1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Google redirect and windows update blocked.

Discussion in 'Malware and Virus Removal Archive' started by ldaoust, 2011/04/11.

Page 2 of 2
  1. 2011/04/12
    ldaoust

    ldaoust Inactive Thread Starter

    Joined:
    2011/04/11
    Messages:
    42
    Likes Received:
    0
    Extras.txt

    OTL Extras logfile created on: 13/04/2011 00:01:52 - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Louis Daoust\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    1,023.00 Mb Total Physical Memory | 462.00 Mb Available Physical Memory | 45.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): F:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 55.84 Gb Total Space | 7.52 Gb Free Space | 13.46% Space Free | Partition Type: NTFS
    Drive D: | 4.00 Gb Total Space | 3.98 Gb Free Space | 99.44% Space Free | Partition Type: NTFS
    Drive E: | 72.52 Gb Total Space | 27.84 Gb Free Space | 38.39% Space Free | Partition Type: NTFS
    Drive F: | 72.53 Gb Total Space | 61.49 Gb Free Space | 84.78% Space Free | Partition Type: NTFS

    Computer Name: STATION1 | User Name: Louis Daoust | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-641499419-3881828550-583855553-1005\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    exefile [open] -- "%1" %*
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "5900:TCP" = 5900:TCP:*:Enabled:vnc5900
    "5800:TCP" = 5800:TCP:*:Enabled:vnc5800

