Solved Generic Win32 Error and Trogan

rjc1 · 2010/12/17

Ok...here is the Combofix.txt

ComboFix 10-12-16.05 - Rhonda Curfman 12/17/2010 21:54:29.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3711.3357 [GMT -5:00]
Running from: c:\documents and settings\Rhonda Curfman\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Rhonda Curfman\Application Data\Sun\cetw.txt
c:\documents and settings\Rhonda Curfman\Application Data\Sun\mxd1.txt
c:\documents and settings\Rhonda Curfman\Local Settings\Application Data\{6180D64C-C74C-4EFB-818C-46FCE887E393}
c:\documents and settings\Rhonda Curfman\Local Settings\Application Data\{6180D64C-C74C-4EFB-818C-46FCE887E393}\chrome.manifest
c:\documents and settings\Rhonda Curfman\Local Settings\Application Data\{6180D64C-C74C-4EFB-818C-46FCE887E393}\chrome\content\_cfg.js
c:\documents and settings\Rhonda Curfman\Local Settings\Application Data\{6180D64C-C74C-4EFB-818C-46FCE887E393}\chrome\content\overlay.xul
c:\documents and settings\Rhonda Curfman\Local Settings\Application Data\{6180D64C-C74C-4EFB-818C-46FCE887E393}\install.rdf
c:\windows\PSCONV.EXE
G:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-11-18 to 2010-12-18 )))))))))))))))))))))))))))))))
.

2010-12-18 02:48 . 2010-12-18 02:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-12-17 23:00 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-17 23:00 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-17 23:00 . 2010-12-17 23:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-17 03:28 . 2010-12-17 03:28 -------- d-----w- c:\program files\Ask.com
2010-12-17 02:39 . 2010-12-03 19:35 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2010-12-17 02:39 . 2010-12-03 19:35 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2010-12-17 01:14 . 2010-12-17 01:14 -------- d-----w- c:\program files\Common Files\Apple
2010-12-17 01:14 . 2010-12-17 01:14 -------- d-----w- c:\documents and settings\Rhonda Curfman\Local Settings\Application Data\Apple
2010-12-17 01:14 . 2010-12-17 01:14 -------- d-----w- c:\program files\Apple Software Update
2010-12-17 01:14 . 2010-12-17 01:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-12-17 01:13 . 2010-11-12 23:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-17 01:13 . 2010-11-12 23:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-17 01:13 . 2010-11-12 21:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-16 23:10 . 2010-12-16 23:10 -------- d-----w- c:\program files\Secunia
2010-12-16 22:43 . 2010-12-17 03:26 -------- d-----w- c:\documents and settings\Administrator.CANTEWINDSFARM
2010-12-16 21:26 . 2010-12-16 21:28 -------- d-----w- c:\windows\system32\NtmsData
2010-12-10 15:25 . 2010-12-10 15:25 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-12-10 13:56 . 2010-12-10 13:56 0 ----a-w- c:\windows\Dcuca.bin
2010-12-10 13:30 . 2010-12-15 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-12-08 21:38 . 2010-12-08 21:38 -------- d-----w- c:\documents and settings\Rhonda Curfman\Application Data\Malwarebytes
2010-12-08 21:38 . 2010-12-08 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-08 20:33 . 2010-12-08 20:33 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-12-08 19:43 . 2001-08-17 18:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-12-08 19:43 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-12-07 10:09 . 2010-12-07 10:57 -------- d-----w- c:\documents and settings\Rhonda Curfman\Application Data\4ADF157A5CA4FB0A16ADCC5139194D6F
2010-12-05 00:45 . 2010-12-07 03:30 -------- d-----w- c:\documents and settings\Rhonda Curfman\Local Settings\Application Data\VMware
2010-12-04 23:26 . 2010-12-04 23:26 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-20 01:31 . 2010-11-20 01:31 -------- d-----w- c:\documents and settings\Rhonda Curfman\Local Settings\Application Data\Identities

