jezzdead.wav
    [2007/09/15 14:09:35 | 000,006,849 | ---- | M] () -- C:\kifmRock__n_Bounce_Ponty-resized200.gif
    [2010/08/16 14:11:42 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2010/08/16 14:41:03 | 000,000,983 | ---- | M] () -- C:\mbam-log-2010-08-16 (14-40-09).txt
    [2010/02/22 08:10:02 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
    [2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/11/09 19:26:57 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/08/22 01:28:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
    [2006/02/05 01:12:52 | 003,424,256 | ---- | M] () -- C:\outlook2005.pst
    [2010/08/22 00:40:13 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
    [2009/09/05 08:58:50 | 000,000,000 | ---- | M] () -- C:\pcconf.ini
    [2009/09/05 08:58:59 | 000,000,000 | ---- | M] () -- C:\pcwords.dat
    [2009/09/05 08:58:59 | 000,000,000 | ---- | M] () -- C:\pcwords2.dat
    [2009/09/05 08:58:59 | 000,000,000 | ---- | M] () -- C:\pc_sign.slf
    [2010/05/25 17:52:20 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
    [2009/02/08 04:25:45 | 000,000,204 | ---- | M] () -- C:\Plugins
    [2010/03/13 07:47:42 | 000,001,656 | ---- | M] () -- C:\Security Guard.lnk
    [2009/09/05 17:36:49 | 000,000,952 | ---- | M] () -- C:\sfx.log
    [2009/12/20 13:36:47 | 001,565,796 | ---- | M] () -- C:\siw.zip.zip
    [2010/07/23 11:15:56 | 000,007,420 | ---- | M] () -- C:\Spear Odysser Repair Estimate.pdf
    [2009/12/29 09:00:18 | 003,590,065 | ---- | M] () -- C:\sysdump.html
    [2009/12/29 09:00:18 | 000,339,968 | ---- | M] () -- C:\sysdump.tar
    [2009/12/29 09:00:18 | 000,277,091 | ---- | M] () -- C:\sysdump.txt
    [2006/08/24 10:20:30 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
    [2006/08/31 21:37:00 | 000,115,974 | ---- | M] () -- C:\VolEdit.ini.log
    [1992/09/07 02:00:00 | 000,019,408 | ---- | M] () -- C:\WEP4UTIL.DLL
    [1992/09/07 00:00:00 | 000,001,512 | ---- | M] () -- C:\wipe.wav
    [2006/08/30 02:09:32 | 000,000,194 | -HS- | M] () -- C:\__IOM_DEVLIB__.__ATTRIBUTES__

    [color=#A23BEC]< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >[/color]
    [2005/09/29 19:28:54 | 000,073,728 | ---- | M] (Dell, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlcfPP5C.DLL
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

    [color=#A23BEC]< %systemroot%\system32\*.wt >[/color]

    [color=#A23BEC]< %systemroot%\system32\*.ruy >[/color]

    [color=#A23BEC]< %systemroot%\Fonts\*.com >[/color]
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    [color=#A23BEC]< %systemroot%\Fonts\*.dll >[/color]

    [color=#A23BEC]< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >[/color]

    [color=#A23BEC]< %systemroot%\*. /mp /s >[/color]


    [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]

    [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

    [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
    [2004/08/10 13:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2004/08/10 13:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2004/08/10 13:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    [color=#A23BEC]< %systemroot%\system32\user32.dll /md5 >[/color]
    [2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

    [color=#A23BEC]< %systemroot%\system32\ws2_32.dll /md5 >[/color]
    [2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

    [color=#A23BEC]< %systemroot%\system32\ws2help.dll /md5 >[/color]
    [2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

    [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]

    [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >[/color]

    [color=#E56717]========== Alternate Data Streams ==========[/color]

    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18B7103A
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:264B2CC4
    < End of report >
     
    Unsprung,
    #25
  7. 2010/08/22
    Unsprung

    Unsprung Inactive Thread Starter

    Joined:
    2010/02/21
    Messages:
    31
    Likes Received:
    0
    And here is the other one:

    OTL Extras logfile created on: 8/22/2010 1:32:14 AM - Run 1
    OTL by OldTimer - Version 3.2.10.0 Folder = C:\
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    254.00 Mb Total Physical Memory | 73.00 Mb Available Physical Memory | 29.00% Memory free
    1,009.00 Mb Paging File | 553.00 Mb Available in Paging File | 55.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 108.59 Gb Total Space | 34.53 Gb Free Space | 31.80% Space Free | Partition Type: NTFS
    Drive D: | 37.24 Gb Total Space | 12.19 Gb Free Space | 32.73% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: OFFICE
    Current User Name: Peter Blood
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- Reg Error: Key error. File not found
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "57649:TCP" = 57649:TCP:*:Enabled:pando Media Booster
    "57649:UDP" = 57649:UDP:*:Enabled:pando Media Booster

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
    "57649:TCP" = 57649:TCP:*:Enabled:pando Media Booster
    "57649:UDP" = 57649:UDP:*:Enabled:pando Media Booster

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
    "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
    "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
    "{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
    "{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
    "{162D2FB8-60A3-4871-B6A1-5C744CD34FF5}" = 725plc32
    "{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
    "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
    "{2C658A49-5C53-46CE-A3D6-150AA0E91101}" = RootsMagic 2.0
    "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
    "{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
    "{48FCCE4F-9D37-41BA-92C1-17BF5CFAA347}" = hp officejet v series
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{51661BCF-F22A-11D4-82B4-00500494EF5C}" = KODAK Picture Software
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
    "{5FC4811E-29F4-4035-9274-43A16816152D}" = ArcSoft Funhouse 1.0
    "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
    "{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
    "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
    "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
    "{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}" = ArcSoft PhotoImpression 4
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
    "{6ABAF1E2-BEB6-4C32-BD9F-0CA733EE7453}" = Iomega Automatic Backup Pro
    "{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
    "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
    "{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77FCC1D4-E78E-46A4-80A6-7F456FA9AC90}" = Finding Nemo: Nemo's Underwater World of Fun Special Edition
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{802C87BF-3A1E-45B0-8C12-9527A5C572B3}" = SMCWUSB-G 802.11g Wireless USB 2.0 Adapter
    "{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
    "{884CE4D3-71D7-494A-8206-1317201AAE04}" = KODAK Camera Connection Software Help
    "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
    "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
    "{90120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
    "{90260409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Web Components
    "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A8F1CA0-9085-11D4-B869-0050DA73F204}" = KODAK Memory Albums
    "{9D0877F9-A38B-4211-AE7A-67CFC5559595}" = Creative Vado Codec
    "{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
    "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A59E259E-5F1A-4F8F-A3DA-356137BE37F6}" = AncestryView
    "{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
    "{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
    "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
    "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
    "{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
    "{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
    "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
    "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
    "{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
    "{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
    "{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
    "{C08C47C2-E9EF-4357-B8FD-AD90FD2EF791}" = Family History Resource File Viewer 4.0
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C1121C1F-1962-4A23-B2C2-B9515C837179}" = OverDrive Media Console
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
    "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
    "{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{F20B086F-FB4B-4788-AAC2-AFABA378AD1E}" = SPAMfighter
    "{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
    "{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
    "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
    "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
    "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
    "{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
    "01-mp3search" = 01-mp3search 4.0
    "15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.12.00.803
    "3ivx MPEG-4 5.0.1 Decoder" = 3ivx MPEG-4 5.0.1 Decoder (remove only)
    "Adobe Acrobat 5.0" = Adobe Acrobat 5.0
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AncestryView" = AncestryView
    "Any DVD Shrink_is1" = Any DVD Shrink 1.1.8
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "Bde" = Bde
    "Busytown" = Busytown Uninstall
    "CCleaner" = CCleaner
    "Clifford Reading" = Clifford Reading
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Cookbook1.0" = The Complete Interactive Cookbook
    "Creative Vado Codec" = Creative Vado Codec
    "Dell Color Printer 725" = Dell Color Printer 725
    "Digital Support" = PC Fixer
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVD Shrink_is1" = DVD Shrink 3.2
    "DVDFab Decrypter_is1" = DVDFab Decrypter 2.9.8.3
    "Easy Bake Kitchen" = Easy Bake Kitchen
    "Family History Library Catalog" = Family History Library Catalog
    "Google Chrome" = Google Chrome
    "HijackThis" = HijackThis 2.0.2
    "hp deskjet 5600 series_Driver" = hp deskjet 5600 series
    "HP Photo Printing Software" = HP Photo Printing Software
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
    "InstallShield_{77FCC1D4-E78E-46A4-80A6-7F456FA9AC90}" = Finding Nemo: Nemo's Underwater World of Fun Special Edition
    "InstallShield_{802C87BF-3A1E-45B0-8C12-9527A5C572B3}" = SMCWUSB-G 802.11g Wireless USB 2.0 Adapter
    "InterActual Player" = InterActual Player
    "JSKR_1.0" = JumpStart Kindergarten Reading v1.0
    "Julie Saves the Eagles" = Julie Saves the Eagles (remove only)
    "Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mia2" = Mia2
    "MiaMath" = MiaMath
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "My Little CD Tots" = My Little CD Tots
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Photags Music Express" = iConcepts Music Express
    "PROSet" = Intel(R) PRO Network Adapters and Drivers
    "RealPlayer 6.0" = RealPlayer Basic
    "SPAMfighter" = SPAMfighter
    "StreetPlugin" = Learn2 Player (Uninstall Only)
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "World Explorer 2.0" = World Explorer 2.0
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Juniper_Networks_Cache_Cleaner 6.4.0" = Juniper Networks Cache Cleaner 6.4.0
    "Juniper_Networks_Cache_Cleaner 6.5.0" = Juniper Networks Cache Cleaner 6.5.0
    "Juniper_Setup_Client" = Juniper Networks Setup Client
    "Juniper_Term_Services" = Juniper Terminal Services Client
    "Smilebox" = Hallmark Smilebox