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
    "C:\Program Files\UltraVNC\vncviewer.exe" = C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
    "C:\Program Files\Qtracker\qtracker.exe" = C:\Program Files\Qtracker\qtracker.exe:*:Disabled:Qtracker -- (Ronald E. Mercer)
    "C:\Games\Quake III Arena\quake3.exe" = C:\Games\Quake III Arena\quake3.exe:*:Disabled:quake3 -- ()
    "C:\Games\Quake III Arena\quake3131.exe" = C:\Games\Quake III Arena\quake3131.exe:*:Disabled:quake3131 -- ()
    "C:\Games\Quake III Arena\quake3130.exe" = C:\Games\Quake III Arena\quake3130.exe:*:Disabled:quake3130 -- ()
    "C:\Program Files\Real\RealOne Player\realplay.exe" = C:\Program Files\Real\RealOne Player\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
    "C:\Program Files\Active WebCam\WebCam.exe" = C:\Program Files\Active WebCam\WebCam.exe:*:Enabled:Active WebCam -- (PY Software)
    "C:\Program Files\ConquerCam\ConquerCam.exe" = C:\Program Files\ConquerCam\ConquerCam.exe:*:Enabled:Application for mastering your web cam. -- (Commanigy)
    "E:\Download\source\WinsockIOCP_demo\IOCP_Server\Debug\IOCP_Server.exe" = E:\Download\source\WinsockIOCP_demo\IOCP_Server\Debug\IOCP_Server.exe:*:Enabled:IOCP_Server -- ()
    "E:\Download\source\WinsockIOCP_demo\IOCP_Server\Release\IOCP_Server.exe" = E:\Download\source\WinsockIOCP_demo\IOCP_Server\Release\IOCP_Server.exe:*:Enabled:IOCP_Server -- ()
    "C:\Documents and Settings\Louis Daoust\Desktop\dpnxui.exe" = C:\Documents and Settings\Louis Daoust\Desktop\dpnxui.exe:*:Enabled:TODO: <File description> -- (TODO: <Company name>)
    "C:\Program Files\FileZilla FTP Client\filezilla.exe" = C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client -- (FileZilla Project)
    "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
    "{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
    "{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    "{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
    "{0672DC0C-B90E-4466-BF6F-BC0DAC456777}" = AttachmentOptions
    "{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Camera Window
    "{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
    "{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
    "{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    "{102D4B06-C63B-4A3D-B230-03C7D5692474}" = Microsoft DirectX 9.0 SDK Update (Summer 2003)
    "{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
    "{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
    "{15C5E2B4-042C-45BC-B385-F4E8560C2559}" = MySQL Server 5.1
    "{15EFEBF6-E414-33EB-8710-A04AD1302BF8}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
    "{162F8A0F-3EBF-4E2A-A37C-E8E29C261C25}" = Garmin City Navigator North America NT 2009.11 Update
    "{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
    "{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
    "{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
    "{1ADB8399-16BC-4940-BB73-3AAF109FC878}" = MySQL Workbench 5.0 OSS
    "{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
    "{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "{23170F69-40C1-2701-0914-000001000000}" = 7-Zip 9.14
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23959E96-A80F-4172-A655-210E9BB7BFBE}" = MSDN Library for Visual Studio 2005
    "{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
    "{24391F04-D7D8-4E85-8EE3-85727A3799AA}" = Traderplus
    "{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
    "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MyODBC
    "{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
    "{301CC8D1-FE75-41ED-9B11-41F006110950}" = Garmin City Navigator North America NT 2010.10 Update
    "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
    "{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
    "{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
    "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35846BA4-5A5A-433B-B65E-41C324AEFFA4}" = Pandion
    "{369B36BE-3D64-4641-9AEA-808D436FE130}" = Microsoft Picture It! Express 7.0
    "{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
    "{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.4.00
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
    "{3CCBC9FF-7F35-4220-B66D-B60E2E7AB4E2}" = OpenOffice.org 2.2
    "{3CF4855B-518A-470C-9C9D-6A55084AB997}" = Microsoft DirectX 9.0 SDK Documentation for Visual Studio 2003
    "{3D510869-7A43-4DD7-BA97-FA6A68129C00}" = Compact Wireless-G Internet Video Camera
    "{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{4112625F-2D38-49EF-924F-48511BC5CD34}" = Microsoft SQL Server 2008 Database Engine Services
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
    "{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
    "{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
    "{47E09785-B2FB-11D5-B8EE-00B0D0D26B88}" = Net MD Simple Burner
    "{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
    "{495B6040-801F-474C-ADB8-309F132CF5F9}" = iPhoneBrowser
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
    "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
    "{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
    "{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
    "{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
    "{572DDD41-B104-4D5C-BA1B-7A22E92E7A0C}" = GPS TrackMaker
    "{5757AE1A-1DB4-4898-9806-09F77FBD5E57}" = MSDN Library for Visual Studio .NET 2003
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
    "{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
    "{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