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-16 19:11 . 2009-12-06 04:01 90112 ----a-w- c:\windows\Updreg.EXE
2010-12-16 19:11 . 2008-03-14 11:56 12288 ----a-r- c:\windows\Twunk_32.dll
2010-12-16 19:11 . 2008-03-14 11:56 12288 ----a-r- c:\windows\Twunk_16.dll
2010-12-16 19:11 . 2005-01-28 18:44 356352 ----a-w- c:\windows\system32\wpdsp.dll
2010-12-16 19:11 . 2005-01-28 18:44 331776 ----a-w- c:\windows\system32\wpdmtpdr.dll
2010-12-16 19:11 . 2009-12-06 06:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-12-16 19:11 . 2005-01-28 18:44 4096 ----a-w- c:\windows\system32\WMVADVE.DLL
2010-12-16 19:11 . 2005-01-28 18:44 4096 ----a-w- c:\windows\system32\WMVADVD.dll
2010-12-16 19:10 . 2008-04-14 00:12 712704 ----a-w- c:\windows\system32\windowscodecs.dll
2010-12-16 19:10 . 2005-01-28 18:44 4096 ----a-w- c:\windows\system32\wdfapi.dll
2010-12-16 19:10 . 2009-12-06 03:58 139264 ----a-w- c:\windows\system32\Video.skn
2010-12-16 19:10 . 2008-04-14 00:12 28672 ----a-w- c:\windows\system32\verclsid.exe
2010-12-16 19:10 . 2003-08-11 05:01 49152 ----a-w- c:\windows\system32\umloader.dll
2010-12-16 19:10 . 2004-08-04 12:00 8192 ----a-w- c:\windows\system32\tssoft32.acm
2010-12-16 19:10 . 2010-07-07 11:25 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2010-12-16 19:10 . 2004-08-04 12:00 90112 ----a-w- c:\windows\system32\sqlsrv32.rll
2010-12-16 19:10 . 2004-08-04 12:00 442368 ----a-w- c:\windows\system32\sqlsrv32.dll
2010-12-16 19:10 . 2009-12-06 04:00 270336 ----a-w- c:\windows\system32\SFMS32.DLL
2010-12-16 19:10 . 2004-08-04 12:00 86016 ----a-w- c:\windows\system32\sl_anet.acm
2010-12-16 19:10 . 2009-12-06 04:00 36864 ----a-w- c:\windows\system32\sfman32.dll
2010-12-16 19:10 . 2010-10-03 21:47 184320 ----a-w- c:\windows\system32\RALMain.dll
2010-12-16 19:10 . 2009-12-06 04:00 36864 ----a-w- c:\windows\system32\REGPLIB.EXE
2010-12-16 19:10 . 2009-12-06 03:15 176128 ----a-w- c:\windows\system32\RcdScan.dll
2010-12-16 19:10 . 2003-07-28 05:02 86016 ----a-w- c:\windows\system32\pxwma.dll
2010-12-16 19:10 . 2000-04-03 21:52 151552 ----a-w- c:\windows\system32\RDOCURS.DLL
2010-12-16 19:10 . 2010-10-03 21:48 401408 ----a-w- c:\windows\system32\pvmjpg30.dll
2010-12-16 19:10 . 2005-06-15 18:27 126976 ----a-w- c:\windows\system32\Prounstl.exe
2010-12-16 19:10 . 2003-03-11 21:15 77824 ----a-w- c:\windows\system32\PRApplet.cpl
2010-12-16 19:10 . 1997-05-02 05:00 65536 ----a-w- c:\windows\system32\PUBOLE32.DLL
2010-12-16 19:10 . 2009-12-06 09:35 12288 ----a-w- c:\windows\system32\picstore.dll
2010-12-16 19:10 . 2009-12-06 04:00 110592 ----a-w- c:\windows\system32\PIAPROXY.DLL
2010-12-16 19:10 . 1997-04-24 05:00 114688 ----a-w- c:\windows\system32\PIUTIL.DLL
2010-12-16 19:10 . 2010-10-03 21:42 81920 ----a-w- c:\windows\system32\PCLECoInst.dll
2010-12-16 19:10 . 2010-10-03 21:40 49152 ----a-w- c:\windows\system32\PCLEGetGuid.dll
2010-12-16 19:10 . 2009-12-06 04:00 159744 ----a-w- c:\windows\system32\OPENAL32.DLL
2010-12-16 19:10 . 2006-06-01 22:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-12-16 19:10 . 2006-06-01 22:22 2977792 ----a-w- c:\windows\system32\nvvitvsr.dll
2010-12-16 19:10 . 2006-06-01 22:22 2924544 ----a-w- c:\windows\system32\nvvitvs.dll
2010-12-16 19:10 . 2006-06-01 22:22 1740800 ----a-w- c:\windows\system32\nvwssr.dll
2010-12-16 19:10 . 2006-06-01 22:22 1662976 ----a-w- c:\windows\system32\nvwdmcpl.dll
2010-12-16 19:10 . 2006-06-01 22:22 1519616 ----a-w- c:\windows\system32\nwiz.exe
2010-12-16 19:10 . 2006-06-01 22:22 1257472 ----a-w- c:\windows\system32\nvwss.dll
2010-12-16 19:10 . 2006-06-01 22:22 1019904 ----a-w- c:\windows\system32\nvwimg.dll
2010-12-16 19:10 . 2010-11-14 21:59 208896 ----a-w- c:\windows\system32\nvudisp.exe
2010-12-16 19:10 . 2010-11-14 21:58 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-12-16 19:10 . 2006-06-01 22:22 73728 ----a-w- c:\windows\system32\nvtuicpl.cpl
2010-12-16 19:10 . 2006-06-01 22:22 5632000 ----a-w- c:\windows\system32\nvoglnt.dll
2010-12-16 19:10 . 2006-06-01 22:22 466944 ----a-w- c:\windows\system32\nvshell.dll
2010-12-16 19:10 . 2006-06-01 22:22 286720 ----a-w- c:\windows\system32\nvnt4cpl.dll
2010-12-16 19:10 . 2006-06-01 22:22 2859008 ----a-w- c:\windows\system32\nvmoblsr.dll
2010-12-16 19:10 . 2006-06-01 22:22 888832 ----a-w- c:\windows\system32\nvmobls.dll
2010-12-16 19:10 . 2006-06-01 22:22 86016 ----a-w- c:\windows\system32\nvmctray.dll
2010-12-16 19:10 . 2006-06-01 22:22 581632 ----a-w- c:\windows\system32\nvhwvid.dll
2010-12-16 19:10 . 2006-06-01 22:22 462848 ----a-w- c:\windows\system32\nvmccssr.dll
2010-12-16 19:10 . 2006-06-01 22:22 45056 ----a-w- c:\windows\system32\nvmccsrs.dll
2010-12-16 19:10 . 2006-06-01 22:22 3100672 ----a-w- c:\windows\system32\nvgames.dll
2010-12-16 19:10 . 2006-06-01 22:22 2916352 ----a-w- c:\windows\system32\nvgamesr.dll
2010-12-16 19:10 . 2006-06-01 22:22 229376 ----a-w- c:\windows\system32\nvmccs.dll
2010-12-16 19:10 . 2006-06-01 22:22 188416 ----a-w- c:\windows\system32\nvmccss.dll
2010-12-16 19:10 . 2006-06-01 22:22 1466368 ----a-w- c:\windows\system32\nview.dll
2010-12-16 19:10 . 2006-06-01 22:22 794624 ----a-w- c:\windows\system32\nvcplui.exe
2010-12-16 19:10 . 2006-06-01 22:22 7618560 ----a-w- c:\windows\system32\nvcpl.dll
2010-12-16 19:10 . 2006-06-01 22:22 69632 ----a-w- c:\windows\system32\nvcpl.cpl
2010-12-16 19:10 . 2006-06-01 22:22 5652480 ----a-w- c:\windows\system32\nvdisps.dll
2010-12-16 19:10 . 2006-06-01 22:22 5246976 ----a-w- c:\windows\system32\nvdispsr.dll
2010-12-16 19:10 . 2006-06-01 22:22 311296 ----a-w- c:\windows\system32\nvexpbar.dll
2010-12-16 19:10 . 2006-06-01 22:22 147456 ----a-w- c:\windows\system32\nvcolor.exe
2010-12-16 19:10 . 2006-06-01 22:22 1339392 ----a-w- c:\windows\system32\nvdspsch.exe
2010-12-16 19:10 . 2006-06-01 22:22 1011712 ----a-w- c:\windows\system32\nvcpluir.dll
2010-12-16 19:10 . 2009-01-07 23:20 24576 ----a-w- c:\windows\system32\nlsdl.dll
2010-12-16 19:10 . 2006-06-01 22:22 442368 ----a-w- c:\windows\system32\nvappbar.exe
2010-12-16 19:10 . 2006-06-01 22:22 196608 ----a-w- c:\windows\system32\nvapi.dll
2010-12-16 19:10 . 2005-06-15 03:08 20480 ----a-w- c:\windows\system32\NicCo32.dll
2010-12-16 19:10 . 2009-12-06 06:10 487424 ----a-w- c:\windows\system32\MSVCP70.DLL
2010-12-16 19:10 . 2009-12-06 06:10 344064 ----a-w- c:\windows\system32\MSVCR70.DLL
2010-12-16 19:10 . 2008-03-26 07:25 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-16 19:10 . 2008-03-26 01:38 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-16 19:10 . 2001-03-09 01:30 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-12-16 19:10 . 2009-12-06 01:43 188416 ----a-w- c:\windows\system32\msh261.drv
2010-12-16 19:10 . 2009-03-08 19:22 49152 ----a-w- c:\windows\system32\msrating.dll.mui
2010-12-16 19:10 . 2004-08-04 12:00 1355776 ----a-w- c:\windows\system32\msvbvm50.dll
2010-12-16 19:10 . 2004-08-04 00:56 294912 ----a-w- c:\windows\system32\msh263.drv
2010-12-16 19:10 . 2000-05-11 17:06 397312 ----a-w- c:\windows\system32\MSRDO20.DLL
2010-12-16 19:10 . 2000-04-03 22:52 94208 ----a-w- c:\windows\system32\msstkprp.dll
2010-12-16 19:10 . 2009-12-06 01:43 118784 ----a-w- c:\windows\system32\msg723.acm
2010-12-16 19:10 . 2010-10-03 21:47 73728 ----a-w- c:\windows\system32\MMAviAx.dll
2010-12-16 19:10 . 2010-10-03 21:47 32768 ----a-w- c:\windows\system32\MLPagAx.dll
2010-12-16 19:10 . 2010-10-03 21:40 65536 ----a-w- c:\windows\system32\MFC71DEU.DLL
2010-12-16 19:10 . 2010-10-03 21:40 61440 ----a-w- c:\windows\system32\MFC71ITA.DLL
2010-12-16 19:10 . 2010-10-03 21:40 61440 ----a-w- c:\windows\system32\MFC71FRA.DLL
2010-12-16 19:10 . 2010-10-03 21:40 61440 ----a-w- c:\windows\system32\MFC71ESP.DLL
2010-12-16 19:10 . 2010-10-03 21:40 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL
2010-12-16 19:10 . 2010-10-03 21:40 49152 ----a-w- c:\windows\system32\MFC71KOR.DLL
2010-12-16 19:10 . 2010-10-03 21:40 49152 ----a-w- c:\windows\system32\MFC71JPN.DLL
2010-12-16 19:10 . 2010-10-03 21:40 45056 ----a-w- c:\windows\system32\MFC71CHT.DLL
2010-12-16 19:10 . 2010-10-03 21:40 40960 ----a-w- c:\windows\system32\MFC71CHS.DLL
2010-12-16 19:10 . 2010-09-10 23:49 69632 ----a-w- c:\windows\system32\MBLLNK.CPL
2010-12-16 19:10 . 2009-12-06 06:10 974848 ----a-w- c:\windows\system32\MFC70.DLL
2010-12-16 19:10 . 2008-04-14 00:11 86016 ----a-w- c:\windows\system32\mdmxsdk.dll
2010-12-16 19:10 . 2003-03-19 02:20 1060864 ----a-w- c:\windows\system32\MFC71.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 20:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2010-12-16 7618560]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=" "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Launch Whitesmoke Translator.lnk]
backup=c:\windows\pss\Launch Whitesmoke Translator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Rhonda Curfman^Start Menu^Programs^Startup^Secunia PSI.lnk]
backup=c:\windows\pss\Secunia PSI.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uPc+MV0NddMaXms
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
2010-12-16 19:09 110592 ----a-w- c:\windows\system32\CTASIO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2010-12-16 19:02 122880 ----a-w- c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
2010-12-16 18:42 45056 ----a-w- c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2010-12-16 19:09 28672 ----a-w- c:\windows\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2010-12-16 18:42 49152 ----a-w- c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2004-02-03 05:42 401491 ----a-w- c:\program files\Microsoft ActiveSync\WCESCOMM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-12-16 18:44 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2010-12-16 18:43 81920 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2010-12-16 18:45 126976 ----a-w- c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
2007-03-21 19:41 145496 ----a-w- c:\program files\Pinnacle\Studio 11\LaunchList2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2007-04-11 20:32 56080 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
2009-04-23 17:52 488808 ----a-w- c:\progra~1\Magentic\bin\Magentic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2003-06-07 11:32 50688 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-12-16 19:10 7618560 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-12-16 19:10 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-12-16 19:10 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2010-12-16 19:11 90112 ----a-w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]
2010-12-16 19:10 81920 ----a-w- c:\windows\system32\PCLECoInst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VMware NAT Service "=2 (0x2)
"VMUSBArbService "=2 (0x2)
"VMnetDHCP "=2 (0x2)
"VMAuthdService "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"BCMSMMSG "=BCMSMMSG.exe
"USB2Check "=RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll ",CheckUSBController

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe "=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe "=
"c:\\Program Files\\IncrediMail\\Bin\\IncMail.exe "=
"c:\\Program Files\\IncrediMail\\Bin\\ImApp.exe "=
"c:\\Program Files\\IncrediMail\\Bin\\ImpCnt.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\FrontPage Webs\\Server\\vhttpd32.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\microsoft frontpage\\bin\\fpexplor.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe "=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe "=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe "=
"c:\\Program Files\\Packet Tracer 5.2\\bin\\PacketTracer5.exe "=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE "=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe "=
"c:\\WINDOWS\\system32\\dxdiag.exe "=
"c:\\WINDOWS\\system32\\dpnsvr.exe "=
"c:\\WINDOWS\\system32\\mmc.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"427:UDP "= 427:UDP:SLP_Port(427)
"3389:TCP "= 3389:TCP:*isabledxpsp2res.dll,-22009
"3443:TCP "= 3443:TCP:CSX

R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [1/7/2010 11:51 PM 380928]
S0 kdqvju;kdqvju; [x]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7/7/2010 9:05 AM 14904]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [12/5/2009 11:21 PM 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [12/5/2009 11:21 PM 73856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-12-18 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-12-22 15:47]

2010-12-18 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 20:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP
uInternet Settings,ProxyServer = http=127.0.0.1:59274
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: csx.com
Trusted Zone: csx.com\connect
FF - ProfilePath - c:\documents and settings\Rhonda Curfman\Application Data\Mozilla\Firefox\Profiles\xmr41m2r.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=
FF - prefs.js: network.proxy.ftp - ftp.cantewindsfarm.com
FF - prefs.js: network.proxy.ftp_port - 21
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

Notify-ungzpa - ungzpa.dll
MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-17 22:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
Completion time: 2010-12-17 22:04:15
ComboFix-quarantined-files.txt 2010-12-18 03:03
ComboFix2.txt 2010-12-10 15:09
ComboFix3.txt 2010-12-08 21:30

Pre-Run: 45,823,737,856 bytes free
Post-Run: 45,831,372,800 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 092348F972874BEC6A6CFCA7146EB337

broni · 2010/12/17

Uninstall Ask Toolbar, known adware.

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\Dcuca.bin


Folder::
c:\program files\Ask.com


Driver::
kdqvju

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:59274
uInternet Settings,ProxyOverride = <local>
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

rjc1 · 2010/12/17

"broni said: ↑

Uninstall Ask Toolbar, known adware.