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 8/16/2010 2:06:08 PM | Computer Name = OFFICE | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 1.9.2.3855, faulting
    module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

    Error - 8/16/2010 2:41:53 PM | Computer Name = OFFICE | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 1.9.2.3855, faulting
    module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

    Error - 8/18/2010 8:50:10 AM | Computer Name = OFFICE | Source = Microsoft Office 10 | ID = 1000
    Description = Faulting application winword.exe, version 10.0.6864.0, faulting module
    mso.dll, version 10.0.6858.0, fault address 0x0002317f.

    Error - 8/19/2010 1:23:14 AM | Computer Name = OFFICE | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 1.9.2.3855, faulting
    module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

    Error - 8/19/2010 4:33:15 AM | Computer Name = OFFICE | Source = Avira AntiVir | ID = 4118
    Description = EXCEPTION calling function <Scan> for the file C:\Broni\ERUNT.cfxxe

    [ACCESS_VIOLATION Exception!! EIP = 0x15e9ad9] Please inform Avira and submit the
    appropriate file!

    Error - 8/19/2010 5:08:14 AM | Computer Name = OFFICE | Source = WinDefendRtp | ID = 3003
    Description = %%827 Real-Time Protection checkpoint has encountered an error and
    failed to start. User: OFFICE\Peter Blood Checkpoint ID: 1 Error Code: 0x80070005 Error
    description: Access is denied.

    Error - 8/19/2010 5:08:18 AM | Computer Name = OFFICE | Source = WinDefendRtp | ID = 3003
    Description = %%827 Real-Time Protection checkpoint has encountered an error and
    failed to start. User: OFFICE\Peter Blood Checkpoint ID: 1 Error Code: 0x8000ffff Error
    description: Catastrophic failure

    Error - 8/21/2010 3:51:24 AM | Computer Name = OFFICE | Source = WinDefendRtp | ID = 3003
    Description = %%827 Real-Time Protection checkpoint has encountered an error and
    failed to start. User: OFFICE\Peter Blood Checkpoint ID: 1 Error Code: 0x80070005 Error
    description: Access is denied.

    Error - 8/21/2010 3:51:24 AM | Computer Name = OFFICE | Source = WinDefendRtp | ID = 3003
    Description = %%827 Real-Time Protection checkpoint has encountered an error and
    failed to start. User: OFFICE\Peter Blood Checkpoint ID: 1 Error Code: 0x8000ffff Error
    description: Catastrophic failure

    Error - 8/21/2010 8:44:09 AM | Computer Name = OFFICE | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    [ System Events ]
    Error - 8/21/2010 8:43:41 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Windows Installer service
    to connect.

    Error - 8/21/2010 8:43:41 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
    Description = The Windows Installer service failed to start due to the following
    error: %%1053

    Error - 8/21/2010 8:59:31 PM | Computer Name = OFFICE | Source = DCOM | ID = 10005
    Description = DCOM got error "%1053" attempting to start the service dlcf_device
    with arguments " " in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441060}

    Error - 8/21/2010 8:59:40 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the dlcf_device service to
    connect.