    "{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
    "{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
    "{60600409-EA9B-45E9-A468-2C68C8DE70DF}" = Visual Studio .NET Enterprise Developer 2003 - English
    "{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
    "{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
    "{62F33B80-6244-4A70-A233-0DA13B640364}" = OpenMG Secure Module 3.2
    "{63112888-EAEA-4C7C-B567-617C2F16584A}" = Windows Media Player 9 Series SDK
    "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
    "{65B23C82-51A5-4ED9-ACE3-BB6029D5A733}" = Garmin City Navigator North America NT 2011.20 Update
    "{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
    "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
    "{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
    "{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 1.5.53
    "{71DFAA65-77FA-41F3-A748-013B5A8524A3}" = Garmin City Navigator North America NT 2010.30
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
    "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
    "{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
    "{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
    "{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
    "{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
    "{7F231232-C309-4401-964A-2A002B6E1ED9}" = Microsoft Baseline Security Analyzer 2.0.1
    "{7FC0D670-057F-4D50-A7B8-2CA291360708}" = Common Setup Files (3790.0)
    "{7FC2AF73-10ED-404E-84A8-636B452404FD}" = Realtek RTL8139 Diagnostics Program
    "{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
    "{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
    "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
    "{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
    "{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.17
    "{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
    "{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
    "{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
    "{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
    "{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
    "{910ED86B-8712-4610-9C0B-6B947B03BBBD}" = Microsoft DirectX 8.1 SDK
    "{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
    "{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
    "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
    "{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
    "{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
    "{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
    "{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{ABEB838C-A1A7-4C5D-B7E1-8B4314600137}" = MSN Messenger 6.2
    "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
    "{AE314E8E-2514-4F04-8496-F90F65B382DF}" = Core SDK (Windows Server 2003) (3790.0)
    "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
    "{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
    "{B3C9A441-C34D-40F3-9D3B-00EDDDAC74F1}" = Garmin Communicator Plugin
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
    "{B4C88CF0-B617-4658-8F84-C4E847FBC9F7}" = Microsoft Managed DirectX (1126)
    "{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
    "{B53D7D6B-9BB0-4EA8-82B9-9293CB41FCE1}" = MySQL Connector/ODBC 3.51
    "{B60C3C85-8577-44B5-87FA-70854B0909C7}" = MySQL Query Browser 1.1
    "{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
    "{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
    "{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
    "{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
    "{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
    "{BDF820F3-79A6-4ACF-B910-43B26BB894CC}" = Microsoft Network Monitor 3.1
    "{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = RemoteCapture 2.7.0
    "{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
    "{C2E8B236-7554-45FE-92C0-94EF76E4D182}" = Garmin City Navigator North America NT 2010.20
    "{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
    "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
    "{C6DB11F1-EBD1-3AA4-A44D-55630E1E6FDA}" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
    "{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP
    "{C7EA29FC-78F2-4680-9D9B-22CA8191E63C}" = Microsoft Visual SourceSafe 2005 - ENU
    "{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
    "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
    "{CA67F0FA-BAD0-4092-BB0A-3F2F6F37A333}" = KingsTools
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CBD55377-3FEA-4A93-A877-DB87B6C6C990}" = Logitech Harmony Remote Software 7
    "{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
    "{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.2
    "{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
    "{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
    "{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
    "{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
    "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
    "{E8B3C954-017C-45CF-B2FA-D4AA60FE61C1}" = MySQL Server 5.0
    "{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
    "{EA6EB7D0-C920-4434-B43D-0DDD0AF8F497}" = Garmin MapSource
    "{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}" = Microsoft .NET Framework SDK (English) 1.1
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = File Viewer Utility 1.2
    "{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
    "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
    "{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