I try as I might to keep the Ask and Yahoo tool bar off there...seems like everything you install anymore automatically puts it on.

Working on the last Combofix now. And just so your not thinking I'm using my computer as I'm doing this, using a laptop so as not to be using the computer. But it is better, not quite acting up as much. No advertisements coming up when I do go to the net to come here to go to the link or copy/paste something...so that's a plus!
Click to expand...

rjc1 · 2010/12/17

Ok...the Combofix.txt

ComboFix 10-12-16.05 - Rhonda Curfman 12/17/2010 22:38:36.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3711.3261 [GMT -5:00]
Running from: c:\documents and settings\Rhonda Curfman\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Rhonda Curfman\My Documents\WindowsBBS, HELP\CFScript.txt

FILE ::
"c:\windows\Dcuca.bin "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Intel\NCS\WMIProv\8023\CDM\CHSDiag.dll
c:\program files\Intel\NCS\WMIProv\8023\CDM\CHTDiag.dll
c:\program files\Intel\NCS\WMIProv\8023\CDM\DANDiag.dll
c:\program files\Intel\NCS\WMIProv\8023\CDM\DEUDiag.dll
c:\program files\Intel\NCS\WMIProv\8023\CDM\EnuDiag.dll
c:\program files\Intel\NCS\WMIProv\8023\CDM\ESNDiag.dll
c:\program files\Intel\NCS\WMIProv\8023\CDM\FINDiag.dll
c:\program files\Intel\NCS\WMIProv\8023\CDM\FRADiag.dll
c:\program files\Intel\NCS\WMIProv\8023\CDM\ITADiag.dll
c:\program files\Intel\NCS\WMIProv\8023\CDM\JPNDiag.dll
c:\program files\Intel\NCS\WMIProv\8023\CDM\KORDiag.dll
c:\program files\Intel\NCS\WMIProv\8023\CDM\NLDDiag.dll
c:\program files\Intel\NCS\WMIProv\8023\CDM\NORDiag.dll
c:\program files\Intel\NCS\WMIProv\8023\CDM\PTBDiag.dll
c:\program files\Intel\NCS\WMIProv\8023\CDM\SVEDiag.dll
c:\program files\Intel\NCS\WMIProv\CHS_NWRC.dll
c:\program files\Intel\NCS\WMIProv\CHT_NWRC.dll
c:\program files\Intel\NCS\WMIProv\DAN_NWRC.dll
c:\program files\Intel\NCS\WMIProv\DEU_NWRC.dll
c:\program files\Intel\NCS\WMIProv\ENU_NWRC.dll
c:\program files\Intel\NCS\WMIProv\ESN_NWRC.dll
c:\program files\Intel\NCS\WMIProv\FIN_NWRC.dll
c:\program files\Intel\NCS\WMIProv\FRA_NWRC.dll
c:\program files\Intel\NCS\WMIProv\ITA_NWRC.dll
c:\program files\Intel\NCS\WMIProv\JPN_NWRC.dll
c:\program files\Intel\NCS\WMIProv\KOR_NWRC.dll
c:\program files\Intel\NCS\WMIProv\NLD_NWRC.dll
c:\program files\Intel\NCS\WMIProv\NOR_NWRC.dll
c:\program files\Intel\NCS\WMIProv\PTB_NWRC.dll
c:\program files\Intel\NCS\WMIProv\SVE_NWRC.dll
c:\windows\Dcuca.bin

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KDQVJU
-------\Service_kdqvju

((((((((((((((((((((((((( Files Created from 2010-11-18 to 2010-12-18 )))))))))))))))))))))))))))))))
.

2010-12-18 02:48 . 2010-12-18 02:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-12-17 23:00 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-17 23:00 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-17 23:00 . 2010-12-17 23:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-17 02:39 . 2010-12-03 19:35 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2010-12-17 02:39 . 2010-12-03 19:35 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2010-12-17 01:14 . 2010-12-17 01:14 -------- d-----w- c:\program files\Common Files\Apple
2010-12-17 01:14 . 2010-12-17 01:14 -------- d-----w- c:\documents and settings\Rhonda Curfman\Local Settings\Application Data\Apple
2010-12-17 01:14 . 2010-12-17 01:14 -------- d-----w- c:\program files\Apple Software Update
2010-12-17 01:14 . 2010-12-17 01:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-12-17 01:13 . 2010-11-12 23:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-17 01:13 . 2010-11-12 23:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-17 01:13 . 2010-11-12 21:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-16 23:10 . 2010-12-16 23:10 -------- d-----w- c:\program files\Secunia
2010-12-16 22:43 . 2010-12-17 03:26 -------- d-----w- c:\documents and settings\Administrator.CANTEWINDSFARM
2010-12-16 21:26 . 2010-12-16 21:28 -------- d-----w- c:\windows\system32\NtmsData
2010-12-10 15:25 . 2010-12-10 15:25 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-12-10 13:30 . 2010-12-15 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-12-08 21:38 . 2010-12-08 21:38 -------- d-----w- c:\documents and settings\Rhonda Curfman\Application Data\Malwarebytes
2010-12-08 21:38 . 2010-12-08 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-08 20:33 . 2010-12-08 20:33 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-12-08 19:43 . 2001-08-17 18:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-12-08 19:43 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-12-07 10:09 . 2010-12-07 10:57 -------- d-----w- c:\documents and settings\Rhonda Curfman\Application Data\4ADF157A5CA4FB0A16ADCC5139194D6F
2010-12-05 00:45 . 2010-12-07 03:30 -------- d-----w- c:\documents and settings\Rhonda Curfman\Local Settings\Application Data\VMware
2010-12-04 23:26 . 2010-12-04 23:26 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-20 01:31 . 2010-11-20 01:31 -------- d-----w- c:\documents and settings\Rhonda Curfman\Local Settings\Application Data\Identities