    Error - 8/21/2010 8:59:40 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
    Description = The dlcf_device service failed to start due to the following error:
    %%1053

    Error - 8/21/2010 9:00:10 PM | Computer Name = OFFICE | Source = DCOM | ID = 10005
    Description = DCOM got error "%1053" attempting to start the service dlcf_device
    with arguments " " in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441060}

    Error - 8/21/2010 9:00:10 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the dlcf_device service to
    connect.

    Error - 8/21/2010 9:00:10 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
    Description = The dlcf_device service failed to start due to the following error:
    %%1053

    Error - 8/22/2010 12:42:46 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Windows Search service
    to connect.

    Error - 8/22/2010 12:42:47 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
    Description = The Windows Search service failed to start due to the following error:
    %%1053


    < End of report >
     
    Unsprung,
    #26
  8. 2010/08/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I can't tell you without seeing Extras.txt part of OTL log.
     
    broni,
    #27
  9. 2010/08/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    We posted at the same time, so hold on there...
     
    broni,
    #28
  10. 2010/08/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You have very little of RAM:
    XP needs at least 512MB of RAM to run decently (1GB preferred).

    =================================================================

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ===============================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\PETERB~1\LOCALS~1\Temp\mbr.sys -- (mbr)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - File not found
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2010/03/09 19:56:40 | 000,012,680 | -HS- | C] () -- C:\Documents and Settings\Peter Blood\Local Settings\Application Data\qP17DtiM1x57HqX6JP1KhwPvl24G1b
[2010/03/09 09:05:02 | 000,010,208 | -HS- | C] () -- C:\Documents and Settings\Peter Blood\Local Settings\Application Data\o7yIC10ETb
[2010/03/08 20:10:07 | 000,010,634 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\o7yIC10ETb
[2010/03/08 19:37:07 | 000,009,694 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\o7yIC10ETb
[2010/03/02 00:56:19 | 000,009,698 | -HS- | C] () -- C:\Documents and Settings\Peter Blood\Local Settings\Application Data\S7L2
[2010/03/02 00:55:54 | 000,007,056 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\S7L2
[2010/05/22 11:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/03/20 08:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\a67f8
[2010/03/13 07:47:26 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\SGLUXHZYLD
[2007/01/27 11:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/02/10 23:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Blood\Application Data\Viewpoint
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18B7103A
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:264B2CC4

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Go to Kaspersky website and perform an online antivirus scan.

    • Disable your active antivirus program.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.


    Bed time for me :)
     
    broni,
    #29
  11. 2010/08/22
    Unsprung

    Unsprung Inactive Thread Starter

    Joined:
    2010/02/21
    Messages:
    31
    Likes Received:
    0
    But I DO have enough RAM. I added a 1G card several months ago - one that supposedly is designed for my computer.
     
    Unsprung,
    #30
  12. 2010/08/22
    Unsprung

    Unsprung Inactive Thread Starter

    Joined:
    2010/02/21
    Messages:
    31
    Likes Received:
    0
    Bit I DO have enough RAM. I added a 1G card months ago that supposedly matched my computer.
     
    Unsprung,
    #31
  13. 2010/08/22
    Unsprung

    Unsprung Inactive Thread Starter

    Joined:
    2010/02/21
    Messages:
    31
    Likes Received:
    0
    Is there a free zip/unzip program? My winzip evaluation period expired.
     
    Unsprung,
    #32
  14. 2010/08/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Somehow, OTL doesn't read it.
    Hold Windows logo key, hit Pause/Break key.
    What does it say about your RAM number?

    You can proceed with other steps.
     
    broni,
    #33
  15. 2010/08/22
    Unsprung

    Unsprung Inactive Thread Starter

    Joined:
    2010/02/21
    Messages:
    31
    Likes Received:
    0
    It confirms that the computer thinks I have only 256MB of RAM, but there is a new 1G card and the old 256MB card in there. Do you think that the new 1 G card is defective? I would like to be sure before I accuse the computer store of selling me a defective card.

    I will do the other steps.
     