    "{F567DC55-F59A-4019-BBC3-9D12C5875487}" = Debugging Tools for Windows
    "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
    "{F7B9B60F-DBB3-4116-967B-BA93E278331E}" = ActivePerl 5.10.1 Build 1007
    "{F7FF5C87-797D-40FB-915A-C5D4A549CC4A}" = MySQL Administrator 1.1
    "{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
    "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
    "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
    "Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11
    "AFPL Ghostscript 8.14" = AFPL Ghostscript 8.14
    "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
    "All ATI Software" = ATI - Software Uninstall Utility
    "AllToAVI" = AllToAVI v4 r5394
    "Any Video Converter_is1" = Any Video Converter 2.7.0
    "ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000
    "ATI Display Driver" = ATI Display Driver
    "CCleaner" = CCleaner
    "CD-SDK" = Canon Digital Camera SDK 6.0
    "Celestia_is1" = Celestia 1.5.1
    "ColorPic" = ColorPic
    "ConquerCam_is1" = ConquerCam 2.5.1
    "Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
    "Dia" = Dia (remove only)
    "DiagramStudio 5.3" = DiagramStudio 5.3
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DynDNS Updater_is1" = DynDNS Updater 3.0
    "EasyGPS_is1" = EasyGPS 3.0
    "Ethereal" = Ethereal 0.10.12
    "FastStone Image Viewer" = FastStone Image Viewer 3.2
    "FileZilla" = FileZilla (remove only)
    "FileZilla Client" = FileZilla Client 3.3.5.1
    "FileZilla Server" = FileZilla Server (remove only)
    "FLV-Media Player" = FLV-Media Player 1.6
    "Gen99f" = Generations Arena 0.99f (remove only)
    "GeoHTML" = GeoHTML
    "Google Updater" = Google Updater
    "GSview 4.6" = GSview 4.6
    "HM NIS Edit" = HM NIS Edit 2.0.3
    "HP Document Viewer" = HP Document Viewer 5.3
    "HP Imaging Device Functions" = HP Imaging Device Functions 5.3
    "HP Photo & Imaging" = HP Image Zone 5.3
    "HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
    "Icecast2 Win32_is1" = Icecast 2.3.2
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "ImgBurn" = ImgBurn (Remove Only)
    "Inkscape" = Inkscape 0.46
    "InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
    "InstallShield_{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Canon Camera Window for ZoomBrowser EX
    "InstallShield_{910ED86B-8712-4610-9C0B-6B947B03BBBD}" = DirectX 8.1 SDK
    "InstallShield_{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = Canon Utilities RemoteCapture 2.7
    "InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
    "InstallShield_{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = Canon Utilities File Viewer Utility 1.2
    "IrfanView" = IrfanView (remove only)
    "JAlbum_1" = JAlbum 7.0
    "LQfix_is1" = LQfix 2.1
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
    "Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
    "Microsoft Press Interactive Training" = Microsoft Interactive Training
    "Microsoft SDK Update" = Microsoft SDK Update February 2003 (5.2.3790.0)
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
    "Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
    "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
    "Microsoft Visual SourceSafe 2005 - ENU" = Microsoft Visual SourceSafe 2005 - ENU
    "Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
    "Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
    "Miro" = Miro
    "Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
    "Mozilla Thunderbird (2.0.0.17)" = Mozilla Thunderbird (2.0.0.17)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSDN Library for Visual Studio 2005" = MSDN Library for Visual Studio 2005
    "MySQL Connector/Net_is1" = MySQL Connector/Net 5.0.9
    "Nero - Burning Rom!UninstallKey" = Nero OEM
    "Netquote Charts" = Netquote Charts
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Notepad++" = Notepad++
    "Nvu_is1" = Nvu 1.0
    "OpenMG HotFix3.2-03-01-16-01" = OpenMG Limited Patch 3.2-03-02-21-08
    "OpenMG HotFix3.2-03-01-16-02" = OpenMG Limited Patch 3.2-03-04-17-02
    "OpenMG HotFix3.2-03-04-14-02" = OpenMG Limited Patch 3.2-03-04-14-02
    "OpenSSL (32-bit)_is1" = OpenSSL 1.0.0a (32-bit)
    "PhotoRecord" = Canon PhotoRecord
    "PHP 5.1.1" = PHP 5.1.1
    "POP Peeper" = POP Peeper
    "QcDrv" = Logitech Camera Driver
    "Qtracker" = Qtracker
    "Quake III Arena" = Quake III Arena
    "Quake III Arena Point Release 1.32" = Quake III Arena Point Release 1.32
    "RealPlayer 6.0" = RealPlayer
    "RealVNC_is1" = VNC Free Edition 4.1.2
    "Shockwave" = Shockwave
    "Sibelius Scorch" = Sibelius Scorch
    "Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
    "Stellarium_is1" = Stellarium 0.10.0
    "Ultra Freeze Tag 1.1 Final" = Ultra Freeze Tag 1.1 Final
    "UltraDefrag" = Ultra Defragmenter
    "Ultravnc2_is1" = UltraVNC 1.0.6.5
    "USB_ERF_Gateway_is1" = USB ERF Gateway 1.7
    "Visual SourceSafe Server" = Visual SourceSafe Server
    "Visual Studio .NET Enterprise Developer 2003 - English" = Microsoft Visual Studio .NET Enterprise Developer 2003 - English
    "Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
    "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
    "WebPost" = Microsoft Web Publishing Wizard 1.53
    "WIC" = Windows Imaging Component
    "Winamp" = Winamp (remove only)
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinGTK-2_is1" = GTK+ 2.8.18-1 runtime environment
    "WinMerge_is1" = WinMerge 2.12.4
    "WMCSetup" = Windows Media Connect
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-641499419-3881828550-583855553-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "MétéoÉclair" = MétéoÉclair