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-16 19:11 . 2009-12-06 04:01 90112 ----a-w- c:\windows\Updreg.EXE
2010-12-16 19:11 . 2008-03-14 11:56 12288 ----a-r- c:\windows\Twunk_32.dll
2010-12-16 19:11 . 2008-03-14 11:56 12288 ----a-r- c:\windows\Twunk_16.dll
2010-12-16 19:11 . 2005-01-28 18:44 356352 ----a-w- c:\windows\system32\wpdsp.dll
2010-12-16 19:11 . 2005-01-28 18:44 331776 ----a-w- c:\windows\system32\wpdmtpdr.dll
2010-12-16 19:11 . 2009-12-06 06:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-12-16 19:11 . 2005-01-28 18:44 4096 ----a-w- c:\windows\system32\WMVADVE.DLL
2010-12-16 19:11 . 2005-01-28 18:44 4096 ----a-w- c:\windows\system32\WMVADVD.dll
2010-12-16 19:10 . 2008-04-14 00:12 712704 ----a-w- c:\windows\system32\windowscodecs.dll
2010-12-16 19:10 . 2005-01-28 18:44 4096 ----a-w- c:\windows\system32\wdfapi.dll
2010-12-16 19:10 . 2009-12-06 03:58 139264 ----a-w- c:\windows\system32\Video.skn
2010-12-16 19:10 . 2008-04-14 00:12 28672 ----a-w- c:\windows\system32\verclsid.exe
2010-12-16 19:10 . 2003-08-11 05:01 49152 ----a-w- c:\windows\system32\umloader.dll
2010-12-16 19:10 . 2004-08-04 12:00 8192 ----a-w- c:\windows\system32\tssoft32.acm
2010-12-16 19:10 . 2010-07-07 11:25 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2010-12-16 19:10 . 2004-08-04 12:00 90112 ----a-w- c:\windows\system32\sqlsrv32.rll
2010-12-16 19:10 . 2004-08-04 12:00 442368 ----a-w- c:\windows\system32\sqlsrv32.dll
2010-12-16 19:10 . 2009-12-06 04:00 270336 ----a-w- c:\windows\system32\SFMS32.DLL
2010-12-16 19:10 . 2004-08-04 12:00 86016 ----a-w- c:\windows\system32\sl_anet.acm
2010-12-16 19:10 . 2009-12-06 04:00 36864 ----a-w- c:\windows\system32\sfman32.dll
2010-12-16 19:10 . 2010-10-03 21:47 184320 ----a-w- c:\windows\system32\RALMain.dll
2010-12-16 19:10 . 2009-12-06 04:00 36864 ----a-w- c:\windows\system32\REGPLIB.EXE
2010-12-16 19:10 . 2009-12-06 03:15 176128 ----a-w- c:\windows\system32\RcdScan.dll
2010-12-16 19:10 . 2003-07-28 05:02 86016 ----a-w- c:\windows\system32\pxwma.dll
2010-12-16 19:10 . 2000-04-03 21:52 151552 ----a-w- c:\windows\system32\RDOCURS.DLL
2010-12-16 19:10 . 2010-10-03 21:48 401408 ----a-w- c:\windows\system32\pvmjpg30.dll
2010-12-16 19:10 . 2005-06-15 18:27 126976 ----a-w- c:\windows\system32\Prounstl.exe
2010-12-16 19:10 . 2003-03-11 21:15 77824 ----a-w- c:\windows\system32\PRApplet.cpl
2010-12-16 19:10 . 1997-05-02 05:00 65536 ----a-w- c:\windows\system32\PUBOLE32.DLL
2010-12-16 19:10 . 2009-12-06 09:35 12288 ----a-w- c:\windows\system32\picstore.dll
2010-12-16 19:10 . 2009-12-06 04:00 110592 ----a-w- c:\windows\system32\PIAPROXY.DLL
2010-12-16 19:10 . 1997-04-24 05:00 114688 ----a-w- c:\windows\system32\PIUTIL.DLL
2010-12-16 19:10 . 2010-10-03 21:42 81920 ----a-w- c:\windows\system32\PCLECoInst.dll
2010-12-16 19:10 . 2010-10-03 21:40 49152 ----a-w- c:\windows\system32\PCLEGetGuid.dll
2010-12-16 19:10 . 2009-12-06 04:00 159744 ----a-w- c:\windows\system32\OPENAL32.DLL
2010-12-16 19:10 . 2006-06-01 22:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-12-16 19:10 . 2006-06-01 22:22 2977792 ----a-w- c:\windows\system32\nvvitvsr.dll
2010-12-16 19:10 . 2006-06-01 22:22 2924544 ----a-w- c:\windows\system32\nvvitvs.dll
2010-12-16 19:10 . 2006-06-01 22:22 1740800 ----a-w- c:\windows\system32\nvwssr.dll
2010-12-16 19:10 . 2006-06-01 22:22 1662976 ----a-w- c:\windows\system32\nvwdmcpl.dll
2010-12-16 19:10 . 2006-06-01 22:22 1519616 ----a-w- c:\windows\system32\nwiz.exe
2010-12-16 19:10 . 2006-06-01 22:22 1257472 ----a-w- c:\windows\system32\nvwss.dll
2010-12-16 19:10 . 2006-06-01 22:22 1019904 ----a-w- c:\windows\system32\nvwimg.dll
2010-12-16 19:10 . 2010-11-14 21:59 208896 ----a-w- c:\windows\system32\nvudisp.exe
2010-12-16 19:10 . 2010-11-14 21:58 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-12-16 19:10 . 2006-06-01 22:22 73728 ----a-w- c:\windows\system32\nvtuicpl.cpl
2010-12-16 19:10 . 2006-06-01 22:22 5632000 ----a-w- c:\windows\system32\nvoglnt.dll
2010-12-16 19:10 . 2006-06-01 22:22 466944 ----a-w- c:\windows\system32\nvshell.dll
2010-12-16 19:10 . 2006-06-01 22:22 286720 ----a-w- c:\windows\system32\nvnt4cpl.dll
2010-12-16 19:10 . 2006-06-01 22:22 2859008 ----a-w- c:\windows\system32\nvmoblsr.dll
2010-12-16 19:10 . 2006-06-01 22:22 888832 ----a-w- c:\windows\system32\nvmobls.dll
2010-12-16 19:10 . 2006-06-01 22:22 86016 ----a-w- c:\windows\system32\nvmctray.dll
2010-12-16 19:10 . 2006-06-01 22:22 581632 ----a-w- c:\windows\system32\nvhwvid.dll
2010-12-16 19:10 . 2006-06-01 22:22 462848 ----a-w- c:\windows\system32\nvmccssr.dll
2010-12-16 19:10 . 2006-06-01 22:22 45056 ----a-w- c:\windows\system32\nvmccsrs.dll
2010-12-16 19:10 . 2006-06-01 22:22 3100672 ----a-w- c:\windows\system32\nvgames.dll
2010-12-16 19:10 . 2006-06-01 22:22 2916352 ----a-w- c:\windows\system32\nvgamesr.dll
2010-12-16 19:10 . 2006-06-01 22:22 229376 ----a-w- c:\windows\system32\nvmccs.dll
2010-12-16 19:10 . 2006-06-01 22:22 188416 ----a-w- c:\windows\system32\nvmccss.dll
2010-12-16 19:10 . 2006-06-01 22:22 1466368 ----a-w- c:\windows\system32\nview.dll
2010-12-16 19:10 . 2006-06-01 22:22 794624 ----a-w- c:\windows\system32\nvcplui.exe
2010-12-16 19:10 . 2006-06-01 22:22 7618560 ----a-w- c:\windows\system32\nvcpl.dll
2010-12-16 19:10 . 2006-06-01 22:22 69632 ----a-w- c:\windows\system32\nvcpl.cpl
2010-12-16 19:10 . 2006-06-01 22:22 5652480 ----a-w- c:\windows\system32\nvdisps.dll
2010-12-16 19:10 . 2006-06-01 22:22 5246976 ----a-w- c:\windows\system32\nvdispsr.dll
2010-12-16 19:10 . 2006-06-01 22:22 311296 ----a-w- c:\windows\system32\nvexpbar.dll
2010-12-16 19:10 . 2006-06-01 22:22 147456 ----a-w- c:\windows\system32\nvcolor.exe
2010-12-16 19:10 . 2006-06-01 22:22 1339392 ----a-w- c:\windows\system32\nvdspsch.exe
2010-12-16 19:10 . 2006-06-01 22:22 1011712 ----a-w- c:\windows\system32\nvcpluir.dll
2010-12-16 19:10 . 2009-01-07 23:20 24576 ----a-w- c:\windows\system32\nlsdl.dll
2010-12-16 19:10 . 2006-06-01 22:22 442368 ----a-w- c:\windows\system32\nvappbar.exe
2010-12-16 19:10 . 2006-06-01 22:22 196608 ----a-w- c:\windows\system32\nvapi.dll
2010-12-16 19:10 . 2005-06-15 03:08 20480 ----a-w- c:\windows\system32\NicCo32.dll
2010-12-16 19:10 . 2009-12-06 06:10 487424 ----a-w- c:\windows\system32\MSVCP70.DLL
2010-12-16 19:10 . 2009-12-06 06:10 344064 ----a-w- c:\windows\system32\MSVCR70.DLL
2010-12-16 19:10 . 2008-03-26 07:25 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-16 19:10 . 2008-03-26 01:38 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-16 19:10 . 2001-03-09 01:30 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-12-16 19:10 . 2009-12-06 01:43 188416 ----a-w- c:\windows\system32\msh261.drv
2010-12-16 19:10 . 2009-03-08 19:22 49152 ----a-w- c:\windows\system32\msrating.dll.mui
2010-12-16 19:10 . 2004-08-04 12:00 1355776 ----a-w- c:\windows\system32\msvbvm50.dll
2010-12-16 19:10 . 2004-08-04 00:56 294912 ----a-w- c:\windows\system32\msh263.drv
2010-12-16 19:10 . 2000-05-11 17:06 397312 ----a-w- c:\windows\system32\MSRDO20.DLL
2010-12-16 19:10 . 2000-04-03 22:52 94208 ----a-w- c:\windows\system32\msstkprp.dll
2010-12-16 19:10 . 2009-12-06 01:43 118784 ----a-w- c:\windows\system32\msg723.acm
2010-12-16 19:10 . 2010-10-03 21:47 73728 ----a-w- c:\windows\system32\MMAviAx.dll
2010-12-16 19:10 . 2010-10-03 21:47 32768 ----a-w- c:\windows\system32\MLPagAx.dll
2010-12-16 19:10 . 2010-10-03 21:40 65536 ----a-w- c:\windows\system32\MFC71DEU.DLL
2010-12-16 19:10 . 2010-10-03 21:40 61440 ----a-w- c:\windows\system32\MFC71ITA.DLL
2010-12-16 19:10 . 2010-10-03 21:40 61440 ----a-w- c:\windows\system32\MFC71FRA.DLL
2010-12-16 19:10 . 2010-10-03 21:40 61440 ----a-w- c:\windows\system32\MFC71ESP.DLL
2010-12-16 19:10 . 2010-10-03 21:40 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL
2010-12-16 19:10 . 2010-10-03 21:40 49152 ----a-w- c:\windows\system32\MFC71KOR.DLL
2010-12-16 19:10 . 2010-10-03 21:40 49152 ----a-w- c:\windows\system32\MFC71JPN.DLL
2010-12-16 19:10 . 2010-10-03 21:40 45056 ----a-w- c:\windows\system32\MFC71CHT.DLL
2010-12-16 19:10 . 2010-10-03 21:40 40960 ----a-w- c:\windows\system32\MFC71CHS.DLL
2010-12-16 19:10 . 2010-09-10 23:49 69632 ----a-w- c:\windows\system32\MBLLNK.CPL
2010-12-16 19:10 . 2009-12-06 06:10 974848 ----a-w- c:\windows\system32\MFC70.DLL
2010-12-16 19:10 . 2008-04-14 00:11 86016 ----a-w- c:\windows\system32\mdmxsdk.dll
2010-12-16 19:10 . 2003-03-19 02:20 1060864 ----a-w- c:\windows\system32\MFC71.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2010-12-16 7618560]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=" "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Launch Whitesmoke Translator.lnk]
backup=c:\windows\pss\Launch Whitesmoke Translator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Rhonda Curfman^Start Menu^Programs^Startup^Secunia PSI.lnk]
backup=c:\windows\pss\Secunia PSI.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
2010-12-16 19:09 110592 ----a-w- c:\windows\system32\CTASIO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2010-12-16 19:02 122880 ----a-w- c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
2010-12-16 18:42 45056 ----a-w- c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2010-12-16 19:09 28672 ----a-w- c:\windows\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2010-12-16 18:42 49152 ----a-w- c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2004-02-03 05:42 401491 ----a-w- c:\program files\Microsoft ActiveSync\WCESCOMM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-12-16 18:44 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2010-12-16 18:43 81920 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2010-12-16 18:45 126976 ----a-w- c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
2007-03-21 19:41 145496 ----a-w- c:\program files\Pinnacle\Studio 11\LaunchList2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2007-04-11 20:32 56080 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
2009-04-23 17:52 488808 ----a-w- c:\progra~1\Magentic\bin\Magentic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2003-06-07 11:32 50688 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-12-16 19:10 7618560 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-12-16 19:10 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-12-16 19:10 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2010-12-16 19:11 90112 ----a-w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]
2010-12-16 19:10 81920 ----a-w- c:\windows\system32\PCLECoInst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VMware NAT Service "=2 (0x2)
"VMUSBArbService "=2 (0x2)
"VMnetDHCP "=2 (0x2)
"VMAuthdService "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"BCMSMMSG "=BCMSMMSG.exe
"USB2Check "=RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll ",CheckUSBController