    Unsprung,
    #34
  16. 2010/08/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Enter BIOS and see, what it says there about RAM.
     
    broni,
    #35
  17. 2010/08/22
    Unsprung

    Unsprung Inactive Thread Starter

    Joined:
    2010/02/21
    Messages:
    31
    Likes Received:
    0
    Here is the OTL log:

    All processes killed
    ========== OTL ==========
    Service mbr stopped successfully!
    Service mbr deleted successfully!
    File C:\DOCUME~1\PETERB~1\LOCALS~1\Temp\mbr.sys not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\ not found.
    Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}
    C:\WINDOWS\Downloaded Program Files\swdir.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\Documents and Settings\Peter Blood\Local Settings\Application Data\qP17DtiM1x57HqX6JP1KhwPvl24G1b moved successfully.
    C:\Documents and Settings\Peter Blood\Local Settings\Application Data\o7yIC10ETb moved successfully.
    C:\Documents and Settings\LocalService\Local Settings\Application Data\o7yIC10ETb moved successfully.
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\o7yIC10ETb moved successfully.
    C:\Documents and Settings\Peter Blood\Local Settings\Application Data\S7L2 moved successfully.
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\S7L2 moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\update\prepare\temp folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\update\backup folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\Temp folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\scanlogs folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\emc folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\Dumps folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\CfgAll folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\Cfg folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\AvgApi folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\AvgAm folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9\admincli folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\a67f8 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\SGLUXHZYLD folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
    C:\Documents and Settings\Peter Blood\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\Peter Blood\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\Peter Blood\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\Peter Blood\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\Peter Blood\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
    C:\Documents and Settings\Peter Blood\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
    C:\Documents and Settings\Peter Blood\Application Data\Viewpoint folder moved successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:18B7103A deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:264B2CC4 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users
    ->Temp folder emptied: 0 bytes

    User: BRITTANY

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 41620 bytes

    User: HOUSE

    User: KRISTEN

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 233444 bytes
    ->Flash cache emptied: 16932 bytes

    User: MORGAN

    User: NetworkService
    ->Temp folder emptied: 4012 bytes
    ->Temporary Internet Files folder emptied: 6717574 bytes
    ->Java cache emptied: 1 bytes
    ->Flash cache emptied: 25131 bytes

    User: Peter Blood
    ->Temp folder emptied: 9882614 bytes
    ->Temporary Internet Files folder emptied: 5621256 bytes
    ->Java cache emptied: 1853 bytes
    ->FireFox cache emptied: 48896468 bytes
    ->Flash cache emptied: 1967871 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 19784 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 69897 bytes
    RecycleBin emptied: 88855733 bytes

    Total Files Cleaned = 155.00 mb


    [EMPTYFLASH]

    User: All Users

    User: BRITTANY

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: HOUSE

    User: KRISTEN

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: MORGAN

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: Peter Blood
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.10.0 log created on 08232010_000243

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

    And here is the Security Check log:

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    Avira AntiVir Personal - Free Antivirus
    Avira successfully updated!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    CCleaner
    Java(TM) 6 Update 21
    Adobe Flash Player 10.0.45.2
    Adobe Reader 9.3.3
    Mozilla Firefox (3.6.8)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Windows Defender MSMpEng.exe
    Windows Defender MSASCui.exe
    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    Windows Defender MsMpEng.exe
    Windows Defender MSASCui.exe
    ````````````````````````````````
    DNS Vulnerability Check:
    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````

    I will send more with the next message
     
    Unsprung,
    #36
  18. 2010/08/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    All looks good, so far.
    Did you check BIOS regarding your RAM?
     
    broni,
    #37
  19. 2010/08/23
    Unsprung

    Unsprung Inactive Thread Starter

    Joined:
    2010/02/21
    Messages:
    31
    Likes Received:
    0
    How do I check BIOS regarding my RAM?

    I think I ******* up the Kaspersy run. After it downloaded I started to run it than realized that I needed to check the settings, so I stopped it. The settings were ok. I couldn't start it again. I even tried to download all over but it kept saying that my java had been interrupted. Any suggestions?
     
    Unsprung,
    #38
  20. 2010/08/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Instead of Kaspersky....

    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • IMPORTANT! UN-check Remove found threats
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    Watch the bottom of your computer screen, when your computer starts.
    You'll see something similar to this:
    Press "some key" to enter setup
    Press that key and you'll enter BIOS.
     
    broni,
    #39
  21. 2010/08/24
    Unsprung

    Unsprung Inactive Thread Starter

    Joined:
    2010/02/21
    Messages:
    31
    Likes Received:
    0
    I have listed the ESET report below. Looks like I need to get rid of a trojan.

    C:\Documents and Settings\All Users\3d6b3d3\274.mof Win32/RogueAV.A trojan

    I will check the BIOS on the next startup.
     
    Unsprung,
    #40
Page 2 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...