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/04/2011 10:17:30 | Computer Name = STATION1 | Source = Microsoft Office 10 | ID = 1000
    Description = Faulting application outlook.exe, version 10.0.6863.0, faulting module
    ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.

    Error - 12/04/2011 15:19:09 | Computer Name = STATION1 | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 3.0.8107.0,
    P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P8 NIL, P9 NIL, P10 NIL.

    Error - 12/04/2011 21:24:15 | Computer Name = STATION1 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 12/04/2011 21:24:15 | Computer Name = STATION1 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 12/04/2011 21:24:15 | Computer Name = STATION1 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 12/04/2011 21:32:37 | Computer Name = STATION1 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 12/04/2011 22:54:02 | Computer Name = STATION1 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 12/04/2011 22:54:03 | Computer Name = STATION1 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 12/04/2011 22:54:03 | Computer Name = STATION1 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 12/04/2011 23:06:27 | Computer Name = STATION1 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    [ System Events ]
    Error - 12/04/2011 21:38:29 | Computer Name = STATION1 | Source = ati2mtag | ID = 45062
    Description = CRT invalid display type

    Error - 12/04/2011 21:38:29 | Computer Name = STATION1 | Source = ati2mtag | ID = 45062
    Description = CRT invalid display type

    Error - 12/04/2011 21:38:44 | Computer Name = STATION1 | Source = Service Control Manager | ID = 7000
    Description = The ATI WDM TV Tuner service failed to start due to the following
    error: %%1058

    Error - 12/04/2011 21:38:44 | Computer Name = STATION1 | Source = Service Control Manager | ID = 7000
    Description = The ATI WDM TV Audio Crossbar service failed to start due to the following
    error: %%1058

    Error - 12/04/2011 21:38:44 | Computer Name = STATION1 | Source = Service Control Manager | ID = 7000
    Description = The ATI WDM Specialized MVD Codec service failed to start due to the
    following error: %%1058

    Error - 12/04/2011 21:38:44 | Computer Name = STATION1 | Source = Service Control Manager | ID = 7000
    Description = The ATI WDM Specialized PCD Codec service failed to start due to the
    following error: %%1058

    Error - 12/04/2011 22:52:07 | Computer Name = STATION1 | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.

    Error - 12/04/2011 22:53:41 | Computer Name = STATION1 | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.

    Error - 12/04/2011 22:54:04 | Computer Name = STATION1 | Source = Service Control Manager | ID = 7034
    Description = The MySQL service terminated unexpectedly. It has done this 1 time(s).

    Error - 12/04/2011 23:03:56 | Computer Name = STATION1 | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.


    < End of report >
     
    ldaoust,
    #21
  2. 2011/04/12
    ldaoust

    ldaoust Inactive Thread Starter

    Joined:
    2011/04/11
    Messages:
    42
    Likes Received:
    0
    I just got many Windows updates that are ready to install. Should I proceed with the install or wait after this cleaning process ?
     
    Last edited: 2011/04/13
    ldaoust,
    #22


  3. to hide this advert.

  4. 2011/04/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You should be fine to install them.