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe "=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe "=
"c:\\Program Files\\IncrediMail\\Bin\\IncMail.exe "=
"c:\\Program Files\\IncrediMail\\Bin\\ImApp.exe "=
"c:\\Program Files\\IncrediMail\\Bin\\ImpCnt.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\FrontPage Webs\\Server\\vhttpd32.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\microsoft frontpage\\bin\\fpexplor.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe "=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe "=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe "=
"c:\\Program Files\\Packet Tracer 5.2\\bin\\PacketTracer5.exe "=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE "=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe "=
"c:\\WINDOWS\\system32\\dxdiag.exe "=
"c:\\WINDOWS\\system32\\dpnsvr.exe "=
"c:\\WINDOWS\\system32\\mmc.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"427:UDP "= 427:UDP:SLP_Port(427)
"3389:TCP "= 3389:TCP:*isabledxpsp2res.dll,-22009
"3443:TCP "= 3443:TCP:CSX

R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [1/7/2010 11:51 PM 380928]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7/7/2010 9:05 AM 14904]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [12/5/2009 11:21 PM 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [12/5/2009 11:21 PM 73856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-12-18 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-12-22 15:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: csx.com
Trusted Zone: csx.com\connect
FF - ProfilePath - c:\documents and settings\Rhonda Curfman\Application Data\Mozilla\Firefox\Profiles\xmr41m2r.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=
FF - prefs.js: network.proxy.ftp - ftp.cantewindsfarm.com
FF - prefs.js: network.proxy.ftp_port - 21
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: yahoo.homepage.dontask - true
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-17 22:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4012)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CTsvcCDA.exe
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-12-17 22:57:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-18 03:57
ComboFix2.txt 2010-12-18 03:04
ComboFix3.txt 2010-12-10 15:09
ComboFix4.txt 2010-12-08 21:30

Pre-Run: 45,735,989,248 bytes free
Post-Run: 45,723,697,152 bytes free

- - End Of File - - 1F86F3ECC58875E4AA420C9BD2594DDA

broni · 2010/12/17

Looks good ...and good news

We're done with Combofix, so you can reinstall AVG now.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

rjc1 · 2010/12/17

should I go ahead and reinstall AVG first...it's about a little over half way into it.

broni · 2010/12/17

Yes, you can reinstall AVG.

rjc1 · 2010/12/17

Ok AVG reinstalled

rjc1 · 2010/12/17

Here is the OTL.txt (first half)

OTL logfile created on: 12/17/2010 11:56:55 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Rhonda Curfman\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 42.20 Gb Free Space | 56.65% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 452.78 Gb Free Space | 97.21% Space Free | Partition Type: NTFS

Computer Name: CANTEWINDSFARM | User Name: Rhonda Curfman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/17 23:56:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rhonda Curfman\My Documents\Downloads\OTL.exe
PRC - [2010/11/10 19:08:04 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/27 05:15:24 | 001,073,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/10/27 05:14:50 | 001,047,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/10/22 04:57:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/22 04:56:56 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/01/07 23:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/09/15 00:00:00 | 000,073,838 | ---- | M] (Intel) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe

========== Modules (SafeList) ==========

MOD - [2010/12/17 23:56:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rhonda Curfman\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/12/16 13:45:28 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/01/07 23:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/11/06 15:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2005/02/09 11:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
SRV - [2003/09/15 00:00:00 | 000,073,838 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 20:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/07/07 09:05:32 | 000,014,904 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/12/05 23:13:01 | 000,026,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 12:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 12:46:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2007/11/06 15:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/06/27 09:42:34 | 000,073,856 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx56.sys -- (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56)
DRV - [2007/06/27 09:41:48 | 000,101,248 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8u56.sys -- (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56)
DRV - [2007/04/11 15:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 15:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 15:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/01/04 09:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2006/06/01 17:22:00 | 003,925,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/12/21 08:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 08:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 08:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2003/09/15 00:00:00 | 000,274,816 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/08/28 18:58:40 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/03/27 11:58:56 | 000,287,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/03/26 16:33:58 | 000,498,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/03/26 16:32:32 | 000,189,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/03/26 16:32:02 | 000,141,536 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hap16v2k.sys -- (hap16v2k)
DRV - [2003/03/26 16:31:40 | 000,823,616 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/03/06 10:10:34 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2003/02/20 17:24:46 | 000,116,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003/02/20 17:24:34 | 000,135,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/02/20 17:24:18 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/02/20 17:22:38 | 000,135,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://mystart.incredimail.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search "
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034 "
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.startup.homepage: "www.yahoo.com "
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z007&form=ZGAADF&q= "
FF - prefs.js..network.proxy.ftp: "ftp.cantewindsfarm.com "
FF - prefs.js..network.proxy.ftp_port: 21
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/12/05 22:51:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/17 23:35:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/17 19:07:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/16 21:39:44 | 000,000,000 | ---D | M]

[2009/12/06 03:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rhonda Curfman\Application Data\Mozilla\Extensions
[2010/12/17 22:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rhonda Curfman\Application Data\Mozilla\Firefox\Profiles\xmr41m2r.default\extensions
[2009/12/20 05:44:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Rhonda Curfman\Application Data\Mozilla\Firefox\Profiles\xmr41m2r.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/12/10 08:55:03 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Rhonda Curfman\Application Data\Mozilla\Firefox\Profiles\xmr41m2r.default\searchplugins\bing-zugo.xml
[2010/10/30 21:44:41 | 000,002,149 | ---- | M] () -- C:\Documents and Settings\Rhonda Curfman\Application Data\Mozilla\Firefox\Profiles\xmr41m2r.default\searchplugins\MyStart Search.xml
[2010/12/17 07:30:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/16 20:13:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/16 20:24:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/08 15:32:31 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2010/12/17 22:49:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: csx.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: csx.com ([connect] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\AATP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Rhonda Curfman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rhonda Curfman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/03 16:44:06 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: MSACM.CEGSM - C:\WINDOWS\System32\MOBILEV.ACM ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/17 23:34:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2010/12/17 21:51:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/17 21:48:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/17 20:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rhonda Curfman\My Documents\WindowsBBS, HELP
[2010/12/17 18:00:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/17 18:00:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/17 18:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/16 20:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/12/16 20:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rhonda Curfman\Local Settings\Application Data\Apple
[2010/12/16 20:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/12/16 20:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/12/16 20:14:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/12/16 18:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2010/12/16 16:26:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/12/16 01:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2010/12/15 08:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rhonda Curfman\My Documents\Krolick Wellness
[2010/12/13 12:12:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/12/10 10:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/12/10 10:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/12/10 08:30:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/12/08 16:38:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rhonda Curfman\Application Data\Malwarebytes
[2010/12/08 16:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/08 16:02:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/08 16:02:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/08 16:02:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/08 16:02:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/08 15:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/12/08 15:34:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/12/08 14:52:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/08 14:51:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/07 05:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rhonda Curfman\Application Data\4ADF157A5CA4FB0A16ADCC5139194D6F
[2010/12/04 19:45:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rhonda Curfman\Local Settings\Application Data\VMware
[2010/12/04 12:35:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rhonda Curfman\My Documents\My Virtual Machines
[2010/11/29 12:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rhonda Curfman\My Documents\Sadie
[2010/11/25 05:23:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/11/19 20:31:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rhonda Curfman\Local Settings\Application Data\Identities
[2009/12/07 09:37:29 | 001,431,504 | ---- | C] (ParetoLogic Inc.) -- C:\Program Files\PrinterSpoolerFixWizard.exe
[2009/12/05 23:00:33 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2010/12/17 23:45:11 | 102,026,208 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/12/17 23:36:54 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/12/17 22:50:02 | 000,063,804 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/12/17 22:49:16 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/17 22:48:35 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/12/17 22:47:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/17 22:47:32 | 3891,335,168 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/17 22:46:44 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2010/12/17 22:46:44 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2010/12/17 22:46:44 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2010/12/17 22:46:44 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2010/12/17 22:46:44 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/12/17 22:46:44 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/12/17 22:46:44 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2010/12/17 22:46:44 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2010/12/17 21:51:52 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/12/17 21:31:35 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/12/17 21:04:35 | 000,013,700 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/17 20:24:46 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/17 18:01:00 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/16 22:27:30 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\Rhonda Curfman\Desktop\Glary Utilities.lnk
[2010/12/16 21:39:46 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Rhonda Curfman\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/16 21:39:46 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/12/16 21:32:11 | 000,013,496 | ---- | M] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\IALHA Stallion Service Auction 2011.docx
[2010/12/16 20:14:40 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/16 16:34:16 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Rhonda Curfman\Local Settings\Application Data\housecall.guid.cache
[2010/12/16 14:10:57 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\wdl.trm
[2010/12/16 14:10:53 | 000,937,984 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.sve
[2010/12/16 14:10:51 | 006,983,680 | ---- | M] () -- C:\WINDOWS\System32\UGLAIKHZG
[2010/12/16 14:10:48 | 000,040,960 | ---- | M] (vbAccelerator) -- C:\WINDOWS\System32\SSubTmr6.dll
[2010/12/16 14:10:41 | 001,048,576 | ---- | M] () -- C:\WINDOWS\System32\SFMAN.DAT
[2010/12/16 14:10:38 | 000,036,864 | ---- | M] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2010/12/16 14:10:37 | 000,401,408 | ---- | M] (Pegasus Imaging Corporation) -- C:\WINDOWS\System32\pvmjpg30.dll
[2010/12/16 14:10:35 | 000,081,920 | ---- | M] (Pinnacle Systems) -- C:\WINDOWS\System32\PCLECoInst.dll
[2010/12/16 14:10:35 | 000,049,152 | ---- | M] (Pinnacle Systems) -- C:\WINDOWS\System32\PCLEGetGuid.dll
[2010/12/16 14:10:28 | 001,662,976 | ---- | M] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/12/16 14:10:28 | 001,519,616 | ---- | M] () -- C:\WINDOWS\System32\nwiz.exe
[2010/12/16 14:10:28 | 001,019,904 | ---- | M] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/12/16 14:10:27 | 000,466,944 | ---- | M] () -- C:\WINDOWS\System32\nvshell.dll
[2010/12/16 14:10:27 | 000,286,720 | ---- | M] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010/12/16 14:10:27 | 000,073,728 | ---- | M] () -- C:\WINDOWS\System32\nvtuicpl.cpl
[2010/12/16 14:10:25 | 001,466,368 | ---- | M] () -- C:\WINDOWS\System32\nview.dll
[2010/12/16 14:10:25 | 000,581,632 | ---- | M] () -- C:\WINDOWS\System32\nvhwvid.dll
[2010/12/16 14:10:24 | 001,339,392 | ---- | M] () -- C:\WINDOWS\System32\nvdspsch.exe
[2010/12/16 14:10:23 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\nvappbar.exe
[2010/12/16 14:10:23 | 000,196,608 | ---- | M] () -- C:\WINDOWS\System32\nvapi.dll
[2010/12/16 14:10:18 | 000,069,632 | ---- | M] (AvantGo, Inc.) -- C:\WINDOWS\System32\MBLLNK.CPL
[2010/12/16 14:10:17 | 000,114,688 | ---- | M] (AvantGo, Inc.) -- C:\WINDOWS\System32\MALSLIB.DLL
[2010/12/16 14:10:14 | 000,884,736 | ---- | M] (Fellowes, Inc.) -- C:\WINDOWS\System32\LMUIRes.dll
[2010/12/16 14:10:14 | 000,012,288 | ---- | M] (Fellowes, Inc.) -- C:\WINDOWS\System32\LMLRes.dll
[2010/12/16 14:10:13 | 000,425,984 | ---- | M] () -- C:\WINDOWS\System32\keystone.exe
[2010/12/16 14:10:13 | 000,049,152 | ---- | M] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2010/12/16 14:10:11 | 000,049,152 | ---- | M] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\inetwh32.dll
[2010/12/16 14:10:07 | 000,446,464 | R--- | M] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\hhactivex.dll
[2010/12/16 14:10:04 | 000,077,824 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\EAXAC3.DLL
[2010/12/16 14:10:04 | 000,045,056 | ---- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\emVFW.dll
[2010/12/16 14:10:04 | 000,032,768 | ---- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\emProp.ax
[2010/12/16 14:09:44 | 001,048,576 | ---- | M] () -- C:\WINDOWS\System32\CT1MGM.ROM
[2010/12/16 13:34:49 | 000,184,320 | ---- | M] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\WCHRC 2010 membership list as of 6-14-2010.doc
[2010/12/16 13:31:43 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Rhonda Curfman\Desktop\Microsoft Office Word 2007.lnk
[2010/12/16 13:25:17 | 000,151,552 | ---- | M] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\IP-Address-Tracker.IPDB
[2010/12/16 13:25:04 | 000,290,816 | ---- | M] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\Database1.accdb
[2010/12/16 10:44:27 | 000,101,376 | ---- | M] () -- C:\Documents and Settings\Rhonda Curfman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/16 01:04:14 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2010/12/16 01:03:57 | 000,000,083 | ---- | M] () -- C:\WINDOWS\encore_launcher.ini
[2010/12/10 14:12:22 | 000,513,572 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/10 14:12:22 | 000,094,348 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/10 08:56:20 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Wwezuqoboxeboda.dat
[2010/12/08 15:26:22 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\Improve Your PC.lnk
[2010/12/05 15:47:14 | 000,012,065 | ---- | M] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\Massage Letter for Employ.docx
[2010/12/05 00:17:12 | 000,099,840 | ---- | M] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\Rhonda's resume.doc
[2010/12/04 19:34:11 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/12/04 15:33:27 | 000,000,062 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2010/12/04 15:33:27 | 000,000,024 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/12/03 20:43:44 | 000,215,830 | ---- | M] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\Doc1.docx
[2010/12/02 22:34:55 | 000,043,625 | ---- | M] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\Annaframe.jpg
[2010/12/02 22:34:36 | 000,281,723 | ---- | M] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\Anna H.jpg
[2010/11/30 07:00:04 | 000,059,444 | ---- | M] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\Kripton, Breyer Horse.jpg
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/26 20:47:47 | 000,000,147 | ---- | M] () -- C:\Documents and Settings\Rhonda Curfman\webct_upload_applet.properties
[2010/11/24 18:35:47 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/11/23 10:22:10 | 000,001,750 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IncrediMail.lnk
[2010/11/23 10:22:10 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\Rhonda Curfman\Application Data\Microsoft\Internet Explorer\Quick Launch\IncrediMail 2.0.lnk
[2010/11/23 09:07:17 | 000,002,391 | ---- | M] () -- C:\WINDOWS\fpexplor.INI
[2010/11/22 05:41:22 | 000,011,829 | ---- | M] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\4-Wheeler.xlsx
[2010/11/20 19:21:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Ÿ9Ÿ9
[2010/11/20 18:14:48 | 000,447,955 | ---- | M] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\100_1263.JPG
[2010/11/18 23:32:44 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

rjc1 · 2010/12/17

OTL.txt (second half)

========== Files Created - No Company Name ==========

[2010/12/17 23:45:11 | 102,026,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/12/17 23:36:54 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/12/17 21:51:52 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/12/17 21:51:47 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/17 19:37:25 | 3891,335,168 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/17 18:01:00 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/17 00:13:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/16 21:32:11 | 000,013,496 | ---- | C] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\IALHA Stallion Service Auction 2011.docx
[2010/12/16 20:14:40 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/16 20:11:12 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Rhonda Curfman\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/16 16:34:16 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Rhonda Curfman\Local Settings\Application Data\housecall.guid.cache
[2010/12/16 02:37:11 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/12/16 01:13:59 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Rhonda Curfman\S-1-5-21-1708537768-2111687655-839522115-1004.rrr.LOG
[2010/12/16 01:04:14 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2010/12/16 01:03:57 | 000,000,083 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2010/12/16 01:01:07 | 006,983,680 | ---- | C] () -- C:\WINDOWS\System32\UGLAIKHZG
[2010/12/10 08:56:20 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wwezuqoboxeboda.dat
[2010/12/08 16:02:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/08 16:02:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/08 16:02:21 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/08 16:02:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/08 16:02:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/08 15:26:22 | 000,001,072 | ---- | C] () -- C:\WINDOWS\System32\Improve Your PC.lnk
[2010/12/05 00:09:14 | 000,012,065 | ---- | C] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\Massage Letter for Employ.docx
[2010/12/03 20:43:44 | 000,215,830 | ---- | C] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\Doc1.docx
[2010/12/02 22:34:54 | 000,043,625 | ---- | C] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\Annaframe.jpg
[2010/12/02 22:34:35 | 000,281,723 | ---- | C] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\Anna H.jpg
[2010/11/30 07:00:03 | 000,059,444 | ---- | C] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\Kripton, Breyer Horse.jpg
[2010/11/20 17:09:35 | 000,564,576 | ---- | C] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\100_1272.JPG
[2010/11/20 17:09:35 | 000,265,278 | ---- | C] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\100_1273.JPG
[2010/11/20 17:09:34 | 000,554,996 | ---- | C] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\100_1271.JPG
[2010/11/20 17:09:34 | 000,549,066 | ---- | C] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\100_1270.JPG
[2010/11/20 17:09:34 | 000,508,459 | ---- | C] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\100_1269.JPG
[2010/11/20 17:09:34 | 000,457,873 | ---- | C] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\100_1268.JPG
[2010/11/20 17:09:27 | 000,710,522 | ---- | C] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\100_1264.JPG
[2010/11/20 17:09:27 | 000,699,793 | ---- | C] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\100_1267.JPG
[2010/11/20 17:09:27 | 000,647,272 | ---- | C] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\100_1261.JPG
[2010/11/20 17:09:27 | 000,625,647 | ---- | C] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\100_1262.JPG
[2010/11/20 17:09:27 | 000,614,559 | ---- | C] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\100_1266.JPG
[2010/11/20 17:09:27 | 000,578,152 | ---- | C] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\100_1265.JPG
[2010/11/20 17:09:27 | 000,571,141 | ---- | C] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\100_1260.JPG
[2010/11/20 17:09:27 | 000,447,955 | ---- | C] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\100_1263.JPG
[2010/11/20 17:09:16 | 000,610,014 | ---- | C] () -- C:\Documents and Settings\Rhonda Curfman\My Documents\100_1259.JPG
[2010/10/03 17:25:33 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Rhonda Curfman\Local Settings\Application Data\fusioncache.dat
[2010/10/03 17:12:45 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\__FileUploader.log
[2010/10/03 17:07:26 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2010/10/03 16:44:06 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2010/10/03 16:44:06 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2010/10/03 16:44:06 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2010/10/03 16:44:06 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2010/10/03 16:44:06 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2010/08/23 19:56:48 | 000,000,041 | ---- | C] () -- C:\WINDOWS\loc2.INI
[2010/08/23 19:56:48 | 000,000,041 | ---- | C] () -- C:\WINDOWS\dmcPrefX.INI
[2010/08/23 19:56:46 | 000,000,070 | ---- | C] () -- C:\WINDOWS\dmcFindX.INI
[2010/08/23 19:54:10 | 000,000,040 | ---- | C] () -- C:\WINDOWS\topo2.ini
[2010/07/19 20:29:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/02/24 08:59:24 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Rhonda Curfman\Application Data\Smiley.ico
[2010/01/27 07:41:55 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/12/23 20:33:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rhonda Curfman\Local Settings\Application Data\prvlcl.dat
[2009/12/07 09:39:55 | 000,002,391 | ---- | C] () -- C:\WINDOWS\fpexplor.INI
[2009/12/07 09:37:13 | 009,577,800 | ---- | C] () -- C:\Program Files\winzip121.exe
[2009/12/07 09:08:13 | 000,000,623 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2009/12/06 04:40:44 | 000,000,071 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2009/12/06 04:15:20 | 000,101,376 | ---- | C] () -- C:\Documents and Settings\Rhonda Curfman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/06 03:02:35 | 000,000,118 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/12/05 23:16:27 | 000,026,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2009/12/05 23:01:15 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2009/12/05 23:00:49 | 000,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2009/12/05 23:00:49 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/12/05 23:00:39 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2009/12/05 23:00:39 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2009/12/05 22:58:59 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2009/12/05 22:48:06 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/12/05 22:28:27 | 000,000,524 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2009/12/05 22:07:21 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2009/12/05 15:33:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/06/01 17:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/01 17:22:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/01 17:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/01 17:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/06/01 17:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/01 17:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/06/01 17:22:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2003/08/14 01:53:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2009/12/06 01:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2010/12/17 23:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/12/04 18:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/16 11:45:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/05 19:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hunter
[2009/12/06 02:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2009/12/06 02:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2010/12/17 23:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/06/20 11:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
[2010/10/03 16:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/10/03 16:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2010/05/19 20:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/05/16 22:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SolarWinds
[2010/12/17 21:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/14 18:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/12/27 17:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/12/07 05:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rhonda Curfman\Application Data\4ADF157A5CA4FB0A16ADCC5139194D6F
[2009/12/05 23:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rhonda Curfman\Application Data\AT&T
[2010/10/16 13:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rhonda Curfman\Application Data\AVG10
[2009/12/05 23:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rhonda Curfman\Application Data\DBUpdater
[2010/11/05 19:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rhonda Curfman\Application Data\DriverFinder
[2010/06/06 20:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rhonda Curfman\Application Data\Facebook
[2010/07/07 06:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rhonda Curfman\Application Data\FreeBurner
[2010/11/14 18:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rhonda Curfman\Application Data\GlarySoft
[2010/11/02 06:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rhonda Curfman\Application Data\HU2011
[2009/12/05 20:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rhonda Curfman\Application Data\Leadertech
[2010/12/02 07:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rhonda Curfman\Application Data\LimeWire
[2010/10/03 16:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rhonda Curfman\Application Data\proDAD
[2010/10/25 19:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rhonda Curfman\Application Data\Search Settings
[2009/12/05 23:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rhonda Curfman\Application Data\Sierra Wireless
[2010/04/25 20:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rhonda Curfman\Application Data\SmartDraw
[2010/01/23 23:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rhonda Curfman\Application Data\uTorrent
[2010/12/17 22:48:35 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/12/04 19:34:11 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/10/03 16:44:06 | 000,000,095 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/12/05 22:08:15 | 000,000,032 | ---- | M] () -- C:\BCMSM.log
[2010/12/17 21:31:35 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/12/17 21:51:52 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/12/17 22:57:11 | 000,027,439 | ---- | M] () -- C:\ComboFix.txt
[2009/12/05 20:45:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/12/17 22:47:32 | 3891,335,168 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/11 06:14:46 | 000,071,024 | ---- | M] () -- C:\INSTALL.LOG
[2009/12/05 20:45:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/12/05 20:45:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/12/06 19:33:58 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/12/17 22:47:21 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/12/17 20:59:55 | 000,045,098 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_17.12.2010_20.55.28_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/12/05 20:45:15 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/06/06 20:49:18 | 000,302,592 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp692.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/03/08 08:02:20 | 001,431,504 | ---- | M] (ParetoLogic Inc.) -- C:\Program Files\PrinterSpoolerFixWizard.exe
[2009/08/31 22:43:04 | 009,577,800 | ---- | M] () -- C:\Program Files\winzip121.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/12/16 14:09:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/12/16 14:09:39 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/12/16 14:09:39 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/12/06 19:41:05 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/12/05 21:53:35 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Rhonda Curfman\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/12/05 20:49:49 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Rhonda Curfman\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2004/09/24 16:21:02 | 001,132,911 | ---- | M] (Macromedia, Inc.) -- C:\Documents and Settings\Rhonda Curfman\My Documents\flashcards_help.exe
[2008/04/13 19:12:32 | 000,281,088 | ---- | M] (Cinematronics) -- C:\Documents and Settings\Rhonda Curfman\My Documents\pinball.exe
[2010/12/16 13:34:45 | 001,306,624 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Rhonda Curfman\My Documents\SETUP.EXE