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O3 - HKU\S-1-5-21-641499419-3881828550-583855553-1005\..\Toolbar\WebBrowser: (no name) - {3F200D98-8C77-427A-8DD8-F8106B4EEB45} - No CLSID value found.
O15 - HKU\S-1-5-21-641499419-3881828550-583855553-1005\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe (Reg Error: Key error.)
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} http://toolbar.google.com/data/en/bi.../GoogleNav.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.co...7587.681412037 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[2011/04/05 21:01:58 | 000,015,052 | -HS- | M] () -- C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\2tr4yndwvnsg0s521l3n643d
[2011/04/05 21:01:58 | 000,015,052 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2tr4yndwvnsg0s521l3n643d
[2004/06/19 11:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
@Alternate Data Stream - 120 bytes -> C:\AUTOEXEC.BAT:SummaryInformation


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #23
  5. 2011/04/13
    ldaoust

    ldaoust Inactive Thread Starter

    Joined:
    2011/04/11
    Messages:
    42
    Likes Received:
    0
    OTL Result
    ========

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-641499419-3881828550-583855553-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3F200D98-8C77-427A-8DD8-F8106B4EEB45} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F200D98-8C77-427A-8DD8-F8106B4EEB45}\ not found.
    Registry value HKEY_USERS\S-1-5-21-641499419-3881828550-583855553-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ deleted successfully.
    Starting removal of ActiveX control {00000075-9980-0010-8000-00AA00389B71}
    C:\WINDOWS\Downloaded Program Files\voxacm.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000075-9980-0010-8000-00AA00389B71}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000075-9980-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{00000075-9980-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000075-9980-0010-8000-00AA00389B71}\ not found.
    Starting removal of ActiveX control {33564D57-9980-0010-8000-00AA00389B71}
    C:\WINDOWS\Downloaded Program Files\wmv9dmo.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-9980-0010-8000-00AA00389B71}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-9980-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-9980-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-9980-0010-8000-00AA00389B71}\ not found.
    Starting removal of ActiveX control {41F17733-B041-4099-A042-B518BB6A408C}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{41F17733-B041-4099-A042-B518BB6A408C}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{41F17733-B041-4099-A042-B518BB6A408C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41F17733-B041-4099-A042-B518BB6A408C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{41F17733-B041-4099-A042-B518BB6A408C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41F17733-B041-4099-A042-B518BB6A408C}\ not found.
    Starting removal of ActiveX control {6CB5E471-C305-11D3-99A8-000086395495}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6CB5E471-C305-11D3-99A8-000086395495}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6CB5E471-C305-11D3-99A8-000086395495}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CB5E471-C305-11D3-99A8-000086395495}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6CB5E471-C305-11D3-99A8-000086395495}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CB5E471-C305-11D3-99A8-000086395495}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {9F1C11AA-197B-4942-BA54-47A8489BB47F}
    C:\WINDOWS\Downloaded Program Files\iuctl.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\ not found.
    File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
    Starting removal of ActiveX control DirectAnimation Java Classes
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
    File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
    Starting removal of ActiveX control Microsoft XML Parser for Java
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
    C:\Documents and Settings\All Users\Application Data\ISx13.tmp deleted successfully.
    C:\Documents and Settings\All Users\Application Data\ISx15.tmp deleted successfully.
    C:\Documents and Settings\Louis Daoust\Local Settings\Application Data\2tr4yndwvnsg0s521l3n643d moved successfully.
    C:\Documents and Settings\All Users\Application Data\2tr4yndwvnsg0s521l3n643d moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint folder moved successfully.
    ADS C:\AUTOEXEC.BAT:SummaryInformation deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 65748 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->FireFox cache emptied: 0 bytes

    User: Louis Daoust
    ->Temp folder emptied: 58964101 bytes
    ->Temporary Internet Files folder emptied: 2263897 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 328033674 bytes
    ->Flash cache emptied: 4631 bytes

    User: NetworkService
    ->Temp folder emptied: 8052 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 0 bytes

    User: STATION1

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 6113 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 371.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: Louis Daoust
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: STATION1

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 04132011_115441

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
    ldaoust,
    #24
  6. 2011/04/13
    ldaoust

    ldaoust Inactive Thread Starter

    Joined:
    2011/04/11
    Messages:
    42
    Likes Received:
    0
    Security Check Result
    ================

    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date! (On Access scanning disabled!)
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Out of date Spybot installed!
    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 24
    Out of date Java installed!
    Adobe Flash Player 10.2.153.1
    Adobe Atmosphere Player for Acrobat and Adobe Reader
    Adobe Reader 8.2.6
    Out of date Adobe Reader installed!
    Mozilla Firefox (x86 en-US..) Firefox Out of Date!
    Mozilla Thunderbird (2.0.0) Thunderbird Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    ``````````End of Log````````````
     
    ldaoust,
    #25
  7. 2011/04/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Uninstall Thunderbird, if you don't use it.
    Uninstall it and install the newest version, if you do use it.

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

    ...and Eset....
     
    broni,
    #26
  8. 2011/04/13
    ldaoust

    ldaoust Inactive Thread Starter

    Joined:
    2011/04/11
    Messages:
    42
    Likes Received:
    0
    ESET is running....

    Will have to be patient.
    Total scan time: 01:30:00 = 18%...

    ESET Done. Log follows in next post.
     
    Last edited: 2011/04/13
    ldaoust,
    #27
  9. 2011/04/13
    ldaoust

    ldaoust Inactive Thread Starter

    Joined:
    2011/04/11
    Messages:
    42
    Likes Received:
    0
    ESET Result
    =========

    * The adofivut.dll.xxx was renamed by me after my initial check of what was going on and before I joined this site.


    C:\WINDOWS\adofivut.dll.xxx a variant of Win32/Kryptik.MOK trojan
    E:\Download\webcams\wlite125.exe probably a variant of Win32/TrojanDownloader.Banload.DCRUMDF trojan
    E:\Download\webcams\wlite534.exe multiple threats
     
    ldaoust,
    #28
  10. 2011/04/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL

:Services

:Reg

:Files
C:\WINDOWS\adofivut.dll.xxx 
E:\Download\webcams\wlite125.exe 
E:\Download\webcams\wlite534.exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===================================================

    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
    broni,
    #29
  11. 2011/04/13
    ldaoust

    ldaoust Inactive Thread Starter

    Joined:
    2011/04/11
    Messages:
    42
    Likes Received:
    0
    OTL Result 1
    ========

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\WINDOWS\adofivut.dll.xxx moved successfully.
    E:\Download\webcams\wlite125.exe moved successfully.
    E:\Download\webcams\wlite534.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->FireFox cache emptied: 0 bytes

    User: Louis Daoust
    ->Temp folder emptied: 88344 bytes
    ->Temporary Internet Files folder emptied: 26651286 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 16555533 bytes
    ->Flash cache emptied: 456 bytes

    User: NetworkService
    ->Temp folder emptied: 68318 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: STATION1

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2093 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 41.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: Louis Daoust
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: STATION1

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 04132011_200629

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Louis Daoust\Local Settings\Temp\~DF1A5.tmp not found!
    File\Folder C:\Documents and Settings\Louis Daoust\Local Settings\Temp\~DF1B2.tmp not found!
    File\Folder C:\Documents and Settings\Louis Daoust\Local Settings\Temp\~DF20D.tmp not found!
    File\Folder C:\Documents and Settings\Louis Daoust\Local Settings\Temp\~DF21A.tmp not found!
    C:\Documents and Settings\Louis Daoust\Local Settings\Temporary Internet Files\Content.IE5\ZX05HZ05\98628-active-google-redirect-windows-update-blocked-2[1].html moved successfully.
    C:\Documents and Settings\Louis Daoust\Local Settings\Temporary Internet Files\Content.IE5\ZX05HZ05\p-01-0VIaSjnOLg[1].gif moved successfully.
    C:\Documents and Settings\Louis Daoust\Local Settings\Temporary Internet Files\Content.IE5\U19W6BRJ\00b42e3a-b809-49b2-b433-cc45b2bc89d33rd_party_BBS[1].htm moved successfully.
    C:\Documents and Settings\Louis Daoust\Local Settings\Temporary Internet Files\Content.IE5\U19W6BRJ\p-01-0VIaSjnOLg[1].gif moved successfully.
    C:\Documents and Settings\Louis Daoust\Local Settings\Temporary Internet Files\Content.IE5\P88MSYWU\ads[5].htm moved successfully.