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/12/05 20:49:49 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Rhonda Curfman\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/12/17 23:41:51 | 000,016,384 | -HS- | M] () -- C:\Documents and Settings\Rhonda Curfman\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2010/12/16 13:46:33 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 13:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 13:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 13:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Rhonda Curfman\My Documents\Rhonda,Jody and Eri, Pete's Pic.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Rhonda Curfman\My Documents\Rhonda and Jamie post card front.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Rhonda Curfman\My Documents\Rhonda and Jamie post card back.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Rhonda Curfman\My Documents\petes pic.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Rhonda Curfman\My Documents\Membership info.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Rhonda Curfman\My Documents\100_1263.JPG:SummaryInformation
@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

rjc1 · 2010/12/17

Extras.txt

OTL Extras logfile created on: 12/17/2010 11:56:55 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Rhonda Curfman\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 42.20 Gb Free Space | 56.65% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 452.78 Gb Free Space | 97.21% Space Free | Partition Type: NTFS

Computer Name: CANTEWINDSFARM | User Name: Rhonda Curfman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"427:UDP" = 427:UDP:*:Enabled:SLP_Port(427)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002
"427:UDP" = 427:UDP:*:Enabled:SLP_Port(427)
"3389:TCP" = 3389:TCP:*isabledxpsp2res.dll,-22009
"3443:TCP" = 3443:TCP:*:Enabled:CSX

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"E:\setup\HPZnui01.exe" = E:\setup\HPZnui01.exe:*:Enabled:hpznui01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\IncrediMail\Bin\IncMail.exe" = C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\Bin\ImApp.exe" = C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\Bin\ImpCnt.exe" = C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\FrontPage Webs\Server\vhttpd32.exe" = C:\FrontPage Webs\Server\vhttpd32.exe:*:Enabled:Microsoft FrontPage Personal Web Server -- (Microsoft Corporation)
"C:\Program Files\microsoft frontpage\bin\fpexplor.exe" = C:\Program Files\microsoft frontpage\bin\fpexplor.exe:*:Enabled:Microsoft FrontPage Explorer -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Magentic\bin\MgImp.exe" = C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic -- (IncrediMail, Ltd.)
"C:\Program Files\Magentic\bin\Magentic.exe" = C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic -- ()
"C:\Program Files\Magentic\bin\MgApp.exe" = C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic -- ()
"C:\Program Files\Packet Tracer 5.2\bin\PacketTracer5.exe" = C:\Program Files\Packet Tracer 5.2\bin\PacketTracer5.exe:*:EnabledacketTracer5 -- ()
"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" = C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE" = C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE:*:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe" = C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe" = C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:EnabledMSRegisterFile -- ( )
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe" = C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabledersonal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2349E6AA-CFCA-4D17-B633-3ECDA92E38CD}" = Internet Information Services (IIS) 7 Manager
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2F952048-3220-4AC7-A206-D01EFC774BB2}" = Studio 11
"{32622F02-640A-4335-86FF-557325DC39D4}" = PS_AIO_04_C6300_Software_Min
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{3FBC5FCA-F989-4D5D-93F6-B185EEE1EC76}" = IIS6 Manager
"{410438A3-B591-4028-B70A-3CC0B33FBCD1}" =
"{42442CA9-90E6-4011-BB55-7C263F6D5EC1}" = BIAS SoundSoap PE 2.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5AD96CF5-2627-4F29-9D2D-72FCD85F6355}" = AVG 2011
"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = Sonic MyDVD
"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{753D852A-D86D-42C9-9978-40AE66FB8985}" = Driver Installer
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{7BD42C12-74D1-4804-B24D-D21E25D4E3CF}" = PS_AIO_04_C6300_ProductContext
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator RAID Edition
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9579E862-5FC7-4337-B1CC-5E37451524C5}" = Motorola Driver Installation
"{99832252-D489-4276-B961-6D505CF0AFAA}" = PS_AIO_04_C6300_Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9EDC4EA1-558A-4297-9BCB-F36E572E6B1D}" = C6300_Help
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A23061AF-5361-433C-B7F0-CE5F79A22C49}" = AVG 2011
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel(R) PROSet
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8732DC3-1736-44b2-B741-2D636DE58605}" = HP Photosmart C6300 All-In-One Driver Software 11.0 Rel .4
"{C878CD69-85DB-426B-81A3-E71175AAEB91}" = Dealio Toolbar v4.0.2
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CC874CBB-BD87-4126-9465-AE73BB62D6E0}" = Studio Ultimate
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D2A0F8F4-CE50-4857-A21C-3061682B2E87}" = Sansa Media Converter
"{D361C406-ED11-4A88-AD42-4A749BBAE6F9}" = Hoyle Card Games 2007
"{D4250558-4DE6-4342-8865-D397FD66076B}" = C6300
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{DC754D8F-1D06-4016-BF57-8D21F97E1F0A}" = JunkFilterPlus
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E82BF103-904F-49C0-B77F-6EC110B71E87}" = Sound Blaster Audigy 2
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0779413-6026-4BC6-97B4-DE8D9CADAFEC}" = MSN Toolbar
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{F28E8590-9CC2-4535-9AA6-1102C2E3D68F}" = Hoyle Table Games 2004
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Algebrator_is1" = Algebrator 5.0
"AVG" = AVG 2011
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Bejeweled Blitz" = Bejeweled Blitz
"Cisco Packet Tracer_is1" = Cisco Packet Tracer 5.2.1
"FrontPage v3.0" = Microsoft FrontPage 98
"FrontPage v3.0 Server Extensions" = Microsoft FrontPage 98 Server Extensions
"Glary Utilities_is1" = Glary Utilities 2.30.0.1066
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"Image Composer" = Microsoft Image Composer 1.5
"IncrediMail" = IncrediMail 2.0
"InstallShield_{F28E8590-9CC2-4535-9AA6-1102C2E3D68F}" = Hoyle Table Games 2004
"JunkFilterPlus" = IncrediMail JunkFilter Plus
"jZip" = jZip
"Magentic" = Magentic
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoMail" = PhotoMail Maker
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
"PROR" = Microsoft Office Professional 2007
"PROSet" = Intel(R) PRO Network Connections Drivers
"Registry Mechanic_is1" = Registry Mechanic 5.1
"Ruckus Buck's Dangerous Mines" = Ruckus Buck's Dangerous Mines
"Secunia PSI" = Secunia PSI
"Shop for HP Supplies" = Shop for HP Supplies
"The Print Shop 6.0" = 70 Free Fonts plus 70 Free Graphics Bonus
"Topo USA 2.0" = Topo USA 2.0
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.0.2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/16/2010 5:10:06 PM | Computer Name = CANTEWINDSFARM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 12/16/2010 5:10:06 PM | Computer Name = CANTEWINDSFARM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/16/2010 5:34:53 PM | Computer Name = CANTEWINDSFARM | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
with error: The connection with the server was terminated abnormally

Error - 12/16/2010 5:34:53 PM | Computer Name = CANTEWINDSFARM | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
with error: This network connection does not exist.