    Registry entries deleted on Reboot...
     
    ldaoust,
    #30
  12. 2011/04/13
    ldaoust

    ldaoust Inactive Thread Starter

    Joined:
    2011/04/11
    Messages:
    42
    Likes Received:
    0
    OTL Result for 'reset system restore'
    ========

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->FireFox cache emptied: 0 bytes

    User: Louis Daoust
    ->Temp folder emptied: 88344 bytes
    ->Temporary Internet Files folder emptied: 3500300 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 434 bytes

    User: NetworkService
    ->Temp folder emptied: 4300 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: STATION1

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4535 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 4.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: Louis Daoust
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: STATION1

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.22.3 log created on 04132011_202106

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Louis Daoust\Local Settings\Temp\~DFF687.tmp not found!
    File\Folder C:\Documents and Settings\Louis Daoust\Local Settings\Temp\~DFF7E7.tmp not found!
    File\Folder C:\Documents and Settings\Louis Daoust\Local Settings\Temp\~DFF87C.tmp not found!
    File\Folder C:\Documents and Settings\Louis Daoust\Local Settings\Temp\~DFF897.tmp not found!
    File\Folder C:\Documents and Settings\Louis Daoust\Local Settings\Temporary Internet Files\Content.IE5\ZDUX5V8G\p-01-0VIaSjnOLg[1].gif not found!
    C:\Documents and Settings\Louis Daoust\Local Settings\Temporary Internet Files\Content.IE5\B3YQ202I\00b42e3a-b809-49b2-b433-cc45b2bc89d33rd_party_BBS[1].htm moved successfully.
    File\Folder C:\Documents and Settings\Louis Daoust\Local Settings\Temporary Internet Files\Content.IE5\B3YQ202I\cm[1].htm not found!
    File\Folder C:\Documents and Settings\Louis Daoust\Local Settings\Temporary Internet Files\Content.IE5\0E61DLK8\98628-active-google-redirect-windows-update-blocked-2[1].html not found!
    C:\Documents and Settings\Louis Daoust\Local Settings\Temporary Internet Files\Content.IE5\0E61DLK8\ads[1].htm moved successfully.
    File\Folder C:\Documents and Settings\Louis Daoust\Local Settings\Temporary Internet Files\Content.IE5\0E61DLK8\p-01-0VIaSjnOLg[1].gif not found!

    Registry entries deleted on Reboot...
     
    ldaoust,
    #31
  13. 2011/04/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Whenever ready.....
     
    broni,
    #32
  14. 2011/04/13
    ldaoust

    ldaoust Inactive Thread Starter

    Joined:
    2011/04/11
    Messages:
    42
    Likes Received:
    0
    First, I want to thank you for guiding me through all these steps. This is very very appreciated. :)

    Computer seems to be running well. Reboot seems faster. Starting programs seems faster.

    Will do the rest of the steps to complete OTL cleanup and follow the safety precautions you mentioned.

    I'll keep this site handy and for recommendation.

    I was in the process of getting a new PC as this one is a P4 that is getting old. This episode will probably accelerate my shopping, so I feel more on the safe side, get a real fresh start.

    Thanks again.

    * Wish I could buy you a couple of beers for a more personal thank you. :) (and I know it's worth more)

    Louis.
     
    ldaoust,
    #33
  15. 2011/04/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome :)

    Good luck and stay safe :)
     
    broni,
    #34
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...