Error - 12/16/2010 6:19:55 PM | Computer Name = CANTEWINDSFARM | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 12/16/2010 7:08:58 PM | Computer Name = CANTEWINDSFARM | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 12/16/2010 9:14:12 PM | Computer Name = CANTEWINDSFARM | Source = MsiInstaller | ID = 11500
Description = Product: QuickTime -- Error 1500. Another installation is in progress.
You must complete that installation before continuing this one.

Error - 12/16/2010 11:17:12 PM | Computer Name = CANTEWINDSFARM | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 12/17/2010 8:27:28 AM | Computer Name = CANTEWINDSFARM | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 12/17/2010 8:30:16 AM | Computer Name = CANTEWINDSFARM | Source = Application Error | ID = 1001
Description = Fault bucket 1271752061.

[ OSession Events ]
Error - 3/22/2010 11:05:55 PM | Computer Name = CANTEWINDSFARM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1106
seconds with 840 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/17/2010 11:32:35 PM | Computer Name = CANTEWINDSFARM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/17/2010 11:32:35 PM | Computer Name = CANTEWINDSFARM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/17/2010 11:32:35 PM | Computer Name = CANTEWINDSFARM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/17/2010 11:32:35 PM | Computer Name = CANTEWINDSFARM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/17/2010 11:32:35 PM | Computer Name = CANTEWINDSFARM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/17/2010 11:32:35 PM | Computer Name = CANTEWINDSFARM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/17/2010 11:32:36 PM | Computer Name = CANTEWINDSFARM | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/17/2010 11:43:09 PM | Computer Name = CANTEWINDSFARM | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_KDQVJU\0000 disappeared from the system without
first being prepared for removal.

Error - 12/17/2010 11:46:39 PM | Computer Name = CANTEWINDSFARM | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 12/17/2010 11:50:37 PM | Computer Name = CANTEWINDSFARM | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

< End of report >

broni · 2010/12/17

Uninstall Registry Mechanic.

Registry cleaners/optimizers are not recommended for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry ". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results ".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

Ed Bott's Webog: Why I don't use registry cleaners

Do I need a Registry Cleaner?

================================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
[2010/12/08 15:32:31 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml
O15 - HKCU\..Trusted Domains: csx.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: csx.com ([connect] https in Trusted sites)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jin...ndows-i586.cab (Reg Error: Key error.)
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Rhonda Curfman\My Documents\Rhonda,Jody and Eri, Pete's Pic.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Rhonda Curfman\My Documents\Rhonda and Jamie post card front.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Rhonda Curfman\My Documents\Rhonda and Jamie post card back.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Rhonda Curfman\My Documents\petes pic.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Rhonda Curfman\My Documents\Membership info.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Rhonda Curfman\My Documents\100_1263.JPG:SummaryInformation
@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
===============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

broni · 2010/12/17

Uninstall Registry Mechanic.

Registry cleaners/optimizers are not recommended for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry ". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results ".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

Ed Bott's Webog: Why I don't use registry cleaners

Do I need a Registry Cleaner?

================================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
[2010/12/08 15:32:31 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml
O15 - HKCU\..Trusted Domains: csx.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: csx.com ([connect] https in Trusted sites)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jin...ndows-i586.cab (Reg Error: Key error.)
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Rhonda Curfman\My Documents\Rhonda,Jody and Eri, Pete's Pic.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Rhonda Curfman\My Documents\Rhonda and Jamie post card front.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Rhonda Curfman\My Documents\Rhonda and Jamie post card back.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Rhonda Curfman\My Documents\petes pic.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Rhonda Curfman\My Documents\Membership info.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Rhonda Curfman\My Documents\100_1263.JPG:SummaryInformation
@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
===============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

rjc1 · 2010/12/17

Here is the OTL scan:

All processes killed
========== OTL ==========
C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\csx.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\csx.com\connect\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
ADS C:\Documents and Settings\Rhonda Curfman\My Documents\Rhonda,Jody and Eri, Pete's Pic.jpg:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\Rhonda Curfman\My Documents\Rhonda and Jamie post card front.jpg:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\Rhonda Curfman\My Documents\Rhonda and Jamie post card back.jpg:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\Rhonda Curfman\My Documents\petes pic.jpg:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\Rhonda Curfman\My Documents\Membership info.jpg:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\Rhonda Curfman\My Documents\100_1263.JPG:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: Administrator.CANTEWINDSFARM
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Administrator.CANTEWINDSFARM.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 3577788 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 2693 bytes

User: Rhonda Curfman
->Temp folder emptied: 689645 bytes
->Temporary Internet Files folder emptied: 35749 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54132709 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5252 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 56.00 mb

[EMPTYFLASH]

User: Administrator

User: Administrator.CANTEWINDSFARM

User: Administrator.CANTEWINDSFARM.000

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Rhonda Curfman
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 12182010_003157

Files\Folders moved on Reboot...
C:\WINDOWS\temp\HPSLPS000.log moved successfully.

Registry entries deleted on Reboot...

rjc1 · 2010/12/17

Security Check.

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2011
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Java 2 Runtime Environment, SE v1.4.2
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
``````````End of Log````````````

broni · 2010/12/17

Uninstall Java 2 Runtime Environment, SE v1.4.2

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

make sure, you have both boxes UN-checked AND (important!) click on Decline button

rjc1 · 2010/12/18

Ok I took the Java Runtime out...updated the Adobe, I use Adobe, so just updated it. have done all and right now it is running the ESET Online Scanner, looks like that one may take awhile...but I've done all up to that.....will post when that get's done. What a way to spend a Friday evening!!

rjc1 · 2010/12/18

Having trouble with the ESet. It's stuck at 18% and staying on the same file. My AVG keeps trying to kick back on even though I've disabled it. The Eset has found one threat: says a variant of Win32/Adware.Toolbar.Shopper.AA application. But not sure what to do with it being stuck at 18%. SHould I uninstall the AVG again and run this scan?

rjc1 · 2010/12/18

Ok it's going again now, sorry.....

rjc1 · 2010/12/18

The results of the ESETScan:

C:\Documents and Settings\Rhonda Curfman\My Documents\Downloads\jZipV1c.exe a variant of Win32/Adware.Toolbar.Shopper.AA application
C:\Program Files\iWonEI\Installr\1.bin\jfEIPlug.dll a variant of Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Documents and Settings\Rhonda Curfman\Local Settings\Application Data\syssvc.exe.vir a variant of Win32/Injector.DXD trojan
C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettings.dll.vir Win32/Adware.Toolbar.Dealio application
C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettings.exe.vir Win32/Adware.Toolbar.Dealio application
C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettingsRes409.dll.vir Win32/Adware.Toolbar.Dealio application
C:\Qoobox\Quarantine\C\WINDOWS\csrss.exe.vir Win32/Agent.ROS trojan
C:\Qoobox\Quarantine\C\WINDOWS\gdi32.exe.vir Win32/Agent.ROS trojan
C:\Qoobox\Quarantine\C\WINDOWS\iexplarer.exe.vir Win32/Agent.ROS trojan
C:\Qoobox\Quarantine\C\WINDOWS\install.exe.vir Win32/Agent.ROS trojan
C:\Qoobox\Quarantine\C\WINDOWS\oxeditex.dll.vir a variant of Win32/Cimag.DV trojan
C:\Qoobox\Quarantine\C\WINDOWS\sapt42.dll.vir a variant of Win32/Cimag.AQ trojan
C:\Qoobox\Quarantine\C\WINDOWS\smss.exe.vir Win32/Agent.ROS trojan
C:\Qoobox\Quarantine\C\WINDOWS\user.exe.vir Win32/Agent.ROS trojan
C:\Qoobox\Quarantine\C\WINDOWS\winlogon.exe.vir Win32/Agent.ROS trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\6to4v32.dll.vir a variant of Win32/Wimpixo.AA trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\mmcpsync.dll.vir Win32/PSW.Papras.BS.Gen trojan

Log in or Sign up

Solved Generic Win32 Error and Trogan

rjc1 Inactive Thread Starter

broni Moderator Malware Analyst

rjc1 Inactive Thread Starter

rjc1 Inactive Thread Starter

broni Moderator Malware Analyst

rjc1 Inactive Thread Starter

broni Moderator Malware Analyst

rjc1 Inactive Thread Starter

rjc1 Inactive Thread Starter

rjc1 Inactive Thread Starter

rjc1 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

rjc1 Inactive Thread Starter

rjc1 Inactive Thread Starter

broni Moderator Malware Analyst

rjc1 Inactive Thread Starter

rjc1 Inactive Thread Starter

rjc1 Inactive Thread Starter

rjc1 Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Generic Win32 Error and Trogan

rjc1 Inactive Thread Starter

broni Moderator Malware Analyst

rjc1 Inactive Thread Starter

rjc1 Inactive Thread Starter

broni Moderator Malware Analyst

rjc1 Inactive Thread Starter

broni Moderator Malware Analyst

rjc1 Inactive Thread Starter

rjc1 Inactive Thread Starter

rjc1 Inactive Thread Starter

rjc1 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

rjc1 Inactive Thread Starter

rjc1 Inactive Thread Starter

broni Moderator Malware Analyst

rjc1 Inactive Thread Starter

rjc1 Inactive Thread Starter

rjc1 Inactive Thread Starter

rjc1 Inactive Thread Starter

Share This Page

Useful Searches